testing only #207

Workflow file for this run

.github/workflows/release-image.yml at 30cb3db

	name: Release Image

	on:
	workflow_dispatch:
	inputs:
	version:
	description: "Release version"
	required: true
	type: string
	authors:
	description: "Comma-separated list of author emails"
	required: true
	type: string
	image_sha:
	description: "6-digit commit SHA used for the promoted image (e.g. 3e79a3 or 'latest')"
	required: false
	default: "latest"
	type: string
	push:
	branches:
	- '**'

	permissions:
	contents: write
	pull-requests: write

	jobs:
	# Image2commit: Creates a mapping between the image_sha given as input and the actual git commit
	# This is necassary for the release-image step that requires checking out that exact git commit
	image2commit:
	name: Resolve Commit SHA from Image
	runs-on: ubuntu-latest
	environment: release
	outputs:
	commit_sha: ${{ steps.resolve.outputs.commit_sha }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Log in to Docker registry
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ secrets.ANDRPAC_DOCKER_USERNAME }}
	password: ${{ secrets.ANDRPAC_DOCKER_PASSWORD }}

	- name: Run image2commit
	id: resolve
	uses: ./.github/actions/image2commit
	with:
	register: docker.io
	repo: andrpac/mongodb-atlas-kubernetes-operator-prerelease
	image_sha: latest # !!!!!!!!!!!!!!!! To make the acutal input later !!!!!!

	check-commit:
	name: Check resolved commit
	runs-on: ubuntu-latest
	needs: image2commit
	steps:
	- name: Echo resolved commit
	run: \|
	echo "Resolved commit: ${{ needs.image2commit.outputs.commit_sha }}"

	# Release-image: Created and uploads a release for the specified operator version given in the image_sha
	# Note, with new releases, all of the release artifacts will be stored withing docs/releases/{release_version}
	release-image:
	runs-on: ubuntu-latest
	environment: release
	env:
	VERSION: ${{ github.event.inputs.version \|\| 'test-0.0.0-dev' }}
	AUTHORS: ${{ github.event.inputs.authors \|\| 'unknown' }}
	IMAGE_SHA: ${{ github.event.inputs.image_sha \|\| 'latest' }}
	DOCKER_SIGNATURE_REPO: docker.io/andrpac/signatures
	DOCKER_RELEASE_REPO: docker.io/andrpac/mongodb-atlas-kubernetes-operator
	DOCKER_PRERELEASE_REPO: docker.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
	QUAY_RELEASE_REPO: quay.io/andrpac/mongodb-atlas-kubernetes-operator
	QUAY_PRERELEASE_REPO: quay.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	#ref: $#{{ needs.image2commit.outputs.commit_sha }} !!!!!!!!! SUPER IMPORTNAT TO PUT BACK !!!!!!!

	- name: Generate GitHub App Token
	id: generate_token
	uses: mongodb/apix-action/token@v8
	with:
	app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
	private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}

	# Login in into all registries
	- name: Log in to Docker registry
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Log in to Quay registry
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Log in to Artifactory
	uses: docker/login-action@v3
	with:
	registry: artifactory.corp.mongodb.com
	username: ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
	password: ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}

	# This step configures all of the dynamic variables needed for later steps
	- name: Configure job environment for downstream steps
	id: tags
	run: \|
	promoted_tag="promoted-${IMAGE_SHA}"
	release_tag="${VERSION}"
	certified_tag="certified-${release_tag}"

	docker_image_url="${DOCKER_RELEASE_REPO}:${release_tag}"
	quay_image_url="${QUAY_RELEASE_REPO}:${release_tag}"
	quay_certified_image_url="${QUAY_RELEASE_REPO}:${certified_tag}"

	echo "promoted_tag=$promoted_tag" >> $GITHUB_OUTPUT
	echo "release_tag=$release_tag" >> $GITHUB_OUTPUT
	echo "certified_tag=$certified_tag" >> $GITHUB_OUTPUT
	echo "docker_image_url=$docker_image_url" >> $GITHUB_OUTPUT
	echo "quay_image_url=$quay_image_url" >> $GITHUB_OUTPUT
	echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT

	# Move prerelease images to official release registries in Docker Hub and Quay

	# Link updates to pr: all-in-one.yml, helm-updates, sdlc requirements
	- name: Generate deployment configurations
	uses: ./.github/actions/gen-install-scripts
	with:
	ENV: prod
	IMAGE_URL: ${{ steps.tags.outputs.docker_image_url }}

	- name: Bump Helm chart version
	run: ./scripts/bump-helm-chart-version.sh

	# Prepare SDLC requirement: signatures, sboms, compliance reports
	# Note, signed images will live in mongodb/release and mongodb/signature repos

	- name: Create SDLC report
	run: make gen-sdlc-checklist

	# Create PR on release branch with all updates generated
	- name: Make release changes
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	export VERSION="${VERSION}"
	export BRANCH="new-release/${VERSION}"
	export COMMIT_MESSAGE="feat: release ${VERSION} from release-image workflow"
	export RELEASE_DIR="docs/releases/v${VERSION}"

	git config --global user.name "${{ steps.generate_token.outputs.user-name }}"
	git config --global user.email "${{ steps.generate_token.outputs.user-email }}"

	mkdir -p "$RELEASE_DIR"
	mv bundle "$RELEASE_DIR/bundle"
	mv bundle.Dockerfile "$RELEASE_DIR/bundle.Dockerfile"
	mv helm-charts "$RELEASE_DIR/helm-charts"

	git add "$RELEASE_DIR"
	git commit -m "temp: release content for ${VERSION}"
	export SOURCE_COMMIT=$(git rev-parse HEAD)

	git fetch origin
	git checkout -b "$BRANCH" origin/main
	git push origin "$BRANCH"

	git checkout "$SOURCE_COMMIT" -- "$RELEASE_DIR"
	mv deploy "$RELEASE_DIR/deploy"
	git add -f "$RELEASE_DIR"

	scripts/create-signed-commit.sh

	gh pr create \
	--draft \
	--base main \
	--head "$BRANCH" \
	--title "$COMMIT_MESSAGE" \
	--body "This is an autogenerated PR to prepare for the release"

	prepare-environment:
	name: Set up Environment Variables
	runs-on: ubuntu-latest
	if: false
	environment: release

	outputs:
	# Inputs
	version: ${{ steps.setup.outputs.version }}
	authors: ${{ steps.setup.outputs.authors }}
	commit_sha: ${{ steps.setup.outputs.commit_sha }}

	# Release related
	release_commit: ${{ steps.setup.outputs.release_commit }}
	release_branch: ${{ steps.setup.outputs.release_branch }}

	# Tags
	promoted_tag: ${{ steps.setup.outputs.promoted_tag }}
	release_tag: ${{ steps.setup.outputs.release_tag }}
	certified_tag: ${{ steps.setup.outputs.certified_tag }}

	# Repos
	docker_prerelease_repo: ${{ steps.setup.outputs.docker_prerelease_repo }}
	docker_release_repo: ${{ steps.setup.outputs.docker_release_repo }}
	docker_signature_repo: ${{ steps.setup.outputs.docker_signature_repo }}
	quay_prerelease_repo: ${{ steps.setup.outputs.quay_prerelease_repo }}
	quay_release_repo: ${{ steps.setup.outputs.quay_release_repo }}

	# Image URLs
	docker_image_url: ${{ steps.setup.outputs.docker_image_url }}
	quay_image_url: ${{ steps.setup.outputs.quay_image_url }}
	quay_certified_image_url: ${{ steps.setup.outputs.quay_certified_image_url }}

	steps:
	- name: Log in to Docker registry
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Resolve inputs
	id: inputs
	run: \|
	echo "version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
	echo "authors=${{ github.event.inputs.authors }}" >> $GITHUB_OUTPUT
	echo "image_sha=${{ github.event.inputs.image_sha }}" >> $GITHUB_OUTPUT

	- name: Resolve commit SHA from image
	id: image2commit
	uses: ./.github/actions/image2commit
	with:
	image_sha: ${{ steps.inputs.outputs.image_sha }}
	repo: docker.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease

	- name: Set derived environment variables
	id: setup
	run: \|
	version="${{ steps.inputs.outputs.version }}"
	authors="${{ steps.inputs.outputs.authors }}"
	sha="${{ steps.image2commit.outputs.commit_sha }}"

	docker_prerelease_repo="docker.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease"
	docker_release_repo="docker.io/andrpac/mongodb-atlas-kubernetes-operator"
	docker_signature_repo="docker.io/andrpac/signatures"
	quay_prerelease_repo="quay.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease"
	quay_release_repo="quay.io/andrpac/mongodb-atlas-kubernetes-operator"

	short_sha="${sha:0:6}"
	promoted_tag="promoted-${short_sha}"

	release_tag="$version"
	certified_tag="certified-${version}"
	release_branch="new-release/${version}"
	docker_image_url="${docker_release_repo}:${release_tag}"
	quay_image_url="${quay_release_repo}:${release_tag}"
	quay_certified_image_url="${quay_release_repo}:${certified_tag}"

	echo "version=$version" >> $GITHUB_OUTPUT
	echo "authors=$authors" >> $GITHUB_OUTPUT
	echo "commit_sha=${{ steps.inputs.outputs.image_sha }}" >> $GITHUB_OUTPUT
	echo "release_commit=$sha" >> $GITHUB_OUTPUT
	echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
	echo "promoted_tag=$promoted_tag" >> $GITHUB_OUTPUT
	echo "release_tag=$release_tag" >> $GITHUB_OUTPUT
	echo "certified_tag=$certified_tag" >> $GITHUB_OUTPUT
	echo "docker_prerelease_repo=$docker_prerelease_repo" >> $GITHUB_OUTPUT
	echo "docker_release_repo=$docker_release_repo" >> $GITHUB_OUTPUT
	echo "docker_signature_repo=$docker_signature_repo" >> $GITHUB_OUTPUT
	echo "quay_prerelease_repo=$quay_prerelease_repo" >> $GITHUB_OUTPUT
	echo "quay_release_repo=$quay_release_repo" >> $GITHUB_OUTPUT
	echo "docker_image_url=$docker_image_url" >> $GITHUB_OUTPUT
	echo "quay_image_url=$quay_image_url" >> $GITHUB_OUTPUT
	echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT

	release-image1:
	runs-on: ubuntu-latest
	if: false
	environment: release
	env:
	VERSION: ${{ github.event.inputs.version }}
	AUTHORS: ${{ github.event.inputs.authors }}
	DOCKER_RELEASE_REPO: docker.io/andrpac/mongodb-atlas-kubernetes-operator
	DOCKER_PRERELEASE_REPO: docker.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
	QUAY_RELEASE_REPO: quay.io/andrpac/mongodb-atlas-kubernetes-operator
	QUAY_PRERELEASE_REPO: quay.io/andrpac/mongodb-atlas-kubernetes-operator-prerelease
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Generate GitHub App Token
	id: generate_token
	uses: mongodb/apix-action/token@v8
	with:
	app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
	private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}

	- name: Log in to Docker registry
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Log in to Quay registry
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Install devbox
	uses: jetify-com/[email protected]

	- name: Resolve commit SHA and promotion tag
	id: tags
	run: \|
	if [ "${{ github.event.inputs.commit_sha }}" = "latest" ]; then
	git fetch origin main
	sha=$(git rev-parse origin/main)
	else
	sha="${{ github.event.inputs.commit_sha }}"
	fi

	short_sha="${sha:0:6}"
	echo "promoted_tag=promoted-${short_sha}" >> "$GITHUB_OUTPUT"

	# Move prerelease images to official release registries in Docker Hub and Quay
	- name: Move image to Docker registry release from prerelease
	run: devbox run -- ./scripts/move-image.sh
	env:
	IMAGE_SRC_REPO: ${{ env.DOCKER_PRERELEASE_REPO }}
	IMAGE_DEST_REPO: ${{ env.DOCKER_RELEASE_REPO }}
	IMAGE_SRC_TAG: ${{ steps.tags.outputs.promoted_tag }}
	IMAGE_DEST_TAG: ${{ github.event.inputs.version }}

	- name: Move image to Quay registry release from prerelease
	run: devbox run -- ./scripts/move-image.sh
	env:
	IMAGE_SRC_REPO: ${{ env.QUAY_PRERELEASE_REPO }}
	IMAGE_DEST_REPO: ${{ env.QUAY_RELEASE_REPO }}
	IMAGE_SRC_TAG: ${{ steps.tags.outputs.promoted_tag }}
	IMAGE_DEST_TAG: ${{ github.event.inputs.version }}

	# Create Openshift certified images
	- name: Create OpenShift certified image on Quay
	run: devbox run -- ./scripts/move-image.sh
	env:
	IMAGE_SRC_REPO: ${{ env.QUAY_PRERELEASE_REPO }}
	IMAGE_DEST_REPO: ${{ env.QUAY_RELEASE_REPO }}
	IMAGE_SRC_TAG: ${{ steps.tags.outputs.promoted_tag }}
	IMAGE_DEST_TAG: ${{ steps.tags.outputs.certified_tag }}

	- name: Create deploy configurations
	uses: ./.github/actions/gen-install-scripts
	with:
	ENV: prod
	IMAGE_URL: "${{ env.DOCKER_RELEASE_REPO }}:${{ github.event.inputs.version }}"

	- name: Bump helm chart version
	run: devbox run -- ./scripts/bump-helm-chart-version.sh

	- name: Login to artifactory
	uses: docker/login-action@v3
	with:
	registry: artifactory.corp.mongodb.com
	username: ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
	password: ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}

	- name: Sign Docker registry released images
	run: devbox run -- make sign
	env:
	PKCS11_URI: ${{ secrets.PKCS11_URI }}
	GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
	GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
	IMG_REPO: ${{ env.DOCKER_RELEASE_REPO }}
	VERSION: ${{ github.event.inputs.version }}

	- name: Sign Quay registry release image
	run: devbox run -- make sign
	env:
	PKCS11_URI: ${{ secrets.PKCS11_URI }}
	GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
	GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
	IMG_REPO: ${{ env.QUAY_RELEASE_REPO }}
	VERSION: ${{ github.event.inputs.version }}

	- name: Generate SBOMs
	run: devbox run -- make generate-sboms
	env:
	RELEASED_OPERATOR_IMAGE: ${{ env.DOCKER_RELEASE_REPO }}

	- name: Create SDLC report
	run: devbox run -- make gen-sdlc-checklist

	- name: Commit and create pull request for release changes
	uses: peter-evans/create-pull-request@v6
	with:
	token: ${{ steps.generate_token.outputs.token }}
	commit-message: "chore(release): updates from new release v${{ github.event.inputs.version }}"
	title: "Release v${{ github.event.inputs.version }}"
	body: \|
	This PR was automatically generated by the release-image workflow.

	Version: `${{ github.event.inputs.version }}`
	Authors: ${{ github.event.inputs.authors }}
	branch: "release/${{ github.event.inputs.version }}"
	delete-branch: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

testing only #207

Workflow file

testing only #207

Uh oh!

Jobs

Run details

Workflow file for this run