...

Text file src/github.com/linkerd/linkerd2/.github/workflows/release.yml

Documentation: github.com/linkerd/linkerd2/.github/workflows

     1name: Release
     2
     3on:
     4  push:
     5    tags:
     6      - "edge-*"
     7
     8permissions:
     9  contents: read
    10
    11env:
    12  GH_ANNOTATION: true
    13  DOCKER_REGISTRY: ghcr.io/linkerd
    14  K3D_VERSION: v5.4.4
    15  LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO }}
    16
    17jobs:
    18  # TODO(ver) We should stop relying so heavily on the environment,
    19  # especially the TAG variable. And it would be great to stop relying
    20  # on the root-tag script altogether.
    21  tag:
    22    runs-on: ubuntu-22.04
    23    steps:
    24      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
    25      - run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
    26        id: tag
    27    outputs:
    28      tag: ${{ steps.tag.outputs.tag }}
    29
    30  docker_build:
    31    name: Docker build
    32    needs: [tag]
    33    runs-on: ubuntu-22.04
    34    permissions:
    35      id-token: write # needed for signing the images with GitHub OIDC Token
    36    strategy:
    37      matrix:
    38        component:
    39          - cli-bin
    40          - controller
    41          - policy-controller
    42          - debug
    43          - jaeger-webhook
    44          - metrics-api
    45          - proxy
    46          - tap
    47          - web
    48    # policy-controller docker builds have occasionally hit a 30-minute timeout.
    49    timeout-minutes: 45
    50    steps:
    51      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
    52      - name: Set tag
    53        run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV"
    54      - uses: ./.github/actions/docker-build
    55        id: build
    56        with:
    57          docker-registry: ${{ env.DOCKER_REGISTRY }}
    58          docker-target: multi-arch
    59          docker-push: 1
    60          docker-ghcr-username: ${{ secrets.DOCKER_GHCR_USERNAME }}
    61          docker-ghcr-pat: ${{ secrets.DOCKER_GHCR_PAT }}
    62          component: ${{ matrix.component }}
    63          tag: ${{ needs.tag.outputs.tag }}
    64        env:
    65          LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN }}
    66      - uses: sigstore/cosign-installer@v3
    67      - run: cosign sign '${{ steps.build.outputs.digest }}'
    68        env:
    69          COSIGN_YES: true
    70      - name: Create artifact with CLI
    71        # windows_static_cli_tests below needs this because it can't create linux containers
    72        # inside windows
    73        if: matrix.component == 'cli-bin'
    74        env:
    75          ARCHIVES: /home/runner/archives
    76          DOCKER_TARGET: windows
    77        run: |
    78          bin/docker-pull-binaries "$TAG"
    79          mkdir -p "$ARCHIVES"
    80          cp -r "$PWD/target/release/linkerd2-cli-$TAG-windows.exe" "$ARCHIVES/linkerd-windows.exe"
    81      # `with.path` values do not support environment variables yet, so an
    82      # absolute path is used here.
    83      # https://github.com/actions/upload-artifact/issues/8
    84      - name: Upload artifact
    85        if: matrix.component == 'cli-bin'
    86        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
    87        with:
    88          name: image-archives-cli
    89          path: /home/runner/archives
    90
    91  windows_static_cli_tests:
    92    name: Static CLI tests (windows)
    93    timeout-minutes: 30
    94    runs-on: windows-latest
    95    needs: [docker_build]
    96    steps:
    97      - name: Checkout code
    98        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
    99      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   100        with:
   101          go-version: "1.22"
   102      - name: Download image archives
   103        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   104        with:
   105          name: image-archives-cli
   106          path: image-archives
   107      - name: Run CLI Integration tests
   108        run: go test --failfast --mod=readonly ".\test\cli" --linkerd="$PWD\image-archives\linkerd-windows.exe" --cli-tests -v
   109
   110  integration_tests:
   111    name: Integration tests
   112    needs: [tag, docker_build]
   113    strategy:
   114      matrix:
   115        integration_test:
   116          - cluster-domain
   117          - cni-calico-deep
   118          - deep
   119          - viz
   120          - default-policy-deny
   121          - external
   122          - rsa-ca
   123          - helm-upgrade
   124          - uninstall
   125          - upgrade-edge
   126    timeout-minutes: 60
   127    runs-on: ubuntu-22.04
   128    steps:
   129      - name: Checkout code
   130        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   131      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
   132        with:
   133          go-version: "1.22"
   134      - name: Set environment variables from scripts
   135        run: |
   136          TAG='${{ needs.tag.outputs.tag }}'
   137          CMD="$PWD/target/release/linkerd2-cli-$TAG-linux-amd64"
   138          echo "CMD=$CMD" >> "$GITHUB_ENV"
   139          echo "TAG=$TAG" >> "$GITHUB_ENV"
   140      - name: Run integration tests
   141        env:
   142          LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
   143        run: |
   144          bin/docker-pull-binaries "$TAG"
   145          # Validate the CLI version matches the current build tag.
   146          [[ "$TAG" == "$($CMD version --short --client)" ]]
   147          bin/tests --images preload --name ${{ matrix.integration_test }} "$CMD"
   148
   149  choco_pack:
   150    # only runs for stable tags. The conditionals are at each step level instead of the job level
   151    # otherwise the jobs below that depend on this one won't run
   152    name: Pack Chocolatey release
   153    timeout-minutes: 30
   154    needs: [integration_tests]
   155    runs-on: windows-2019
   156    steps:
   157      - name: Checkout code
   158        if: startsWith(github.ref, 'refs/tags/stable')
   159        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   160      - name: Chocolatey - update nuspec
   161        if: startsWith(github.ref, 'refs/tags/stable')
   162        run: |
   163          $LINKERD_VERSION=$env:GITHUB_REF.Substring(17)
   164          (Get-Content bin\win\linkerd.nuspec).replace('LINKERD_VERSION', "$LINKERD_VERSION") | Set-Content bin\win\linkerd.nuspec
   165      - name: Chocolatey - pack
   166        if: startsWith(github.ref, 'refs/tags/stable')
   167        uses: crazy-max/ghaction-chocolatey@0e015857dd851f84fcb7fb53380eb5c4c8202333
   168        with:
   169          args: pack bin/win/linkerd.nuspec
   170      - name: Chocolatey - upload package
   171        if: startsWith(github.ref, 'refs/tags/stable')
   172        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
   173        with:
   174          name: choco
   175          path: ./linkerd.*.nupkg
   176
   177  gh_release:
   178    name: Create GH release
   179    needs:
   180      - tag
   181      - integration_tests
   182    # TODO(ver) choco packages are not produced for edge releases...
   183    # - choco_pack
   184    timeout-minutes: 30
   185    runs-on: ubuntu-22.04
   186    permissions:
   187      contents: write
   188    steps:
   189      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   190      # - name: Download choco package
   191      #   if: startsWith(github.ref, 'refs/tags/stable')
   192      #   uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
   193      #   with:
   194      #     name: choco
   195      #     path: choco
   196      - name: Pull CLI binaries
   197        run: DOCKER_TARGET=multi-arch bin/docker-pull-binaries '${{ needs.tag.outputs.tag }}'
   198        #  v=${TAG#"stable-"}
   199        #  mv choco/linkerd.*.nupkg "target/release/linkerd2-cli-stable-$v.nupkg" || true
   200      - name: Create release
   201        id: create_release
   202        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87
   203        with:
   204          name: "${{ needs.tag.outputs.tag }}"
   205          generate_release_notes: true
   206          draft: false
   207          prerelease: false
   208          files: |
   209            ./target/release/linkerd2-cli-*-darwin*
   210            ./target/release/linkerd2-cli-*-linux-*
   211            ./target/release/linkerd2-cli-*-windows.*
   212            ./target/release/linkerd2-cli-*.nupkg
   213
   214  website_publish:
   215    name: Linkerd website publish
   216    needs: [gh_release]
   217    if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
   218    timeout-minutes: 30
   219    runs-on: ubuntu-22.04
   220    permissions:
   221      contents: write
   222    steps:
   223      - name: Create linkerd/website repository dispatch event
   224        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0
   225        with:
   226          token: ${{ secrets.RELEASE_TOKEN }}
   227          repository: linkerd/website
   228          event-type: release
   229
   230  website_publish_check:
   231    name: Linkerd website publish check
   232    needs: [tag, website_publish]
   233    timeout-minutes: 30
   234    if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
   235    runs-on: ubuntu-22.04
   236    steps:
   237      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   238      - name: Set install target for stable
   239        if: startsWith(github.ref, 'refs/tags/stable')
   240        run: echo "INSTALL=install" >> "$GITHUB_ENV"
   241      - name: Set install target for edge
   242        if: startsWith(github.ref, 'refs/tags/edge')
   243        run: echo "INSTALL=install-edge" >> "$GITHUB_ENV"
   244      - name: Check published version
   245        shell: bash
   246        run: |
   247          TAG='${{ needs.tag.outputs.tag }}'
   248          until RES=$(bin/scurl "https://run.linkerd.io/$INSTALL" | grep "LINKERD2_VERSION=\${LINKERD2_VERSION:-$TAG}") \
   249            || (( count++ >= 10 ))
   250          do
   251            sleep 30
   252          done
   253          if [[ -z "$RES" ]]; then
   254            echo "::error::The version '$TAG' was NOT found published in the website"
   255            exit 1
   256          fi
   257
   258  chart_deploy:
   259    name: Helm chart deploy
   260    needs: [gh_release]
   261    timeout-minutes: 30
   262    runs-on: ubuntu-22.04
   263    steps:
   264      - name: Checkout code
   265        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
   266      - name: Log into GCP
   267        uses: "google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa"
   268        with:
   269          credentials_json: ${{ secrets.LINKERD_SITE_TOKEN }}
   270      - name: Edge Helm chart creation and upload
   271        uses: ./.github/actions/helm-publish

View as plain text