Create SKE Pre-release #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create SKE Pre-release | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| security-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out enterprise kratix | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| submodules: recursive | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - name: Snyk golang scan on kratix | |
| uses: snyk/actions/golang@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --severity-threshold=high | |
| create-pre-release: | |
| runs-on: ubuntu-latest | |
| needs: [security-scan] | |
| steps: | |
| - name: Check out enterprise kratix | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| submodules: recursive | |
| - name: Login to ghcr | |
| run: | | |
| echo "${{ secrets.GHCR_TOKEN }}" | docker login --username syntassodev --password-stdin ghcr.io | |
| echo "${{ secrets.GHCR_TOKEN }}" | docker login --username syntassodev --password-stdin registry.syntasso.io | |
| - name: Build and push SKE at next RC | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| run: | | |
| ./scripts/build-and-push-ske-rc-images | |
| - name: Create and push pre-release tag | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| run: | | |
| make distribution | |
| new_tag=$(./scripts/tag-new-rc-version) | |
| echo "NEW_TAG=$new_tag" >> "$GITHUB_ENV" | |
| - name: Snyk image scan on kratix | |
| uses: snyk/actions/docker@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/syntasso/ske-platform:$NEW_TAG | |
| args: --severity-threshold=high --username=syntassodev --password=${{ secrets.GHCR_TOKEN }} | |
| - name: Snyk image scan on pipeline-adapter | |
| uses: snyk/actions/docker@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/syntasso/ske-platform-pipeline-adapter:$NEW_TAG | |
| args: --severity-threshold=high --username=syntassodev --password=${{ secrets.GHCR_TOKEN }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Create Github release and upload artifacts to s3 | |
| run: | | |
| TAG=${NEW_TAG} ./scripts/create-release | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| PRE_RELEASE: true | |
| - name: Generate changelog | |
| run: | | |
| git fetch --tags | |
| LATEST_RELEASE_TAG=$NEW_TAG ./scripts/generate-changelog | |
| changelog=$(cat final-changelog.md) | |
| echo "$changelog" >> "$GITHUB_STEP_SUMMARY" | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| upgrade-lre: | |
| runs-on: ubuntu-latest | |
| needs: [create-pre-release] | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.ENTERPRISE_KRATIX_TEST_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ENTERPRISE_KRATIX_TEST_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.EKS_KUBECTL_ADMIN_ROLE_ARN }} | |
| role-session-name: test | |
| role-skip-session-tagging: true | |
| - uses: hashicorp/setup-terraform@v3 | |
| - name: Check out enterprise kratix | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| submodules: recursive | |
| - name: Authenticate against LRE | |
| run: | | |
| ./scripts/authenticate-against-lre | |
| env: | |
| TF_TOKEN_app_terraform_io: ${{ secrets.TF_TOKEN_app_terraform_io }} | |
| - name: Install Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: v3.16.4 | |
| - name: Upgrade LRE | |
| run: | | |
| latest_rc="$(gh release list --json tagName --jq '.[0].tagName')" | |
| ./scripts/upgrade-lre $latest_rc | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| SKE_LICENSE_TOKEN: ${{ secrets.SKE_LICENSE_TOKEN }} | |
| - name: Kratix core tests post upgrade | |
| run: | | |
| cd read-only-kratix | |
| git status | |
| make gitea-cli | |
| # kratix tests are designed for 1 worker 1 platform | |
| kubectl --context ${PLATFORM} label destinations.platform.kratix.io testing-worker-git environment- | |
| LRE="true" WORKER_CONTEXT=${WORKER_BUCKET} WORKER_NAME=${WORKER_BUCKET} PLATFORM_CONTEXT=${PLATFORM} PLATFORM_NAME=${PLATFORM} DESTINATION_NAME=${WORKER_BUCKET} go run github.com/onsi/ginkgo/v2/ginkgo -v ./test/core/ | |
| kubectl --context ${PLATFORM} label destinations.platform.kratix.io testing-worker-git environment=dev |