replicatedhq
diff --git a/‎.github/actions/e2e/action.yml‎
Lines changed: 10 additions & 3 deletions b/‎.github/actions/e2e/action.yml‎
Lines changed: 10 additions & 3 deletions
diff --git a/‎.github/actions/git-sha/action.yml‎
Lines changed: 22 additions & 0 deletions b/‎.github/actions/git-sha/action.yml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎.github/workflows/automated-prs-manager.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/automated-prs-manager.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 34 additions & 12 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 34 additions & 12 deletions
diff --git a/‎.github/workflows/dependencies.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependencies.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/image-deps-updater.yaml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/image-deps-updater.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/release-prod.yaml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/release-prod.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/update-addons.yaml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/update-addons.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Makefile‎
Lines changed: 0 additions & 9 deletions b/‎Makefile‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎chainguard.mk‎
Lines changed: 7 additions & 4 deletions b/‎chainguard.mk‎
Lines changed: 7 additions & 4 deletions
@@ -32,12 +32,18 @@ inputs:
     description: 'Disaster Recovery AWS Secret Access Key'
     required: true
   k0s-version:
-    description: 'k0s version to expect after upgrades in e2e tests'
+    description: 'k0s version to expect in e2e tests'
+    required: true
+  k0s-version-previous:
+    description: 'k0s previous version to expect in e2e tests'
     required: true
 
 runs:
   using: composite
   steps:
+  - name: Git SHA
+    id: git_sha
+    uses: ./.github/actions/git-sha
   - name: Remove MS repo
     shell: bash
     run: |
@@ -92,7 +98,7 @@ runs:
   - name: E2E
     shell: bash
     run: |
-      export SHORT_SHA=dev-${GITHUB_SHA::7}
+      export SHORT_SHA=dev-${{ steps.git_sha.outputs.git_sha }}
       echo "${SHORT_SHA}"
       export LICENSE_ID=${{ inputs.license-id }}
       export AIRGAP_LICENSE_ID=${{ inputs.airgap-license-id }}
@@ -107,7 +113,8 @@ runs:
       export DR_AWS_S3_PREFIX_AIRGAP=${{ inputs.test-name }}-${{ github.run_id }}-${{ github.run_attempt }}-airgap
       export DR_AWS_ACCESS_KEY_ID=${{ inputs.dr-aws-access-key-id }}
       export DR_AWS_SECRET_ACCESS_KEY=${{ inputs.dr-aws-secret-access-key }}
-      export K0S_VERSION=${{ inputs.k0s-version }}
+      export EXPECT_K0S_VERSION=${{ inputs.k0s-version }}
+      export EXPECT_K0S_VERSION_PREVIOUS=${{ inputs.k0s-version-previous }}
       make e2e-test TEST_NAME=${{ inputs.test-name }}
   - name: Upload Host Support Bundle
     uses: actions/upload-artifact@v4
 
@@ -0,0 +1,22 @@
+name: Git SHA
+description: 'Get the Git SHA for the current workflow run'
+inputs:
+  short:
+    description: 'Return the short SHA (length 7)'
+    default: 'true'
+outputs:
+  git_sha:
+    description: 'The Git SHA'
+    value: ${{ steps.git_sha.outputs.git_sha }}
+
+runs:
+  using: composite
+  steps:
+    - shell: bash
+      id: git_sha
+      run: |
+        git_sha=${{ github.event.pull_request.head.sha || github.sha }}
+        if [[ "${{ inputs.short }}" == "true" ]]; then
+          git_sha=$(echo $git_sha | cut -c1-7)
+        fi
+        echo "git_sha=$git_sha" >> $GITHUB_OUTPUT
@@ -32,7 +32,7 @@ jobs:
 
           replicated_ci_prs=$(
             gh pr list \
-              --author 'replicated-ci' \
+              --author 'replicated-ci-ec' \
               --json url,createdAt,headRefName,headRepository,headRepositoryOwner \
               -q '.[] | select((.createdAt | fromdateiso8601 > now - 24*60*60) and .headRepositoryOwner.login == "replicatedhq" and .headRepository.name == "embedded-cluster")'
           )
 
@@ -10,6 +10,16 @@ concurrency:
 permissions:
   contents: write
 jobs:
+  git-sha:
+    name: Git SHA
+    runs-on: ubuntu-latest
+    outputs:
+      git_sha: ${{ steps.git_sha.outputs.git_sha }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/git-sha
+        id: git_sha
+
   sanitize:
     name: Sanitize
     runs-on: ubuntu-latest
@@ -94,7 +104,10 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
-    needs: [build-images]
+    needs: [git-sha, build-images]
+    outputs:
+      k0s_version: ${{ steps.export.outputs.k0s_version }}
+      k0s_version_previous: ${{ steps.export.outputs.k0s_version_previous }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -107,8 +120,8 @@ jobs:
 
       - name: Build Linux AMD64 and Output Metadata
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
-          export LOCAL_ARTIFACT_MIRROR_IMAGE=${{ needs.build-images.outputs.local-artifact-mirror }}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
+          export LOCAL_ARTIFACT_MIRROR_IMAGE=proxy.replicated.com/anonymous/${{ needs.build-images.outputs.local-artifact-mirror }}
           make -B embedded-cluster-linux-amd64 K0S_VERSION=$(make print-PREVIOUS_K0S_VERSION) K0S_BINARY_SOURCE_OVERRIDE=$(make print-PREVIOUS_K0S_BINARY_SOURCE_OVERRIDE) VERSION="${SHORT_SHA}-previous-k0s"
           tar -C output/bin -czvf embedded-cluster-linux-amd64-previous-k0s.tgz embedded-cluster
           ./output/bin/embedded-cluster version metadata > metadata-previous-k0s.json
@@ -137,8 +150,8 @@ jobs:
             metadata.json
       - name: Build CI binary
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
-          export LOCAL_ARTIFACT_MIRROR_IMAGE=${{ needs.build-images.outputs.local-artifact-mirror }}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
+          export LOCAL_ARTIFACT_MIRROR_IMAGE=proxy.replicated.com/anonymous/${{ needs.build-images.outputs.local-artifact-mirror }}
           echo "# channel release object" > e2e/kots-release-install/release.yaml
           echo 'channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"' >> e2e/kots-release-install/release.yaml
           echo 'channelSlug: "ci"' >> e2e/kots-release-install/release.yaml
@@ -161,7 +174,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_EMBEDDED_CLUSTER_UPLOAD_IAM_SECRET }}
           AWS_REGION: "us-east-1"
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
           export EC_VERSION="v${SHORT_SHA}"
           ./scripts/cache-files.sh
           ./scripts/create-upgrade-release.sh
@@ -177,9 +190,14 @@ jobs:
             output/bin/embedded-cluster-previous-k0s
             output/bin/embedded-cluster-release-builder
       - name: Export K0s Version
+        id: export
         run: |
-          make print-K0S_VERSION
-          echo "k0s_version=$(make print-K0S_VERSION)" >> "$GITHUB_OUTPUT"
+          K0S_VERSION="$(make print-K0S_VERSION)"
+          echo "K0S_VERSION=\"$K0S_VERSION\""
+          echo "k0s_version=$K0S_VERSION" >> "$GITHUB_OUTPUT"
+          PREVIOUS_K0S_VERSION="$(make print-PREVIOUS_K0S_VERSION)"
+          echo "PREVIOUS_K0S_VERSION=\"$PREVIOUS_K0S_VERSION\""
+          echo "k0s_version_previous=$PREVIOUS_K0S_VERSION" >> "$GITHUB_OUTPUT"
 
   check-images:
     name: Check Images
@@ -222,6 +240,7 @@ jobs:
     permissions:
       pull-requests: write
     needs:
+      - git-sha
       - build
       - build-images
     steps:
@@ -244,7 +263,7 @@ jobs:
           REPLICATED_API_TOKEN: ${{ secrets.STAGING_REPLICATED_API_TOKEN }}
           REPLICATED_API_ORIGIN: "https://api.staging.replicated.com/vendor"
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
           echo "${SHORT_SHA}"
           sed -i "s/__version_string__/${SHORT_SHA}/g" e2e/kots-release-install/cluster-config.yaml
           sed -i "s/__version_string__/${SHORT_SHA}-upgrade/g" e2e/kots-release-upgrade/cluster-config.yaml
@@ -268,7 +287,7 @@ jobs:
           REPLICATED_API_TOKEN: ${{ secrets.STAGING_REPLICATED_API_TOKEN }}
           REPLICATED_API_ORIGIN: "https://api.staging.replicated.com/vendor"
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
           echo "${SHORT_SHA}"
 
           # airgap tests install the previous k0s version to ensure an upgrade occurs
@@ -283,7 +302,7 @@ jobs:
       - name: Create download link message text
         if: github.event_name == 'pull_request'
         run: |
-          export SHORT_SHA=dev-${GITHUB_SHA::7}
+          export SHORT_SHA=dev-${{ needs.git-sha.outputs.git_sha }}
           
           echo "This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app [license ID](https://vendor.staging.replicated.com/apps/embedded-cluster-smoke-test-staging-app/customers?sort=name-asc)." > download-link.txt
           echo "" >> download-link.txt
@@ -359,6 +378,8 @@ jobs:
             runner: embedded-cluster
           - test: TestMultiNodeAirgapHADisasterRecovery
             runner: embedded-cluster
+          - test: TestFiveNodesAirgapUpgrade
+            runner: embedded-cluster
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -380,7 +401,8 @@ jobs:
           license: ${{ secrets.STAGING_EMBEDDED_CLUSTER_LICENSE }}
           dr-aws-access-key-id: ${{ secrets.TESTIM_AWS_ACCESS_KEY_ID }}
           dr-aws-secret-access-key: ${{ secrets.TESTIM_AWS_SECRET_ACCESS_KEY }}
-          k0s-version: ${{ steps.build.outputs.k0s_version }}
+          k0s-version: ${{ needs.build.outputs.k0s_version }}
+          k0s-version-previous: ${{ needs.build.outputs.k0s_version_previous }}
 
   # this job will validate that all the tests passed
   # it is used for the github branch protection rule
 
@@ -36,7 +36,7 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v6
       with:
-        token: ${{ secrets.AUTOMATED_PR_GH_PAT }}
+        token: ${{ secrets.GH_PAT }}
         commit-message: Update Makefile versions
         title: 'Update Makefile versions'
         branch: automation/update-makefile
 
@@ -87,7 +87,7 @@ jobs:
       uses: peter-evans/create-pull-request@v6
       id: cpr
       with:
-        token: ${{ secrets.AUTOMATED_PR_GH_PAT }}
+        token: ${{ secrets.GH_PAT }}
         commit-message: 'Update image versions'
         title: "chore: update ${{ matrix.addon }} images"
         branch: automation/${{ matrix.addon }}-image-dependencies
@@ -97,7 +97,7 @@ jobs:
           images
           type::security
         draft: false
-        base: main
+        base: ${{ github.ref_name }}
         body: "Automated changes by the [image-deps-updater](https://github.com/replicatedhq/embedded-cluster/blob/main/.github/workflows/image-deps-updater.yaml) GitHub action"
 
     - name: Check outputs
 
@@ -56,7 +56,7 @@ jobs:
           USERNAME: ${{ secrets.DOCKERHUB_USER }}
           PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
         run: |
-          make -C local-artifact-mirror apko build-and-push-local-artifact-mirror-image \
+          make -C local-artifact-mirror apko apko-login build-and-push-local-artifact-mirror-image \
             PACKAGE_VERSION=${{ needs.get-tag.outputs.tag-name }}
           echo "image=$(cat local-artifact-mirror/build/image)" >> $GITHUB_OUTPUT
 
@@ -79,7 +79,7 @@ jobs:
         run: |
           make embedded-cluster-linux-amd64 \
             VERSION=${{ needs.get-tag.outputs.tag-name }} \
-            LOCAL_ARTIFACT_MIRROR_IMAGE=${{ needs.build-images.outputs.local-artifact-mirror }}
+            LOCAL_ARTIFACT_MIRROR_IMAGE=proxy.replicated.com/anonymous/${{ needs.build-images.outputs.local-artifact-mirror }}
           tar -C output/bin -czvf embedded-cluster-linux-amd64.tgz embedded-cluster
 
       - name: Output Metadata
 
@@ -74,7 +74,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.AUTOMATED_PR_GH_PAT }}
+          token: ${{ secrets.GH_PAT }}
           commit-message: updated ${{ matrix.addon }} version
           title: "feat: update ${{ matrix.addon }} version"
           branch: automation/update-makefile-${{ matrix.addon }}
@@ -83,6 +83,6 @@ jobs:
             automated-pr
             type::chore
           draft: false
-          base: "main"
+          base: ${{ github.ref_name }}
           body: |
             Automated changes by the [update-addons](https://github.com/replicatedhq/embedded-cluster/blob/main/.github/workflows/update-addons.yaml) GitHub action
@@ -13,7 +13,6 @@ ADMIN_CONSOLE_MIGRATIONS_IMAGE_OVERRIDE =
 ADMIN_CONSOLE_KURL_PROXY_IMAGE_OVERRIDE =
 EMBEDDED_OPERATOR_IMAGE_OVERRIDE =
 EMBEDDED_OPERATOR_BINARY_URL_OVERRIDE =
-KUBECTL_VERSION = v1.28.11
 K0S_VERSION = v1.28.11+k0s.0
 K0S_GO_VERSION = v1.28.11+k0s.0
 PREVIOUS_K0S_VERSION ?= v1.28.10+k0s.0
@@ -28,7 +27,6 @@ LD_FLAGS = \
 	-X github.com/replicatedhq/embedded-cluster/pkg/versions.K0sVersion=$(K0S_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/versions.Version=$(VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/versions.TroubleshootVersion=$(TROUBLESHOOT_VERSION) \
-	-X github.com/replicatedhq/embedded-cluster/pkg/versions.KubectlVersion=$(KUBECTL_VERSION) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/versions.LocalArtifactMirrorImage=$(LOCAL_ARTIFACT_MIRROR_IMAGE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.ChartRepoOverride=$(ADMIN_CONSOLE_CHART_REPO_OVERRIDE) \
 	-X github.com/replicatedhq/embedded-cluster/pkg/addons/adminconsole.KurlProxyImageOverride=$(ADMIN_CONSOLE_KURL_PROXY_IMAGE_OVERRIDE) \
@@ -57,12 +55,6 @@ pkg/goods/bins/k0s: Makefile
 	chmod +x pkg/goods/bins/k0s
 	touch pkg/goods/bins/k0s
 
-pkg/goods/bins/kubectl: Makefile
-	mkdir -p pkg/goods/bins
-	curl -fL -o pkg/goods/bins/kubectl "https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/linux/amd64/kubectl"
-	chmod +x pkg/goods/bins/kubectl
-	touch pkg/goods/bins/kubectl
-
 pkg/goods/bins/kubectl-support_bundle: Makefile
 	mkdir -p pkg/goods/bins
 	mkdir -p output/tmp/support-bundle
@@ -116,7 +108,6 @@ go.mod: Makefile
 .PHONY: static
 static: pkg/goods/bins/k0s \
 	pkg/goods/bins/kubectl-preflight \
-	pkg/goods/bins/kubectl \
 	pkg/goods/bins/kubectl-support_bundle \
 	pkg/goods/bins/local-artifact-mirror \
 	pkg/goods/internal/bins/kubectl-kots
 
@@ -52,9 +52,7 @@ apko-build: check-env-IMAGE apko-template
 .PHONY: apko-build-and-publish
 apko-build-and-publish: ARCHS ?= amd64
 apko-build-and-publish: check-env-IMAGE apko-template
-	cd build && ${APKO_CMD} \
-		publish apko.yaml ${IMAGE} \
-		--arch ${ARCHS} | tee digest
+	@bash -c 'set -o pipefail && cd build && ${APKO_CMD} publish apko.yaml ${IMAGE} --arch ${ARCHS} | tee digest'
 	$(MAKE) apko-output-image
 
 .PHONY: apko-login
@@ -67,7 +65,12 @@ apko-login:
 
 .PHONY: apko-output-image
 apko-output-image:
-	printf "${IMAGE}@$(shell cat build/digest | awk -F'@' '{print $$2}')" > build/image
+	@digest=$$(cut -s -d'@' -f2 build/digest); \
+	if [ -z "$$digest" ]; then \
+		echo "error: no image digest found" >&2; \
+		exit 1; \
+	fi ; \
+	echo "$(IMAGE)@$$digest" > build/image
 
 .PHONY: melange-build
 melange-build: ARCHS ?= amd64
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ jobs:`
`32`	`32`
`33`	`33`	`replicated_ci_prs=$(`
`34`	`34`	`gh pr list \`
`35`		`- --author 'replicated-ci' \`
	`35`	`+ --author 'replicated-ci-ec' \`
`36`	`36`	`--json url,createdAt,headRefName,headRepository,headRepositoryOwner \`
`37`	`37`	`-q '.[] \| select((.createdAt \| fromdateiso8601 > now - 246060) and .headRepositoryOwner.login == "replicatedhq" and .headRepository.name == "embedded-cluster")'`
`38`	`38`	`)`