44 workflow_dispatch :
55 inputs :
66 version :
7- description : " Release version"
7+ description : " Release version (e.g. v1.2.3) "
88 required : true
99 type : string
1010 authors :
11- description : " Comma-separated list of author emails"
11+ description :
" Comma-separated list of author emails (e.g. [email protected] ) " 1212 required : true
1313 type : string
1414 image_sha :
@@ -24,6 +24,7 @@ permissions:
2424 contents : write
2525 pull-requests : write
2626
27+
2728jobs :
2829 # Image2commit: Creates a mapping between the image_sha given as input and the actual git commit
2930 # This is necassary for the release-image step that requires checking out that exact git commit
6667 release-image :
6768 runs-on : ubuntu-latest
6869 environment : release
69- needs : image2commit
7070 env :
71- VERSION : ${{ github.event.inputs.version || 'test -0.0.0-dev' }}
71+ VERSION : ${{ github.event.inputs.version || 'vtest -0.0.0-dev' }}
7272 AUTHORS : ${{ github.event.inputs.authors || 'unknown' }}
7373 IMAGE_SHA : ${{ github.event.inputs.image_sha || 'latest' }}
7474 DOCKER_SIGNATURE_REPO : docker.io/andrpac/signatures
@@ -95,15 +95,15 @@ jobs:
9595 uses : docker/login-action@v3
9696 with :
9797 registry : docker.io
98- username : ${{ secrets.ANDRPAC_DOCKER_USERNAME }}
99- password : ${{ secrets.ANDRPAC_DOCKER_PASSWORD }}
98+ username : ${{ secrets.DOCKER_USERNAME }}
99+ password : ${{ secrets.DOCKER_PASSWORD }}
100100
101101 - name : Log in to Quay registry
102102 uses : docker/login-action@v3
103103 with :
104104 registry : quay.io
105- username : ${{ secrets.ANDRPAC_QUAY_USERNAME }}
106- password : ${{ secrets.ANDRPAC_QUAY_PASSWORD }}
105+ username : ${{ secrets.QUAY_USERNAME }}
106+ password : ${{ secrets.QUAY_PASSWORD }}
107107
108108 - name : Log in to Artifactory
109109 uses : docker/login-action@v3
@@ -112,9 +112,6 @@ jobs:
112112 username : ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
113113 password : ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}
114114
115- - name : Install devbox
116- uses :
jetify-com/[email protected] 117-
118115 # This step configures all of the dynamic variables needed for later steps
119116 - name : Configure job environment for downstream steps
120117 id : tags
@@ -135,30 +132,6 @@ jobs:
135132 echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT
136133
137134# Move prerelease images to official release registries in Docker Hub and Quay
138- - name : Move image to Docker registry release from prerelease
139- run : devbox run -- ./scripts/move-image.sh
140- env :
141- IMAGE_SRC_REPO : ${{ env.DOCKER_PRERELEASE_REPO }}
142- IMAGE_DEST_REPO : ${{ env.DOCKER_RELEASE_REPO }}
143- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
144- IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
145-
146- - name : Move image to Quay registry release from prerelease
147- run : devbox run -- ./scripts/move-image.sh
148- env :
149- IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
150- IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
151- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
152- IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
153-
154- # Create Openshift certified images
155- - name : Create OpenShift certified image on Quay
156- run : devbox run -- ./scripts/move-image.sh
157- env :
158- IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
159- IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
160- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
161- IMAGE_DEST_TAG : ${{ steps.tags.outputs.certified_tag }}
162135
163136 # Link updates to pr: all-in-one.yml, helm-updates, sdlc requirements
164137 - name : Generate deployment configurations
@@ -168,55 +141,75 @@ jobs:
168141 IMAGE_URL : ${{ steps.tags.outputs.docker_image_url }}
169142
170143 - name : Bump Helm chart version
171- run : devbox run -- ./scripts/bump-helm-chart-version.sh
144+ run : ./scripts/bump-helm-chart-version.sh
172145
173146 # Prepare SDLC requirement: signatures, sboms, compliance reports
174147 # Note, signed images will live in mongodb/release and mongodb/signature repos
175- - name : Sign released images
176- run : |
177- devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_RELEASE_REPO }}"
178- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
179- devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
180- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
181- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
182- env :
183- PKCS11_URI : ${{ secrets.PKCS11_URI }}
184- GRS_USERNAME : ${{ secrets.GRS_USERNAME }}
185- GRS_PASSWORD : ${{ secrets.GRS_PASSWORD }}
186-
187- - name : Generate SBOMs
188- run : devbox run -- make generate-sboms RELEASED_OPERATOR_IMAGE="${{ env.DOCKER_RELEASE_REPO }}"
189148
190149 - name : Create SDLC report
191- run : devbox run -- make gen-sdlc-checklist
150+ run : make gen-sdlc-checklist
192151
193152 # Create PR on release branch with all updates generated
194- - name : Create release branch with updates, tag new updates
153+ - name : Create release pr with all updated artefacts
195154 env :
196- GITHUB_TOKEN : ${{ steps.generate_token.outputs.token }}
155+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
197156 run : |
157+ export BRANCH="new-release/${VERSION}"
158+ export COMMIT_MESSAGE="feat: release ${VERSION}"
159+ export RELEASE_DIR="releases/${VERSION}"
160+ export SOURCE_COMMIT=$(git rev-parse HEAD)
161+
198162 git config --global user.name "${{ steps.generate_token.outputs.user-name }}"
199163 git config --global user.email "${{ steps.generate_token.outputs.user-email }}"
200164
201- export BRANCH="new-release/${VERSION}"
202- export COMMIT_MESSAGE="feat: release ${VERSION} from release-image workflow"
203- export RELEASE_DIR="docs/releases/${VERSION}"
204-
205- git checkout -b "$BRANCH"
206-
207165 mkdir -p "$RELEASE_DIR"
208- mv deploy "$RELEASE_DIR"/deploy
209- mv bundle "$RELEASE_DIR"/bundle
210- mv bundle.Dockerfile "$RELEASE_DIR"/bundle.Dockerfile
211-
166+ mv deploy "$RELEASE_DIR/deploy"
167+ mv bundle "$RELEASE_DIR/bundle"
168+ mv helm-charts "$RELEASE_DIR/helm-charts"
169+ mv bundle.Dockerfile "$RELEASE_DIR/bundle.Dockerfile"
170+
171+ git fetch origin
172+ git checkout -b "$BRANCH" origin/main
173+ git push -f origin "$BRANCH"
174+
212175 git add -f "$RELEASE_DIR"
213176 scripts/create-signed-commit.sh
214177
215178 gh pr create \
216179 --draft \
217- --head="$BRANCH" \
180+ --base main \
181+ --head "$BRANCH" \
218182 --title "$COMMIT_MESSAGE" \
219- --body "This is an autogenerated PR to prepare for the release"
183+ --body "This is an autogenerated PR to prepare for the release"
184+
185+ git checkout $SOURCE_COMMIT
186+
187+ # Create release artefacts on GitHub
188+ - name : Create configuration package
189+ run : |
190+ set -x
191+ tar czvf atlas-operator-all-in-one-${{ env.VERSION }}.tar.gz -C deploy all-in-one.yaml
192+
193+ name : Tag the release assets
194+ run : |
195+ git fetch --tags
196+ git tag -f ${{ env.VERSION }}
197+ git push -f origin ${{ env.VERSION }}
198+
199+ name : Create release on GitHub
200+ uses : softprops/action-gh-release@v2
201+ with :
202+ draft : true
203+ prerelease : false
204+ tag_name : " ${{ env.VERSION }}"
205+ name : " ${{ env.VERSION }}"
206+ token : ${{ secrets.GITHUB_TOKEN }}
207+ body_path : docs/release-notes/release-notes-template.md
208+ files : |
209+ ./atlas-operator-all-in-one-${{ env.VERSION }}.tar.gz
210+ ./docs/releases/v${{ env.VERSION }}/sdlc-compliance.md
211+ ./docs/releases/v${{ env.VERSION }}/linux-amd64.sbom.json
212+ ./docs/releases/v${{ env.VERSION }}/linux-arm64.sbom.json
220213
221214prepare-environment :
222215 name : Set up Environment Variables
0 commit comments