Skip to content

Commit

Permalink
backport PSS helm flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@whites11
whites11 committed Apr 22, 2024
1 parent 933cc1c commit 706dae8
Show file tree
Hide file tree
Showing 15 changed files with 179 additions and 71 deletions.
23 changes: 4 additions & 19 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
version: 2.1

orbs:
architect: giantswarm/architect@4.29.0
architect: giantswarm/architect@5.1.1

workflows:
build:
Expand All @@ -14,24 +14,9 @@ workflows:
tags:
only: /^v.*/

- architect/push-to-docker:
- architect/push-to-registries:
context: architect
name: push-cluster-operator-to-quay
image: "quay.io/giantswarm/cluster-operator"
username_envar: "QUAY_USERNAME"
password_envar: "QUAY_PASSWORD"
requires:
- go-build
filters:
tags:
only: /^v.*/

- architect/push-to-docker:
context: architect
name: push-cluster-operator-to-aliyun
image: "giantswarm-registry.cn-shanghai.cr.aliyuncs.com/giantswarm/cluster-operator"
username_envar: "ALIYUN_USERNAME"
password_envar: "ALIYUN_PASSWORD"
name: push-to-registries
requires:
- go-build
filters:
Expand All @@ -45,7 +30,7 @@ workflows:
app_catalog_test: "control-plane-test-catalog"
chart: "cluster-operator"
requires:
- push-cluster-operator-to-quay
- push-to-registries
filters:
tags:
only: /^v.*/
3 changes: 3 additions & 0 deletions .github/pull_request_template.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## Checklist

- [ ] Update changelog in CHANGELOG.md.
8 changes: 4 additions & 4 deletions .github/workflows/zz_generated.add-team-labels.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ jobs:
mkdir -p artifacts
wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \
-O artifacts/users.yaml \
https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: users
path: artifacts/users.yaml
Expand All @@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
needs: build_user_list
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@v4
id: download-users
with:
name: users
Expand All @@ -45,7 +45,7 @@ jobs:
done
echo "EOF" >> $GITHUB_ENV
- name: Apply label to issue
if: ${{ env.LABEL != '' }}
if: ${{ env.LABEL != '' && env.LABEL != 'null' && env.LABEL != null }}
uses: actions-ecosystem/action-add-labels@v1
with:
github_token: ${{ secrets.ISSUE_AUTOMATION }}
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/zz_generated.add-to-project-board.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ jobs:
mkdir -p artifacts
wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \
-O artifacts/users.yaml \
https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: users
path: artifacts/users.yaml
Expand All @@ -28,9 +28,9 @@ jobs:
mkdir -p artifacts
wget --header "Authorization: token ${{ secrets.ISSUE_AUTOMATION }}" \
-O artifacts/labels.yaml \
https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/label-mapping.yaml
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/label-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: labels
path: artifacts/labels.yaml
Expand All @@ -42,7 +42,7 @@ jobs:
needs: build_user_list
if: github.event.action == 'assigned'
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@v4
id: download-users
with:
name: users
Expand All @@ -56,7 +56,7 @@ jobs:
echo "BOARD=${BOARD}" >> $GITHUB_ENV
- name: Add issue to personal board
if: ${{ env.BOARD != 'null' && env.BOARD != '' }}
if: ${{ env.BOARD != 'null' && env.BOARD != '' && env.BOARD != null }}
uses: actions/add-to-project@main
with:
project-url: ${{ env.BOARD }}
Expand All @@ -68,7 +68,7 @@ jobs:
needs: build_user_list
if: github.event.action == 'labeled'
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@v4
id: download-labels
with:
name: labels
Expand All @@ -82,7 +82,7 @@ jobs:
echo "BOARD=${BOARD}" >> $GITHUB_ENV
- name: Add issue to team board
if: ${{ env.BOARD != 'null' && env.BOARD != '' }}
if: ${{ env.BOARD != 'null' && env.BOARD != '' && env.BOARD != null }}
uses: actions/add-to-project@main
with:
project-url: ${{ env.BOARD }}
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/zz_generated.check_values_schema.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# DO NOT EDIT. Generated with:
#
# devctl@5.24.0
# devctl@6.23.3
#
name: 'Values and schema'
on:
Expand All @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

Expand All @@ -34,6 +34,12 @@ jobs:
run: |
for chart_yaml in helm/*/Chart.yaml; do
helm_dir="${chart_yaml%/Chart.yaml}"
if [ ! -f ${helm_dir}/values.schema.json ]; then
echo "Skipping validation for '${helm_dir}' folder, because 'values.schema.json' does not exist..."
continue
fi
values=${helm_dir}/values.yaml
if [ -f ${helm_dir}/ci/ci-values.yaml ]; then
# merge ci-values.yaml into values.yaml (providing required values)
Expand Down
60 changes: 33 additions & 27 deletions .github/workflows/zz_generated.create_release.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# DO NOT EDIT. Generated with:
#
# devctl@5.24.0
# devctl@6.23.3
#
name: Create Release
on:
Expand All @@ -15,7 +15,7 @@ on:
jobs:
debug_info:
name: Debug info
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- name: Print github context JSON
run: |
Expand All @@ -24,19 +24,18 @@ jobs:
EOF
gather_facts:
name: Gather facts
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
outputs:
project_go_path: ${{ steps.get_project_go_path.outputs.path }}
ref_version: ${{ steps.ref_version.outputs.refversion }}
version: ${{ steps.get_version.outputs.version }}
steps:
- name: Get version
id: get_version
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
${{ github.event.head_commit.message }}
COMMIT_MESSAGE_END
)"
title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
# Matches strings like:
#
# - "Release v1.2.3"
Expand All @@ -53,7 +52,7 @@ jobs:
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Checkout code
if: ${{ steps.get_version.outputs.version != '' }}
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get project.go path
id: get_project_go_path
if: ${{ steps.get_version.outputs.version != '' }}
Expand All @@ -66,11 +65,10 @@ jobs:
echo "path=${path}" >> $GITHUB_OUTPUT
- name: Check if reference version
id: ref_version
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
${{ github.event.head_commit.message }}
COMMIT_MESSAGE_END
)"
title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then
version=$(echo "${title}" | cut -d ' ' -f 2)
fi
Expand All @@ -84,26 +82,26 @@ jobs:
echo "refversion=${refversion}" >> $GITHUB_OUTPUT
update_project_go:
name: Update project.go
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
if: ${{ needs.gather_facts.outputs.version != '' && needs.gather_facts.outputs.project_go_path != '' && needs.gather_facts.outputs.ref_version != 'true' }}
needs:
- gather_facts
steps:
- name: Install architect
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@033b1a657eea23d9c42e77312b370e6125e4e38f # v2.0.0
with:
binary: "architect"
version: "6.11.0"
version: "6.14.1"
- name: Install semver
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@033b1a657eea23d9c42e77312b370e6125e4e38f # v2.0.0
with:
binary: "semver"
version: "3.2.0"
download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz"
tarball_binary_path: "*/src/${binary}"
smoke_test: "${binary} --version"
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Update project.go
id: update_project_go
env:
Expand Down Expand Up @@ -143,18 +141,27 @@ jobs:
version: "${{ needs.gather_facts.outputs.version }}"
title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
run: |
hub pull-request -f -m "${{ env.title }}" -b ${{ env.base }} -h ${{ env.branch }} -r ${{ github.actor }}
gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }}
- name: Enable auto-merge for PR
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
base: "${{ github.ref }}"
branch: "${{ github.ref }}-version-bump"
version: "${{ needs.gather_facts.outputs.version }}"
title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
run: |
gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings."
create_release:
name: Create release
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
needs:
- gather_facts
if: ${{ needs.gather_facts.outputs.version }}
outputs:
upload_url: ${{ steps.create_gh_release.outputs.upload_url }}
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.sha }}
- name: Ensure correct version in project.go
Expand All @@ -165,7 +172,7 @@ jobs:
grep -qE "version[[:space:]]*=[[:space:]]*\"$version\"" $file
- name: Get Changelog Entry
id: changelog_reader
uses: mindsers/changelog-reader-action@v2
uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3
with:
version: ${{ needs.gather_facts.outputs.version }}
path: ./CHANGELOG.md
Expand All @@ -184,31 +191,30 @@ jobs:
git push "${REMOTE_REPO}" --tags
- name: Create release
id: create_gh_release
uses: actions/create-release@v1
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
with:
body: ${{ steps.changelog_reader.outputs.changes }}
tag_name: "v${{ needs.gather_facts.outputs.version }}"
release_name: "v${{ needs.gather_facts.outputs.version }}"
tag: "v${{ needs.gather_facts.outputs.version }}"

create-release-branch:
name: Create release branch
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
needs:
- gather_facts
if: ${{ needs.gather_facts.outputs.version }}
steps:
- name: Install semver
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@033b1a657eea23d9c42e77312b370e6125e4e38f # v2.0.0
with:
binary: "semver"
version: "3.0.0"
download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz"
tarball_binary_path: "*/src/${binary}"
smoke_test: "${binary} --version"
- name: Check out the repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # Clone the whole history, not just the most recent commit.
- name: Fetch all tags and branches
Expand Down
Loading

0 comments on commit 706dae8

Please sign in to comment.