Skip to content

Commit

Permalink
chore: add support for testing release workflow
Browse files Browse the repository at this point in the history 
Signed-off-by: Carlos Salas <carlos.salas@suse.com>
  • Loading branch information
@salasberryfin
salasberryfin committed Oct 26, 2023
1 parent a7518f5 commit d5f72d2
Showing 1 changed file with 203 additions and 0 deletions.
203 changes: 203 additions & 0 deletions .github/workflows/nightly-test-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
name: Test release process nightly

on:
schedule:
- cron: "0 0 * * *" # Run every day at midnight (UTC)
workflow_dispatch: # Allow running manually on demand

env:
RELEASE_TAG: t9.9.9-fake

jobs:
nightly-test-release:
name: Test release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Set and push fake tag for release
run: |
git tag ${{ env.RELEASE_TAG }}
- name: Push changes
uses: ad-m/github-push-action@master
with:
tags: true
github_token: ${{ secrets.GITHUB_TOKEN }}

build:
runs-on: ubuntu-latest
needs: [nightly-test-release]
permissions:
actions: read
packages: write
strategy:
matrix:
destination: [ghcr]
arch: [amd64, arm64, s390x]
org: [rancher-sandbox]
include:
- destination: ghcr
tag: t9.9.9-fake
registry: ghcr.io
username: ${{ github.actor }}
password: GITHUB_TOKEN
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build the image
id: image
uses: ./.github/workflows/release_build
with:
arch: ${{ matrix.arch }}
tag: ${{ env.RELEASE_TAG }}
org: ${{ matrix.org }}
registry: ${{ matrix.registry }}
username: ${{ matrix.username }}
password: ${{ secrets[matrix.password] }}
- uses: cloudposse/github-action-matrix-outputs-write@main
id: out
with:
matrix-step-name: ${{ github.job }}
matrix-key: ${{ matrix.destination }}-${{ matrix.arch }}
outputs: |-
image: ${{ steps.image.outputs.image }}
digest: ${{ steps.image.outputs.digest }}
username: ${{ matrix.username }}
password: ${{ matrix.password }}
registry: ${{ matrix.registry }}
tag: ${{ matrix.tag }}
build-result:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: cloudposse/github-action-matrix-outputs-read@main
id: read
with:
matrix-step-name: build
outputs:
result: "${{ steps.read.outputs.result }}"

sign:
runs-on: ubuntu-latest
needs: [build-result]
permissions:
actions: read
id-token: write
packages: write
strategy:
matrix:
destination: [ghcr]
arch: [amd64, arm64, s390x]
env:
key: ${{ matrix.destination }}-${{ matrix.arch }}
data: ${{ needs.build-result.outputs.result }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Sign image with cosign
uses: ./.github/workflows/release_sign
with:
image: ${{ fromJson(env.data).image[env.key] }}
digest: ${{ fromJson(env.data).digest[env.key] }}
identity: https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ fromJson(env.data).tag[env.key] }}
oids-issuer: https://token.actions.githubusercontent.com
registry: ${{ fromJson(env.data).registry[env.key] }}
username: ${{ fromJson(env.data).username[env.key] }}
password: ${{ secrets[fromJson(env.data).password[env.key]] }}

provenance:
needs: [build-result, sign]
permissions:
actions: read
id-token: write
packages: write
strategy:
matrix:
destination: [ghcr]
arch: [amd64, arm64, s390x]
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
with:
image: ${{ fromJson(needs.build-result.outputs.result).image[format('{0}-{1}', matrix.destination, matrix.arch)] }}
digest: ${{ fromJson(needs.build-result.outputs.result).digest[format('{0}-{1}', matrix.destination, matrix.arch)] }}
secrets:
registry-username: ${{ fromJson(needs.build-result.outputs.result).username[format('{0}-{1}', matrix.destination, matrix.arch)] }}
registry-password: ${{ secrets[fromJson(needs.build-result.outputs.result).password[format('{0}-{1}', matrix.destination, matrix.arch)] ] }}

release:
name: Create helm release
needs: [provenance]
runs-on: ubuntu-latest
env:
PROD_REGISTRY: ${{ secrets.REGISTRY_ENDPOINT }}
PROD_ORG: rancher-sandbox
RELEASE_DIR: .cr-release-packages
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-tags: true
fetch-depth: 0
- name: Package operator chart
run: RELEASE_TAG=${{ env.RELEASE_TAG }} CHART_PACKAGE_DIR=${RELEASE_DIR} REGISTRY=${{ env.PROD_REGISTRY }} ORG=${{ env.PROD_ORG }} make release

notify-failure:
name: Notify failure in Slack
needs: [release]
if: failure()
runs-on: ubuntu-latest
steps:
- uses: slackapi/slack-github-action@v1.24.0
with:
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Rancher turtles RELEASE test failed."
},
"accessory": {
"type": "button",
"text": {
"type": "plain_text",
"text": ":github:",
"emoji": true
},
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

clean-up:
name: Release testing clean up
needs: [release]
if: always()
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: dev-drprasad/delete-tag-and-release@v1.0
with:
tag_name: ${{ env.RELEASE_TAG }}
github_token: ${{ secrets.GITHUB_TOKEN }}
delete_release: false

0 comments on commit d5f72d2

Please sign in to comment.