forked from kubernetes/ingress-nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (114 loc) · 4.54 KB
/
upstream-release-sync.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Sync with upstream ingress-nginx releases and cherry-pick Rancher-specific changes
on:
schedule:
- cron: "0 0 * * *" # Runs daily at midnight
workflow_dispatch:
jobs:
create-branches:
runs-on: ubuntu-latest
outputs:
new-release-branches: ${{ steps.create-release-branches.outputs.NEW_RELEASE_BRANCHES }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
path: 'rancher-ingress-nginx'
fetch-depth: 0
fetch-tags: true
- name: Configure git user
run: |
echo "[INFO] Setting up git user in git repository."
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
- name: Fetch the new tags from kubernetes/ingress-nginx repository
run: |
cd rancher-ingress-nginx
$GITHUB_WORKSPACE/rancher-ingress-nginx/scripts/check-for-new-tag.sh
- name: Create new release branches in rancher/ingress-nginx
id: create-release-branches
run: |
cd rancher-ingress-nginx
$GITHUB_WORKSPACE/rancher-ingress-nginx/scripts/create-release-branch.sh
- name: 'Tar files'
run: |
tar -czf rancher-ingress-nginx.tar.gz -C rancher-ingress-nginx .
- name: Push git repo to artifacts
uses: actions/upload-artifact@v4
with:
name: git-repo
path: rancher-ingress-nginx.tar.gz
build-and-validate:
needs: create-branches
runs-on: ubuntu-latest
container:
image: rancher/dapper:v0.6.0
permissions:
contents: write
strategy:
matrix:
branches: ${{ fromJSON(needs.create-branches.outputs.new-release-branches) }}
fail-fast: false
steps:
- name: Fix the not-a-git-repository issue
run: |
apk -U add git
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
- name: Download git repo from artifact
uses: actions/download-artifact@v4
with:
name: git-repo
- name: Extract Artifact
run: |
tar -zxf rancher-ingress-nginx.tar.gz
rm rancher-ingress-nginx.tar.gz
- name: Validate with Dapper for ${{ matrix.branches }}
run: |
git checkout ${{ matrix.branches }}
dapper validate
- name: Build with Dapper for ${{ matrix.branches }}
run: |
git stash --all
dapper build
- name: Read App Secrets
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
- name: Create App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ env.APP_ID }}
private-key: ${{ env.PRIVATE_KEY }}
- name: Push release tag for ${{ matrix.branches }}
run: |
# To stash any changes created by dapper CI run
git stash --all
if ! $(git push --quiet --no-progress origin $RELEASE_BRANCH > /dev/null); then
echo "[ERROR] Failed while pushing the branch $RELEASE_BRANCH to rancher repository. Skipping the version $RELEASE_BRANCH."
exit 1
else
echo "[INFO] Successfully pushed branch $RELEASE_BRANCH: https://github.com/rancher/ingress-nginx/tree/$RELEASE_BRANCH"
fi
# Remove the '-fix' suffix to create the tag name
TAG="${RELEASE_BRANCH%-fix*}"
TAG="$TAG-rancher1"
echo "[INFO] Creating the tag: $TAG for branch: $RELEASE_BRANCH"
# Create the tag
if ! git tag "$TAG" "$RELEASE_BRANCH"; then
echo "[ERROR] Failed while creating the tag $TAG in the repository."
exit 1
fi
# Push the tag to origin
if ! git push origin "$TAG"; then
echo "[ERROR] Failed while pushing the tag $TAG to the repository."
exit 1
else
echo "[INFO] Successfully pushed tag $TAG: https://github.com/rancher/ingress-nginx/releases/tag/$TAG"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_BRANCH: ${{ matrix.branches }}