-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add release workflow for this project #215
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| #!/bin/sh | ||
|
|
||
| IMAGE=$1 | ||
| CONTAINER_NAME="integ-test-$(date +%s)" | ||
|
|
||
| docker run -dt -p 8080:8080 \ | ||
| -e AWS_ACCESS_KEY_ID \ | ||
| -e AWS_SECRET_ACCESS_KEY \ | ||
| -e AWS_SESSION_TOKEN \ | ||
| -e AWS_REGION=us-east-1 \ | ||
| --name $CONTAINER_NAME \ | ||
| $IMAGE | ||
|
|
||
| curl -s -H 'host: s3.amazonaws.com' http://localhost:8080 | grep ListAllMyBucketsResult | ||
| result=$? | ||
|
|
||
| docker stop $CONTAINER_NAME | ||
| docker rm $CONTAINER_NAME | ||
|
|
||
| if [ "$result" == "1" ]; then | ||
| echo "Integration tests failed" | ||
| exit 1 | ||
| fi | ||
|
|
||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| name: Continuous integration | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - "release/v*" | ||
| env: | ||
| AWS_STAGING_REGION: us-west-2 | ||
| STAGING_ECR_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com | ||
| STAGING_ECR_REPOSITORY: aws-sigv4-proxy-staging | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build and publish to staging | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| commit-short-sha: ${{ steps.staging-info.outputs.commit-short-sha }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: ~1.22.4 | ||
|
|
||
| - name: Build | ||
| run: | | ||
| go build -v ./cmd/aws-sigv4-proxy | ||
|
|
||
| - name: Run tests | ||
| run: go test -v ./... | ||
|
|
||
| - name: Configure AWS Credentials for Private ECR | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_STAGING }} | ||
| aws-region: ${{ env.AWS_STAGING_REGION }} | ||
|
|
||
| - name: Log in to AWS private ECR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.STAGING_ECR_REGISTRY }} | ||
|
|
||
| - name: Get short sha | ||
| id: staging-info | ||
| run: | | ||
| shortSha=$(git rev-parse --short ${{ github.sha }}) | ||
| echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Build and push image to staging | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| file: Dockerfile | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ steps.staging-info.outputs.commit-short-sha }} | ||
| platforms : linux/amd64, linux/arm64 | ||
|
|
||
| integration-tests: | ||
| name: Run integration tests on image from staging | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Configure AWS Credentials for Private ECR | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_INTEG_TESTS }} | ||
| aws-region: ${{ env.AWS_STAGING_REGION }} | ||
|
|
||
| - name: Run integration tests | ||
| run: ./github/scripts/integ-tests.sh ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ needs.build.outputs.commit-short-sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| name: CD | ||
| name: Build | ||
|
|
||
| on: [push, pull_request] | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
|
|
||
| name: Release aws-sigv4-proxy | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| dryrunMode: | ||
| description: 'Run workflow in dry-run mode (nothing will be published)' | ||
| required: true | ||
| default: 'true' | ||
| type: choice | ||
| options: | ||
| - 'true' | ||
| - 'false' | ||
|
|
||
| env: | ||
| AWS_PUBLIC_ECR_REGION: us-east-1 | ||
| AWS_PRIVATE_ECR_REGION: us-west-2 | ||
| PUBLIC_REGISTRY: public.ecr.aws | ||
| STAGING_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com | ||
| RELEASE_IMAGE_NAME: aws-sigv4-proxy | ||
| STAGING_IMAGE_NAME: aws-sigv4-proxy-staging | ||
|
|
||
| jobs: | ||
| release: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Get version and sha | ||
| id: release-info | ||
| run: | | ||
| echo "release-version=$(cat VERSION)" >> $GITHUB_OUTPUT | ||
| shortSha=$(git rev-parse --short ${{ github.sha }}) | ||
| echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | ||
| aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} | ||
|
|
||
| - name: Log in to AWS ECR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.PUBLIC_REGISTRY }} | ||
|
|
||
| - name: Configure AWS Credentials for Private ECR | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | ||
| aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} | ||
|
|
||
| - name: Log in to AWS private ECR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.STAGING_REGISTRY }} | ||
|
|
||
| - name: Push image to public ecr - dryrun | ||
| if: ${{ inputs.dryrunMode == 'true' }} | ||
| run: | | ||
| docker buildx imagetools create \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ | ||
| ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} | ||
| --dry-run | ||
|
|
||
| - name: Create release - dryrun | ||
| if: ${{ inputs.dryrunMode == 'true' }} | ||
| run: | | ||
| echo gh release create --target "$GITHUB_REF_NAME" \ | ||
| --title "Release v${{ steps.release-info.outputs.release-version }}" \ | ||
| --draft \ | ||
| "v${{ steps.release-info.outputs.release-version }}" \ | ||
|
|
||
| - name: Push image to public ecr | ||
| if: ${{ inputs.dryrunMode == 'false' }} | ||
| run: | | ||
| docker buildx imagetools create \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ | ||
| --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ | ||
| ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} | ||
|
|
||
| - name: Create release | ||
| if: ${{ inputs.dryrunMode == 'false'}} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | ||
| run: | | ||
| gh release create --target "$GITHUB_REF_NAME" \ | ||
| --title "Release v${{ steps.release-info.outputs.release-version }}" \ | ||
| --draft \ | ||
| "v${{ steps.release-info.outputs.release-version }}" \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # Instructions to release a new version | ||
|
|
||
| To release a new version of the aws-sigv4-proxy, please follow these steps: | ||
|
|
||
| 1. Create a release branch for this minor version series, if one does not exist yet. The convention is to name this branch: `release/v<release series>` where release series has the format `<major version>.<minor version>.x`. Example of branch `release/v1.8.x` | ||
| 2. From the release branch, update the content of the `VERSION` file in the root of this repository. The convention is to ommit the patch version if that is in 0. Example of content: `1.8` or `1.8.1`. Merge the PR that updates the `VERSION` file. Confirm that the continuous integration workflow will succeed. | ||
| 3. Run the release workflow. Go to the GitHub UI in this repository and select `Actions`. Then select the `Release aws-sigv4-proxy` workflow. Select the release branch. You can optionally test with dry-run mode before releasing. | ||
| 4. After the release is completed. Update the release notes for this release. | ||
| 5. Merge the changes from the release branch into mainline. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 1.8 |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct? I'd expect the patch component to always be included. It's common to publish image tags that only have the major and minor that always refer to the latest patch version and I would be surprised if
1.8always pointed to1.8.0if1.8.1had been released.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just to handle the current state of things. Right now tags and images were created without the patch number.
do you think it is worth changing this pattern moving forward? I don't see any harm in doing that but do you see any risk?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consistency is probably more important than aligning with my particular version of correctness here, so definitely keep doing what has been done before for now. I'm not sure whether it's worth making a change moving forward, but if you do communication of the change will be important to avoid surprises.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created this issue #216 in case we want to change that in the future.