Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: add release automation workflows #2224

Merged
merged 5 commits into from
Jan 20, 2024
Merged

feature: add release automation workflows #2224

merged 5 commits into from
Jan 20, 2024

Conversation

tuunit
Copy link
Member

@tuunit tuunit commented Sep 6, 2023
edited

Description

To stabilize and accelerate the frequency of releases a proper release automation is necessary. This PR introduces two new workflows 1. Create Release and 2. Publish Release.

  1. Create Release
  • This workflow has to be triggered manually with a new version
  • Updates the documentation and CHANGELOG
  • Automatically creates a release branch e.g. release/v7.5.1 and raises a PR for it
  1. Publish Release
  • This workflow is automatically triggered when a PR is merged to the master branch but only runs through if it was merged from a release branch
  • Creates a pre-release on GitHub
  • Builds all necessary oauth2-proxy binaries and uploads them (including the checksums) to the GitHub pre-release
  • Builds all platform container images and publish them to quay.io

Only steps not automated:

  • Updating the CHANGELOG with highlight and breaking changes
  • Updating and publishing the Pre-Release on GitHub with the CHANGELOG content

For this automation to work the following has be setup in GitHub:

  1. Allow pull request creation through github actions in the org or repo settings
  2. Create a robo account for quay.io/oauth2-proxy and create a REGISTRY_USERNAME and REGISTRY_PASSWORD action secret for the repo.

How Has This Been Tested?

To properly test this PR a completely separate repository has been created:
https://github.com/tuunit/oauth2-proxy-release-automation

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have created a feature (non-master) branch for my PR.

@tuunit tuunit requested a review from a team as a code owner September 6, 2023 14:57
@tuunit
Copy link
Member Author

tuunit commented Sep 6, 2023

@Morl99 feel free to do a first review. I would appreciate your input.

@tuunit tuunit force-pushed the feature/release-automation branch 5 times, most recently from e9374d2 to 8bbeb4e Compare September 10, 2023 13:39
@tuunit tuunit modified the milestones: v8.0.0, v7.6.0 Sep 13, 2023
@tuunit tuunit changed the title [WIP] feature: add release automation workflows feature: add release automation workflows Sep 23, 2023
@Morl99
Copy link

Morl99 commented Oct 26, 2023

This LGTM, although I would still appreciate to separate Releases of the oauth2-proxy from building docker image, as I think, that we need to build new docker images nightly, even if there are no code changes in this repo, since the base images need to be updated. But this can be done in a separate PR.

@tuunit
Copy link
Member Author

tuunit commented Oct 26, 2023
edited

This LGTM, although I would still appreciate to separate Releases of the oauth2-proxy from building docker image, as I think, that we need to build new docker images nightly, even if there are no code changes in this repo, since the base images need to be updated. But this can be done in a separate PR.

I would prefer nightly rebuilds of the latest one or two releases as well. I will talk to the other maintainers about that again :)

@github-actions github-actions bot added the docs label Oct 31, 2023
JoelSpeed
JoelSpeed reviewed Nov 18, 2023
View reviewed changes
.github/workflows/create-release.yml Outdated Show resolved Hide resolved
.github/workflows/publish-release.yml Show resolved Hide resolved
.github/workflows/publish-release.yml Outdated Show resolved Hide resolved
.github/workflows/publish-release.yml Outdated Show resolved Hide resolved
Makefile Outdated
@@ -41,7 +41,7 @@ $(BINARY):

DOCKER_BUILD_PLATFORM ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v6,linux/arm/v7
DOCKER_BUILD_RUNTIME_IMAGE ?= alpine:3.18
DOCKER_BUILDX_ARGS ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE}
DOCKER_BUILDX_ARGS ?= --build-arg RUNTIME_IMAGE=${DOCKER_BUILD_RUNTIME_IMAGE} --provenance=false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does this new arg do?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is used to control how much metadata is attached to images to figure out their origin:

https://docs.docker.com/build/attestations/
https://docs.docker.com/build/attestations/slsa-provenance/

I was trying to figure out why the automated build and the build from my machine produces these unknown archs for each regular arch that is build:
image

It seems like something is differently setup on your system as all previous builds to quay.io from your system do not contain any of these unknown archs.

Copy link
Member Author

@tuunit tuunit Dec 26, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't believe it is an issue but something that we could investigate to figure out what is different between how the automated build is done and how you do it on your local system.

You will find the some "issue" for all nightly builds as well:
https://quay.io/repository/oauth2-proxy/oauth2-proxy-nightly?tab=tags

@JoelSpeed JoelSpeed merged commit 2df301c into oauth2-proxy:master Jan 20, 2024
6 checks passed
tuunit added a commit to tuunit/oauth2-proxy that referenced this pull request Jan 21, 2024
@tuunit @kvanzuijlen
@JoelSpeed @brezinajn @WhiteRabbit-Code @charvadzo @ondrej-charvat @hevans-dglcom @nilsgstrabo @rossigee @renovate
Docs/docusaurus 3 (#4)
e0cd885 
* enhancement: Change base image from alpine to distroless (oauth2-proxy#2295)

* Changed base image from alpine to distroless

* chore: updated Makefile

* fix: removed arm/v6 and ppc64le for distroless variant

* Update Dockerfile

* Update Makefile

* docs: Add README-section, CHANGELOG-entry and --pull to prevent caching

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Add possibility to encode the state param as UrlEncodedBase64 (oauth2-proxy#2312)

* Add possibility to encode the state param as UrlEncodedBase64

* Update CHANGELOG.md

* Update oauthproxy.go

Co-authored-by: Jan Larwig <jan@larwig.com>

---------

Co-authored-by: Jan Larwig <jan@larwig.com>

* NGINX return 403 for sign_in (oauth2-proxy#2322) (oauth2-proxy#2323)

Co-authored-by: Sven Ertel <sven.ertel@bayernwerk.de>

* chore: Create sha256sum for tar instead of binary (oauth2-proxy#2343)

* Create sha256sum for tar instead of binary

* chore: Add checksum for binary

* chore: Updated changelog

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Log error details when failed loading CSRF cookie (oauth2-proxy#2345)

* Log error details when failed loading CSRF cookie

* Add a record about this PR to CHANGELOG.md

---------

Co-authored-by: Ondrej Charvat <ondrej.charvat@yunextraffic.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Feature - Add env variable support for alpha struct (oauth2-proxy#2375)

* added envsubstring package and added simple test cases.imple tests.

* added documentation

* added changelog entry

* added documentation to wrong file


.

* changed tests to ginkgo format

* update project to use better maintained library

* use defer to clear test variable after tests finished

* updated docs for the new package documentation and fixed bad english

* refactored function to "reduce" complexity.

* updated changelog for new version

updated readme

* minor formatting

---------

Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* remove nsswitch workaround (oauth2-proxy#2371)

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* feat: Added renovate configuration (oauth2-proxy#2377)

* Feature/add option to skip loading claims from profile url (oauth2-proxy#2329)

* add new flag skip-claims-from-profile-url

* skip passing profile URL if SkipClaimsFromProfileURL

* docs for --skip-claims-from-profile-url flag

* update flag comment

* update docs

* update CHANGELOG.md

* Update providers/provider_data.go

Co-authored-by: Jan Larwig <jan@larwig.com>

* Add tests for SkipClaimsFromProfileURL

* simplify tests for SkipClaimsFromProfileURL

* generate alpha_config.md

---------

Co-authored-by: Jan Larwig <jan@larwig.com>

* Add ability to configure username for Redis cluster connections (oauth2-proxy#2381)

* Initial attempt.

* Add CHANGELOG entry.

* Drop commented-out Sentinel test.

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* chore(deps): update module golang.org/x/crypto to v0.17.0 [security] (oauth2-proxy#2400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update github.com/ghodss/yaml digest to d8423dc (oauth2-proxy#2401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Improved dev environment (oauth2-proxy#2211)

* Improved dev env setup

* Cleanup duplicate checks

* Applied PR feedback

* Updated go.mod/go.sum

* go mod tidy

* Update .devcontainer/devcontainer.json

* Update pkg/http/server_test.go

Co-authored-by: Jan Larwig <jan@larwig.com>

* Create launch.json

* Update .devcontainer/Dockerfile

* Apply suggestions from code review

---------

Co-authored-by: Jan Larwig <jan@larwig.com>

* feature: add release automation workflows (oauth2-proxy#2224)

* feature: add release automation workflows

* deactivate provenancee because of behaviour change with buildx v0.10.0

* add changelog section extraction for github release notes

* fix registry path; fix EOF

* use correct version of golangci-lint; add additional workflow step for fetching all dependencies

* chore(deps): update module github.com/bsm/redislock to v0.9.4 (oauth2-proxy#2406)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* initial commit for docusaurus 3 upgrade

* fix mdx errors

* fix mdx issues

* fix routing issues

* update docs generation workflow

* fix version

* fix permissions

* move slack to header

* remove background color and minify

* Update docs/docs/configuration/providers/openid_connect.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/openid_connect.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/openid_connect.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/gitlab.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/gitlab.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/github.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/github.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/github.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* Update docs/docs/configuration/providers/github.md

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

---------

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Jan Brezina <brezinajn@users.noreply.github.com>
Co-authored-by: WhiteRabbit-Code <sven@ertel-net.de>
Co-authored-by: Sven Ertel <sven.ertel@bayernwerk.de>
Co-authored-by: charvadzo <120425386+charvadzo@users.noreply.github.com>
Co-authored-by: Ondrej Charvat <ondrej.charvat@yunextraffic.com>
Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Nils Gustav Stråbø <65334626+nilsgstrabo@users.noreply.github.com>
Co-authored-by: Ross Golder <ross@golder.org>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

Assignees
No one assigned
Labels
docs enhancement
Projects
None yet
Milestone
v7.6.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tuunit @Morl99 @JoelSpeed