From e3f1b69806bc4a45a4509858e1b8d1c4fde6a164 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Thu, 26 Jun 2025 15:36:43 +0200 Subject: [PATCH 1/4] Adjust release workflow with required konflux suffixes Konflux requires us to modify the build yaml files for releases slightly. These changes make it so the automated release workflow is compliant with the newly needed changes. Release docs have also been updated in case we need to do a manual release at some point in the future. --- .github/actions/get-latest-version/action.yml | 45 ++++++++++++++ .github/workflows/release.yml | 59 ++++++++++++------- docs/release.md | 24 ++++++-- 3 files changed, 104 insertions(+), 24 deletions(-) create mode 100644 .github/actions/get-latest-version/action.yml diff --git a/.github/actions/get-latest-version/action.yml b/.github/actions/get-latest-version/action.yml new file mode 100644 index 0000000000..c6e5f85d8b --- /dev/null +++ b/.github/actions/get-latest-version/action.yml @@ -0,0 +1,45 @@ +name: Get latest version +description: Gets the latest version in a repo, following semver rules +inputs: + repo: + required: false + default: ${{ github.workspace }} + description: Path to the repo to get the version from + required-major: + required: false + default: "0" + description: Major version that was requested +outputs: + version: + value: ${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }} + description: Latest version in M.m format + major: + value: ${{ steps.version.outputs.major }} + description: Major version + minor: + value: ${{ steps.version.outputs.minor }} + description: Minor version +runs: + using: composite + steps: + - id: version + env: + REQUIRED_MAJOR: ${{ steps.inputs.required-major }} + shell: bash + run: | + tag=(0 0) + while read -r line; do + if [[ "$line" =~ ^([[:digit:]]+)\.([[:digit:]]+)\.x$ ]]; then + # If we are doing a release for a specific major + # version, we want to limit ourselves to that, so we + # ignore newer major versions. + if ((tag[0] < BASH_REMATCH[1] && (REQUIRED_MAJOR == 0 || REQUIRED_MAJOR == BASH_REMATCH[1]))); then + tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") + elif ((tag[0] == BASH_REMATCH[1] && tag[1] < BASH_REMATCH[2])); then + tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") + fi + fi + done < <(git tag --merged) + + echo "major=${tag[0]}" >> "$GITHUB_OUTPUT" + echo "minor=${tag[1]}" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c165ce006a..33874f9f28 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,8 @@ jobs: minor: ${{ steps.final-values.outputs.minor }} patch: ${{ steps.patch-version.outputs.value || '0' }} release-type: ${{ steps.final-values.outputs.type }} + stackrox-major: ${{ steps.stackrox.outputs.major }} + stackrox-minor: ${{ steps.stackrox.outputs.minor }} steps: - uses: actions/checkout@v4 @@ -43,25 +45,9 @@ jobs: - name: Get closest tag to master id: latest-tag - env: - REQUIRED_MAJOR: ${{ steps.required-release.outputs.major }} - run: | - tag=(0 0) - while read -r line; do - if [[ "$line" =~ ^([[:digit:]]+)\.([[:digit:]]+)\.x$ ]]; then - # If we are doing a release for a specific major - # version, we want to limit ourselves to that, so we - # ignore newer major versions. - if ((tag[0] < BASH_REMATCH[1] && (REQUIRED_MAJOR == 0 || REQUIRED_MAJOR >= BASH_REMATCH[1]))); then - tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") - elif ((tag[0] == BASH_REMATCH[1] && tag[1] < BASH_REMATCH[2])); then - tag=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}") - fi - fi - done < <(git tag --merged) - - echo "major=${tag[0]}" >> "$GITHUB_OUTPUT" - echo "minor=${tag[1]}" >> "$GITHUB_OUTPUT" + uses: ./.github/actions/get-latest-version + with: + required-major: ${{ steps.required-release.outputs.major }} - name: Determine release type and version id: final-values @@ -110,6 +96,26 @@ jobs: echo "value=$((patch+1))" >> "$GITHUB_OUTPUT" + - name: Checkout stackrox submodule + if: steps.final-values.outputs.type != 'patch' + run: | + git submodule update --init collector/proto/third_party/stackrox + + - name: Get stackrox version + id: stackrox-version-last + if: steps.final-values.outputs.type != 'patch' + uses: ./github/actions/get-latest-version + with: + repo: ${{ github.workspace }}/collector/proto/third_party/stackrox + + - name: Adjust stackrox version + id: stackrox + if: steps.final-values.outputs.type != 'patch' + run: | + MINOR="$((${{ steps.stackrox-version-last.outputs.minor }}+1))" + echo "major=${{ steps.stackrox-version-last.outputs.major }}" >> "$GITHUB_OUTPUT" + echo "minor=${MINOR}" >> "$GITHUB_OUTPUT" + - name: Notify tags and branches env: MAJOR: ${{ steps.final-values.outputs.major }} @@ -133,6 +139,10 @@ jobs: notice "Master tag" "${MAJOR}.${MINOR}.x" notice "Release branch" "release-${MAJOR}.${MINOR}" fi + if [[ "${RELEASE_TYPE}" != "patch" ]]; then + notice "Stackrox Major" "${{ steps.stackrox.outputs.major }}" + notice "Stackrox minor" "${{ steps.stackrox.outputs.minor }}" + fi - name: Mismatched versions if: steps.required-release.outputs.major != 0 && ( @@ -184,7 +194,16 @@ jobs: git pull --ff-only git tag "${RELEASE}.x" git checkout -b "release-${RELEASE}" - git commit --no-verify --allow-empty -m "Empty commit to diverge ${RELEASE} from master" + + # Modify values needed for konflux + SUFFIX="-${{ needs.determine-version.outputs.stackrox-major }}-${{ needs.determine-version.outputs.stackrox-minor }}" + sed -i \ + -e "/appstudio.openshift.io\/application: / s/$/${SUFFIX}/" \ + -e "/appstudio.openshift.io\/component: / s/$/${SUFFIX}/" \ + -e "/serviceAccountName: / s/$/${SUFFIX}/" \ + .tekton/collector-build.yaml + + git commit --no-verify -m "Commit to diverge ${RELEASE} from master" - name: Push release branch if: needs.determine-version.outputs.release-type != 'patch' diff --git a/docs/release.md b/docs/release.md index d23ef6cbc2..c36acf00a3 100644 --- a/docs/release.md +++ b/docs/release.md @@ -10,6 +10,11 @@ ## Automated release +**Note**: If stackrox is doing a major version bump, do not use the +automated release workflow!! Follow the manual instructions below +instead. +--- + A workflow for automated releases can be found in the 'Actions' tab of GitHub. Once in said tab, look for the `Tag a new release` workflow in the side bar, select it and use the `Run workflow` button on the far @@ -54,7 +59,7 @@ git pull 2. Set the release environment variable, which should be incremented from the previous released version. ```sh -export COLLECTOR_RELEASE=3.8 +export COLLECTOR_RELEASE=3.22 ``` 3. Create an internal release tag to mark on the master branch where we forked for the release. @@ -64,11 +69,22 @@ git tag "${COLLECTOR_RELEASE}.x" git push origin "${COLLECTOR_RELEASE}.x" ``` -4. Create the release branch with an empty commit and push. +4. Set the ACS version suffix to be used by konflux, this should be the major and minor versions of ACS that will use the collector version being tagged. + +```sh +export STACKROX_SUFFIX=4-8 +``` + +4. Create the release branch with the required konflux suffixes. ```sh git checkout -b "release-${COLLECTOR_RELEASE}" -git commit --allow-empty -m "Empty commit to diverge ${COLLECTOR_RELEASE} from master" +sed -i \ + -e "/appstudio.openshift.io\/application: / s/$/-${STACKROX_SUFFIX}/" \ + -e "/appstudio.openshift.io\/component: / s/$/-${STACKROX_SUFFIX}/" \ + -e "/serviceAccountName: / s/$/-${STACKROX_SUFFIX}/" \ + .tekton/collector-build.yaml +git commit -m "Empty commit to diverge ${COLLECTOR_RELEASE} from master" git push --set-upstream origin "release-${COLLECTOR_RELEASE}" ``` @@ -77,7 +93,7 @@ git push --set-upstream origin "release-${COLLECTOR_RELEASE}" ```sh export COLLECTOR_PATCH_NUMBER=0 -export COLLECTOR_RELEASE=3.8 +export COLLECTOR_RELEASE=3.22 ``` 6. Tag and push the release. From 3205010c9f46b4072a45fc07ec8641816b56c4ae Mon Sep 17 00:00:00 2001 From: Olivier Valentin Date: Fri, 3 Oct 2025 11:23:09 +0200 Subject: [PATCH 2/4] Missing '.' in get-latest-version path --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 33874f9f28..ffa9d8aab1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -104,7 +104,7 @@ jobs: - name: Get stackrox version id: stackrox-version-last if: steps.final-values.outputs.type != 'patch' - uses: ./github/actions/get-latest-version + uses: ./.github/actions/get-latest-version with: repo: ${{ github.workspace }}/collector/proto/third_party/stackrox From cb2ca6d43e271eba7c39115c94d370879112a719 Mon Sep 17 00:00:00 2001 From: Olivier Valentin Date: Fri, 3 Oct 2025 11:46:45 +0200 Subject: [PATCH 3/4] chdir to the repo we want to extract the version from. --- .github/actions/get-latest-version/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/get-latest-version/action.yml b/.github/actions/get-latest-version/action.yml index c6e5f85d8b..53b9ad1544 100644 --- a/.github/actions/get-latest-version/action.yml +++ b/.github/actions/get-latest-version/action.yml @@ -24,8 +24,9 @@ runs: steps: - id: version env: - REQUIRED_MAJOR: ${{ steps.inputs.required-major }} + REQUIRED_MAJOR: ${{ inputs.required-major }} shell: bash + working-directory: ${{ inputs.repo }} run: | tag=(0 0) while read -r line; do From 16baae702105c31c87a891b024c895a5fb4f0fb2 Mon Sep 17 00:00:00 2001 From: Olivier Valentin Date: Fri, 3 Oct 2025 12:23:43 +0200 Subject: [PATCH 4/4] Stage files to be commited --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ffa9d8aab1..922f232081 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -203,6 +203,7 @@ jobs: -e "/serviceAccountName: / s/$/${SUFFIX}/" \ .tekton/collector-build.yaml + git add -u . git commit --no-verify -m "Commit to diverge ${RELEASE} from master" - name: Push release branch