diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 1555a4fa..28f3379a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,15 +1,5 @@ { "extends": [ - "config:base", - // Disable the creation of this issue that renovate updates with the pending issue we follow with Zenhub: - ":disableDependencyDashboard" - ], - // Label PRs with `dependencies`. - "labels": ["dependencies"], - "enabledManagers": [ - // Managers for helm and helm-values. Go dependencies are managed by Dependabot. - "helm-values", - "helmv3" - ], - "ignoreDeps": ["ingress-nginx/kube-webhook-certgen"] + "github>newrelic/coreint-automation:renovate-base.json5" + ] } diff --git a/.github/workflows/push_pr.yml b/.github/workflows/push_pr.yml index f1224789..c9aa54cc 100644 --- a/.github/workflows/push_pr.yml +++ b/.github/workflows/push_pr.yml @@ -4,6 +4,8 @@ on: push: branches: - main + - master + - renovate/** pull_request: jobs: diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index a81b4f53..c2ede0bb 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -1,8 +1,13 @@ -name: Release +name: Pre-release and Release pipeline on: release: types: [prereleased, released] + tags: + - 'v*' + +env: + ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }} jobs: build: @@ -44,7 +49,7 @@ jobs: steps: - name: Generate docker image version from git tag run: | - echo "${{ github.event.release.tag_name }}" | grep -E '^v[0-9.]*[0-9]$' + echo "${{ github.event.release.tag_name }}" | grep -E '^[v]?[0-9.]*[0-9]$' DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//') echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV - uses: actions/checkout@v3 @@ -88,3 +93,15 @@ jobs: -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ -t $DOCKER_IMAGE_NAME:latest \ . + + notify-failure: + if: ${{ always() && failure() }} + needs: [docker-integration] + runs-on: ubuntu-latest + steps: + - name: Notify failure via Slack + uses: archive/github-actions-slack@v2 + with: + slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }} + slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }} + slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [release pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})." diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 320fe6fb..79d4fa22 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -5,6 +5,7 @@ on: branches: - master - main + - renovate/** pull_request: schedule: - cron: "0 3 * * *" @@ -15,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@0.11.2 @@ -25,6 +26,7 @@ jobs: ignore-unfixed: true exit-code: 1 severity: 'HIGH,CRITICAL' + skip-dirs: 'build' - name: Run Trivy vulnerability scanner sarif output uses: aquasecurity/trivy-action@0.11.2 @@ -36,6 +38,7 @@ jobs: format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' + skip-dirs: 'build' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 diff --git a/.github/workflows/trigger_prerelease.yml b/.github/workflows/trigger_prerelease.yml new file mode 100644 index 00000000..44fdfe98 --- /dev/null +++ b/.github/workflows/trigger_prerelease.yml @@ -0,0 +1,20 @@ +name: Trigger prerelease creation + +# This workflow triggers a prerelease creation with changelog and the release notes created by the release toolkit. +# This workflow should be triggered merely from the default branch. +# For more details about how to release follow https://github.com/newrelic/coreint-automation/blob/main/docs/release_runbook.md + +on: + workflow_dispatch: + schedule: + - cron: "0 12 * * 1" # Monday at 12pm UTC or 5am PT + +jobs: + prerelease: + uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1 + with: + rt-included-files: go.mod,go.sum,build/Dockerfile + secrets: + bot_token: ${{ secrets.K8S_AGENTS_BOT_TOKEN }} + slack_channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }} + slack_token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }} diff --git a/.gitignore b/.gitignore index 2b50be5d..9c2d9fcf 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,6 @@ bin # Downloaded chart dependencies **/charts/*.tgz + +# Release toolkit +CHANGELOG.partial.md diff --git a/Makefile b/Makefile index 41790f23..9315b9a0 100644 --- a/Makefile +++ b/Makefile @@ -57,3 +57,13 @@ e2e-test: benchmark-test: @echo "[test] Running benchmark tests" @go test -run=^Benchmark* -bench . + +# rt-update-changelog runs the release-toolkit run.sh script by piping it into bash to update the CHANGELOG.md. +# It also passes down to the script all the flags added to the make target. To check all the accepted flags, +# see: https://github.com/newrelic/release-toolkit/blob/main/contrib/ohi-release-notes/run.sh +# e.g. `make rt-update-changelog -- -v` +rt-update-changelog: + curl "https://raw.githubusercontent.com/newrelic/release-toolkit/v1/contrib/ohi-release-notes/run.sh" | bash -s -- $(filter-out $@,$(MAKECMDGOALS)) + + +.PHONY: compile rt-update-changelog