-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ci): fix release CI to work with release branches (#206)
* fix(ci): fix release CI to work with release branches * fix(ci): trigger a PR against main when a release on a release branch is created * chore: go mod tidy
- Loading branch information
Showing
4 changed files
with
62 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
name: Reusable release | ||
run-name: "Release ${{ format('{0} (type: {1})', inputs.tag, inputs.release-type) }} " | ||
run-name: "Release ${{ format('{0} (type: {1}) (branch: {2})', inputs.tag, inputs.release-type, inputs.base) }} " | ||
|
||
on: | ||
workflow_call: | ||
|
@@ -28,6 +28,11 @@ on: | |
description: The version to release (e.g. v1.2.3) | ||
type: string | ||
required: true | ||
base: | ||
description: The base branch from which to release and against which to create a release PR. | ||
type: string | ||
default: 'main' | ||
required: false | ||
latest: | ||
description: Whether to mark this release latest | ||
type: boolean | ||
|
@@ -174,37 +179,51 @@ jobs: | |
KONG_LICENSE_DATA: ${{ secrets.kong-license-data }} | ||
KONG_TEST_GATEWAY_OPERATOR_IMAGE_OVERRIDE: ${{ needs.build-push-images.outputs.full_tag }} | ||
|
||
# NOTE: This job's steps are run when: | ||
# - input.base is 'main': then 1 PR is created targeting 'main' | ||
# - input.base is not 'main': then 2 PRs will be created: | ||
# - 1 PR targeting 'main' to update VERSION and config/ | ||
# - 1 PR targeting the release branch to update VERSION and config/ and trigger the release workflow | ||
create-release-pr: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- semver | ||
- build-push-images | ||
- test-integration-current-kubernetes | ||
- test-e2e-current-kubernetes | ||
strategy: | ||
matrix: | ||
base: | ||
- ${{ inputs.base }} | ||
- main | ||
steps: | ||
# Use the main branch as a base for the release. | ||
# Any changes made on the branch that the workflow was triggered on will not be included | ||
# in the release PR. If anything needs to be fixed before a release, it should be | ||
# done on the main branch. | ||
# Use the branch set via inputs as a base for the release. | ||
# If anything needs to be fixed before the release, it should be done on the base branch | ||
# before the release workflow is triggered. | ||
- name: Checkout repository | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: main | ||
ref: ${{ matrix.base }} | ||
|
||
- name: Configure Git for private repositories (temporary until making KGO public) | ||
- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" | ||
|
||
- name: Checkout KGO submodule | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
run: git submodule update --init | ||
|
||
- name: Setup golang | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: go.mod | ||
|
||
# The bumped version file is included in the release PR. | ||
- name: Ensure version is set | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
env: | ||
VERSION: ${{ needs.semver.outputs.fullversion }} | ||
run: | | ||
|
@@ -217,37 +236,51 @@ jobs: | |
|
||
# Generated manifests are part of the release PR. | ||
- name: Generate manifests | ||
if: ${{ inputs.regenerate-manifests }} | ||
if: ${{ inputs.regenerate-manifests && ((inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main')) }} | ||
run: make manifests | ||
|
||
# The generated bundle is part of the release PR. | ||
# This is done locally in this job, to avoid including unintended changes. | ||
# If anything needs to be fixed before a release, it should be done on the main branch. | ||
# If anything needs to be fixed before the release, it should be done on the base branch | ||
# before the release workflow is triggered. | ||
- name: Generate bundle | ||
if: ${{ inputs.regenerate-bundle }} | ||
if: ${{ inputs.regenerate-bundle && ((inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main')) }} | ||
run: make bundle | ||
|
||
- name: GPG sign the commits | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 | ||
with: | ||
gpg_private_key: ${{ secrets.gpg-private-key }} | ||
passphrase: ${{ secrets.gpg-passphrase }} | ||
git_user_signingkey: true | ||
git_commit_gpgsign: true | ||
|
||
# PRs to the main branch will update the version file and manifests | ||
- name: Commit message | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
env: | ||
# NOTE: If the base branch set for workflow is not main (it's a release branch) | ||
# then create a commit message which will not trigger the release workflow | ||
# (via release-bot.yaml) but which will only update VERSION and config/. | ||
MSG: "${{ inputs.base != 'main' && matrix.base == 'main' && format('chore( {0} ): [main] {1}', inputs.release-type, env.VERSION) || format('chore( {0} ): [bot] {1}', inputs.release-type, env.VERSION) }}" | ||
run: | | ||
echo "MSG=${MSG}" >> $GITHUB_ENV | ||
# PRs to the base branch will update the version file and manifests | ||
- name: Create a release PR | ||
uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e | ||
uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83 | ||
if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }} | ||
with: | ||
token: ${{ secrets.gh-pat }} | ||
path: . | ||
base: ${{ matrix.base }} | ||
add-paths: | | ||
VERSION | ||
config | ||
commit-message: "chore(${{ inputs.release-type }}): [bot] ${{ env.VERSION }}" | ||
commit-message: "${{ env.MSG }}" | ||
committer: Kong's Team k8s bot <[email protected]> | ||
author: Kong's Team k8s bot <[email protected]> | ||
signoff: true | ||
delete-branch: true | ||
title: "chore(${{ inputs.release-type }}): [bot] ${{ env.VERSION }}" | ||
body: "chore(${{ inputs.release-type }}): [bot] ${{ env.VERSION }}" | ||
title: "${{ env.MSG }}" | ||
body: "${{ env.MSG }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ on: | |
push: | ||
branches: | ||
- 'main' | ||
- 'release/*' | ||
|
||
jobs: | ||
look_for_release: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters