Skip to content

Commit

Permalink
workflow:feat - Automating the release notes
Browse files Browse the repository at this point in the history
In this PR I'll update Release Beta, RC and Final to set automatic
body in release notes. I changed file release-new.yml to
release-final.yml and I changed file alpha.yml to release-alpha.yml

Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br>
  • Loading branch information
wiliansilvazup committed Feb 25, 2022
1 parent 1c0b37e commit cc2bbb2
Show file tree
Hide file tree
Showing 10 changed files with 138 additions and 125 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# GitHub code owners
# See https://github.com/blog/2392-introducing-code-owners
* @wiliansilvazup @lucasbrunozup @nathanmartinszup @iancardosozup @matheusalcantarazup
* @wiliansilvazup @lucasbrunozup @nathanmartinszup @iancardosozup @matheusalcantarazup @oliveirafelipezup

4 changes: 2 additions & 2 deletions .github/workflows/e2e-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: "12"
node-version: "14"
id: node
- uses: actions/checkout@v2
# - name: Run e2e tests
Expand All @@ -48,7 +48,7 @@ jobs:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: "12"
node-version: "14"
id: node
- uses: actions/checkout@v2
# - name: Run e2e tests
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/manager-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: "12"
node-version: "14"
id: node
- uses: actions/checkout@v2
- name: Install dependencies
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: Alpha
name: release-alpha

on:
push:
branches:
- main
permissions: read-all
jobs:
Alpha:
ReleaseAlpha:
permissions:
contents: write
packages: write
issues: write
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
Expand Down
47 changes: 16 additions & 31 deletions .github/workflows/release-beta.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,21 @@ on:

permissions: read-all
jobs:
beta:
ReleaseBeta:
permissions:
contents: write
packages: write
issues: write
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
runs-on: ubuntu-latest

if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
steps:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
node-version: 14
- name: Checkout
uses: actions/checkout@v2
with:
Expand Down Expand Up @@ -69,7 +70,7 @@ jobs:
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
passphrase: ${{ secrets.GPG_PASSWORD }}
git_user_signingkey: true
git_commit_gpgsign: true

Expand All @@ -91,9 +92,8 @@ jobs:
run: |
./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
- name: Create local tag
run: |
./mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }}
- name: Create and push tag
run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextBetaVersion }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand All @@ -106,8 +106,10 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }}
GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualBetaVersion }}

- name: Push go projects to dockerhub
if: ${{ success() }}
run: |
./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
Expand All @@ -119,6 +121,7 @@ jobs:
./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
- name: "Docker meta"
if: ${{ success() }}
uses: docker/metadata-action@v3
id: meta
env:
Expand All @@ -132,6 +135,7 @@ jobs:
type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
- name: "Build and push manager"
if: ${{ success() }}
uses: docker/build-push-action@v2
with:
push: true
Expand All @@ -147,28 +151,9 @@ jobs:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Push updates
run: |
./mage -v gitPushAll
if: ${{ success() }}
run: ./mage -v gitPushAll

- name: Update release
uses: meeDamian/github-release@2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.updated-version.outputs.nextBetaVersion }}
name: ${{ steps.updated-version.outputs.nextBetaVersion }}
draft: true
prerelease: false
commitish: ${{ github.sha }}
gzip: false
allow_override: false
body: |
## Docker images
- `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextBetaVersion }}`
- name: Remove updates
if: ${{ !success() }}
run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextBetaVersion }}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: release-new
name: release-final

on:
workflow_dispatch:
Expand All @@ -23,20 +23,21 @@ on:

permissions: read-all
jobs:
release:
ReleaseFinal:
permissions:
contents: write
packages: write
issues: write
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
runs-on: ubuntu-latest

if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
steps:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
node-version: 14
- name: Checkout
uses: actions/checkout@v2
with:
Expand Down Expand Up @@ -68,7 +69,7 @@ jobs:
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
passphrase: ${{ secrets.GPG_PASSWORD }}
git_user_signingkey: true
git_commit_gpgsign: true

Expand Down Expand Up @@ -101,9 +102,10 @@ jobs:
committer_name: Horusec
committer_email: horusec@zup.com.br
branch: ${{ steps.updated-version.outputs.nextReleaseBranchName }}
message: "versioning:release - [skip ci] automatic commit updating versioning files"

- name: Create local tag
run: ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
- name: Create and push tag
run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextReleaseVersion }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand All @@ -116,8 +118,10 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextReleaseVersion }}
GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualReleaseVersion }}

- name: "Docker meta"
if: ${{ success() }}
uses: docker/metadata-action@v3
id: meta
env:
Expand All @@ -131,6 +135,7 @@ jobs:
type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
- name: "Build and push manager"
if: ${{ success() }}
uses: docker/build-push-action@v2
with:
push: true
Expand All @@ -146,25 +151,30 @@ jobs:


- name: Push updates
run: |
./mage -v gitPushAll
if: ${{ success() }}
run: ./mage -v gitPushAll

- name: Remove updates
if: ${{ !success() }}
run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
# This step gets the sha of last commit made, witch is the updating versioning files commit, after that creates a
# branch from the origin main and cherry pick this commit on it. This process need to occur only when the release
# workflow is started from a branch that isn't the main branch, for example a release branch.
# When the workflow it's triggered to run on main, the commit it's going to be made directly to the main branch.
- name: Cherry pick
if: ${{ success() }}
id: cherry-pick
run: |
./mage CherryPick
# This step utilizes an action to create a pull request with the branch that was cherry picked on the last step
# into the main branch. As the last commit, this also needs to run only when the release workflow is started from a
# branch that isn't the main branch. Others workflows should be skipped cause of the skip ci in the pull request title.
- name: Create Pull Request
if: ${{ success() }}
uses: repo-sync/pull-request@v2
with:
source_branch: "${{ steps.cherry-pick.outputs.cherryPickBranchName }}"
destination_branch: "main"
pr_title: "versioning:release - [skip ci] automatic pull request updating versioning files"
pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitShaToPick }} was cherry picked from the release branch, which already contains all the necessary changes."
github_token: ${{ secrets.HORUSEC_PUSH_TOKEN }}

49 changes: 18 additions & 31 deletions .github/workflows/release-rc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,21 @@ on:

permissions: read-all
jobs:
rc:
ReleaseRC:
permissions:
contents: write
packages: write
issues: write
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
runs-on: ubuntu-latest

if: contains('["wiliansilvazup","matheusalcantarazup","lucasbrunozup","nathanmartinszup","iancardosozup","oliveirafelipezup"]', github.actor)
steps:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
node-version: 14
- name: Checkout
uses: actions/checkout@v2
with:
Expand Down Expand Up @@ -69,7 +70,7 @@ jobs:
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
passphrase: ${{ secrets.GPG_PASSWORD }}
git_user_signingkey: true
git_commit_gpgsign: true

Expand All @@ -91,9 +92,8 @@ jobs:
run: |
./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
- name: Create local tag
run: |
./mage -v createLocalTag ${{ steps.updated-version.outputs.nextRcVersion }}
- name: Create and push tag
run: ./mage -v createAndPushTag ${{ steps.updated-version.outputs.nextRcVersion }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand All @@ -106,19 +106,23 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextRcVersion }}
GORELEASER_PREVIOUS_TAG: ${{ steps.updated-version.outputs.actualRCVersion }}

- name: Push go projects to dockerhub
if: ${{ success() }}
run: |
./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
- name: Sign go projects in dockerhub
if: ${{ success() }}
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
run: |
./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
- name: "Docker meta"
if: ${{ success() }}
uses: docker/metadata-action@v3
id: meta
env:
Expand All @@ -132,6 +136,7 @@ jobs:
type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
- name: "Build and push manager"
if: ${{ success() }}
uses: docker/build-push-action@v2
with:
push: true
Expand All @@ -141,34 +146,16 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}

- name: Sign image
if: ${{ success() }}
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Push updates
run: |
./mage -v gitPushAll
if: ${{ success() }}
run: ./mage -v gitPushAll

- name: Update release
uses: meeDamian/github-release@2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.updated-version.outputs.nextRcVersion }}
name: ${{ steps.updated-version.outputs.nextRcVersion }}
draft: true
prerelease: false
commitish: ${{ github.sha }}
gzip: false
allow_override: false
body: |
## Docker images
- `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextRcVersion }}`
- name: Remove updates
if: ${{ !success() }}
run: ./mage -v removeTag ${{ steps.updated-version.outputs.nextRCVersion }}
Loading

0 comments on commit cc2bbb2

Please sign in to comment.