ci: add semantic releases (#25)

* ci: add semantic releases

Signed-off-by: Dominik Froehlich <[email protected]>
Co-authored-by: Raghunath Deshpande <[email protected]>

* Apply suggestions from code review

Co-authored-by: Alexander Lais <[email protected]>

* ci: add semantic-release to Dockerfile

* ci: use github token in favor of ssh

* ci: fix regex for gcs

---------

Signed-off-by: Dominik Froehlich <[email protected]>
Co-authored-by: Raghunath Deshpande <[email protected]>
Co-authored-by: Alexander Lais <[email protected]>

Author: 3 people

.gitignore

@@ -14,11 +14,15 @@
 # Dependency directories & default folders/files
 .bundle
 .dev_builds
+.final_builds
 pcap-release.tgz
 config/private.yml
 blobs
 dev_releases
 vendor
+node_modules
+package-lock.json
+package.json
 
 # Releases/tarballs
 .final_builds/jobs/**/*.tgz

.releaserc

@@ -0,0 +1,26 @@
+{
+  "ci": false,
+  "branches": ["main", {"name": "alpha", "prerelease": true}, {"name": "beta", "prerelease": true}],
+  "plugins": [
+    ["@semantic-release/commit-analyzer", {
+      "preset": "angular",
+      "releaseRules": [
+        {"type": "dep", "release": "patch"}
+      ],
+      "parserOpts": {
+        "noteKeywords": ["BREAKING CHANGE", "BREAKING-CHANGE"]
+      }
+    }],
+    "@semantic-release/release-notes-generator",
+    ["@semantic-release/exec", {
+      "verifyReleaseCmd": "bosh -n create-release --final --version ${nextRelease.version} --tarball /tmp/pcap-${nextRelease.gitTag}.tgz",
+      "publishCmd": "./ci/scripts/publish.sh ${nextRelease.gitTag}",
+      "generateNotesCmd": "./ci/scripts/notes.sh ${nextRelease.gitTag} ${nextRelease.version}"
+    }],
+    ["@semantic-release/github", {
+      "assets": [
+        {"path": "/tmp/pcap-*.tgz"}
+      ]
+    }]
+  ]
+}

ci/Dockerfile

@@ -5,6 +5,12 @@ ARG GINKGO_VERSION=latest
 ARG GOLANGCILINT_VERSION=latest
 RUN apt-get update && apt-get install -y libpcap-dev && rm -rf /var/lib/apt/lists/*
 
+RUN curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash - && \
+    apt-get install -y nodejs && rm -rf /var/lib/apt/lists/*
+
+RUN npm install -g semantic-release && \
+    npm install -g @semantic-release/exec
+
 RUN rm -rf /usr/local/go
 COPY --from=golang:1.20 /usr/local/go/ /usr/local/go/
 ENV GOPATH=/go PATH=${PATH}:/go/bin

ci/pipeline.yml

@@ -4,6 +4,8 @@ groups:
     jobs:
       - unit-tests
       - unit-tests-pr
+      - shipit
+      - rc
 
 jobs:
   - name: unit-tests
@@ -54,7 +56,7 @@ jobs:
                 args: []
               params:
                 REPO_ROOT: git
-        on_failure: # TODO channel doesn't exist (yet?)
+        on_failure:
           put: notify
           params:
             channel: "#pcap-release"
@@ -126,6 +128,84 @@ jobs:
         status: failure
         context: unit-tests
 
+  - name: shipit
+    public: true
+    serial: true
+    plan:
+    - do:
+      - in_parallel:
+          - { get: git,     passed: [rc] }
+      - task: release
+        config:
+          platform: linux
+          image_resource:
+            type: docker-image
+            source:
+              repository: cf-routing.common.repositories.cloud.sap/pcap-release-testflight
+              tag:        latest
+              username:   ((docker.username))
+              password:   ((docker.password))
+          inputs:
+            - name: git
+          outputs:
+            - name: gh
+          run:
+            path: ./git/ci/scripts/shipit
+            args: []
+          params:
+            RELEASE_NAME: pcap-release
+            REPO_ROOT:    git
+            RELEASE_ROOT: gh
+            BRANCH:        main
+            GITHUB_OWNER:  cloudfoundry
+            GITHUB_TOKEN: ((github.access_token))
+            GCP_SERVICE_KEY: ((gcp.service_key))
+
+      - put: blobstore
+        params:
+          file:  "gh/artifacts/pcap-*.tgz"
+      on_failure:
+        put: notify
+        params:
+          channel:  "#pcap-release"
+          username: ci-bot
+          icon_url: "((slack.icon))"
+          text:    "((slack.fail_url)) pcap-boshrelease : shipit job failed"
+
+  - name: rc
+    public: true
+    serial: true
+    plan:
+    - do:
+      - in_parallel:
+          - { get: git,     passed: [unit-tests] }
+      - task: release-candidate
+        config:
+          platform: linux
+          image_resource:
+            type: docker-image
+            source:
+              repository: cf-routing.common.repositories.cloud.sap/pcap-release-testflight
+              tag:        latest
+              username:   ((docker.username))
+              password:   ((docker.password))
+          inputs:
+            - name: git
+          outputs:
+            - name: gh
+          run:
+            path: ./git/ci/scripts/shipit
+            args: []
+          params:
+            RELEASE_NAME: pcap-release
+            REPO_ROOT:    git
+            RELEASE_ROOT: gh
+            BRANCH:        main
+            DRY_RUN: true
+            GITHUB_OWNER:  cloudfoundry
+            GITHUB_TOKEN: ((github.access_token))
+            GCP_SERVICE_KEY: ((gcp.service_key))
+
 resource_types:
   - name: slack-notification
     type: docker-image
@@ -137,22 +217,18 @@ resource_types:
     source:
       repository: teliaoss/github-pr-resource
 
-  # FIXME: Need to use latest version of this resource due to
-  # https://github.com/concourse/github-release-resource/issues/108
-  # https://github.com/concourse/github-release-resource/pull/107
-  # Until Concourse is updated to 7.5.0+
-  - name: github-release-alt
-    type: registry-image
+  - name: gcs
+    type: docker-image
     source:
-      repository: concourse/github-release-resource
+      repository: frodenas/gcs-resource
 
 resources:
   - name: git
     type: git
     source:
-      uri: git@github.com:cloudfoundry/pcap-release.git
+      uri: https://github.com/cloudfoundry/pcap-release.git
       branch: main
-      private_key: ((github.private_key))
+      password: ((github.access_token))
 
   - name: git-pull-requests
     type: pull-request
@@ -166,3 +242,10 @@ resources:
     type: slack-notification
     source:
       url: ((slack.pcap_release_webhook))
+
+  - name: blobstore
+    type: gcs
+    source:
+      bucket:   pcap-release
+      json_key: ((gcp.service_key))
+      regexp:   pcap-v[0-9a-z\.+-]+.tgz

ci/scripts/notes.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -e
+
+RELEASE_GIT_TAG="${1:?Release Git Tag is mandatory}"
+VERSION="${2:?Version defining the target release version is mandatory}"
+
+RELEASE_TGZ="/tmp/pcap-${RELEASE_GIT_TAG}.tgz"
+SHA1=$(sha1sum "${RELEASE_TGZ}" | head -n1 | awk '{print $1}')
+export SHA1
+SHA256=$(sha256sum "${RELEASE_TGZ}" | head -n1 | awk '{print $1}')
+export SHA256
+
+cat >> "${CONCOURSE_ROOT}/${RELEASE_ROOT}/notes.md" <<EOF
+### Deployment
+\`\`\`yaml
+releases:
+- name: "${RELEASE_NAME}"
+  version: "${VERSION}"
+  url: "https://github.com/${GITHUB_OWNER}/${RELEASE_NAME}/releases/download/v${VERSION}/pcap-${RELEASE_GIT_TAG}.tgz"
+  sha1: "${SHA1}"
+
+# for deployments with sha256, use the following line instead:
+# sha1: "sha256:${SHA256}"
+\`\`\`
+EOF
+
+cat "${CONCOURSE_ROOT}/${RELEASE_ROOT}/notes.md"

ci/scripts/publish.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -ex
+
+RELEASE_GIT_TAG="${1:?Release Git Tag is mandatory}"
+mkdir -p "${CONCOURSE_ROOT}/${RELEASE_ROOT}/artifacts"
+
+cp /tmp/pcap-"${RELEASE_GIT_TAG}".tgz "${CONCOURSE_ROOT}/${RELEASE_ROOT}/artifacts/"

ci/scripts/shipit

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+set -eu
+
+header() {
+	echo
+	echo "###############################################"
+	echo
+	echo "$*"
+	echo
+}
+
+: "${REPO_ROOT:?required}" # Contains the Git repo
+: "${RELEASE_NAME:?required}" # Contains release name
+: "${RELEASE_ROOT:?required}" # Contains any information that is passed on to subsequent steps, e.g. GitHub publish
+: "${GCP_SERVICE_KEY:?required}" # The GCP service key for accessing the blobstore, written to a temporary private.yml.
+: "${GITHUB_TOKEN:?required}" # The github access token
+: "${DRY_RUN:=false}" # Whether to do a dry run or a real release
+
+###############################################################
+
+CONCOURSE_ROOT="$(pwd)"
+export CONCOURSE_ROOT
+
+DRY_RUN_ARG="--dry-run=$DRY_RUN"
+
+cd "${REPO_ROOT}"
+
+# YAML needs to be indented. The GCP service key is a multiline YAML and needs to be indented uniformly.
+# Bash does not allow variables in a sequence literal. $PAD is a 6 spaces indent.
+PAD=$(printf ' %.0s' {1..6})
+PADDED_GCP_SERVICE_KEY=$(sed -E 's/^(.*)$/'"${PAD}"'\1/g' <<<"${GCP_SERVICE_KEY}")
+
+cat > config/private.yml <<YAML
+---
+blobstore:
+  options:
+    credentials_source: static
+    json_key: |
+${PADDED_GCP_SERVICE_KEY}
+YAML
+
+header "Pulling in any git submodules..."
+git submodule update --init --recursive --force
+cd -
+
+cd "${REPO_ROOT}"
+header "Running semantic-release..."
+semantic-release "$DRY_RUN_ARG"