Skip to content

Commit

Permalink
ci: added release automation (#20)
Browse files Browse the repository at this point in the history 
## What this PR does / why we need it:
<!--
What code changes are made?
What problem does this PR addresses, or what feature this PR adds?
-->
This pull request adds release automation to the project by introducing
a GitHub Action workflow named `00-release-please.yaml`. The workflow
utilizes the `release-please` GitHub Action to automate the release
process. It also includes a configuration file
`release-please-config.json` that specifies the release types for
different packages within the project, such as Go packages and Helm
charts.

## Which issue(s) this PR resolves:
<!--
Usage: `Resolves #<issue number>`, or `Resolves <link to the issue>`.
If PR is about `failing-tests`, please post the related tests in a
comment and do not use `Resolves`
-->
Resolves #13 

## Special notes for your reviewer:
<!-- Do you think reviewers should focus on any particular parts of
code? -->
The key changes include:
- Addition of `00-release-please.yaml` GitHub Action workflow for
release automation.
- Introduction of `release-please-config.json` specifying release types
for different packages.
- Introduction of `.release-please-manifest.json` specifying the initial
(and current, auto updated) version for each package.
- Renaming of `.github/workflows/0-k8s-linters.yaml` to
`.github/workflows/10-k8s.yaml` with adjustments in the workflow
content:
- The `package` job packages the Helm chart and pushes it to the
registry.
- The `package` job includes conditional steps based on the event type:
- If it's a tag event (`tags: - 'linode-cosi-driver-v*'`), the workflow
captures the latest tag, sets proper tags, and packages the Helm chart.
   - Steps are included to set up Helm, package artifacts.
- The workflow uses the `softprops/action-gh-release` GitHub Action to
upload release artifacts.
- The workflow captures the latest tag if it exists and sets up proper
tags using a script (`scripts/tags.sh`).
- The version information is used for packaging and pushing the Helm
chart.
- Renaming of `.github/workflows/10-linters-tests.yaml` to
`.github/workflows/10-linters-tests-image.yaml` with adjustments in the
workflow content:
- Now description explicitly mentions running linters and tests, and
publishing a new image during releases or pushes to the main branch.
- Triggers on each push to the main branch (`branches: - "main"`) and on
each release (`tags: - 'v*'`).
- Added `REGISTRY`, `REPOSITORY`, and `IMAGE` environment variables for
Docker registry configuration.
- Steps for building and pushing the Docker image based on release or
main branch push events.
- Introduction of `scripts/tags.sh` script for generating version and
tags based on input parameters.
- Utilization of the script to set up proper tags and versioning for the
Docker image.
- Definition of output variables (`grype` and `tags`) to capture image
scan and Docker image tags information.

## Additional documentation e.g., enhancement proposals, usage docs,
etc.:
<!-- This section can be blank if this pull request does not require a
release note. -->
The changes aim to streamline the release process and enhance the
project's automation. The `release-please` GitHub Action is configured
to trigger on each push to the main branch, automating the creation of
releases based on semantic versioning and updating the version
information accordingly.

---------

Signed-off-by: Mateusz Urbanek <[email protected]>
Release-As: 0.1.0
  • Loading branch information
@shanduur
shanduur authored Mar 27, 2024
1 parent e4b354f commit 2d0af79
Show file tree
Hide file tree
Showing 17 changed files with 322 additions and 184 deletions.
10 changes: 10 additions & 0 deletions .github/release-please-config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"packages": {
".": {
"release-type": "go"
},
"helm/linode-cosi-driver": {
"release-type": "helm"
}
}
}
23 changes: 23 additions & 0 deletions .github/workflows/00-release-please.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# This workflow runs release please GitHub action. It is supposed to be run on each
# push to main branch.

on:
push:
branches:
- main

permissions:
contents: write
pull-requests: write

name: Release Please

jobs:
release-please:
name: Release Please
runs-on: ubuntu-latest
steps:
- uses: google-github-actions/release-please-action@v4
with:
token: ${{ secrets.PAT }} # need to use separate PAT from GITHUB_TOKEN, so new actions can be triggered
config-file: .github/release-please-config.json
24 changes: 0 additions & 24 deletions .github/workflows/10-k8s-linters.yaml
View file

This file was deleted.

71 changes: 71 additions & 0 deletions .github/workflows/10-k8s.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# This workflow runs linters on kubernetes resources. It is supposed to be for each push
# in pull request that modifies helm chart.

name: Kubernetes

on:
pull_request:
branches: [ '*' ]
paths:
- 'helm/**'
push:
tags:
- 'linode-cosi-driver-v*'

env:
REGISTRY: docker.io
REPOSITORY: linode

permissions:
contents: write

jobs:
linters:
name: Lint Kubernetes manifests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Scan repo with kube-linter
uses: stackrox/kube-linter-action@v1
with:
directory: helm/
config: helm/.kube-linter.yaml

package:
name: Package helm chart
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/linode-cosi-driver-v')
steps:
- uses: actions/checkout@v4
- name: Capture latest tag if exists
uses: actions-ecosystem/action-get-latest-tag@v1
id: get-latest-tag
with:
semver_only: true
with_initial_version: true
initial_version: v0.0.0
- name: Set proper tags
id: tags
run: |
./scripts/tags.sh \
"${{ env.REGISTRY }}/${{ env.REPOSITORY }}" \
"${{ github.sha }}" \
"${{ github.ref_name }}" \
"${{ steps.get-latest-tag.outputs.tag }}" \
"${GITHUB_OUTPUT}"
- name: Setup helm
uses: azure/setup-helm@v4
- name: Package artifacts
run: |
helm package \
--destination=release \
--version=${{ steps.tags.outputs.chart }} \
helm/linode-cosi-driver
- name: Upload Release Artifacts
uses: softprops/action-gh-release@v2
with:
name: ${{ github.ref_name }}
files: |
./release/linode-cosi-driver-${{ steps.tags.outputs.chart }}.tgz
131 changes: 131 additions & 0 deletions .github/workflows/10-linters-tests-image.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
# This workflow run linters and tests, and publishes a new image if there is a release or
# push to main. It is supposed to be run on each push to main branch, on each release, as
# well as for each push in pull request.

name: Code and Image workflow

on:
pull_request:
branches: [ '*' ]
push:
branches:
- "main"
tags:
- 'v*'

env:
REGISTRY: docker.io
REPOSITORY: linode
IMAGE: linode-cosi-driver

permissions:
contents: read

jobs:
commitlint:
name: Lint commit messages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}

golangci-lint:
name: Run golangci-lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
cache: false
- uses: golangci/golangci-lint-action@v4
with:
version: latest
skip-cache: true

shell-linter:
name: Run Shellcheck, Checkmake
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
- uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
cache: false
- name: Install Checkmake
run: go install github.com/mrtazz/checkmake/cmd/checkmake@latest
- name: Run Checkmake
run: checkmake Makefile
- name: Run Checkmake on tests
run: checkmake test/Makefile

tests:
name: Run unit tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
cache: false
- run: |
make test
docker:
name: Build dev image and run scans
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to registry
if: startsWith(github.ref, 'refs/tags/v') || (github.ref == 'refs/heads/main')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Capture latest tag if exists
uses: actions-ecosystem/action-get-latest-tag@v1
id: get-latest-tag
with:
semver_only: true
with_initial_version: true
initial_version: v0.0.0
- name: Set proper tags
id: tags
run: |
./scripts/tags.sh \
"${{ env.REGISTRY }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}" \
"${{ github.sha }}" \
"${{ github.ref_name }}" \
"${{ steps.get-latest-tag.outputs.tag }}" \
"${GITHUB_OUTPUT}"
- name: Build image
uses: docker/build-push-action@v5
with:
push: ${{ startsWith(github.ref, 'refs/tags/v') || (github.ref == 'refs/heads/main') }}
load: ${{ !(startsWith(github.ref, 'refs/tags/v') || (github.ref == 'refs/heads/main')) }}
tags: ${{ steps.tags.outputs.all }}
build-args: |
VERSION=${{ steps.tags.outputs.version }}
target: runtime
- name: Scan image using Grype
id: grype
uses: anchore/scan-action@v3
with:
image: ${{ steps.tags.outputs.full_version }}
output-format: table
- name: Scan image using Trivy
if: steps.grype.outcome == 'success' || steps.grype.outcome == 'failure'
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.tags.outputs.full_version }}
format: table
exit-code: '1'
severity: 'CRITICAL,HIGH,MEDIUM'
97 changes: 0 additions & 97 deletions .github/workflows/10-linters-tests.yaml
View file

This file was deleted.

35 changes: 0 additions & 35 deletions .github/workflows/99-release.yaml
View file

This file was deleted.

Loading

0 comments on commit 2d0af79

Please sign in to comment.