feat: Initial release updates

defenseunicorns · Nov 30, 2023 · e47fcd2 · e47fcd2
1 parent 336dd61
commit e47fcd2
Show file tree

Hide file tree

Showing 10 changed files with 169 additions and 48 deletions.
diff --git a/.github/actions/e2e/action.yml b/.github/actions/e2e/action.yml
@@ -18,12 +18,6 @@ inputs:
   aws-availability-zone:
     description: The AWS Availability Zone to use
     required: true
-  ghcr-username:
-    description: The Github container registry username to use
-    required: true
-  ghcr-password:
-    description: The Github container registry password to use
-    required: true
   registry1-username:
     description: The Registry1 container registry password to use
     required: true
@@ -92,7 +86,7 @@ runs:
       run: echo "tf_version=$(grep 'terraform ' .tool-versions)" >> $GITHUB_OUTPUT
 
     - name: Configure AWS Credentials for Commercial
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: ${{ inputs.role-to-assume }}
         role-session-name: ${{ github.event.client_payload.pull_request.head.sha || github.sha }}
@@ -107,8 +101,6 @@ runs:
         AWS_DEFAULT_REGION: us-east-2
         REGISTRY1_USERNAME: ${{ inputs.registry1-username }}
         REGISTRY1_PASSWORD: ${{ inputs.registry1-password }}
-        GHCR_USERNAME: ${{ inputs.ghcr-username }}
-        GHCR_PASSWORD: ${{ inputs.ghcr-password }}
         REPO_URL: https://github.com/${{ github.repository }}.git
         GIT_BRANCH: ${{ github.event.client_payload.pull_request.head.ref || github.ref_name }}
       run: |

diff --git a/.github/workflows/publish.yml → .github/workflows/publish-package.yml b/.github/workflows/publish.yml → .github/workflows/publish-package.yml
@@ -1,37 +1,70 @@
-name: build-and-publish
-
-concurrency:
-    cancel-in-progress: true
-    group: build-and-publish
+name: Publish Zarf Package
 
 on:
-  push:
-    branches: [ "main" ]
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
 
 jobs:
   build-and-publish-package:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          repository: ${{ github.repository }}
+          ref: ${{ github.ref_name }}
+
+      - name: Login to Registry1
+        uses: docker/login-action@v3
+        with:
+          registry: registry1.dso.mil
+          username: ${{ secrets.REGISTRY1_USERNAME }}
+          password: ${{ secrets.REGISTRY1_PASSWORD }}
 
       - name: Init zarf cache
         uses: actions/cache@v3
         with:
           path: "~/.zarf-cache"
           key: zarf-cache
 
+      - name: Free GH runner build space
+        run: |
+          df -h
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+          sudo docker image prune --all --force
+          df -h
+
       - name: Install zarf
         uses: supplypike/setup-bin@v3
         with:
           # renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf
-          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.29.2/zarf_v0.29.2_Linux_amd64'
+          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.31.2/zarf_v0.31.2_Linux_amd64'
           name: 'zarf'
           # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-          version: 'v0.29.2'
+          version: 'v0.31.2'
+
+      - name: Build redis package
+        run: zarf package create --confirm --no-progress
+
+      - name: Run E2E Tests
+        uses: ./.github/actions/e2e
+        with:
+          token: ${{ secrets.PAT }}
+          role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+          region: ${{ vars.AWS_REGION }}
+          github-context: "test / e2e (${{github.event_name}})"
+          aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
+          registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
+          registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}
 
       - name: Login to GHCR
         uses: docker/login-action@v2
@@ -40,19 +73,6 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to registry1
-        uses: docker/login-action@v2
-        with:
-          registry: registry1.dso.mil
-          username: ${{ secrets.REGISTRY1_USERNAME }}
-          password: ${{ secrets.REGISTRY1_PASSWORD }}
-
-      ####
-      # Build and publish capability package and skeleton
-      ####
-      - name: Build redis package
-        run: zarf package create --confirm --no-progress
-
       - name: Publish redis package
         run: zarf package publish zarf-package-redis-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-capability --no-progress
 

diff --git a/.github/workflows/tag-test-and-release.yml b/.github/workflows/tag-test-and-release.yml
@@ -0,0 +1,56 @@
+name: Tag, Test and Publish UDS Capability
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  tag-new-version:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create Release Tag
+        id: tag
+        uses: google-github-actions/release-please-action@v3
+        with:
+          command: manifest # use configs in release-please-config.json
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
+
+  # Testing non release pushes to main
+  test-uds-capability:
+    runs-on: ubuntu-latest
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'false'}}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          repository: ${{ github.repository }}
+          ref: ${{ github.ref_name }}
+      - name: Run E2E Tests
+        uses: ./.github/actions/e2e
+        with:
+          token: ${{ secrets.PAT }}
+          role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+          region: ${{ vars.AWS_REGION }}
+          github-context: "test / e2e (${{github.event_name}})"
+          aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
+          registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
+          registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}
+
+  # Testing and publishing release pushes to main
+  test-and-publish-uds-capability:
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true'}}
+    uses: ./.github/workflows/publish-package.yml
+    secrets: inherit
diff --git a/.github/workflows/test-command.yml b/.github/workflows/test-command.yml
@@ -5,9 +5,6 @@ name: test
 on:
   repository_dispatch:
     types: [test-command]
-  push:
-    branches:
-      - main
 
 permissions:
   id-token: write
@@ -28,7 +25,7 @@ jobs:
       run-e2e: ${{ steps.parse.outputs.run-e2e }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -43,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -60,7 +57,7 @@ jobs:
     if: needs.parse.outputs.run-ping == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -77,7 +74,7 @@ jobs:
     if: needs.parse.outputs.run-e2e == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}

diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+    ".": "0.1.0"
+}
diff --git a/Makefile b/Makefile
@@ -1,14 +1,14 @@
 # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to
 # the build folder.
 # renovate: datasource=github-tags depName=defenseunicorns/zarf
-ZARF_VERSION := v0.29.2
+ZARF_VERSION := v0.31.2
 
 # The version of the build harness container to use
 BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness
 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness
-BUILD_HARNESS_VERSION := 1.10.2
+BUILD_HARNESS_VERSION := 1.14.2
 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?<version>\d+\.\d+\.\d+)
-DUBBD_K3D_VERSION := 0.9.0
+DUBBD_K3D_VERSION := 0.13.0
 
 # Figure out which Zarf binary we should use based on the operating system we are on
 ZARF_BIN := zarf

diff --git a/README.md b/README.md
@@ -55,5 +55,5 @@ zarf-packages:
   # Redis
   - name: redis
     repository: ghcr.io/defenseunicorns/uds-capability/redis
-    ref: 0.0.1
+    ref: x.x.x
 ```
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -11,7 +11,7 @@ To upgrade
 1) Update any base values if necessary.
 1) Update the `redis` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart.
 
-## How to test this capability
+## How to test this capability on your own cluster
 
 1) With docker running and while connected to an aws account.
 2) Set these env variables.
@@ -25,4 +25,37 @@ export AWS_AVAILABILITY_ZONE=a
 
  3) At the root of this repository, you can run `make test`. This will provision an ec2 instance, build and deploy all dependencies and packages, and run an e2e test to insure the capability is deploying successfully, available and ready.
 
-You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages.
+You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages.
+
+## How to manually trigger e2e tests in a github PR
+
+This project uses [slash command dispatch](https://github.com/peter-evans/slash-command-dispatch). To use this, add a comment in your PR that says `/test all`. This will trigger the e2e tests for this repo.
+
+## Auto e2e tests
+
+This project will automatically run e2e tests on pushes to `main`
+
+## Creating Releases
+
+This project uses [release-please-action](https://github.com/google-github-actions/release-please-action) for versioning and releasing OCI packages.
+
+### How should I write my commits?
+
+Release Please assumes you are using [Conventional Commit messages](https://www.conventionalcommits.org/).
+
+The most important prefixes you should have in mind are:
+
+- `fix:` which represents bug fixes, and correlates to a [SemVer](https://semver.org/)
+  patch.
+- `feat:` which represents a new feature, and correlates to a SemVer minor.
+- `feat!:`,  or `fix!:`, `refactor!:`, etc., which represent a breaking change
+  (indicated by the `!`) and will result in a SemVer major.
+
+When changes are merged to the `main` branch, the Release Please will evaluate all commits since the previous release to calculate what changes are included and will create another PR to increase the version and tag a new release (per the Release Please design [documentation](https://github.com/googleapis/release-please/blob/main/docs/design.md#lifecycle-of-a-release)). This will also automatically generate changelog entries based on these commits.
+
+> TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump.
+
+When the auto generated Release Please PR is merged the following steps will automatically happen.
+1) A new release will be created and tagged
+1) An e2e test will be triggered
+1) If e2e passes, a new capability artifact will be published to the OCI registry
diff --git a/release-please-config.json b/release-please-config.json
@@ -0,0 +1,18 @@
+{
+  "packages": {
+    ".": {
+      "release-type": "simple",
+      "draft": false,
+      "changelog-path": "CHANGELOG.md",
+      "changelog-sections": [
+        { "type": "feat", "section": "Features", "hidden": false },
+        { "type": "fix", "section": "Bug Fixes", "hidden": false },
+        { "type": "chore", "section": "Miscellaneous", "hidden": false }
+      ],
+      "versioning": "always-bump-patch",
+      "extra-files": [
+        "zarf.yaml"
+      ]
+    }
+  }
+}
diff --git a/zarf.yaml b/zarf.yaml
@@ -3,7 +3,9 @@ kind: ZarfPackageConfig
 metadata:
   name: redis
   description: "UDS redis capability deployed via flux"
+  # x-release-please-start-version
   version: "0.0.1"
+  # x-release-please-end
   architecture: amd64
 
 variables: