-
Notifications
You must be signed in to change notification settings - Fork 30
244 lines (213 loc) · 8.47 KB
/
release.yml
File metadata and controls
244 lines (213 loc) · 8.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
name: Tag a new release
on:
workflow_dispatch:
inputs:
version:
description: |
The release version in <Major>.<minor> format.
0.0 means new minor version on the latest major version.
default: '0.0'
type: string
dry-run:
description: Do not push anything
default: true
type: boolean
jobs:
determine-version:
runs-on: ubuntu-24.04
outputs:
major: ${{ steps.final-values.outputs.major }}
minor: ${{ steps.final-values.outputs.minor }}
patch: ${{ steps.patch-version.outputs.value || '0' }}
release-type: ${{ steps.final-values.outputs.type }}
stackrox-major: ${{ steps.stackrox.outputs.major }}
stackrox-minor: ${{ steps.stackrox.outputs.minor }}
steps:
- uses: actions/checkout@v4
with:
submodules: false
fetch-depth: 0
- name: Parse required release
id: required-release
run: |
if [[ "${{ inputs.version }}" =~ ^([[:digit:]]+)\.([[:digit:]]+)$ ]]; then
echo "major=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
echo "minor=${BASH_REMATCH[2]}" >> "$GITHUB_OUTPUT"
else
echo >&2 "Invalid version ${{ inputs.version }}. The expected format is <Major>.<minor>"
exit 1
fi
- name: Get closest tag to master
id: latest-tag
uses: ./.github/actions/get-latest-version
with:
required-major: ${{ steps.required-release.outputs.major }}
- name: Determine release type and version
id: final-values
env:
LATEST_MAJOR: ${{ steps.latest-tag.outputs.major }}
LATEST_MINOR: ${{ steps.latest-tag.outputs.minor }}
REQUIRED_MAJOR: ${{ steps.required-release.outputs.major }}
REQUIRED_MINOR: ${{ steps.required-release.outputs.minor }}
run: |
function add_outputs() {
cat << EOF >> "$GITHUB_OUTPUT"
major=$1
minor=$2
type=$3
EOF
}
if ((REQUIRED_MAJOR==0)); then
add_outputs "${LATEST_MAJOR}" "$((LATEST_MINOR+1))" "minor"
elif ((REQUIRED_MAJOR > LATEST_MAJOR)); then
add_outputs "$((LATEST_MAJOR+1))" "0" "major"
elif ((REQUIRED_MAJOR == LATEST_MAJOR && REQUIRED_MINOR > LATEST_MINOR)); then
add_outputs "${LATEST_MAJOR}" "$((LATEST_MINOR+1))" "minor"
else
add_outputs "${REQUIRED_MAJOR}" "${REQUIRED_MINOR}" "patch"
fi
- name: Get patch version
id: patch-version
if: steps.final-values.outputs.type == 'patch'
env:
MAJOR: ${{ steps.final-values.outputs.major }}
MINOR: ${{ steps.final-values.outputs.minor }}
run: |
git checkout "release-${MAJOR}.${MINOR}"
git pull --ff-only
patch=0
while read -r line; do
if [[ "$line" =~ ^${MAJOR}.${MINOR}.([[:digit:]]+)$ ]]; then
if ((BASH_REMATCH[1] > patch)); then
patch="${BASH_REMATCH[1]}"
fi
fi
done < <(git tag --merged)
echo "value=$((patch+1))" >> "$GITHUB_OUTPUT"
- name: Checkout stackrox submodule
if: steps.final-values.outputs.type != 'patch'
run: |
git submodule update --init collector/proto/third_party/stackrox
- name: Get stackrox version
id: stackrox-version-last
if: steps.final-values.outputs.type != 'patch'
uses: ./.github/actions/get-latest-version
with:
repo: ${{ github.workspace }}/collector/proto/third_party/stackrox
- name: Adjust stackrox version
id: stackrox
if: steps.final-values.outputs.type != 'patch'
run: |
MINOR="$((${{ steps.stackrox-version-last.outputs.minor }}+1))"
echo "major=${{ steps.stackrox-version-last.outputs.major }}" >> "$GITHUB_OUTPUT"
echo "minor=${MINOR}" >> "$GITHUB_OUTPUT"
- name: Notify tags and branches
env:
MAJOR: ${{ steps.final-values.outputs.major }}
MINOR: ${{ steps.final-values.outputs.minor }}
PATCH: ${{ steps.patch-version.outputs.value || '0' }}
RELEASE_TYPE: ${{ steps.final-values.outputs.type }}
run: |
function notice() {
echo "::notice title=$1:: $2"
}
BRANCH="master"
if [[ "${RELEASE_TYPE}" == "patch" ]]; then
BRANCH="release-${MAJOR}.${MINOR}"
fi
notice "Release type" "${RELEASE_TYPE}"
notice "Tag" "${MAJOR}.${MINOR}.${PATCH}"
notice "Base branch" "${BRANCH}"
if [[ "${BRANCH}" == "master" ]]; then
notice "Master tag" "${MAJOR}.${MINOR}.x"
notice "Release branch" "release-${MAJOR}.${MINOR}"
fi
if [[ "${RELEASE_TYPE}" != "patch" ]]; then
notice "Stackrox Major" "${{ steps.stackrox.outputs.major }}"
notice "Stackrox minor" "${{ steps.stackrox.outputs.minor }}"
fi
- name: Mismatched versions
if: steps.required-release.outputs.major != 0 && (
steps.required-release.outputs.major != steps.final-values.outputs.major ||
steps.required-release.outputs.minor != steps.final-values.outputs.minor
)
env:
REQUIRED_MAJOR: ${{ steps.required-release.outputs.major }}
REQUIRED_MINOR: ${{ steps.required-release.outputs.minor }}
CALCULATED_MAJOR: ${{ steps.final-values.outputs.major }}
CALCULATED_MINOR: ${{ steps.final-values.outputs.minor }}
run: |
cat << EOF >&2
::error title='Version mismatch'::The required version did not match the one calculated. REQUIRED: ${REQUIRED_MAJOR}.${REQUIRED_MINOR}, GOT: ${CALCULATED_MAJOR}.${CALCULATED_MINOR}
Please review the input and retrigger the workflow.
EOF
# Fail the workflow
exit 1
release:
runs-on: ubuntu-24.04
if: ${{ !inputs.dry-run }}
needs:
- determine-version
env:
RELEASE: ${{ needs.determine-version.outputs.major }}.${{ needs.determine-version.outputs.minor }}
RELEASE_TYPE: ${{ needs.determine-version.outputs.release-type }}
PATCH: ${{ needs.determine-version.outputs.patch }}
GH_TOKEN: "${{ secrets.RHACS_BOT_GITHUB_TOKEN }}"
steps:
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
token: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }}
- name: Initialize mandatory git config
run: |
git config user.name "${{ github.event.sender.login }}"
git config user.email noreply@github.com
- name: Create release branch
if: needs.determine-version.outputs.release-type != 'patch'
run: |
git checkout master
git pull --ff-only
git tag "${RELEASE}.x"
git checkout -b "release-${RELEASE}"
- name: Push release branch
if: needs.determine-version.outputs.release-type != 'patch'
run: |
git push origin "${RELEASE}.x"
git push --set-upstream origin "release-${RELEASE}"
- name: Create release tag
run: |
git checkout "release-${RELEASE}"
if [[ "${RELEASE_TYPE}" == "patch" ]]; then
git pull --ff-only
fi
git tag -a -m "Collector v${RELEASE}.${PATCH} release" "${RELEASE}.${PATCH}"
- name: Push release tag
run: |
git push origin "${RELEASE}.${PATCH}"
- name: Create tag in falcosecurity-libs
run: |
git submodule update --init falcosecurity-libs
cd falcosecurity-libs/
git tag "${RELEASE}.${PATCH}"
- name: Push tag in falcosecurity-libs
run: |
cd falcosecurity-libs/
git push origin "${RELEASE}.${PATCH}"
- name: Send message to slack
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_COLLECTOR_ONCALL_WEBHOOK }}
SLACK_CHANNEL: team-acs-collector-oncall
SLACK_COLOR: success
SLACK_LINK_NAMES: true
SLACK_TITLE: "New release tagged"
SLACKIFY_MARKDOWN: true
MSG_MINIMAL: true
SLACK_MESSAGE: |
@acs-collector-oncall a new release has just been triggered
with the following values:
| Name | Value |
| --- | --- |
| Version | ${{ env.RELEASE }}.${{ env.PATCH }} |
| Release Type | ${{ env.RELEASE_TYPE }} |