workflow:feat - Automating the release notes (#570)

In this PR I'll update Release Beta, RC and Final to set automatic body in release notes. I changed file release-new.yml to release-final.yml and I changed file alpha.yml to release-alpha.yml Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br> (cherry picked from commit 07dba43) Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br>
ZupIT · Mar 7, 2022 · 26d1ea3 · 26d1ea3
1 parent 8c827c4
commit 26d1ea3
Show file tree

Hide file tree

Showing 10 changed files with 138 additions and 125 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,4 +1,4 @@
 # GitHub code owners
 # See https://github.com/blog/2392-introducing-code-owners
-* @wiliansilvazup @lucasbrunozup @nathanmartinszup @iancardosozup @matheusalcantarazup
+* @wiliansilvazup @lucasbrunozup @nathanmartinszup @iancardosozup @matheusalcantarazup @oliveirafelipezup
 
diff --git a/.github/workflows/e2e-pipeline.yml b/.github/workflows/e2e-pipeline.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: "12"
+          node-version: "14"
         id: node
       - uses: actions/checkout@v2
       - name: Run e2e tests
@@ -48,7 +48,7 @@ jobs:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: "12"
+          node-version: "14"
         id: node
       - uses: actions/checkout@v2
       - name: Run e2e tests

diff --git a/.github/workflows/manager-pipeline.yml b/.github/workflows/manager-pipeline.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: "12"
+          node-version: "14"
         id: node
       - uses: actions/checkout@v2
       - name: Install dependencies

diff --git a/.github/workflows/alpha.yml → .github/workflows/release-alpha.yml b/.github/workflows/alpha.yml → .github/workflows/release-alpha.yml
@@ -12,18 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: Alpha
+name: release-alpha
 
 on:
   push:
     branches:
       - main
 permissions: read-all
 jobs:
-  Alpha:
+  ReleaseAlpha:
     permissions:
       contents: write
       packages: write
+      issues:   write
     runs-on: ubuntu-latest
     env:
       COSIGN_KEY_LOCATION: /tmp/cosign.key

diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml
@@ -23,20 +23,21 @@ on:
 
 permissions: read-all
 jobs:
-  beta:
+  ReleaseBeta:
     permissions:
       contents: write
       packages: write
+      issues:   write
     env:
       COSIGN_KEY_LOCATION: /tmp/cosign.key
       COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
     runs-on: ubuntu-latest
-
+    if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
     steps:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: 12
+          node-version: 14
       - name: Checkout
         uses: actions/checkout@v2
         with:
@@ -69,7 +70,7 @@ jobs:
         uses: crazy-max/ghaction-import-gpg@v4
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PASSPHRASE }}
+          passphrase: ${{ secrets.GPG_PASSWORD }}
           git_user_signingkey: true
           git_commit_gpgsign: true
 
@@ -91,9 +92,8 @@ jobs:
         run: |
           ./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
 
-      - name: Create local tag
-        run: |
-          ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }}
+      - name: Create and push tag
+        run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextBetaVersion }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
@@ -106,8 +106,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
           GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }}
+          GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualBetaVersion }}
 
       - name: Push go projects to dockerhub
+        if: ${{ success() }}
         run: |
           ./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
 
@@ -119,6 +121,7 @@ jobs:
           ./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
 
       - name: "Docker meta"
+        if: ${{ success() }}
         uses: docker/metadata-action@v3
         id: meta
         env:
@@ -132,6 +135,7 @@ jobs:
             type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
 
       - name: "Build and push manager"
+        if: ${{ success() }}
         uses: docker/build-push-action@v2
         with:
           push: true
@@ -147,28 +151,9 @@ jobs:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
 
       - name: Push updates
-        run: |
-          ./mage -v gitPushAll
+        if: ${{ success() }}
+        run: ./mage -v gitPushAll
 
-      - name: Update release
-        uses: meeDamian/github-release@2.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ steps.updated-version.outputs.nextBetaVersion }}
-          name: ${{ steps.updated-version.outputs.nextBetaVersion }}
-          draft: true
-          prerelease: false
-          commitish: ${{ github.sha }}
-          gzip: false
-          allow_override: false
-          body: |
-            ## Docker images
-            - `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextBetaVersion }}`
-            - `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextBetaVersion }}`
+      - name: Remove updates
+        if: ${{ !success() }}
+        run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextBetaVersion }}
diff --git a/.github/workflows/release.yml → .github/workflows/release-final.yml b/.github/workflows/release.yml → .github/workflows/release-final.yml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: release-new
+name: release-final
 
 on:
   workflow_dispatch:
@@ -23,20 +23,21 @@ on:
 
 permissions: read-all
 jobs:
-  release:
+  ReleaseFinal:
     permissions:
       contents: write
       packages: write
+      issues:   write
     env:
       COSIGN_KEY_LOCATION: /tmp/cosign.key
       COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
     runs-on: ubuntu-latest
-
+    if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
     steps:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: 12
+          node-version: 14
       - name: Checkout
         uses: actions/checkout@v2
         with:
@@ -68,7 +69,7 @@ jobs:
         uses: crazy-max/ghaction-import-gpg@v4
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PASSPHRASE }}
+          passphrase: ${{ secrets.GPG_PASSWORD }}
           git_user_signingkey: true
           git_commit_gpgsign: true
 
@@ -105,9 +106,10 @@ jobs:
           committer_name: Horusec
           committer_email: horusec@zup.com.br
           branch: ${{ steps.updated-version.outputs.nextReleaseBranchName }}
+          message: "versioning:release - [skip ci] automatic commit updating versioning files"
 
-      - name: Create local tag
-        run: ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
+      - name: Create and push tag
+        run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
@@ -120,8 +122,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
           GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextReleaseVersion }}
+          GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualReleaseVersion }}
 
       - name: "Docker meta"
+        if: ${{ success() }}
         uses: docker/metadata-action@v3
         id: meta
         env:
@@ -135,6 +139,7 @@ jobs:
             type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
 
       - name: "Build and push manager"
+        if: ${{ success() }}
         uses: docker/build-push-action@v2
         with:
           push: true
@@ -150,25 +155,30 @@ jobs:
 
 
       - name: Push updates
-        run: |
-          ./mage -v gitPushAll
+        if: ${{ success() }}
+        run: ./mage -v gitPushAll
+
+      - name: Remove updates
+        if: ${{ !success() }}
+        run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
       # This step gets the sha of last commit made, witch is the updating versioning files commit, after that creates a
       # branch from the origin main and cherry pick this commit on it. This process need to occur only when the release
       # workflow is started from a branch that isn't the main branch, for example a release branch.
       # When the workflow it's triggered to run on main, the commit it's going to be made directly to the main branch.
       - name: Cherry pick
+        if: ${{ success() }}
         id: cherry-pick
         run: |
           ./mage CherryPick
       # This step utilizes an action to create a pull request with the branch that was cherry picked on the last step
       # into the main branch. As the last commit, this also needs to run only when the release workflow is started from a
       # branch that isn't the main branch. Others workflows should be skipped cause of the skip ci in the pull request title.
       - name: Create Pull Request
+        if: ${{ success() }}
         uses: repo-sync/pull-request@v2
         with:
           source_branch: "${{ steps.cherry-pick.outputs.cherryPickBranchName }}"
           destination_branch: "main"
           pr_title: "versioning:release - [skip ci] automatic pull request updating versioning files"
           pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitShaToPick }} was cherry picked from the release branch, which already contains all the necessary changes."
           github_token: ${{ secrets.HORUSEC_PUSH_TOKEN }}
-
diff --git a/.github/workflows/release-rc.yml b/.github/workflows/release-rc.yml
@@ -23,20 +23,21 @@ on:
 
 permissions: read-all
 jobs:
-  rc:
+  ReleaseRC:
     permissions:
       contents: write
       packages: write
+      issues:   write
     env:
       COSIGN_KEY_LOCATION: /tmp/cosign.key
       COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
     runs-on: ubuntu-latest
-
+    if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
     steps:
       - name: Set up nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: 12
+          node-version: 14
       - name: Checkout
         uses: actions/checkout@v2
         with:
@@ -69,7 +70,7 @@ jobs:
         uses: crazy-max/ghaction-import-gpg@v4
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PASSPHRASE }}
+          passphrase: ${{ secrets.GPG_PASSWORD }}
           git_user_signingkey: true
           git_commit_gpgsign: true
 
@@ -91,9 +92,8 @@ jobs:
         run: |
           ./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
 
-      - name: Create local tag
-        run: |
-          ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextRcVersion }}
+      - name: Create and push tag
+        run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextRcVersion }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
@@ -106,19 +106,23 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
           GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextRcVersion }}
+          GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualRCVersion }}
 
       - name: Push go projects to dockerhub
+        if: ${{ success() }}
         run: |
           ./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
 
       - name: Sign go projects in dockerhub
+        if: ${{ success() }}
         env:
           COSIGN_KEY: ${{secrets.COSIGN_KEY}}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
         run: |
           ./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
 
       - name: "Docker meta"
+        if: ${{ success() }}
         uses: docker/metadata-action@v3
         id: meta
         env:
@@ -132,6 +136,7 @@ jobs:
             type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
 
       - name: "Build and push manager"
+        if: ${{ success() }}
         uses: docker/build-push-action@v2
         with:
           push: true
@@ -141,34 +146,16 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Sign image
+        if: ${{ success() }}
         run: |
           cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
 
       - name: Push updates
-        run: |
-          ./mage -v gitPushAll
+        if: ${{ success() }}
+        run: ./mage -v gitPushAll
 
-      - name: Update release
-        uses: meeDamian/github-release@2.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ steps.updated-version.outputs.nextRcVersion }}
-          name: ${{ steps.updated-version.outputs.nextRcVersion }}
-          draft: true
-          prerelease: false
-          commitish: ${{ github.sha }}
-          gzip: false
-          allow_override: false
-          body: |
-            ## Docker images
-            - `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextRcVersion }}`
-            - `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextRcVersion }}`
+      - name: Remove updates
+        if: ${{ !success() }}
+        run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextRCVersion }}