-
Notifications
You must be signed in to change notification settings - Fork 6k
228 lines (206 loc) · 8.37 KB
/
release-master.yml
File metadata and controls
228 lines (206 loc) · 8.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: Release Master
on:
workflow_dispatch:
branches: ["master"]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Set up Java 11
uses: actions/setup-java@v4
with:
java-version: 11
distribution: temurin
server-id: central
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.OSSRH_GPG_PRIVATE_KEY }}
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Run pre release script
id: preRelease
run: |
# export GPG_TTY=$(tty)
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
then
echo "not releasing snapshot version: " ${MY_POM_VERSION}
echo "RELEASE_OK=no" >> $GITHUB_ENV
else
. ./CI/pre-release.sh
echo "RELEASE_OK=yes" >> $GITHUB_ENV
fi
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV
echo "SC_LAST_RELEASE=$SC_LAST_RELEASE" >> $GITHUB_ENV
echo "SC_RELEASE_TAG=v$SC_VERSION" >> $GITHUB_ENV
- name: configure git user email
run: |
git config --global user.email "action@github.com"
git config --global user.name "GitHub Action"
git config --global hub.protocol https
git remote set-url origin https://\${{ secrets.GITHUB_TOKEN }}:x-oauth-basic@github.com/swagger-api/swagger-codegen.git
- name: Run maven deploy/release
if: env.RELEASE_OK == 'yes'
run: |
mvn --no-transfer-progress -B -Prelease deploy
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: docker login
run: |
docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }}
set -e
- name: Build generator image and push
if: env.RELEASE_OK == 'yes'
uses: docker/build-push-action@v5
with:
context: ./modules/swagger-generator
push: true
provenance: false
tags: swaggerapi/swagger-generator:${{ env.SC_RELEASE_TAG }},swaggerapi/swagger-generator:latest
- name: Build CLI image and push
if: env.RELEASE_OK == 'yes'
uses: docker/build-push-action@v5
with:
context: ./modules/swagger-codegen-cli
push: true
provenance: false
tags: swaggerapi/swagger-codegen-cli:${{ env.SC_RELEASE_TAG }},swaggerapi/swagger-codegen-cli:latest
- name: Run post release script
id: postRelease
if: env.RELEASE_OK == 'yes'
run: |
. ./CI/post-release.sh
- name: Create Next Snapshot Pull Request
uses: peter-evans/create-pull-request@v4
if: env.RELEASE_OK == 'yes'
with:
token: ${{ steps.generate-token.outputs.token }}
commit-message: bump snapshot ${{ env.SC_NEXT_VERSION }}-SNAPSHOT
title: 'bump snapshot ${{ env.SC_NEXT_VERSION }}-SNAPSHOT'
branch: bump-snap-${{ env.SC_NEXT_VERSION }}-SNAPSHOT
- name: deploy
run: |
echo "${{ env.SC_RELEASE_TAG }}"
TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}"
RANCHER_HOST="rancher.tools.swagger.io"
CLUSTER_ID="c-n8zp2"
NAMESPACE_NAME="swagger-oss"
K8S_OBJECT_TYPE="daemonsets"
K8S_OBJECT_NAME="swagger-generator"
DEPLOY_IMAGE="swaggerapi/swagger-generator:${{ env.SC_RELEASE_TAG }}"
workloadStatus=""
getStatus() {
echo "Getting update status..."
if ! workloadStatus="$(curl -s -X GET \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")"
then
echo 'ERROR - get status k8s API call failed!'
echo "Exiting build"...
exit 1
fi
}
# $1 = image to deploy
updateObject() {
local image="${1}"
echo "Updating image value..."
if ! curl -s -X PATCH \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json-patch+json' \
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \
-d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]"
then
echo 'ERROR - image update k8s API call failed!'
echo "Exiting build..."
exit 1
fi
}
# Check that the TAG is valid
if [[ ${{ env.SC_RELEASE_TAG }} =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then
echo ""
echo "This is a Valid TAG..."
# Get current image/tag in case we need to rollback
getStatus
ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')"
echo ""
echo "Current image: ${ROLLBACK_IMAGE}"
# Update image and validate response
echo ""
updateObject "${DEPLOY_IMAGE}"
echo ""
echo ""
echo "Waiting for pods to start..."
echo ""
sleep 60s
# Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error
getStatus
status="$(echo "${workloadStatus}" | jq '.status')"
echo ""
echo "${status}"
echo ""
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
numberReady="$(echo "${status}" | jq -r '.numberReady')"
if (( numberReady == numberDesired )); then
echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}"
# If pods are not starting, rollback the upgrade and exit the build with error
else
echo "state = error...rolling back upgrade"
updateObject "${ROLLBACK_IMAGE}"
echo ""
echo ""
echo "Waiting for rollback pods to start..."
echo ""
sleep 60s
getStatus
status="$(echo "${workloadStatus}" | jq '.status')"
echo ""
echo "${status}"
echo ""
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
numberReady="$(echo "${status}" | jq -r '.numberReady')"
if (( numberReady == numberDesired )); then
echo "Rollback to ${ROLLBACK_IMAGE} completed."
else
echo "FATAL - rollback failed"
fi
echo "Exiting Build..."
exit 1
fi
else
echo "This TAG is not in a valid format..."
echo "Exiting Build..."
exit 0
fi
echo "Exiting Build..."
exit 0
env:
SC_RELEASE_TAG:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SC_VERSION:
SC_NEXT_VERSION:
GPG_PRIVATE_KEY: ${{ secrets.OSSRH_GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_PRIVATE_PASSPHRASE }}
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}