From 19e23b77951a8bb3268506cd1a0021042b3a221b Mon Sep 17 00:00:00 2001 From: Blake Pearson Date: Fri, 18 Aug 2023 11:26:05 -0700 Subject: [PATCH] Issue #3880 - Feature Request: Add release management workflow to Anax Signed-off-by: Blake Pearson --- .github/scripts/configure_versions_script.sh | 9 +- .github/scripts/docker_save_script.sh | 41 ++ .github/workflows/build-push.yml | 195 +++++++-- .github/workflows/release.yml | 436 +++++++++++++++++++ test/Makefile | 12 +- test/gov/service_apireg.sh | 7 + 6 files changed, 643 insertions(+), 57 deletions(-) create mode 100755 .github/scripts/docker_save_script.sh create mode 100644 .github/workflows/release.yml diff --git a/.github/scripts/configure_versions_script.sh b/.github/scripts/configure_versions_script.sh index c4b8be770..8b6949b0b 100755 --- a/.github/scripts/configure_versions_script.sh +++ b/.github/scripts/configure_versions_script.sh @@ -18,12 +18,13 @@ ESS_IMAGE_VERSION="${ORIG_ESS_IMAGE_VERSION}-${BUILD_NUMBER}" # ESS_IMAGE_VERSION="${ORIG_ESS_IMAGE_VERSION}-${UNIQUE_VERSION_HASH}" # Output configured versions for viewing +echo "***Anax Version, No Build Number: ${ORIG_ANAX_IMAGE_VERSION}" echo "***Anax Version: ${ANAX_IMAGE_VERSION}" echo "***CSS Version: ${CSS_IMAGE_VERSION}" echo "***ESS Version: ${ESS_IMAGE_VERSION}" # Put script variables into workflow env. variables -echo "VERSION_NO_BUILD_NUMBER=$ORIG_ANAX_IMAGE_VERSION" >> $GITHUB_ENV -echo "ANAX_IMAGE_VERSION=$ANAX_IMAGE_VERSION" >> $GITHUB_ENV -echo "CSS_IMAGE_VERSION=$CSS_IMAGE_VERSION" >> $GITHUB_ENV -echo "ESS_IMAGE_VERSION=$ESS_IMAGE_VERSION" >> $GITHUB_ENV \ No newline at end of file +echo "VERSION_NO_BUILD_NUMBER=$ORIG_ANAX_IMAGE_VERSION" >> "$GITHUB_OUTPUT" +echo "ANAX_IMAGE_VERSION=$ANAX_IMAGE_VERSION" >> "$GITHUB_OUTPUT" +echo "CSS_IMAGE_VERSION=$CSS_IMAGE_VERSION" >> "$GITHUB_OUTPUT" +echo "ESS_IMAGE_VERSION=$ESS_IMAGE_VERSION" >> "$GITHUB_OUTPUT" \ No newline at end of file diff --git a/.github/scripts/docker_save_script.sh b/.github/scripts/docker_save_script.sh new file mode 100755 index 000000000..5d0d873ab --- /dev/null +++ b/.github/scripts/docker_save_script.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +if [[ -z "$ANAX_IMAGE_VERSION" ]]; then + echo "::error file=docker_save_script.sh::Anax Image Version is unset, check the 'Configure Version Variables' step" + exit 1 +fi +if [[ -z "$CSS_IMAGE_VERSION" ]]; then + echo "::error file=docker_save_script.sh::CSS Image Version is unset, check the 'Configure Version Variables' step" + exit 1 +fi +if [[ -z "$ESS_IMAGE_VERSION" ]]; then + echo "::error file=docker_save_script.sh::ESS Image Version is unset, check the 'Configure Version Variables' step" + exit 1 +fi + +# Names of the images created for each architecture +if [[ ${arch} == 'amd64' ]]; then + images=('amd64_agbot' 'amd64_anax' 'amd64_anax_k8s' 'amd64_auto-upgrade-cronjob_k8s' 'amd64_cloud-sync-service' 'amd64_edge-sync-service') +elif [[ ${arch} == 'ppc64el' ]]; then + images=('ppc64el_anax' 'ppc64el_anax_k8s' 'ppc64el_auto-upgrade-cronjob_k8s' 'ppc64el_edge-sync-service') +elif [[ ${arch} == 'arm64' ]]; then + images=('arm64_anax' 'arm64_anax_k8s' 'arm64_auto-upgrade-cronjob_k8s' 'arm64_edge-sync-service') +elif [[ ${arch} == 's390x' ]]; then + images=('s390x_anax' 's390x_anax_k8s' 's390x_auto-upgrade-cronjob_k8s' 's390x_edge-sync-service') +fi + +# Save those images +for image in "${images[@]}"; do + + if [[ ${image} == *"cloud-sync-service"* ]]; then + VERSION=${CSS_IMAGE_VERSION} + elif [[ ${image} == *"edge-sync-service"* ]]; then + VERSION=${ESS_IMAGE_VERSION} + else + VERSION=${ANAX_IMAGE_VERSION} + fi + + docker tag ${IMAGE_REPO}/${image}:testing ${IMAGE_REPO}/${image}:${VERSION} + docker save ${IMAGE_REPO}/${image}:${VERSION} | gzip > ${image}.tar.gz + +done \ No newline at end of file diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index f69b25ff9..891a01055 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -8,6 +8,7 @@ on: - master - v2.30 - v2.29 + workflow_dispatch: env: IMAGE_REPO: ${{ vars.DOCKERHUB_REPO }} @@ -21,10 +22,15 @@ env: jobs: # Migrating workflow causes run number to be reset to 1, offset so our versions don't go back in time. - offset-build-number: + prepare-workflow: + if: github.repository_owner == 'open-horizon' runs-on: ubuntu-20.04 outputs: BUILD_NUMBER: ${{ steps.offset.outputs.BUILD_NUMBER }} + ANAX_IMAGE_VERSION: ${{ steps.version.outputs.ANAX_IMAGE_VERSION }} + CSS_IMAGE_VERSION: ${{ steps.version.outputs.CSS_IMAGE_VERSION }} + ESS_IMAGE_VERSION: ${{ steps.version.outputs.ESS_IMAGE_VERSION }} + VERSION_NO_BUILD_NUMBER: ${{ steps.version.outputs.VERSION_NO_BUILD_NUMBER }} steps: # Ensure that the repo variables and secrets are set before running any other steps - name: Check User Set Variables @@ -75,9 +81,39 @@ jobs: run: | echo "BUILD_NUMBER=$(($RUN_NUMBER + $RUN_NUMBER_OFFSET))" >> "$GITHUB_OUTPUT" + # Checkout our Github repo + - name: Checkout Github Repo + uses: actions/checkout@v3 + + # Configure version variables for later steps, stored in our workflow env. variables + - name: Config Version Variables + id: version + run: | + cd $GITHUB_WORKSPACE + ./.github/scripts/configure_versions_script.sh + env: + BUILD_NUMBER: ${{ steps.offset.outputs.BUILD_NUMBER }} + + # Prepare files for upload + - name: Prepare Files for Upload + run: | + mkdir $RUNNER_TEMP/files_to_upload + mkdir $RUNNER_TEMP/files_to_tar && cd $RUNNER_TEMP/files_to_tar + cp $GITHUB_WORKSPACE/agent-install/agent-uninstall.sh . + cp $GITHUB_WORKSPACE/agent-install/k8s/* . + tar -czvf $RUNNER_TEMP/files_to_upload/horizon-agent-edge-cluster-files.tar.gz *.* + cp $GITHUB_WORKSPACE/agent-install/agent-install.sh $RUNNER_TEMP/files_to_upload + + # Upload files needed for release management that don't change between runs + - name: Upload Anax Agent Files + uses: actions/upload-artifact@v3 + with: + name: anax-agent-files-v${{ steps.version.outputs.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/files_to_upload + # Builds on Linux: Deb Packages, RPM Packages, Docker images, and pushes to Dockerhub linux-build-push: - needs: offset-build-number + needs: prepare-workflow # The type of runner that the job will run on runs-on: ubuntu-20.04 @@ -92,11 +128,11 @@ jobs: env: arch: ${{ matrix.architecture }} os: ${{ matrix.platform }} - BUILD_NUMBER: ${{ needs.offset-build-number.outputs.BUILD_NUMBER }} - ANAX_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - CSS_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - ESS_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - VERSION_NO_BUILD_NUMBER: '' # Updated in 'Config Version Variables' step + BUILD_NUMBER: ${{ needs.prepare-workflow.outputs.BUILD_NUMBER }} + ANAX_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.ANAX_IMAGE_VERSION }} + CSS_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.CSS_IMAGE_VERSION }} + ESS_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.ESS_IMAGE_VERSION }} + VERSION_NO_BUILD_NUMBER: ${{ needs.prepare-workflow.outputs.VERSION_NO_BUILD_NUMBER }} GOPATH: /home/runner/work/anax/anax/go # Steps represent a sequence of tasks that will be executed as part of the job @@ -155,12 +191,6 @@ jobs: run: | echo "GO_VERSION=$(go version | awk '{print $3}')" >> $GITHUB_OUTPUT - # Configure version variables for later steps, stored in our workflow env. variables - - name: Config Version Variables - run: | - cd ${GOPATH}/src/github.com/${GITHUB_REPOSITORY} - ./.github/scripts/configure_versions_script.sh - # Increment version, make translation catalogs, build anax binaries for given ARCH and OS - name: Build Anax Binaries run: | @@ -298,10 +328,91 @@ jobs: cd ${GOPATH}/src/github.com/${GITHUB_REPOSITORY} ./.github/scripts/docker_push_script.sh + # Save Docker Images + - name: Save Docker Images + if: (matrix.architecture == 'amd64' || matrix.architecture == 'ppc64el' || matrix.architecture == 'arm64' || matrix.architecture == 's390x') + run: | + mkdir -p $RUNNER_TEMP/images_to_upload && cd $RUNNER_TEMP/images_to_upload + ${GOPATH}/src/github.com/${GITHUB_REPOSITORY}/.github/scripts/docker_save_script.sh + + # Upload Agbot Docker Images + - name: Upload Agbot Docker Images to Artifacts + if: (matrix.architecture == 'amd64') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_agbot-image-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_agbot.tar.gz + + # Upload Anax Docker Images + - name: Upload Anax Docker Images to Artifacts + if: (matrix.architecture == 'amd64' || matrix.architecture == 'ppc64el' || matrix.architecture == 'arm64' || matrix.architecture == 's390x') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_anax-image-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_anax.tar.gz + + # Upload Anax K8s Docker Images + - name: Upload Anax K8s Docker Images to Artifacts + if: (matrix.architecture == 'amd64' || matrix.architecture == 'ppc64el' || matrix.architecture == 'arm64' || matrix.architecture == 's390x') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_anax_k8s-image-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_anax_k8s.tar.gz + + # Upload Anax K8s Cronjob Docker Images + - name: Upload Anax K8s Cronjob Docker Images to Artifacts + if: (matrix.architecture == 'amd64' || matrix.architecture == 'ppc64el' || matrix.architecture == 'arm64' || matrix.architecture == 's390x') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_auto-upgrade-cronjob_k8s-image-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_auto-upgrade-cronjob_k8s.tar.gz + + # Upload CSS Docker Images + - name: Upload CSS Docker Images to Artifacts + if: (matrix.architecture == 'amd64') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_cloud-sync-service-image-v${{ env.CSS_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_cloud-sync-service.tar.gz + + # Upload ESS Docker Images + - name: Upload ESS Docker Images to Artifacts + if: (matrix.architecture == 'amd64' || matrix.architecture == 'ppc64el' || matrix.architecture == 'arm64' || matrix.architecture == 's390x') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}_edge-sync-service-image-v${{ env.ESS_IMAGE_VERSION }} + path: ${{ runner.temp }}/images_to_upload/${{ matrix.architecture }}_edge-sync-service.tar.gz + + # Prep to Upload Packages + - name: Prepare to Upload Packages + run: | + mkdir -p $RUNNER_TEMP/rpm_to_upload + if [[ ${arch} == 'amd64' ]]; then \ + cp /home/runner/rpmbuild/RPMS/x86_64/*.rpm $RUNNER_TEMP/rpm_to_upload; \ + elif [[ ${arch} == 'ppc64el' || ${arch} == 's390x' ]]; then \ + cp /home/runner/work/anax/anax/RPMS/*.rpm $RUNNER_TEMP/rpm_to_upload; \ + fi + mkdir -p $RUNNER_TEMP/deb_to_upload + cp ${GOPATH}/src/github.com/${GITHUB_REPOSITORY}/pkg/deb/debs/*.deb $RUNNER_TEMP/deb_to_upload + + # Upload RPM Packages + - name: Upload RPM Packages to Artifacts + if: (matrix.architecture == 'ppc64el' || matrix.architecture == 'amd64' || matrix.architecture == 's390x') + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}-rpm-package-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/rpm_to_upload/*.rpm + + # Upload DEB Packages + - name: Upload DEB Packages to Artifacts + uses: actions/upload-artifact@v3 + with: + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}-deb-package-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/deb_to_upload/*.deb # Build our mac packages on a macOS runner mac-build: - needs: offset-build-number + needs: prepare-workflow # Do not use any 'xl' version of macos or you will pay (literally) # When mac silicon runner comes out we can update this runs-on to ${{ (matrix.architecture == 'amd64') && 'macos-12' || 'macSiliconVersion' }} @@ -315,17 +426,13 @@ jobs: env: arch: ${{ matrix.architecture }} os: ${{ matrix.platform }} - BUILD_NUMBER: ${{ needs.offset-build-number.outputs.BUILD_NUMBER }} - ANAX_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - CSS_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - ESS_IMAGE_VERSION: '' # Updated in 'Config Version Variables' step - VERSION_NO_BUILD_NUMBER: '' # Updated in 'Config Version Variables' step + BUILD_NUMBER: ${{ needs.prepare-workflow.outputs.BUILD_NUMBER }} + ANAX_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.ANAX_IMAGE_VERSION }} + CSS_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.CSS_IMAGE_VERSION }} + ESS_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.ESS_IMAGE_VERSION }} + VERSION_NO_BUILD_NUMBER: ${{ needs.prepare-workflow.outputs.VERSION_NO_BUILD_NUMBER }} GOPATH: /Users/runner/work/anax/anax/go - # Specify outputs to be used in our push-macos job - outputs: - ANAX_VERSION: ${{ env.ANAX_IMAGE_VERSION }} - steps: # Checkout our Github repo - name: Checkout Github Repo @@ -340,12 +447,6 @@ jobs: go-version: '1.19' check-latest: true - # Configure version variables for later steps, stored in our workflow env. variables - - name: Config Version Variables - run: | - cd ${GOPATH}/src/github.com/${GITHUB_REPOSITORY} - ./.github/scripts/configure_versions_script.sh - # Configure the certificates for package signing - name: Configure Certificates run: | @@ -399,18 +500,24 @@ jobs: env: VERSION: ${{ env.VERSION_NO_BUILD_NUMBER }} + - name: Add Certificate File to Package Directory + run: | + touch ${GOPATH}/src/github.com/${GITHUB_REPOSITORY}/pkg/mac/build/horizon-cli.crt + echo "$MACPKG_HORIZON_CLI_CRT" >> ${GOPATH}/src/github.com/${GITHUB_REPOSITORY}/pkg/mac/build/horizon-cli.crt + env: + MACPKG_HORIZON_CLI_CRT: ${{ secrets.MACPKG_HORIZON_CLI_CRT }} + # Upload created package to artifacts to be used in next job - name: Upload MacOS Package to Artifacts uses: actions/upload-artifact@v3 with: - name: macos-${{ matrix.architecture }}-package - path: ${{ env.GOPATH }}/src/github.com/${{ github.repository }}/pkg/mac/build/*.pkg - + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}-mac-package-v${{ env.ANAX_IMAGE_VERSION }} + path: ${{ env.GOPATH }}/src/github.com/${{ github.repository }}/pkg/mac/build/* # This will push our built mac packages to Dockerhub mac-push: # Specify that we wait for mac-build to run and create the packages - needs: mac-build + needs: [prepare-workflow, mac-build] runs-on: ubuntu-20.04 @@ -456,22 +563,16 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} # Setup a working directory in the temp folder path - - name: Setup Working Directory and add Certificate File - id: workdir_setup + - name: Setup Working Directory for Mac Package run: | mkdir $RUNNER_TEMP/macs - touch $RUNNER_TEMP/macs/horizon-cli.crt - echo "$MACPKG_HORIZON_CLI_CRT" >> $RUNNER_TEMP/macs/horizon-cli.crt - echo "PKG_PATH="${RUNNER_TEMP}/macs"" >> $GITHUB_OUTPUT - env: - MACPKG_HORIZON_CLI_CRT: ${{ secrets.MACPKG_HORIZON_CLI_CRT }} # Retrieve artifact from previous job - name: Download our MacOS Package Artifact uses: actions/download-artifact@v3 with: - name: macos-${{ matrix.architecture }}-package - path: ${{ steps.workdir_setup.outputs.PKG_PATH }} + name: anax-${{ matrix.platform }}-${{ matrix.architecture }}-mac-package-v${{ needs.prepare-workflow.outputs.ANAX_IMAGE_VERSION }} + path: ${{ runner.temp }}/macs # Push our .crt and .pkg to Dockerhub - name: Make MacOS Package Tarball and Upload to Dockerhub @@ -485,10 +586,10 @@ jobs: # Build docker image with only mac tarball docker build \ - --no-cache \ - -t ${IMAGE_REPO}/${{ matrix.architecture }}_anax_macpkg:testing \ - -f Dockerfile.macpkg.tarball \ - . + --no-cache \ + -t ${IMAGE_REPO}/${{ matrix.architecture }}_anax_macpkg:testing \ + -f Dockerfile.macpkg.tarball \ + . if [[ "$GITHUB_REF" == 'refs/heads/master' ]]; then docker push ${IMAGE_REPO}/${{ matrix.architecture }}_anax_macpkg:testing @@ -499,4 +600,4 @@ jobs: docker push ${IMAGE_REPO}/${{ matrix.architecture }}_anax_macpkg:testing_${GH_BRANCH} fi env: - ANAX_IMAGE_VERSION: ${{ needs.mac-build.outputs.ANAX_VERSION }} + ANAX_IMAGE_VERSION: ${{ needs.prepare-workflow.outputs.ANAX_IMAGE_VERSION }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..883cc324e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,436 @@ +name: Anax Release Manager + +on: + workflow_dispatch: + inputs: + AGBOT_VERSION: + description: 'Version of Agbot Image to be released, with build number' + required: true + type: string + ANAX_VERSION: + description: 'Version of Anax Images and Packages to be released, with build number' + required: true + type: string + ANAX_K8S_VERSION: + description: 'Version of Anax K8s Images to be released, with build number' + required: true + type: string + ANAX_CSS_VERSION: + description: 'Version of CSS Image to be released, with build number' + required: true + type: string + ANAX_ESS_VERSION: + description: 'Version of ESS Image to be released, with build number' + required: true + type: string + IS_LATEST: + description: 'Should we push the latest Dockerhub tags and mark releases as latest' + required: true + type: boolean + default: true + +env: + DOCKERHUB_REGISTRY: ${{ vars.DOCKERHUB_REPO }} + GITHUB_CONTAINER_REGISTRY: ghcr.io/${{ github.repository_owner }} + # Variables to control GH CLI + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + GH_HOST: github.com + # Bring GitHub Contexts into Environment + AGBOT_VERSION: ${{ github.event.inputs.AGBOT_VERSION }} + ANAX_VERSION: ${{ github.event.inputs.ANAX_VERSION }} + ANAX_K8S_VERSION: ${{ github.event.inputs.ANAX_K8S_VERSION }} + ANAX_CSS_VERSION: ${{ github.event.inputs.ANAX_CSS_VERSION }} + ANAX_ESS_VERSION: ${{ github.event.inputs.ANAX_ESS_VERSION }} + # Space delimited arrays used in shell scripts, specifying what images should be promoted to what tags in Dockerhub + AGBOT_VERSION_IMAGES: "amd64_agbot" + ANAX_VERSION_IMAGES: "amd64_anax arm64_anax ppc64el_anax s390x_anax" + ANAX_K8S_VERSION_IMAGES: "amd64_anax_k8s amd64_auto-upgrade-cronjob_k8s arm64_anax_k8s arm64_auto-upgrade-cronjob_k8s ppc64el_anax_k8s ppc64el_auto-upgrade-cronjob_k8s s390x_anax_k8s s390x_auto-upgrade-cronjob_k8s" + ANAX_CSS_VERSION_IMAGES: "amd64_cloud-sync-service" + ANAX_ESS_VERSION_IMAGES: "amd64_edge-sync-service arm64_edge-sync-service ppc64el_edge-sync-service s390x_edge-sync-service" + +jobs: + prepare-workflow: + runs-on: ubuntu-20.04 + + environment: release_environment + + steps: + # Ensure that the repo variables and secrets are set before running any other steps + - name: Check User Set Variables + run: | + if [[ -z "$DOCKER_USER" ]]; then \ + echo "::error::Secret DOCKER_USER was not set"; \ + exit 1; \ + fi + if [[ -z "$DOCKER_TOKEN" ]]; then \ + echo "::error::Secret DOCKER_TOKEN was not set"; \ + exit 1; \ + fi + if [[ -z "$DOCKERHUB_REGISTRY" ]]; then \ + echo "::error::Variable DOCKERHUB_REPO was not set"; \ + exit 1; \ + fi + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + + # Check if Release Already Exists and fail so there is not an error when attempting to create the same release + - name: Check if Release Already Exists for Requested Version + run: | + RELEASE_STATUS=$( + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository }}/releases/tags/v${{ env.AGBOT_VERSION }} \ + | jq -r '.html_url') + + sleep 10 + + if [[ $RELEASE_STATUS != 'null' ]]; then + echo "::error::Attempted to create a release for a version of Anax that already has a release page, see $RELEASE_STATUS" + exit 1 + fi + + promote-images: + needs: prepare-workflow + + runs-on: ubuntu-20.04 + + strategy: + matrix: + image-version: ['AGBOT_VERSION', 'ANAX_VERSION', 'ANAX_K8S_VERSION', 'ANAX_CSS_VERSION', 'ANAX_ESS_VERSION'] + + steps: + # Upgrade Docker engine version + - name: Install Latest Docker Version + run: | + sudo apt-get purge docker-ce docker-ce-cli containerd.io runc containerd moby-buildx moby-cli moby-compose moby-containerd moby-engine moby-runc + + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + sudo apt-get update + sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + + # Authenticate Dockerhub to allow pushing to our image repo + - name: Login to Dockerhub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_TOKEN }} + + # Get the images based on the inputted version + - name: Get and Promote ${{ matrix.image-version }} Images + run: | + IMAGE_LIST=$${{ matrix.image-version }}_IMAGES + IMAGE_VERSION=$${{ matrix.image-version }} + + IMAGES_TO_LOAD=($IMAGE_LIST) + RELEASE_TAGS=($DOCKERHUB_REGISTRY_RELEASE_TAGS) + for image in "${IMAGES_TO_LOAD[@]}"; do + + if gh run download -n anax-linux-${image}-image-v${IMAGE_VERSION}; then + echo "::debug::Using artifact from build-push.yml run" + cat ${image}.tar.gz | docker load + elif docker pull ${DOCKERHUB_REGISTRY}/${image}:${IMAGE_VERSION}; then + echo "::warning::Artifact anax-linux-${image}-image-v${IMAGE_VERSION} not found in build-push.yml workflow, using docker image, ${DOCKERHUB_REGISTRY}/${image}:${IMAGE_VERSION}" + else + echo "::error::Artifact anax-linux-${image}-image-v${IMAGE_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${image}:${IMAGE_VERSION} not found in Dockerhub" + exit 1 + fi + + docker push ${DOCKERHUB_REGISTRY}/${image}:${IMAGE_VERSION} + + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${image}:${IMAGE_VERSION} ${DOCKERHUB_REGISTRY}/${image}:latest + docker push ${DOCKERHUB_REGISTRY}/${image}:latest + fi + done + shell: bash + + # Get and promote the Dockerhub images that contain our packages for backup purposes + - name: Get and Promote Package Artifacts to Dockerhub + if: matrix.image-version == 'AGBOT_VERSION' + run: | + mkdir -p $RUNNER_TEMP/artifact_promotion_dir && cd $RUNNER_TEMP/artifact_promotion_dir + + DEB_PACKAGES_TO_LOAD=("amd64" "arm64" "armhf" "ppc64el" "s390x") + RPM_PACKAGES_TO_LOAD=("ppc64el" "amd64" "s390x") + MAC_PACKAGES_TO_LOAD=("amd64" "arm64") + + ################################# BACKUP DEB PACKAGES ################################# + touch Dockerfile.debs.tarball + echo "FROM alpine:latest" >> Dockerfile.debs.tarball + echo "ADD ./debs.tar.gz ." >> Dockerfile.debs.tarball + + for arch_name in "${DEB_PACKAGES_TO_LOAD[@]}"; do + mkdir -p ./debs + # If the packages exist as artifacts we want to download them and make sure that we push the version number to dockerhub for fallback purposes + if gh run download -n anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION} -D ./debs; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf debs.tar.gz debs/*.deb + + docker build \ + --no-cache \ + -t ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} \ + -f Dockerfile.debs.tarball \ + . + + rm -rf ./debs.tar.gz + + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} + + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:latest + fi + + # If the packages do not exist as artifacts we want to simply fallback to dockerhub and if we are on master then tie the latest release to that package + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION}" + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:latest + fi + else + echo "::error::Artifact anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + rm -rf ./debs + done + + ################################# BACKUP RPM PACKAGES ################################# + touch Dockerfile.rpm.tarball + echo "FROM alpine:latest" >> Dockerfile.rpm.tarball + echo "ADD ./rpm.tar.gz ." >> Dockerfile.rpm.tarball + + for arch_name in "${RPM_PACKAGES_TO_LOAD[@]}"; do + mkdir -p ./RPMS + # If the packages exist as artifacts we want to download them and make sure that we push the version number to dockerhub for fallback purposes + if gh run download -n anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION} -D ./RPMS; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf rpm.tar.gz RPMS/*.rpm + + docker build \ + --no-cache \ + -t ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} \ + -f Dockerfile.rpm.tarball \ + . + + rm -rf ./rpm.tar.gz + + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} + + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:latest + fi + + # If the packages do not exist as artifacts we want to simply fallback to dockerhub and if we are on master then tie the latest release to that package + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION}" + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:latest + fi + else + echo "::error::Artifact anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + rm -rf ./RPMS + done + + ################################# BACKUP MAC PACKAGES ################################# + touch Dockerfile.macpkg.tarball + echo "FROM alpine:latest" >> Dockerfile.macpkg.tarball + echo "ADD ./macpkg.tar.gz ." >> Dockerfile.macpkg.tarball + + for arch_name in "${MAC_PACKAGES_TO_LOAD[@]}"; do + mkdir -p ./macs + if gh run download -n anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION} -D ./macs; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf macpkg.tar.gz macs + + docker build \ + --no-cache \ + -t ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} \ + -f Dockerfile.macpkg.tarball \ + . + + rm -rf ./macpkg.tar.gz + + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} + + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:latest + fi + + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION}" + if [[ "${{ github.event.inputs.IS_LATEST }}" == "true" ]]; then + docker tag ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:latest + docker push ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:latest + fi + else + echo "::error::Artifact anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + rm -rf ./macs + done + + + ################################ BACKUP AGENT PACKAGES ################################ + touch Dockerfile.agent.tarball + echo "FROM alpine:latest" >> Dockerfile.agent.tarball + echo "ADD ./agent.tar.gz ." >> Dockerfile.agent.tarball + + mkdir -p ./agents + if gh run download -n anax-agent-files-v${AGBOT_VERSION} -D ./agents; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf agent.tar.gz agents + + docker build \ + --no-cache \ + -t ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION} \ + -f Dockerfile.agent.tarball \ + . + + rm -rf ./agent.tar.gz + + docker push ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION} + fi + rm -rf ./agents + shell: bash + + create-release: + needs: promote-images + + runs-on: ubuntu-20.04 + + steps: + # Get the packages to be included in the release, we try to get them from the build-push.yml workflow artifacts and if they don't exist there we will attempt to get them from the dockerhub backups + - name: Get Packages & Files from Build Workflow Artifacts + run: | + mkdir -p $RUNNER_TEMP/release_files/upload && cd $RUNNER_TEMP/release_files + + DEB_PACKAGES_TO_LOAD=("amd64" "arm64" "armhf" "ppc64el" "s390x") + RPM_PACKAGES_TO_LOAD=("ppc64el" "amd64" "s390x") + MAC_PACKAGES_TO_LOAD=("amd64" "arm64") + + for arch_name in "${DEB_PACKAGES_TO_LOAD[@]}"; do + if gh run download -n anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION}; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf upload/horizon-agent-linux-deb-${arch_name}.tar.gz *.deb + rm -rf *.deb + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION}" + id=$(docker create --name temp_image_grab ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION}) + docker cp ${id}:debs . && cd debs + tar -czvf ../upload/horizon-agent-linux-deb-${arch_name}.tar.gz *.deb + cd .. + rm -rf ./debs + docker container rm ${id} + docker image rm ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} + else + echo "::error::Artifact anax-linux-${arch_name}-deb-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_debian:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + done + + for arch_name in "${RPM_PACKAGES_TO_LOAD[@]}"; do + + if [[ ${arch_name} == 'ppc64el' ]]; then + publish_name='ppc64le' + elif [[ ${arch_name} == 'amd64' ]]; then + publish_name='x86_64' + else + publish_name=$arch_name + fi + + if gh run download -n anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION}; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf upload/horizon-agent-linux-rpm-${publish_name}.tar.gz *.rpm + rm -rf *.rpm + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION}" + id=$(docker create --name temp_image_grab ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION}) + docker cp ${id}:RPMS . && cd RPMS + tar -czvf ../upload/horizon-agent-linux-rpm-${publish_name}.tar.gz *.rpm + cd .. + rm -rf ./RPMS + docker container rm ${id} + docker image rm ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} + else + echo "::error::Artifact anax-linux-${arch_name}-rpm-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_rpm:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + done + + for arch_name in "${MAC_PACKAGES_TO_LOAD[@]}"; do + + if [[ ${arch_name} == 'amd64' ]]; then + publish_name='x86_64' + else + publish_name=$arch_name + fi + + if gh run download -n anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION}; then + echo "::debug::Using artifact from build-push.yml run" + tar -czvf upload/horizon-agent-macos-pkg-${publish_name}.tar.gz horizon* + rm -rf horizon* + elif docker pull ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION}" + id=$(docker create --name temp_image_grab ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION}) + docker cp ${id}:macs . && cd macs + tar -czvf ../upload/horizon-agent-macos-pkg-${publish_name}.tar.gz horizon* + cd .. + rm -rf ./macs + docker container rm ${id} + docker image rm ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} + else + echo "::error::Artifact anax-mac-${arch_name}-mac-package-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/${arch_name}_anax_macpkg:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + done + + # Agent Files + cd ./upload + if gh run download -n anax-agent-files-v${AGBOT_VERSION}; then + echo "::debug::Using artifact from build-push.yml run" + elif docker pull ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION}; then + echo "::warning::Artifact anax-agent-files-v${AGBOT_VERSION} not found in build-push.yml workflow, using docker image ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION}" + id=$(docker create --name temp_image_grab ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION}) + docker cp ${id}:agents . + cp ./agents/* . + rm -rf ./agents + ls -la + docker container rm ${id} + docker image rm ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION} + else + echo "::error::Artifact anax-agent-files-v${AGBOT_VERSION} not found in build-push.yml artifacts and Docker image ${DOCKERHUB_REGISTRY}/anax_agent_files:${AGBOT_VERSION} not found in Dockerhub" + exit 1 + fi + + # Create GH release page + # The docker containers have a label with the short commit hash that is attached to the workflow which created them, we use the REST API to get the full commit hash that is required by the gh cli for release. + # This ties the release to whatever branch has the commit hash and created the artifacts. + - name: Create GitHub Release + run: | + docker pull ${DOCKERHUB_REGISTRY}/amd64_agbot:${AGBOT_VERSION} + SHORTCOMMIT=$(skopeo inspect docker-daemon:${{ env.DOCKERHUB_REGISTRY }}/amd64_agbot:${AGBOT_VERSION} | jq -r .Labels.release) + + COMMITISH=$( + curl -L \ + -H "Accept: application/vnd.github.sha" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository }}/commits/${SHORTCOMMIT}) + + gh release create v${AGBOT_VERSION} \ + ${RUNNER_TEMP}/release_files/upload/*.tar.gz \ + ${RUNNER_TEMP}/release_files/upload/agent-install.sh \ + -t "v${AGBOT_VERSION} Packages" \ + -n "Horizon agent packages from the ${AGBOT_VERSION} build" \ + --target $COMMITISH diff --git a/test/Makefile b/test/Makefile index 066f85756..53d3675cc 100644 --- a/test/Makefile +++ b/test/Makefile @@ -330,19 +330,19 @@ test: clean $(ANAX_SOURCE)/anax run-dockerreg run-mgmthub run-test test-remote: clean $(ANAX_SOURCE)/anax run-dockerreg run-test copy-cert @echo -e "\nBootstrapping the exchange" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1; /root/init_exchange.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS); /root/init_exchange.sh" @echo -e "\nSetting up secrets in the vault" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1 DOCKER_VAULT_CNAME=$(DOCKER_VAULT_CNAME); /root/setup_secrets.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) DOCKER_VAULT_CNAME=$(DOCKER_VAULT_CNAME); /root/setup_secrets.sh" @echo -e "\nStarting tests" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1; /root/gov-combined.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS); /root/gov-combined.sh" test-remote-prebuilt: clean run-dockerreg download-agbot-image run-test copy-cert @echo -e "\nBootstrapping the exchange" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1; /root/init_exchange.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS); /root/init_exchange.sh" @echo -e "\nSetting up secrets in the vault" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1 DOCKER_VAULT_CNAME=$(DOCKER_VAULT_CNAME); /root/setup_secrets.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) DOCKER_VAULT_CNAME=$(DOCKER_VAULT_CNAME); /root/setup_secrets.sh" @echo -e "\nStarting tests" - docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS) NOKUBE=1; /root/gov-combined.sh" + docker exec $(DOCKER_TEST_CNAME) bash -c "export $(TEST_VARS); /root/gov-combined.sh" copy-cert: cp css.crt $(E2EDEVTEST_TEMPFS)/certs/css.crt diff --git a/test/gov/service_apireg.sh b/test/gov/service_apireg.sh index ad3287c2f..307d0fd83 100755 --- a/test/gov/service_apireg.sh +++ b/test/gov/service_apireg.sh @@ -1412,6 +1412,10 @@ results "$RES" fi +if [[ "$NOKUBE" == "1" ]]; then + echo -e "Skipping k8s policy creation" +else + read -d '' bpk8ssvc1def <