diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 604363e71..8a18b485a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -444,95 +444,3 @@ jobs: atomic: true branch: develop repository: ${{ github.repository }} - - - salt: - name: Update Release on Salt Repo - runs-on: - - self-hosted - - linux - - repo-release - needs: - - update-develop-checksums - environment: release - permissions: - contents: write # For action peter-evans/create-pull-request - pull-requests: write # For action peter-evans/create-pull-request - - steps: - - uses: actions/checkout@v3 - with: - ref: stable - repository: ${{ github.repository }} - - - name: Get bootstrap version - run: | - echo "BS_VERSION=$(sh bootstrap-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV" - - - uses: actions/checkout@v3 - with: - repository: saltstack/salt - ref: master - path: salt-checkout - token: ${{ secrets.SALT_REPO_WRITE_TOKEN }} - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Configure Git - shell: bash - run: | - git config --global --add safe.directory "$(pwd)" - git config --global user.name "Salt Project Packaging" - git config --global user.email saltproject-packaging@vmware.com - git config --global user.signingkey 64CBBC8173D76B3F - git config --global commit.gpgsign true - - - name: Update bootstrap script on Salt - run: | - cp bootstrap-salt.sh salt-checkout/salt/cloud/deploy/bootstrap-salt.sh - - - name: Commit Changes - working-directory: salt-checkout/ - run: | - git commit -am "Update the bootstrap script to v${{ env.BS_VERSION }}" - - - name: Create Pull Request Against Develop - uses: peter-evans/create-pull-request@v5 - with: - title: "Update the bootstrap script to v${{ env.BS_VERSION }}" - path: salt-checkout - base: master - token: ${{ secrets.SALT_REPO_WRITE_TOKEN }} - author: "Salt Project Packaging " - committer: "Salt Project Packaging " - commit-message: Update the bootstrap script to v${{ env.BS_VERSION }} - signoff: true - delete-branch: true diff --git a/RELEASE.md b/RELEASE.md index 8c36c5618..2410460be 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -3,13 +3,10 @@ - See if there are any PRs worth squeezing into release. - Go through the changes since last release, add them to changelog. - Add any new authors to the AUTHORS file. -- If there's a new Salt release(major), update the script to add support for it. +- If there's a new Salt release (major), update the script to add support for it. - Bump version for release. - Open PR against develop with these changes. -- Once the above PR is merged, open a PR against stable with the changes from develop. -- Once the above PR is merged, wait until an automatic PR is opened against stable which updates the checksums. -- Once the above PR is merged, tag the release `v{version-here}` and push the tag. -- Wait until an automatic PR is opened against the develop branch updating the checksums in `README.rst`. Merge it. -- Check that an automated PR was opened against the salt repo updating the bootstrap script, located in `salt/cloud/deploy/bootstrap-salt.sh` - +- Once the above PR is merged, go to [Cut Release](https://github.com/saltstack/salt-bootstrap/actions/workflows/release.yml) and `Run workflow` against `develop` branch +- Open a new PR against the branch of the oldest supported version of [the salt repo](https://github.com/saltstack/salt) (ex. `3006.x`), and replace `salt/cloud/deploy/bootstrap-salt.sh` with the latest `bootstrap-salt.sh` file +- When that PR is merged into [the salt repo](https://github.com/saltstack/salt), merge-forwards into the latest branches and `master` will ensure that the latest bootstrap script is available - Victory!