1616 required : false
1717 default : " latest"
1818 type : string
19-
19+ push :
20+ branches :
21+ - ' **'
22+
2023permissions :
2124 contents : write
2225 pull-requests : write
2326
2427jobs :
25-
26- # Note, the first step is necessary for getting the exact commit from the passed in image_sha
27- # This is because, the release-image step should exactly check out that exact commit
28+ # Image2commit: Creates a mapping between the image_sha given as input and the actual git commit
29+ # This is necassary for the release-image step that requires checking out that exact git commit
2830 image2commit :
2931 name : Resolve Commit SHA from Image
3032 runs-on : ubuntu-latest
33+ environment : release
3134 outputs :
3235 commit_sha : ${{ steps.resolve.outputs.commit_sha }}
33-
3436 steps :
37+ - name : Checkout code
38+ uses : actions/checkout@v4
39+
3540 - name : Log in to Docker registry
3641 uses : docker/login-action@v3
3742 with :
3843 registry : docker.io
39- username : ${{ secrets.DOCKER_USERNAME }}
40- password : ${{ secrets.DOCKER_PASSWORD }}
44+ username : ${{ secrets.ANDRPAC_DOCKER_USERNAME }}
45+ password : ${{ secrets.ANDRPAC_DOCKER_PASSWORD }}
4146
4247 - name : Run image2commit
4348 id : resolve
4449 uses : ./.github/actions/image2commit
4550 with :
4651 register : docker.io
4752 repo : andrpac/mongodb-atlas-kubernetes-operator-prerelease
48- image_sha : ${{ github.event.inputs.image_sha }}
53+ image_sha : latest # !!!!!!!!!!!!!!!! To make the acutal input later !!!!!!
4954
5055 check-commit :
5156 name : Check resolved commit
@@ -56,6 +61,157 @@ jobs:
5661 run : |
5762 echo "Resolved commit: ${{ needs.image2commit.outputs.commit_sha }}"
5863
64+ # Release-image: Created and uploads a release for the specified operator version given in the image_sha
65+ # Note, with new releases, all of the release artifacts will be stored withing docs/releases/{release_version}
66+ release-image :
67+ runs-on : ubuntu-latest
68+ environment : release
69+ needs : image2commit
70+ env :
71+ VERSION : ${{ github.event.inputs.version || 'test-0.0.0-dev' }}
72+ AUTHORS : ${{ github.event.inputs.authors || 'unknown' }}
73+ IMAGE_SHA : ${{ github.event.inputs.image_sha || 'latest' }}
74+ DOCKER_SIGNATURE_REPO : docker.io/andrpac/signatures
75+ DOCKER_RELEASE_REPO : docker.io/andrpac/mongodb-atlas-kubernetes-operator
76+ DOCKER_PRERELEASE_REPO : docker.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
77+ QUAY_RELEASE_REPO : quay.io/andrpac/mongodb-atlas-kubernetes-operator
78+ QUAY_PRERELEASE_REPO : quay.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
79+ steps :
80+ - name : Checkout code
81+ uses : actions/checkout@v4
82+ with :
83+ fetch-depth : 0
84+ # ref: $#{{ needs.image2commit.outputs.commit_sha }} !!!!!!!!! SUPER IMPORTNAT TO PUT BACK !!!!!!!
85+
86+ - name : Generate GitHub App Token
87+ id : generate_token
88+ uses : mongodb/apix-action/token@v8
89+ with :
90+ app-id : ${{ secrets.AKO_RELEASER_APP_ID }}
91+ private-key : ${{ secrets.AKO_RELEASER_RSA_KEY }}
92+
93+ # Login in into all registries
94+ - name : Log in to Docker registry
95+ uses : docker/login-action@v3
96+ with :
97+ registry : docker.io
98+ username : ${{ secrets.ANDRPAC_DOCKER_USERNAME }}
99+ password : ${{ secrets.ANDRPAC_DOCKER_PASSWORD }}
100+
101+ - name : Log in to Quay registry
102+ uses : docker/login-action@v3
103+ with :
104+ registry : quay.io
105+ username : ${{ secrets.ANDRPAC_QUAY_USERNAME }}
106+ password : ${{ secrets.ANDRPAC_QUAY_PASSWORD }}
107+
108+ - name : Install devbox
109+ uses :
jetify-com/[email protected] 110+
111+ # This step configures all of the dynamic variables needed for later steps
112+ - name : Configure job environment for downstream steps
113+ id : tags
114+ run : |
115+ promoted_tag="promoted-${IMAGE_SHA}"
116+ release_tag="${VERSION}"
117+ certified_tag="certified-${release_tag}"
118+
119+ docker_image_url="${DOCKER_RELEASE_REPO}:${release_tag}"
120+ quay_image_url="${QUAY_RELEASE_REPO}:${release_tag}"
121+ quay_certified_image_url="${QUAY_RELEASE_REPO}:${certified_tag}"
122+
123+ echo "promoted_tag=$promoted_tag" >> $GITHUB_OUTPUT
124+ echo "release_tag=$release_tag" >> $GITHUB_OUTPUT
125+ echo "certified_tag=$certified_tag" >> $GITHUB_OUTPUT
126+ echo "docker_image_url=$docker_image_url" >> $GITHUB_OUTPUT
127+ echo "quay_image_url=$quay_image_url" >> $GITHUB_OUTPUT
128+ echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT
129+
130+ # Move prerelease images to official release registries in Docker Hub and Quay
131+ - name : Move image to Docker registry release from prerelease
132+ run : devbox run -- ./scripts/move-image.sh
133+ env :
134+ IMAGE_SRC_REPO : ${{ env.DOCKER_PRERELEASE_REPO }}
135+ IMAGE_DEST_REPO : ${{ env.DOCKER_RELEASE_REPO }}
136+ IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
137+ IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
138+
139+ - name : Move image to Quay registry release from prerelease
140+ run : devbox run -- ./scripts/move-image.sh
141+ env :
142+ IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
143+ IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
144+ IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
145+ IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
146+
147+ # Create Openshift certified images
148+ - name : Create OpenShift certified image on Quay
149+ run : devbox run -- ./scripts/move-image.sh
150+ env :
151+ IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
152+ IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
153+ IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
154+ IMAGE_DEST_TAG : ${{ steps.tags.outputs.certified_tag }}
155+
156+ # Link updates to pr: all-in-one.yml, helm-updates, sdlc requirements
157+ - name : Generate deployment configurations
158+ uses : ./.github/actions/gen-install-scripts
159+ with :
160+ ENV : prod
161+ IMAGE_URL : ${{ steps.tags.outputs.docker_image_url }}
162+
163+ - name : Bump Helm chart version
164+ run : devbox run -- ./scripts/bump-helm-chart-version.sh
165+
166+ # Prepare SDLC requirement: signatures, sboms, compliance reports
167+ # Note, signed images will live in mongodb/release and mongodb/signature repos
168+ - name : Sign released images
169+ run : |
170+ devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_RELEASE_REPO }}"
171+ devbox run -- make sign IMG="${{ steps.tags.outputs.quay_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
172+ devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
173+ devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
174+ devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
175+ env :
176+ PKCS11_URI : ${{ secrets.PKCS11_URI }}
177+ GRS_USERNAME : ${{ secrets.GRS_USERNAME }}
178+ GRS_PASSWORD : ${{ secrets.GRS_PASSWORD }}
179+
180+ - name : Generate SBOMs
181+ run : devbox run -- make generate-sboms RELEASED_OPERATOR_IMAGE="${{ env.DOCKER_RELEASE_REPO }}"
182+
183+ - name : Create SDLC report
184+ run : devbox run -- make gen-sdlc-checklist
185+
186+ # Create PR on release branch with all updates generated
187+ - name : Create release branch with updates, tag new updates
188+ env :
189+ GITHUB_TOKEN : ${{ steps.generate_token.outputs.token }}
190+ run : |
191+ git config --global user.name "${{ steps.generate_token.outputs.user-name }}"
192+ git config --global user.email "${{ steps.generate_token.outputs.user-email }}"
193+
194+ export BRANCH="new-release/${VERSION}"
195+ export COMMIT_MESSAGE="feat: release ${VERSION} from release-image workflow"
196+ export RELEASE_DIR="docs/releases/${VERSION}"
197+
198+ git checkout -b "$BRANCH"
199+
200+ mkdir -p "$RELEASE_DIR"
201+ mv deploy "$RELEASE_DIR"/deploy
202+ mv bundle "$RELEASE_DIR"/bundle
203+ mv bundle.Dockerfile "$RELEASE_DIR"/bundle.Dockerfile
204+ mv docs/releases "$RELEASE_DIR"/docs-releases
205+
206+ git add -f "$RELEASE_DIR"
207+ scripts/create-signed-commit.sh
208+
209+ gh pr create \
210+ --draft \
211+ --head="$BRANCH" \
212+ --title "$COMMIT_MESSAGE" \
213+ --body "This is an autogenerated PR to prepare for the release"
214+
59215prepare-environment :
60216 name : Set up Environment Variables
61217 runs-on : ubuntu-latest
@@ -151,7 +307,7 @@ jobs:
151307 echo "quay_image_url=$quay_image_url" >> $GITHUB_OUTPUT
152308 echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT
153309
154- release-image :
310+ release-image1 :
155311 runs-on : ubuntu-latest
156312 if : false
157313 environment : release
@@ -205,6 +361,7 @@ jobs:
205361 short_sha="${sha:0:6}"
206362 echo "promoted_tag=promoted-${short_sha}" >> "$GITHUB_OUTPUT"
207363
364+ # Move prerelease images to official release registries in Docker Hub and Quay
208365 - name : Move image to Docker registry release from prerelease
209366 run : devbox run -- ./scripts/move-image.sh
210367 env :
@@ -220,6 +377,15 @@ jobs:
220377 IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
221378 IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
222379 IMAGE_DEST_TAG : ${{ github.event.inputs.version }}
380+
381+ # Create Openshift certified images
382+ - name : Create OpenShift certified image on Quay
383+ run : devbox run -- ./scripts/move-image.sh
384+ env :
385+ IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
386+ IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
387+ IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
388+ IMAGE_DEST_TAG : ${{ steps.tags.outputs.certified_tag }}
223389
224390 - name : Create deploy configurations
225391 uses : ./.github/actions/gen-install-scripts
0 commit comments