From 4e21ef06d873db5a7b6fbecc4090846a07c0affd Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 30 May 2023 19:20:48 -0700 Subject: [PATCH 1/2] Update release step to use GitHub Action Replaces the release scripts with lucacome/draft-release --- .github/workflows/ci.yml | 76 ++++++++++--------- .github/workflows/release.yaml | 129 --------------------------------- 2 files changed, 37 insertions(+), 168 deletions(-) delete mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0fd09faa4f..5b314925ee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - main - release-* tags: - - 'v[0-9]+.[0-9]+.[0-9]+*' + - "v[0-9]+.[0-9]+.[0-9]+*" pull_request: branches: - main @@ -28,7 +28,6 @@ env: platforms: "linux/arm64, linux/amd64" jobs: - vars: name: Checks and variables runs-on: ubuntu-20.04 @@ -45,12 +44,10 @@ jobs: - name: Output Variables id: vars - run: | - echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT + run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT - name: Check if go.mod and go.sum are up to date - run: | - go mod tidy && git diff --exit-code -- go.mod go.sum + run: go mod tidy && git diff --exit-code -- go.mod go.sum unit-tests: name: Unit Tests @@ -88,6 +85,26 @@ jobs: node-version: 18 - run: npm --prefix ${{ github.workspace }}/internal/nginx/modules install-ci-test + release: + name: Release + runs-on: ubuntu-20.04 + needs: [unit-tests, njs-unit-tests] + if: ${{ github.event_name == 'push' && ! github.ref != 'refs/heads/main' }} + steps: + - name: Checkout Repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Create/Update Draft + uses: lucacome/draft-release@b79be3ff634f771230b2b6ee9f47308c5793671a # v0.2.0 + with: + minor-label: "enhancement" + major-label: "change" + publish: ${{ startsWith(github.ref, 'refs/tags/') }} + collapse-after: 20 + notes-header: | + *Below is the auto-generated changelog, which includes all PRs that went into the release. + For a shorter version that highlights only important changes, see [CHANGELOG.md](https://github.com/nginxinc/nginx-kubernetes-gateway/blob/{{version}}/CHANGELOG.md).* + binary: name: Build Binary runs-on: ubuntu-20.04 @@ -103,32 +120,6 @@ jobs: with: go-version-file: go.mod - - name: Publish release on tag - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 - continue-on-error: true - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const ref = context.ref.split("/")[2] - - const releases = (await github.rest.repos.listReleases({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - per_page: 100, - })).data - - const draft_release = releases.find(release => release.draft && release.tag_name === ref) - - const update = await github.rest.repos.updateRelease({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - release_id: draft_release.id, - draft: false - }); - console.log(`Release published: ${update.data.html_url}`) - console.log(`Release notes: ${update.data.body}`) - if: startsWith(github.ref, 'refs/tags/') - - name: Download Syft uses: anchore/sbom-action/download-syft@4d571ad1038a9cc29d676154ef265ab8f9027042 # v0.14.2 if: startsWith(github.ref, 'refs/tags/') @@ -158,17 +149,21 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Fetch Cached Artifacts uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ${{ github.workspace }}/dist key: nginx-kubernetes-gateway-${{ github.run_id }}-${{ github.run_number }} + - name: Docker Buildx uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + - name: Setup QEMU uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 with: platforms: arm64 + - name: Login to GitHub Container Registry uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 if: ${{ github.event_name != 'pull_request' }} @@ -176,6 +171,7 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker meta id: meta uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.0 @@ -192,7 +188,7 @@ jobs: uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 with: file: build/Dockerfile - context: '.' + context: "." target: goreleaser tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -209,18 +205,20 @@ jobs: continue-on-error: true with: image-ref: ghcr.io/nginxinc/nginx-kubernetes-gateway:${{ steps.meta.outputs.version }} - format: 'sarif' - output: 'trivy-results-nginx-kubernetes-gateway.sarif' - ignore-unfixed: 'true' + format: "sarif" + output: "trivy-results-nginx-kubernetes-gateway.sarif" + ignore-unfixed: "true" + - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5 continue-on-error: true with: - sarif_file: 'trivy-results-nginx-kubernetes-gateway.sarif' + sarif_file: "trivy-results-nginx-kubernetes-gateway.sarif" + - name: Upload Scan Results uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 continue-on-error: true with: - name: 'trivy-results-nginx-kubernetes-gateway.sarif' - path: 'trivy-results-nginx-kubernetes-gateway.sarif' + name: "trivy-results-nginx-kubernetes-gateway.sarif" + path: "trivy-results-nginx-kubernetes-gateway.sarif" if: always() diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index edd6bc5be5..0000000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,129 +0,0 @@ -name: Create Draft Release - -on: - push: - branches: - - release-* - workflow_dispatch: - inputs: - tagFrom: - description: The tag to create the release from. - required: true - type: string - tagTo: - description: The tag to create the release to. - required: true - type: string - branch: - description: The branch where the release will be created. - required: true - type: string - -jobs: - - binary: - name: Create Draft Release - runs-on: ubuntu-20.04 - steps: - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - - run: npm install semver - - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 - continue-on-error: true - with: - script: | - const semver = require('semver'); - const ref = context.ref.split("/")[2] - - const releases = (await github.rest.repos.listReleases({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - per_page: 100, - })).data - - let latest_release - const latest_release_current_branch = releases.find(release => !release.draft && release.tag_name.startsWith("v" + ref.split("-")[1])) - - if (latest_release_current_branch === undefined){ - try { - latest_release = (await github.rest.repos.getLatestRelease({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - })).data.tag_name - } catch (e) { - latest_release = "v0.0.0" - } - } else { - latest_release = latest_release_current_branch.tag_name - } - - let tagFrom, tagTo, branch - if (context.eventName === 'workflow_dispatch'){ - console.log(`Dispatch run with inputs: ${JSON.stringify(context.payload.inputs)}`) - ;({ tagFrom, tagTo, branch } = context.payload.inputs) - } else { - ;({ tagFrom, tagTo, branch } = { - tagFrom: latest_release, - tagTo: 'next', - branch: ref, - }) - console.log(`Push run with: { tagFrom: ${tagFrom}, tagTo: ${tagTo}, branch: ${branch} }`) - } - console.log(`The latest release was ${tagFrom}`) - - let version = tagTo.replace('v', '') - if (version === 'next'){ - const temp_notes = (await github.rest.repos.generateReleaseNotes({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - tag_name: tagTo, - previous_tag_name: semver.gt(tagFrom, '0.0.0') ? tagFrom : '', - target_commitish: branch, - })).data.body - - let level - temp_notes.includes("### 🚀 Features") ? level = 'minor' : level = 'patch' - temp_notes.includes("### 💣 Breaking Changes") ? level = 'major' : level = level - version = semver.inc(tagFrom, level) - console.log(`The level of the release is ${level}`) - } - const draft = releases.find((r) => r.draft && r.tag_name === "v"+version) - const draft_found = !(draft === undefined) - - console.log(`The next version is v${version}`) - - const release_notes = (await github.rest.repos.generateReleaseNotes({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - tag_name: 'v' + version, - previous_tag_name: semver.gt(tagFrom, '0.0.0') ? tagFrom : '', - target_commitish: branch, - })) - - let release - if (draft_found){ - console.log("Draft found") - release = (await github.rest.repos.updateRelease({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - release_id: draft.id, - tag_name: 'v' + version, - target_commitish: branch, - name: 'v' + version, - body: release_notes.data.body, - draft: true, - })) - } else { - console.log("Draft not found") - release = (await github.rest.repos.createRelease({ - owner: context.payload.repository.owner.login, - repo: context.payload.repository.name, - tag_name: 'v' + version, - target_commitish: ref, - name: 'v' + version, - body: release_notes.data.body, - draft: true, - })) - } - - console.log(`Release created: ${release.data.html_url}`) - console.log(`Release notes: ${release_notes.data.body}`) From 76ba10621941c60df39cca26e196026ab1136299 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 31 May 2023 10:36:20 -0700 Subject: [PATCH 2/2] Remove exclamation point --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b314925ee..0c2c13826e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,7 +89,7 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: [unit-tests, njs-unit-tests] - if: ${{ github.event_name == 'push' && ! github.ref != 'refs/heads/main' }} + if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} steps: - name: Checkout Repository uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2