diff --git a/batch-change/release.yaml b/batch-change/release.yaml new file mode 100644 index 00000000..ce17b3fe --- /dev/null +++ b/batch-change/release.yaml @@ -0,0 +1,513 @@ +--- +meta: + productName: "deploy-sourcegraph-helm" + owners: + - "@sourcegraph/release" + repository: "github.com/sourcegraph/deploy-sourcegraph-helm" +inputs: + - releaseId: server +requirements: + # We use wget here, because curl --fail-with-body was introduced in a version ulterior to what we can have on the CI agents. + - name: "wget" + cmd: "wget --help" + - name: "comby" + cmd: "which comby" + fixInstructions: "install comby" + - name: "GitHub CLI " + cmd: "which gh" + fixInstructions: "install GitHub cli" + - name: "GH auth status" + cmd: "gh auth status" + fixInstructions: "gh auth login" + - name: "Docker username" + env: "DOCKER_USERNAME" + - name: "Docker password" + env: "DOCKER_PASSWORD" +internal: + create: + steps: + patch: + - name: sg ops:sourcegraph + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph/ + + - name: sg ops:dind + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/dind/ + + - name: sg ops:k8s + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/k8s/ + + - name: sg ops:migrator + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-migrator/ + + - name: "chart:version" + cmd: | + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/examples/subchart/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "chart:appVersion" + cmd: | + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "helm:docs" + cmd: ../scripts/helm-docs.sh + + + minor: + - name: sg ops:sourcegraph + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + echo "updating sourcegraph images" + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph/ + + - name: sg ops:dind + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/dind/ + + - name: sg ops:k8s + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/k8s/ + + - name: sg ops:migrator + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-migrator/ + + - name: "chart:version" + cmd: | + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/examples/subchart/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "chart:appVersion" + cmd: | + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "helm:docs" + cmd: ../scripts/helm-docs.sh + + major: + - name: sg ops:sourcegraph + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + echo "updating sourcegraph images" + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph/ + + - name: sg ops:dind + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/dind/ + + - name: sg ops:k8s + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/k8s/ + + - name: sg ops:migrator + cmd: | + set -eu + registry=us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-migrator/ + + - name: "chart:version" + cmd: | + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/examples/subchart/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "chart:appVersion" + cmd: | + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + + - name: "helm:docs" + cmd: ../scripts/helm-docs.sh + + + finalize: + steps: + - name: "Register on release registry" + cmd: | + echo "Registering internal deploy-sourcegraph-helm {{version}} release on release registry" + COMMIT_SHA=$(git rev-parse HEAD) + body=$(wget --content-on-error -O- --header="Content-Type: application/json" --header="Authorization: ${RELEASE_REGISTRY_TOKEN}" --post-data '{ + "name": "helm", + "version": "{{version}}", + "git_sha": "'${COMMIT_SHA}'" + }' "https://releaseregistry.sourcegraph.com/v1/releases") + exit_code=$? + + if [ $exit_code != 0 ]; then + echo "❌ Failed to create release in release registry, got:" + echo "--- raw body ---" + echo $body + echo "--- raw body ---" + exit $exit_code + else + echo "Build created, see:" + echo $body | jq .web_url + fi + - name: "notifications" + cmd: | + set -eu + + branch="internal/release-{{version}}" + + # Post a comment on the PR. + cat << EOF | gh pr comment "$branch" --body-file - + - :green_circle: Internal release is ready for promotion! + - :warning: Do not close/merge the pull request or delete the associated branch if you intend to promote it. + EOF + # Post an annotation. + cat << EOF | buildkite-agent annotate --style info + Internal release is ready for promotion under the branch [\`$branch\`](https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/$branch). + EOF + +test: + steps: + - name: "placeholder" + cmd: | + echo "--- pretending to test release" + +promoteToPublic: + create: + steps: + # - name: 'validate promotion criteria' + # cmd: | + # echo "validating promotion criteria" + # body=$(wget --content-on-error -O- --header="Content-Type: application/json" "https://releaseregistry.sourcegraph.com/v1/releases/helm/{{version}}") + # exit_code=$? + + # if [ $exit_code != 0 ]; then + # echo "❌ Failed to fetch release on release registry, got:" + # echo "--- raw body ---" + # echo $body + # echo "--- raw body ---" + # exit $exit_code + # fi + + # is_development=$(echo "$body" | jq -r '.is_development') + # if [ "$is_development" = "true" ]; then + # echo "cannot promote a development release" + # exit 1 + # fi + - name: "git" + # TODO: anish + # this is probably going to be a problem... + # we don't have .git file access on batch changes + cmd: | + set -eu + branch="internal/release-{{version}}" + echo "Checking out origin/${branch}" + git fetch origin "${branch}" + git switch "${branch}" + - name: sg ops:sourcegraph + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph/ + - name: sg ops:dind + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/dind/ + - name: sg ops:k8s + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/k8s/ + - name: sg ops:migrator + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-migrator/ + - name: "update helm docs" + cmd: ../scripts/helm-docs.sh + finalize: + steps: + - name: git:tag + cmd: | + set -eu + + # Branches + internal_branch="internal/release-{{version}}" + promote_branch="promote/release-{{version}}" + release_branch="release-{{version}}" + + # Create the final branch holding the tagged commit + git checkout "${promote_branch}" + git switch -c "${release_branch}" + git tag {{version}} + git push origin ${release_branch} --tags + + # Web URL to the tag + tag_url="https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/{{version}}" + + # Annotate PRs + cat << EOF | gh pr comment "$internal_branch" --body-file - + - :green_circle: Release has been promoted, see tag: $tag_url. + - :no_entry: Do not under any circumstance delete the branch holding the tagged commit (i.e. \`$release_branch\`). + - :arrow_right: You can safely close the PR and delete its a associated branch. + EOF + + cat << EOF | gh pr comment "$promote_branch" --body-file - + - :green_circle: Release has been promoted, see tag: $tag_url. + - :no_entry: Do not under any circumstance delete the branch holding the tagged commit (i.e. \`$release_branch\`). + - :arrow_right: You can safely close that PR and delete its a associated branch. + EOF + + # Annotate build + cat << EOF | buildkite-agent annotate --style info + Promoted release is **publicly available** through a git tag at [\`{{version}}\`](https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/{{version}}). + EOF + + - name: "Promote on release registry" + cmd: | + echo "Promoting deploy-sourcegraph-helm {{version}} release on release registry" + body=$(wget --content-on-error -O- --header="Content-Type: application/json" --header="Authorization: ${RELEASE_REGISTRY_TOKEN}" --post-data '' "https://releaseregistry.sourcegraph.com/v1/releases/helm/{{version}}/promote") + exit_code=$? + + if [ $exit_code != 0 ]; then + echo "❌ Failed to promote release on release registry, got:" + echo "--- raw body ---" + echo $body + echo "--- raw body ---" + exit $exit_code + else + echo "Build created, see:" + echo $body | jq .web_url + fi + + - name: "update main with latest version" + cmd: | + set -eu + branch="promote/release-{{version}}-update-main" + echo "Checking out origin/main" + git fetch origin main + git switch main + echo "Creating branch origin/${branch}" + git switch -c "${branch}" + + - name: sg ops:sourcegraph + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph/ + + - name: sg ops:dind + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/dind/ + + - name: sg ops:k8s + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-executor/k8s/ + + - name: sg ops:migrator + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-migrator/ + + - name: sg ops:appliance + cmd: | + set -eu + registry=index.docker.io/sourcegraph + sg ops update-images \ + -t {{inputs.server.tag}} \ + -k helm \ + --registry "${registry}" \ + --docker-username $DOCKER_USERNAME \ + --docker-password $DOCKER_PASSWORD \ + ../charts/sourcegraph-appliance/ + + - name: "chart:version" + cmd: | + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/examples/subchart/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + comby -matcher ".generic" -in-place "version: \":[~\d+\.\d+\.\d+]\"" 'version: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-appliance/Chart.yaml + + - name: "chart:appVersion" + cmd: | + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/dind/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-executor/k8s/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-migrator/Chart.yaml + comby -matcher ".generic" -in-place "appVersion: \":[~\d+\.\d+\.\d+]\"" 'appVersion: "{{inputs.server.tag}}"' -f ../charts/sourcegraph-appliance/Chart.yaml + + - name: "update helm docs" + cmd: ../scripts/helm-docs.sh +