From 983687e7f12be35013bc618fc40bf23ae6a4b53c Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 26 Jun 2025 15:36:43 +0200 Subject: [PATCH] Adjust release workflow with required konflux suffixes Konflux requires us to modify the build yaml files for releases slightly. These changes make it so the automated release workflow is compliant with the newly needed changes. Release docs have also been updated in case we need to do a manual release at some point in the future. --- .github/actions/get-latest-version/action.yml | 45 ++++++++++++++ .github/workflows/release.yml | 59 ++++++++++++------- docs/release.md | 24 ++++++-- 3 files changed, 104 insertions(+), 24 deletions(-) create mode 100644 .github/actions/get-latest-version/action.yml diff --git a/.github/actions/get-latest-version/action.yml b/.github/actions/get-latest-version/action.yml new file mode 100644 index 0000000000..c6e5f85d8b --- /dev/null +++ b/.github/actions/get-latest-version/action.yml @@ -0,0 +1,45 @@ +name: Get latest version +description: Gets the latest version in a repo, following semver rules +inputs: + repo: + required: false + default: ${{ github.workspace }} + description: Path to the repo to get the version from + required-major: + required: false + default: "0" + description: Major version that was requested +outputs: + version: + value: ${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }} + description: Latest version in M.m format + major: + value: ${{ steps.version.outputs.major }} + description: Major version + minor: + value: ${{ steps.version.outputs.minor }} + description: Minor version +runs: + using: composite + steps: + - id: version + env: + REQUIRED_MAJOR: ${{ steps.inputs.required-major }} + shell: bash + run: | + tag=(0 0) + while read -r line; do + if [[ "$line" =~ ^([[:digit:]]+)\.([[:digit:]]+)\.x$ ]]; then + # If we are doing a release for a specific major + # version, we want to limit ourselves to that, so we + # ignore newer major versions. + if ((tag[0] < BASH_REMATCH[1] && (REQUIRED_MAJOR == 0 || REQUIRED_MAJOR == BASH_REMATCH[1]))); then + tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") + elif ((tag[0] == BASH_REMATCH[1] && tag[1] < BASH_REMATCH[2])); then + tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") + fi + fi + done < <(git tag --merged) + + echo "major=${tag[0]}" >> "$GITHUB_OUTPUT" + echo "minor=${tag[1]}" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c165ce006a..33874f9f28 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,8 @@ jobs: minor: ${{ steps.final-values.outputs.minor }} patch: ${{ steps.patch-version.outputs.value || '0' }} release-type: ${{ steps.final-values.outputs.type }} + stackrox-major: ${{ steps.stackrox.outputs.major }} + stackrox-minor: ${{ steps.stackrox.outputs.minor }} steps: - uses: actions/checkout@v4 @@ -43,25 +45,9 @@ jobs: - name: Get closest tag to master id: latest-tag - env: - REQUIRED_MAJOR: ${{ steps.required-release.outputs.major }} - run: | - tag=(0 0) - while read -r line; do - if [[ "$line" =~ ^([[:digit:]]+)\.([[:digit:]]+)\.x$ ]]; then - # If we are doing a release for a specific major - # version, we want to limit ourselves to that, so we - # ignore newer major versions. - if ((tag[0] < BASH_REMATCH[1] && (REQUIRED_MAJOR == 0 || REQUIRED_MAJOR >= BASH_REMATCH[1]))); then - tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") - elif ((tag[0] == BASH_REMATCH[1] && tag[1] < BASH_REMATCH[2])); then - tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") - fi - fi - done < <(git tag --merged) - - echo "major=${tag[0]}" >> "$GITHUB_OUTPUT" - echo "minor=${tag[1]}" >> "$GITHUB_OUTPUT" + uses: ./.github/actions/get-latest-version + with: + required-major: ${{ steps.required-release.outputs.major }} - name: Determine release type and version id: final-values @@ -110,6 +96,26 @@ jobs: echo "value=$((patch+1))" >> "$GITHUB_OUTPUT" + - name: Checkout stackrox submodule + if: steps.final-values.outputs.type != 'patch' + run: | + git submodule update --init collector/proto/third_party/stackrox + + - name: Get stackrox version + id: stackrox-version-last + if: steps.final-values.outputs.type != 'patch' + uses: ./github/actions/get-latest-version + with: + repo: ${{ github.workspace }}/collector/proto/third_party/stackrox + + - name: Adjust stackrox version + id: stackrox + if: steps.final-values.outputs.type != 'patch' + run: | + MINOR="$((${{ steps.stackrox-version-last.outputs.minor }}+1))" + echo "major=${{ steps.stackrox-version-last.outputs.major }}" >> "$GITHUB_OUTPUT" + echo "minor=${MINOR}" >> "$GITHUB_OUTPUT" + - name: Notify tags and branches env: MAJOR: ${{ steps.final-values.outputs.major }} @@ -133,6 +139,10 @@ jobs: notice "Master tag" "${MAJOR}.${MINOR}.x" notice "Release branch" "release-${MAJOR}.${MINOR}" fi + if [[ "${RELEASE_TYPE}" != "patch" ]]; then + notice "Stackrox Major" "${{ steps.stackrox.outputs.major }}" + notice "Stackrox minor" "${{ steps.stackrox.outputs.minor }}" + fi - name: Mismatched versions if: steps.required-release.outputs.major != 0 && ( @@ -184,7 +194,16 @@ jobs: git pull --ff-only git tag "${RELEASE}.x" git checkout -b "release-${RELEASE}" - git commit --no-verify --allow-empty -m "Empty commit to diverge ${RELEASE} from master" + + # Modify values needed for konflux + SUFFIX="-${{ needs.determine-version.outputs.stackrox-major }}-${{ needs.determine-version.outputs.stackrox-minor }}" + sed -i \ + -e "/appstudio.openshift.io\/application: / s/$/${SUFFIX}/" \ + -e "/appstudio.openshift.io\/component: / s/$/${SUFFIX}/" \ + -e "/serviceAccountName: / s/$/${SUFFIX}/" \ + .tekton/collector-build.yaml + + git commit --no-verify -m "Commit to diverge ${RELEASE} from master" - name: Push release branch if: needs.determine-version.outputs.release-type != 'patch' diff --git a/docs/release.md b/docs/release.md index 15cb611d3f..ce2dd64fcf 100644 --- a/docs/release.md +++ b/docs/release.md @@ -10,6 +10,11 @@ ## Automated release +**Note**: If stackrox is doing a major version bump, do not use the +automated release workflow!! Follow the manual instructions below +instead. +--- + A workflow for automated releases can be found in the 'Actions' tab of GitHub. Once in said tab, look for the `Tag a new release` workflow in the side bar, select it and use the `Run workflow` button on the far @@ -44,7 +49,7 @@ git pull 2. Set the release environment variable, which should be incremented from the previous released version. ```sh -export COLLECTOR_RELEASE=3.8 +export COLLECTOR_RELEASE=3.22 ``` 3. Create an internal release tag to mark on the master branch where we forked for the release. @@ -54,11 +59,22 @@ git tag "${COLLECTOR_RELEASE}.x" git push origin "${COLLECTOR_RELEASE}.x" ``` -4. Create the release branch with an empty commit and push. +4. Set the ACS version suffix to be used by konflux, this should be the major and minor versions of ACS that will use the collector version being tagged. + +```sh +export STACKROX_SUFFIX=4-8 +``` + +4. Create the release branch with the required konflux suffixes. ```sh git checkout -b "release-${COLLECTOR_RELEASE}" -git commit --allow-empty -m "Empty commit to diverge ${COLLECTOR_RELEASE} from master" +sed -i \ + -e "/appstudio.openshift.io\/application: / s/$/-${STACKROX_SUFFIX}/" \ + -e "/appstudio.openshift.io\/component: / s/$/-${STACKROX_SUFFIX}/" \ + -e "/serviceAccountName: / s/$/-${STACKROX_SUFFIX}/" \ + .tekton/collector-build.yaml +git commit -m "Empty commit to diverge ${COLLECTOR_RELEASE} from master" git push --set-upstream origin "release-${COLLECTOR_RELEASE}" ``` @@ -67,7 +83,7 @@ git push --set-upstream origin "release-${COLLECTOR_RELEASE}" ```sh export COLLECTOR_PATCH_NUMBER=0 -export COLLECTOR_RELEASE=3.8 +export COLLECTOR_RELEASE=3.22 ``` 6. Tag and push the release.