diff --git a/batch-change/release.yaml b/batch-change/release.yaml new file mode 100644 index 00000000..5ec0ad21 --- /dev/null +++ b/batch-change/release.yaml @@ -0,0 +1,302 @@ +meta: + productName: deploy-sourcegraph-k8s + repository: "github.com/sourcegraph/deploy-sourcegraph-k8s" + owners: + - "@sourcegraph/release" + +inputs: + - releaseId: server + +requirements: + # We use wget here, because curl --fail-with-body was introduced in a version ulterior to what we can have on the CI agents. + - name: "wget" + cmd: "wget --help" + - name: "Github CLI" + cmd: gh version + fixInstructions: brew install gh + - name: "GH auth status" + cmd: "gh auth status" + fixInstructions: "gh auth login" + - name: "Docker username" + env: DOCKER_USERNAME + - name: "Docker password" + env: DOCKER_PASSWORD + +internal: + # Please keep in mind that the CI pipeline uses the branch names defined below when creating releases. + # Therefore, if you update them, or if you decide to change how we detect what kind of build we're dealing + # with, please update this file as well. + create: + steps: + patch: + - name: "sg ops (base)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../base/ + - name: "sg ops (executors)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../components/executors/ + minor: + - name: "sg ops (base)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../base/ + - name: "sg ops (executors)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../components/executors/ + major: + - name: "sg ops (base)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../base/ + - name: "sg ops (executors)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../components/executors/ + finalize: + steps: + - name: 'Register on release registry' + cmd: | + echo "Registering internal deploy-sourcegraph-k8s {{version}} release on release registry" + COMMIT_SHA=$(git rev-parse HEAD) + body=$(wget --content-on-error -O- --header="Content-Type: application/json" --header="Authorization: ${RELEASE_REGISTRY_TOKEN}" --post-data '{ + "name": "k8s", + "version": "{{version}}", + "git_sha": "'${COMMIT_SHA}'" + }' "https://releaseregistry.sourcegraph.com/v1/releases") + exit_code=$? + + if [ $exit_code != 0 ]; then + echo "❌ Failed to create release in release registry, got:" + echo "--- raw body ---" + echo $body + echo "--- raw body ---" + exit $exit_code + else + echo "Release created, see:" + echo $body | jq .web_url + fi + - name: "notifications" + cmd: | + set -eu + + branch="internal/release-{{version}}" + + # Post a comment on the PR. + cat << EOF | gh pr comment "$branch" --body-file - + - :green_circle: Internal release is ready for promotion! + - :warning: Do not close/merge the pull request or delete the associated branch if you intend to promote it. + EOF + # Post an annotation. + cat << EOF | buildkite-agent annotate --style info + Internal release is ready for promotion under the branch [\`$branch\`](https://github.com/sourcegraph/deploy-sourcegraph-k8s/tree/$branch). + EOF + +test: + steps: + - name: "placeholder" + cmd: | + echo "-- pretending to test release ..." + +promoteToPublic: + create: + steps: + # TODO: anish + # this is probably going to be a problem... + # we don't have .git file access on batch changes + - name: "git" + cmd: | + set -eu + branch="internal/release-{{version}}" + echo "Checking out origin/${branch}" + git fetch origin "${branch}" + git switch "${branch}" + - name: "sg ops" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry index.docker.io/sourcegraph \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../base/ + - name: "sg ops (executors)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry index.docker.io/sourcegraph \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../components/executors/ + finalize: + steps: + # - name: 'validate promotion criteria' + # cmd: | + # echo "validating promotion criteria" + # body=$(wget --content-on-error -O- --header="Content-Type: application/json" "https://releaseregistry.sourcegraph.com/v1/releases/k8s/{{version}}") + # exit_code=$? + + # if [ $exit_code != 0 ]; then + # echo "❌ Failed to fetch release on release registry, got:" + # echo "--- raw body ---" + # echo $body + # echo "--- raw body ---" + # exit $exit_code + # fi + + # is_development=$(echo "$body" | jq -r '.is_development') + # if [ "$is_development" = "true" ]; then + # echo "cannot promote a development release" + # exit 1 + # fi + - name: git:tag + cmd: | + set -eu + + # Branches + internal_branch="internal/release-{{version}}" + promote_branch="promote/release-{{version}}" + release_branch="release-{{version}}" + + # Create the final branch holding the tagged commit + git checkout "${promote_branch}" + git switch -c "${release_branch}" + git tag {{version}} + git push origin ${release_branch} --tags + + # Web URL to the tag + tag_url="https://github.com/sourcegraph/deploy-sourcegraph-k8s/tree/{{version}}" + + # Annotate PRs + cat << EOF | gh pr comment "$internal_branch" --body-file - + - :green_circle: Release has been promoted, see tag: $tag_url. + - :no_entry: Do not under any circumstance delete the branch holding the tagged commit (i.e. \`$release_branch\`). + - :arrow_right: You can safely close the PR and delete its a associated branch. + EOF + + cat << EOF | gh pr comment "$promote_branch" --body-file - + - :green_circle: Release has been promoted, see tag: $tag_url. + - :no_entry: Do not under any circumstance delete the branch holding the tagged commit (i.e. \`$release_branch\`). + - :arrow_right: You can safely close that PR and delete its a associated branch. + EOF + + # Annotate build + cat << EOF | buildkite-agent annotate --style info + Promoted release is **publicly available** through a git tag at [\`{{version}}\`](https://github.com/sourcegraph/deploy-sourcegraph-k8s/tree/{{version}}). + EOF + + - name: 'Promote on release registry' + cmd: | + echo "Promoting deploy-sourcegraph-k8s {{version}} release on release registry" + body=$(wget --content-on-error -O- --header="Content-Type: application/json" --header="Authorization: ${RELEASE_REGISTRY_TOKEN}" --post-data '' "https://releaseregistry.sourcegraph.com/v1/releases/k8s/{{version}}/promote") + exit_code=$? + + if [ $exit_code != 0 ]; then + echo "❌ Failed to promote release on release registry, got:" + echo "--- raw body ---" + echo $body + echo "--- raw body ---" + exit $exit_code + else + echo "Build created, see:" + echo $body | jq .web_url + fi + + - name: "update main with latest version" + cmd: | + set -eu + branch="promote/release-{{version}}-update-main" + echo "Checking out origin/main" + git fetch origin main + git switch main + echo "Creating branch origin/${branch}" + git switch -c "${branch}" + + - name: "sg ops" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry index.docker.io/sourcegraph \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../base/ + + - name: "sg ops (executors)" + cmd: | + set -eu + sg ops update-images \ + --kind k8s \ + --registry index.docker.io/sourcegraph \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --pin-tag {{inputs.server.tag}} \ + ../components/executors/ + + - name: "git:commit" + cmd: | + set -eu + branch="promote/release-{{version}}-update-main" + find . -name "*.yaml" | xargs git add + find . -name "*.yml" | xargs git add + + # Careful with the quoting for the config, using double quotes will lead + # to the shell dropping out all quotes from the json, leading to failed + # parsing. + git commit -am 'update-main: {{version}}' -m 'update main with latest release' + git push origin "${branch}" + + - name: "github:pr" + cmd: | + set -eu + internal_branch="promote/release-{{version}}-update-main" + gh pr create \ + --fill \ + --draft \ + --base "$internal_branch" \ + --title "Update main: build {{version}}" \ + --body "Test plan: automated release PR, CI will perform additional checks" + echo "🚢 Please check the associated CI build to ensure the process completed". +