Create SKE Pre-release #78
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create SKE Pre-release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| skip-security-scan: | |
| description: 'set to true to skip security scan' | |
| type: boolean | |
| required: false | |
| default: false | |
| jobs: | |
| create-pre-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out enterprise kratix | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| submodules: recursive | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.24 | |
| check-latest: true | |
| - name: Snyk golang scan on kratix | |
| if: ${{ !inputs.skip-security-scan }} | |
| uses: snyk/actions/golang@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --severity-threshold=high | |
| - name: Login to ghcr | |
| run: | | |
| echo "${{ secrets.GHCR_TOKEN }}" | docker login --username syntassodev --password-stdin ghcr.io | |
| echo "${{ secrets.GHCR_TOKEN }}" | docker login --username syntassodev --password-stdin registry.syntasso.io | |
| - name: Build and push SKE at next RC | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| run: | | |
| ./scripts/build-and-push-ske-rc-images | |
| - name: Create and push pre-release tag | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| run: | | |
| make distribution | |
| new_tag=$(./scripts/tag-new-rc-version) | |
| echo "NEW_TAG=$new_tag" >> "$GITHUB_ENV" | |
| - name: Snyk image scan on kratix | |
| uses: snyk/actions/docker@master | |
| if: ${{ !inputs.skip-security-scan }} | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/syntasso/ske-platform:$NEW_TAG | |
| args: --severity-threshold=high --username=syntassodev --password=${{ secrets.GHCR_TOKEN }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Create Github release and upload artifacts to s3 | |
| run: | | |
| TAG=${NEW_TAG} ./scripts/create-release | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| PRE_RELEASE: true | |
| - name: Generate changelog | |
| run: | | |
| git fetch --tags | |
| LATEST_RELEASE_TAG=$NEW_TAG ./scripts/generate-changelog | |
| changelog=$(cat final-changelog.md) | |
| echo "$changelog" >> "$GITHUB_STEP_SUMMARY" | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| upgrade-lre: | |
| runs-on: ubuntu-latest | |
| needs: [create-pre-release] | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.ENTERPRISE_KRATIX_TEST_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ENTERPRISE_KRATIX_TEST_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.EKS_KUBECTL_ADMIN_ROLE_ARN }} | |
| role-session-name: test | |
| role-skip-session-tagging: true | |
| - uses: hashicorp/setup-terraform@v3 | |
| - name: Check out enterprise kratix | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| submodules: recursive | |
| - name: Authenticate against LRE | |
| run: | | |
| ./scripts/authenticate-against-lre | |
| env: | |
| TF_TOKEN_app_terraform_io: ${{ secrets.TF_TOKEN_app_terraform_io }} | |
| - name: Install Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: v3.16.4 | |
| - name: Upgrade LRE | |
| run: | | |
| ./scripts/upgrade-lre $latest_rc | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| SKE_LICENSE_TOKEN: ${{ secrets.SKE_LICENSE_TOKEN }} | |
| - name: Kratix core tests post upgrade | |
| run: | | |
| cd read-only-kratix | |
| git status | |
| make gitea-cli | |
| # kratix tests are designed for 1 worker 1 platform | |
| kubectl --context ${PLATFORM} label destinations.platform.kratix.io testing-worker-git environment- | |
| set +e | |
| LRE="true" WORKER_CONTEXT=${WORKER_BUCKET} WORKER_NAME=${WORKER_BUCKET} PLATFORM_CONTEXT=${PLATFORM} PLATFORM_NAME=${PLATFORM} DESTINATION_NAME=${WORKER_BUCKET} go run github.com/onsi/ginkgo/v2/ginkgo -v ./test/core/ | |
| status=$? | |
| kubectl --context ${PLATFORM} label destinations.platform.kratix.io testing-worker-git environment=dev | |
| set -e | |
| exit $status | |
| ske-downgrade-test: | |
| runs-on: ubuntu-latest | |
| needs: [create-pre-release] | |
| steps: | |
| - name: Checkout ci repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: syntasso/ci | |
| - name: Setup Common Environment | |
| uses: ./.github/actions/setup-common | |
| with: | |
| repository: syntasso/enterprise-kratix | |
| ref: ${{ github.event.inputs.ske_sha }} | |
| path: enterprise-kratix | |
| ssh_key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }} | |
| submodules: 'true' | |
| submodule_repository: syntasso/kratix | |
| submodule_ref: ${{ github.event.inputs.sha }} | |
| submodule_path: enterprise-kratix/read-only-kratix | |
| ssh_session: ${{ github.event.inputs.ssh_session }} | |
| - name: Run downgrade test | |
| run: | | |
| cd enterprise-kratix/ | |
| ./scripts/ske-downgrade-test.sh | |
| env: | |
| GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }} | |
| SKE_LICENSE_TOKEN: ${{ secrets.SKE_LICENSE_TOKEN }} |