-
Notifications
You must be signed in to change notification settings - Fork 1.4k
162 lines (135 loc) · 6.21 KB
/
update-kubernetes-versions.yml
File metadata and controls
162 lines (135 loc) · 6.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Update Kubernetes Versions
on:
schedule:
# Run once daily at 6am UTC
- cron: "0 6 * * *"
# Allow manual trigger
workflow_dispatch:
inputs:
disable_dockerhub:
description: 'Disable fetching versions from Docker Hub'
required: false
default: false
type: boolean
disable_github:
description: 'Disable fetching RC versions from GitHub'
required: false
default: false
type: boolean
permissions: {}
jobs:
update-k8s-versions:
timeout-minutes: 30
name: Check for new Kubernetes version
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC token from GitHub
environment:
name: main
env:
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
ECR_REGION: ${{ vars.ECR_REGION }}
steps:
- uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
id: octo-sts
with:
scope: DataDog/datadog-agent
policy: self.update-kubernetes-versions.create-pr
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: true
token: ${{ steps.octo-sts.outputs.token }}
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.11'
- name: Install dda
uses: ./.github/actions/install-dda
with:
features: legacy-tasks
- name: Install Python dependencies
run: pip install requests pyyaml semver
- name: Install kind
uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc #v1.14.0
with:
install_only: true
- name: Fetch latest Kubernetes version
id: fetch-versions
run: |
args=()
if [ "${{ inputs.disable_dockerhub }}" = "true" ]; then
args+=(--disable-dockerhub)
fi
if [ "${{ inputs.disable_github }}" = "true" ]; then
args+=(--disable-github)
fi
dda inv k8s-versions.fetch-versions "${args[@]}"
- name: Build RC images
if: steps.fetch-versions.outputs.has_new_rc_versions == 'true'
id: build-rc-images
run: |
dda inv kind-node-image.build-rc-images --versions='${{ steps.fetch-versions.outputs.new_versions }}'
- name: Configure AWS credentials
if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/datadog-agent-kind-image-publisher-oidc
aws-region: us-east-1
- name: Log in to AWS ECR
if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.ECR_REGION }}.amazonaws.com
- name: Tag and push RC images to ECR
if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0
id: push-rc-images
env:
ECR_REGISTRY: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.ECR_REGION }}.amazonaws.com
run: |
set -euo pipefail
new_versions='${{ steps.fetch-versions.outputs.new_versions }}'
for image in ${{ steps.build-rc-images.outputs.built_images }}; do
tag="${image##*:}"
ecr_image="$ECR_REGISTRY/$ECR_REPOSITORY:$tag"
docker tag "$image" "$ecr_image"
docker push "$ecr_image"
# Get digest from local image after push
digest=$(docker inspect --format='{{index .RepoDigests 0}}' "$ecr_image" | cut -d@ -f2)
[ -n "$digest" ] || { echo "Error: Could not get digest for $tag"; exit 1; }
# Append the digest into the new versions JSON
# Must use the -c option (compact) to keep the jq output to a single-line
new_versions=$(jq -c --arg tag "$tag" --arg digest "$digest" '.[$tag].digest = $digest' <<< "$new_versions")
done
echo "new_versions=$new_versions" >> "$GITHUB_OUTPUT"
- name: Save new versions to file
if: steps.fetch-versions.outputs.has_new_versions == 'true'
run: |
# Use push-rc-images output if RC images were built (includes digests from ECR)
# Otherwise use fetch-versions output (includes digests from Docker Hub for final releases)
VERSIONS='${{ steps.push-rc-images.outputs.new_versions || steps.fetch-versions.outputs.new_versions }}'
dda inv k8s-versions.save-versions --versions="$VERSIONS"
- name: Update e2e.yml with new version
id: update-yaml
if: steps.fetch-versions.outputs.has_new_versions == 'true'
run: |
dda inv k8s-versions.update-e2e-yaml
- uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
name: Create pull request
if: steps.update-yaml.outputs.updated == 'true'
with:
commit-message: "chore(e2e): add new Kubernetes version to e2e tests"
branch: update-k8s-versions-automated
token: ${{ steps.octo-sts.outputs.token }}
sign-commits: true
title: "[automated] Update Kubernetes latest version in e2e tests"
body: |
### What does this PR do?
Updates the Kubernetes version used by the `new-e2e-containers-k8s-latest` job in `.gitlab/test/e2e/e2e.yml` to the latest stable release from `kindest/node`.
### Motivation
Keep e2e tests running against the latest Kubernetes version to ensure compatibility.
### New version added:
${{ steps.update-yaml.outputs.new_versions }}
### Describe how you validated your changes
CI will validate the new versions work correctly.
team-reviewers: container-integrations
labels: team/container-integrations,qa/done,changelog/no-changelog,ask-review