Skip to content

Commit

Permalink
feat: Enable automatic release (#321)
Browse files Browse the repository at this point in the history
* Add automatic releases

* fix makefile

* fix lint

* allow v prefix on tag name

* Update trigger_prerelease.yml

* Fix various items in automation

* Remove nonexistent file from makefile

* Remove nonexistent file from makefile

* fix wrong versions and secret names

* update slack action version
  • Loading branch information
svetlanabrennan authored Aug 23, 2023
1 parent 12eef83 commit e90fc96
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 15 deletions.
14 changes: 2 additions & 12 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
{
"extends": [
"config:base",
// Disable the creation of this issue that renovate updates with the pending issue we follow with Zenhub:
":disableDependencyDashboard"
],
// Label PRs with `dependencies`.
"labels": ["dependencies"],
"enabledManagers": [
// Managers for helm and helm-values. Go dependencies are managed by Dependabot.
"helm-values",
"helmv3"
],
"ignoreDeps": ["ingress-nginx/kube-webhook-certgen"]
"github>newrelic/coreint-automation:renovate-base.json5"
]
}
2 changes: 2 additions & 0 deletions .github/workflows/push_pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ on:
push:
branches:
- main
- master
- renovate/**

This comment has been minimized.

Copy link
@csongnr

csongnr Nov 16, 2023

Contributor

I think this might be unnecessary, we're already running the same suite for any pull request (line below), now all the renovate PRs are running the full testing suite twice

This comment has been minimized.

Copy link
@csongnr

csongnr Nov 16, 2023

Contributor

Talked offline, this is necessary because renovate will autocommit to main if the initial set of checks pass, but if they fail, theyll push to a temporary renovate branch to create a PR and try running the checks again, which is the second 'duplicate' run being seen in some PRs.

pull_request:

jobs:
Expand Down
21 changes: 19 additions & 2 deletions .github/workflows/release-integration.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
name: Release
name: Pre-release and Release pipeline

on:
release:
types: [prereleased, released]
tags:
- 'v*'

env:
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}

jobs:
build:
Expand Down Expand Up @@ -44,7 +49,7 @@ jobs:
steps:
- name: Generate docker image version from git tag
run: |
echo "${{ github.event.release.tag_name }}" | grep -E '^v[0-9.]*[0-9]$'
echo "${{ github.event.release.tag_name }}" | grep -E '^[v]?[0-9.]*[0-9]$'
DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//')
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV
- uses: actions/checkout@v3
Expand Down Expand Up @@ -88,3 +93,15 @@ jobs:
-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \
-t $DOCKER_IMAGE_NAME:latest \
.
notify-failure:
if: ${{ always() && failure() }}
needs: [docker-integration]
runs-on: ubuntu-latest
steps:
- name: Notify failure via Slack
uses: archive/github-actions-slack@v2
with:
slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [release pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})."
5 changes: 4 additions & 1 deletion .github/workflows/security.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
branches:
- master
- main
- renovate/**
pull_request:
schedule:
- cron: "0 3 * * *"
Expand All @@ -15,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
Expand All @@ -25,6 +26,7 @@ jobs:
ignore-unfixed: true
exit-code: 1
severity: 'HIGH,CRITICAL'
skip-dirs: 'build'

- name: Run Trivy vulnerability scanner sarif output
uses: aquasecurity/[email protected]
Expand All @@ -36,6 +38,7 @@ jobs:
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
skip-dirs: 'build'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
Expand Down
20 changes: 20 additions & 0 deletions .github/workflows/trigger_prerelease.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Trigger prerelease creation

# This workflow triggers a prerelease creation with changelog and the release notes created by the release toolkit.
# This workflow should be triggered merely from the default branch.
# For more details about how to release follow https://github.com/newrelic/coreint-automation/blob/main/docs/release_runbook.md

on:
workflow_dispatch:
schedule:
- cron: "0 12 * * 1" # Monday at 12pm UTC or 5am PT

jobs:
prerelease:
uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1
with:
rt-included-files: go.mod,go.sum,build/Dockerfile
secrets:
bot_token: ${{ secrets.K8S_AGENTS_BOT_TOKEN }}
slack_channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
slack_token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ bin

# Downloaded chart dependencies
**/charts/*.tgz

# Release toolkit
CHANGELOG.partial.md
10 changes: 10 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,13 @@ e2e-test:
benchmark-test:
@echo "[test] Running benchmark tests"
@go test -run=^Benchmark* -bench .

# rt-update-changelog runs the release-toolkit run.sh script by piping it into bash to update the CHANGELOG.md.
# It also passes down to the script all the flags added to the make target. To check all the accepted flags,
# see: https://github.com/newrelic/release-toolkit/blob/main/contrib/ohi-release-notes/run.sh
# e.g. `make rt-update-changelog -- -v`
rt-update-changelog:
curl "https://raw.githubusercontent.com/newrelic/release-toolkit/v1/contrib/ohi-release-notes/run.sh" | bash -s -- $(filter-out $@,$(MAKECMDGOALS))


.PHONY: compile rt-update-changelog

0 comments on commit e90fc96

Please sign in to comment.