Skip to content
create-final-bosh-release

Initial branch creation for k8s version 1.29 #61

Sign in to view logs

Initial branch creation for k8s version 1.29

Initial branch creation for k8s version 1.29 #61

Workflow file for this run

.github/workflows/create-final-bosh-release-on-commits.yml at a287b55
name: create-final-bosh-release
permissions:
contents: write # allow git push to repo and the github release and its artefact
on:
push:
branches:
- master
- release-*
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
# *: Matches zero or more characters, but does not match the / character. For example, Octo* matches Octocat.
# **: Matches zero or more of any character.
paths: # only trigger on bosh-relevant changes
- .final_builds/**
- config/**
- jobs/**
- releases/**
- vendir.yml
- .github/workflows/create-final-bosh-release-on-commits.yml
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# TODO: add caching for cli downloads, see https://github.com/marketplace/actions/cache
- name: Install bosh-cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: cloudfoundry/bosh-cli
tag: v7.4.0
extension-matching: disable
chmod: 0755
rename-to: bosh
# searching for bosh-cli-7.4.0-linux-amd64 with (linux|x86_64|x64|amd64).*(linux|x86_64|x64|amd64).*.(tar.gz|zip)
# bosh-cli-7.4.0-linux-amd64
- name: Install vendir cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: carvel-dev/vendir
tag: v0.34.6
extension-matching: disable
chmod: 0755
rename-to: vendir
- name: Install yq cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: mikefarah/yq
tag: v4.34.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # reduce potential rate limiting
- name: vendor-add-blob
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }}
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }}
run: |
set -x # enable traces
#pwd
#find .
# configure git
git config --global user.name "workflows/k3s-boshrelease/create-final-bosh-release"
git config --global user.email "<>"
git config --global --add safe.directory /github/workspace
export VENDIR_GITHUB_API_TOKEN="${GITHUB_TOKEN}"
./vendor.sh
echo "State after vendir:"
tree -s src
git add vendir.lock
# FIXME: optimize for idempotency
./addblob.sh
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
git add config/blobs.yml
git status
if git commit -a --dry-run 2>&1 >/dev/null;then
git commit -a -m "updating blobs" && \
git push ${remote_repo} HEAD:${GITHUB_REF_NAME}
else
echo "Nothing to commit"
fi
echo "Resulting State:"
tree -s src
if [ -d blobs ];then # The blobs dir is only present when a blob is modified or has not yet been published.
tree -s blobs
fi
- name: create bosh final release
id: create-bosh-release
env:
INPUT_TARGET_BRANCH: ${{github.ref_name}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }}
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }}
run: |
set -x # enable traces
# extract info from vendir
version=$(yq -r '.directories[0].contents[] | select (.path=="k3s-io/k3s") | .githubRelease.tag ' ./vendir.yml)
version=${version#v}
release=true
name=$(yq -r .final_name config/final.yml)
if [ "${name}" = "null" ]; then
name=$(yq -r .name config/final.yml)
fi
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
# configure git
git config --global user.name "workflows/k3s-boshrelease/create-final-bosh-release"
git config --global user.email "<>"
git config --global --add safe.directory /github/workspace
# if [ ! -z "${INPUT_BUNDLE}" ] && [ "${INPUT_BUNDLE}" != "false" ]; then
# echo "installing bundle: ${INPUT_BUNDLE}"
# apk add ruby
# gem install bundler -v "${INPUT_BUNDLE}"
# fi
# remove existing release if any, and prepare a commit that will be amended next
# Having a single amended commit makes it easier to inspect last commit
# See https://superuser.com/a/360986/299481 for details of the bash array syntax
NEXT_GIT_COMMIT_FLAGS=(-m "cutting release ${version}")
if [ -f releases/${name}/${name}-${version}.yml ]; then
echo "removing pre-existing version ${version}"
yq -r "{ \"builds\": (.builds | with_entries(select(.value.version != \"${version}\"))), \"format-version\": .[\"format-version\"]}" < releases/${name}/index.yml > tmp
mv tmp releases/${name}/index.yml
rm -f releases/${name}/${name}-${version}.yml
git add releases/${name}/${name}-${version}.yml releases/${name}/index.yml
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}"
NEXT_GIT_COMMIT_FLAGS=(--amend -m "cutting release ${version} overriding existing one")
fi
echo "Current AWS config"
# This might be required to download the blobs during the final release of the S3 bucket does not grant permission to anonymous users
ls -al config/private.yml
echo "creating bosh release: ${name}-${version}.tgz"
bosh create-release --final --version=${version} --tarball=${name}-${version}.tgz
git add .final_builds
git add releases/${name}/index.yml
RELEASE_FILE_NAME=releases/${name}/${name}-${version}.yml
git add ${RELEASE_FILE_NAME}
# Note: if we had removed the previous release, then we amend the commit.
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}"
echo "Inspecting staged files to skip commit and push if there is no blob changes in the release"
git show HEAD ${RELEASE_FILE_NAME}
if ! git show HEAD ${RELEASE_FILE_NAME} | grep sha1 ; then
echo "No sha1 found in diff in ${RELEASE_FILE_NAME}. No blob were modified. Skipping the git push"
ls -al ${RELEASE_FILE_NAME}
cat ${RELEASE_FILE_NAME}
NEED_GITHUB_RELEASE="false"
else
echo "pushing changes to git repository"
# Override any existing tag with same version. This may happen if only part of the renovate PRs were merged
git tag -a -m "cutting release ${version}" ${version} -f
# In case a renovate PR was merged in between, try to rebase prior to pushing
git pull --rebase
git push ${remote_repo} HEAD:${INPUT_TARGET_BRANCH}
# Delete any existing release with same tag. Ignore push failure if no tag exists.
! git push --delete ${remote_repo} ${version}
# Push the tag
git push ${remote_repo} ${version} --force
NEED_GITHUB_RELEASE="true"
fi
# make asset readable outside docker image
chmod 644 ${name}-${version}.tgz
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
echo "file=${name}-${version}.tgz" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
echo "need_gh_release=${NEED_GITHUB_RELEASE}" >> $GITHUB_OUTPUT
# see https://github.com/ncipollo/release-action
- name: create github release
id: create-github-release
if: ${{ steps.create-bosh-release.outputs.need_gh_release == 'true' }}
uses: ncipollo/[email protected]
with:
tag: ${{ steps.create-bosh-release.outputs.version }}
draft: false
allowUpdates: true # > indicates if we should update a release if it already exists.
omitDraftDuringUpdate: true # > Indicates if the draft flag should be omitted during updates. The draft flag will still be applied for newly created releases. This will preserve the existing draft state during updates.
generateReleaseNotes: true
artifacts: ./${{ steps.create-bosh-release.outputs.file }}
artifactContentType: application/zip
removeArtifacts: true
artifactErrorsFailBuild: true