From 2df301cc21d0012dcd890514dee1770acf3f1936 Mon Sep 17 00:00:00 2001 From: Jan Larwig Date: Sat, 20 Jan 2024 21:14:09 +0100 Subject: [PATCH] feature: add release automation workflows (#2224) * feature: add release automation workflows * deactivate provenancee because of behaviour change with buildx v0.10.0 * add changelog section extraction for github release notes * fix registry path; fix EOF * use correct version of golangci-lint; add additional workflow step for fetching all dependencies --- .github/workflows/create-release.yml | 117 ++++++++++++++++++++++++ .github/workflows/publish-release.yml | 126 ++++++++++++++++++++++++++ RELEASE.md | 2 + 3 files changed, 245 insertions(+) create mode 100644 .github/workflows/create-release.yml create mode 100644 .github/workflows/publish-release.yml diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml new file mode 100644 index 0000000..7b35a68 --- /dev/null +++ b/.github/workflows/create-release.yml @@ -0,0 +1,117 @@ +name: Create Release +run-name: Create release ${{ inputs.version }} + +on: + workflow_dispatch: + inputs: + version: + description: 'Version for new release' + required: true + +permissions: + contents: write + pull-requests: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + ref: master + fetch-depth: 0 + fetch-tags: true + + - name: Validate version + id: validate + run: | + function ver { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); } + + NEW_VERSION=${{ inputs.version }} + NEW_VERSION=${NEW_VERSION#v} # Remove v prefix + + LATEST_VERSION=$(git describe --abbrev=0 --tags) + LATEST_VERSION=${LATEST_VERSION#v} # Remove v prefix + + # check that new version can be parsed + if [ ! $(ver $NEW_VERSION ) -gt $(ver 0) ]; then + echo "::error::Entered version '${{ inputs.version }}' cannot be parsed" + exit 1 + fi + + # check version continuity + if [ ! $(ver $LATEST_VERSION) -lt $(ver $NEW_VERSION) ]; then + echo "::error::Entered version '${{ inputs.version }}' is smaller then latest version $LATEST_VERSION" + exit 1 + fi + + echo "version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" + + - name: Prepare Github Actions Bot + run: | + git config --local user.name "github-actions[bot]" + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: latest + + - name: Update documentation + run: | + cd docs + + FULL_VERSION=${{ steps.validate.outputs.version }} + VERSION=${FULL_VERSION%.*}.x + + if [ ! -d "versioned_docs/version-${VERSION}" ]; then + npm ci + npm run docusaurus docs:version ${VERSION} + + git add . + git commit -m "add new docs version ${VERSION}" + fi + + sed -i "s/(current release is .*)/(current release is \`v${FULL_VERSION}\`)/g" docs/installation.md + sed -i "s/(current release is .*)/(current release is \`v${FULL_VERSION}\`)/g" versioned_docs/version-${VERSION}/installation.md + + - name: Update Changelog + run: | + VERSION=${{ steps.validate.outputs.version }} + + sed -i "s/#.*(Pre-release)/# V${VERSION}/g" CHANGELOG.md + + cat << EOF > /tmp/CHANGELOG.prepend + # Vx.x.x (Pre-release) + + ## Release Highlights + + ## Important Notes + + ## Breaking Changes + EOF + + echo -e "$(cat /tmp/CHANGELOG.prepend)\n\n$(cat CHANGELOG.md)" > CHANGELOG.md + + - name: Update development files + run: | + VERSION=${{ steps.validate.outputs.version }} + cd contrib + grep -rl "quay.io/oauth2-proxy/oauth2-proxy:" | \ + xargs sed -i "s#quay.io/oauth2-proxy/oauth2-proxy:v[0-9]\+\.[0-9]\+\.[0-9]\+#quay.io/oauth2-proxy/oauth2-proxy:v${VERSION}#g" + + - name: Commit and push + run: | + VERSION=${{ steps.validate.outputs.version }} + + git checkout -b release/v${VERSION} + git commit -am "update to release version v${VERSION}" + git push -u origin release/v${VERSION} + + - name: Create PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + VERSION=v${{ steps.validate.outputs.version }} + gh pr create -B master -H release/${VERSION} --title "release ${VERSION}" --body "Release branch and changes created by GitHub Actions. This PR should include changes to the docs, CHANGELOG and local environment files." diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml new file mode 100644 index 0000000..bba2e8e --- /dev/null +++ b/.github/workflows/publish-release.yml @@ -0,0 +1,126 @@ +name: Publish Release +run-name: ${{ github.event.pull_request.head.ref }} + +on: + pull_request_target: + branches: + - master + types: + - closed + +permissions: + contents: write + pull-requests: write + +jobs: + publish: + if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/') + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.tag.outputs.version }} + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.merge_commit_sha }} + fetch-depth: 0 + fetch-tags: true + + - name: Tag release + run: | + # Set up github-actions[bot] user + git config --local user.name "github-actions[bot]" + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + + # Get the version from the branch name + branch="${{ github.event.pull_request.head.ref }}" + version="${branch#release/}" + echo ${version} + + # Tag and create release + git tag -a "${version}" -m "Release ${version}" + echo "version=${version}" >> $GITHUB_OUTPUT + id: tag + + - name: Set up go + uses: actions/setup-go@v2 + with: + go-version: 1.19 + + - name: Get dependencies + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.50.0 + curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter + chmod +x ./cc-test-reporter + + # Install go depedencies + go mod download + + - name: Build Artifacts + run: make release + + # Upload artifacts in case of workflow failure + - name: Upload Artifacts + uses: actions/upload-artifact@v3 + with: + name: oauth2-proxy-artifacts + path: | + release/*.tar.gz + release/*.txt + + - name: Create release + env: + GH_TOKEN: ${{ github.token }} + run: | + # Get version from tag + version=$(git describe --tags --abbrev=0) + + # Extract CHANGELOG + numericVersion="${version#v}" + notes=$(sed -E "/^# (v|V)$numericVersion$/,/^# (v|V)/!d;//d" CHANGELOG.md) + + # Publish release tag + git push origin "${version}" + + # Create github release + gh release create "${version}" \ + --title "${version}" \ + --notes "${notes}" \ + --prerelease + + # Upload artifacts + gh release upload "${version}" release/*.tar.gz + gh release upload "${version}" release/*.txt + + docker: + needs: publish + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + ref: ${{ needs.publish.outputs.tag }} + fetch-depth: 0 + fetch-tags: true + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to quay.io + uses: docker/login-action@v2 + with: + registry: quay.io/oauth2-proxy + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Build images + run: | + make docker-all + + - name: Push images + run: | + make docker-push-all diff --git a/RELEASE.md b/RELEASE.md index fa5c030..92a25eb 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,5 +1,7 @@ # Release +The is a legacy document to explain the manual process of creating and publishing a new release of oauth2-proxy. As of now the release process has been automated with GitHub Actions workflows. For more information have a look at the workflows `create-release.yml` and `publish-release.yml`. + Here's how OAuth2 Proxy releases are created. ## Schedule