1name: Release
2
3on:
4 push:
5 tags:
6 - "edge-*"
7
8permissions:
9 contents: read
10
11env:
12 GH_ANNOTATION: true
13 DOCKER_REGISTRY: ghcr.io/linkerd
14 K3D_VERSION: v5.4.4
15 LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO }}
16
17jobs:
18 # TODO(ver) We should stop relying so heavily on the environment,
19 # especially the TAG variable. And it would be great to stop relying
20 # on the root-tag script altogether.
21 tag:
22 runs-on: ubuntu-22.04
23 steps:
24 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
25 - run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
26 id: tag
27 outputs:
28 tag: ${{ steps.tag.outputs.tag }}
29
30 docker_build:
31 name: Docker build
32 needs: [tag]
33 runs-on: ubuntu-22.04
34 permissions:
35 id-token: write # needed for signing the images with GitHub OIDC Token
36 strategy:
37 matrix:
38 component:
39 - cli-bin
40 - controller
41 - policy-controller
42 - debug
43 - jaeger-webhook
44 - metrics-api
45 - proxy
46 - tap
47 - web
48 # policy-controller docker builds have occasionally hit a 30-minute timeout.
49 timeout-minutes: 45
50 steps:
51 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
52 - name: Set tag
53 run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV"
54 - uses: ./.github/actions/docker-build
55 id: build
56 with:
57 docker-registry: ${{ env.DOCKER_REGISTRY }}
58 docker-target: multi-arch
59 docker-push: 1
60 docker-ghcr-username: ${{ secrets.DOCKER_GHCR_USERNAME }}
61 docker-ghcr-pat: ${{ secrets.DOCKER_GHCR_PAT }}
62 component: ${{ matrix.component }}
63 tag: ${{ needs.tag.outputs.tag }}
64 env:
65 LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN }}
66 - uses: sigstore/cosign-installer@v3
67 - run: cosign sign '${{ steps.build.outputs.digest }}'
68 env:
69 COSIGN_YES: true
70 - name: Create artifact with CLI
71 # windows_static_cli_tests below needs this because it can't create linux containers
72 # inside windows
73 if: matrix.component == 'cli-bin'
74 env:
75 ARCHIVES: /home/runner/archives
76 DOCKER_TARGET: windows
77 run: |
78 bin/docker-pull-binaries "$TAG"
79 mkdir -p "$ARCHIVES"
80 cp -r "$PWD/target/release/linkerd2-cli-$TAG-windows.exe" "$ARCHIVES/linkerd-windows.exe"
81 # `with.path` values do not support environment variables yet, so an
82 # absolute path is used here.
83 # https://github.com/actions/upload-artifact/issues/8
84 - name: Upload artifact
85 if: matrix.component == 'cli-bin'
86 uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
87 with:
88 name: image-archives-cli
89 path: /home/runner/archives
90
91 windows_static_cli_tests:
92 name: Static CLI tests (windows)
93 timeout-minutes: 30
94 runs-on: windows-latest
95 needs: [docker_build]
96 steps:
97 - name: Checkout code
98 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
99 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
100 with:
101 go-version: "1.22"
102 - name: Download image archives
103 uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
104 with:
105 name: image-archives-cli
106 path: image-archives
107 - name: Run CLI Integration tests
108 run: go test --failfast --mod=readonly ".\test\cli" --linkerd="$PWD\image-archives\linkerd-windows.exe" --cli-tests -v
109
110 integration_tests:
111 name: Integration tests
112 needs: [tag, docker_build]
113 strategy:
114 matrix:
115 integration_test:
116 - cluster-domain
117 - cni-calico-deep
118 - deep
119 - viz
120 - default-policy-deny
121 - external
122 - rsa-ca
123 - helm-upgrade
124 - uninstall
125 - upgrade-edge
126 timeout-minutes: 60
127 runs-on: ubuntu-22.04
128 steps:
129 - name: Checkout code
130 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
131 - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
132 with:
133 go-version: "1.22"
134 - name: Set environment variables from scripts
135 run: |
136 TAG='${{ needs.tag.outputs.tag }}'
137 CMD="$PWD/target/release/linkerd2-cli-$TAG-linux-amd64"
138 echo "CMD=$CMD" >> "$GITHUB_ENV"
139 echo "TAG=$TAG" >> "$GITHUB_ENV"
140 - name: Run integration tests
141 env:
142 LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
143 run: |
144 bin/docker-pull-binaries "$TAG"
145 # Validate the CLI version matches the current build tag.
146 [[ "$TAG" == "$($CMD version --short --client)" ]]
147 bin/tests --images preload --name ${{ matrix.integration_test }} "$CMD"
148
149 choco_pack:
150 # only runs for stable tags. The conditionals are at each step level instead of the job level
151 # otherwise the jobs below that depend on this one won't run
152 name: Pack Chocolatey release
153 timeout-minutes: 30
154 needs: [integration_tests]
155 runs-on: windows-2019
156 steps:
157 - name: Checkout code
158 if: startsWith(github.ref, 'refs/tags/stable')
159 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
160 - name: Chocolatey - update nuspec
161 if: startsWith(github.ref, 'refs/tags/stable')
162 run: |
163 $LINKERD_VERSION=$env:GITHUB_REF.Substring(17)
164 (Get-Content bin\win\linkerd.nuspec).replace('LINKERD_VERSION', "$LINKERD_VERSION") | Set-Content bin\win\linkerd.nuspec
165 - name: Chocolatey - pack
166 if: startsWith(github.ref, 'refs/tags/stable')
167 uses: crazy-max/ghaction-chocolatey@0e015857dd851f84fcb7fb53380eb5c4c8202333
168 with:
169 args: pack bin/win/linkerd.nuspec
170 - name: Chocolatey - upload package
171 if: startsWith(github.ref, 'refs/tags/stable')
172 uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
173 with:
174 name: choco
175 path: ./linkerd.*.nupkg
176
177 gh_release:
178 name: Create GH release
179 needs:
180 - tag
181 - integration_tests
182 # TODO(ver) choco packages are not produced for edge releases...
183 # - choco_pack
184 timeout-minutes: 30
185 runs-on: ubuntu-22.04
186 permissions:
187 contents: write
188 steps:
189 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
190 # - name: Download choco package
191 # if: startsWith(github.ref, 'refs/tags/stable')
192 # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
193 # with:
194 # name: choco
195 # path: choco
196 - name: Pull CLI binaries
197 run: DOCKER_TARGET=multi-arch bin/docker-pull-binaries '${{ needs.tag.outputs.tag }}'
198 # v=${TAG#"stable-"}
199 # mv choco/linkerd.*.nupkg "target/release/linkerd2-cli-stable-$v.nupkg" || true
200 - name: Create release
201 id: create_release
202 uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87
203 with:
204 name: "${{ needs.tag.outputs.tag }}"
205 generate_release_notes: true
206 draft: false
207 prerelease: false
208 files: |
209 ./target/release/linkerd2-cli-*-darwin*
210 ./target/release/linkerd2-cli-*-linux-*
211 ./target/release/linkerd2-cli-*-windows.*
212 ./target/release/linkerd2-cli-*.nupkg
213
214 website_publish:
215 name: Linkerd website publish
216 needs: [gh_release]
217 if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
218 timeout-minutes: 30
219 runs-on: ubuntu-22.04
220 permissions:
221 contents: write
222 steps:
223 - name: Create linkerd/website repository dispatch event
224 uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0
225 with:
226 token: ${{ secrets.RELEASE_TOKEN }}
227 repository: linkerd/website
228 event-type: release
229
230 website_publish_check:
231 name: Linkerd website publish check
232 needs: [tag, website_publish]
233 timeout-minutes: 30
234 if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
235 runs-on: ubuntu-22.04
236 steps:
237 - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
238 - name: Set install target for stable
239 if: startsWith(github.ref, 'refs/tags/stable')
240 run: echo "INSTALL=install" >> "$GITHUB_ENV"
241 - name: Set install target for edge
242 if: startsWith(github.ref, 'refs/tags/edge')
243 run: echo "INSTALL=install-edge" >> "$GITHUB_ENV"
244 - name: Check published version
245 shell: bash
246 run: |
247 TAG='${{ needs.tag.outputs.tag }}'
248 until RES=$(bin/scurl "https://run.linkerd.io/$INSTALL" | grep "LINKERD2_VERSION=\${LINKERD2_VERSION:-$TAG}") \
249 || (( count++ >= 10 ))
250 do
251 sleep 30
252 done
253 if [[ -z "$RES" ]]; then
254 echo "::error::The version '$TAG' was NOT found published in the website"
255 exit 1
256 fi
257
258 chart_deploy:
259 name: Helm chart deploy
260 needs: [gh_release]
261 timeout-minutes: 30
262 runs-on: ubuntu-22.04
263 steps:
264 - name: Checkout code
265 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
266 - name: Log into GCP
267 uses: "google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa"
268 with:
269 credentials_json: ${{ secrets.LINKERD_SITE_TOKEN }}
270 - name: Edge Helm chart creation and upload
271 uses: ./.github/actions/helm-publish
View as plain text