weizhoublue · weizhoublue · Mar 14, 2022 · Mar 14, 2022
diff --git a/.github/workflows/auto-release.yaml b/.github/workflows/auto-release.yaml
@@ -0,0 +1,397 @@
+# build the release image under an clean env , and it is trigger by tag event
+# buid image like: ghcr.io/weizhoublue/github-action-test/controllerimage:v1.0.0
+name: Build Image Release
+
+env:
+  ONLINE_REGISTER: ghcr.io
+  BUILD_PLATFORM: linux/amd64,linux/arm64
+  ONLINE_REGISTER_USER: ${{ github.actor }}
+  ONLINE_REGISTER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+  CHART_DEST_BRANCH: chart
+  CHANGELOG_DIR: changelogs
+  MERGE_TO_BRANCH: main
+  PR_LABEL: pr/release/robot_changelog
+  PR_REVIWER: weizhoublue
+  CHANGELOG_CONF: .github/changelog_builder_conf.json
+  CHANGELOG_RESULT_DIR: changelogs
+  CHANGELOG_TEMP_FILE: _temp_changelog
+  PAT: ${{ secrets.PAT }}
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+      - v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag'
+        required: true
+
+
+permissions: write-all
+
+jobs:
+  build-and-push:
+    environment: release
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: controllerimage
+            dockerfile: ./images/controllerimage/Dockerfile
+            # root path of this project
+            context: ./
+
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+
+      - name: Login to online register
+        uses: docker/[email protected]
+        with:
+          username: ${{ env.ONLINE_REGISTER_USER }}
+          password: ${{ env.ONLINE_REGISTER_PASSWORD }}
+          registry: ${{ env.ONLINE_REGISTER }}
+
+      - name: Getting image tag
+        id: tag
+        continue-on-error: false
+        run: |
+          echo ::set-output name=tag::${GITHUB_REF##*/}
+
+
+      # https://github.com/actions/checkout
+      - name: Checkout Source Code
+        uses: actions/checkout@v2
+        continue-on-error: false
+        with:
+          # Whether to configure the token or SSH key with the local git config
+          persist-credentials: false
+          ref: ${{ steps.tag.outputs.tag }}
+
+      - name: Release Build ${{ matrix.name }}
+        uses: docker/build-push-action@v2
+        continue-on-error: false
+        id: docker_build_release
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          push: true
+          platforms: ${{ env.BUILD_PLATFORM }}
+          tags: |
+            ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
+
+      - name: Image Release Digest
+        shell: bash
+        run: |
+          mkdir -p image-digest/
+          job_name=${{ matrix.name }}
+          job_name_capital=${job_name^^}
+          job_name_underscored=${job_name_capital//-/_}
+          echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt
+
+          echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt
+          echo "" >> image-digest/${{ matrix.name }}.txt
+          echo "\`${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt
+          echo "" >> image-digest/${{ matrix.name }}.txt
+
+      # Upload artifact digests
+      - name: Upload artifact digests
+        uses: actions/[email protected]
+        with:
+          name: image-digest ${{ matrix.name }}
+          path: image-digest
+          retention-days: 1
+
+  image-digests:
+    name: Display Digests
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    steps:
+      - name: Getting image tag
+        id: tag
+        run: |
+          # GITHUB_REF： The branch or tag ref that triggered the workflow run. For branches this is the format refs/heads/<branch_name>, for tags it is refs/tags/<tag_name>, and for pull requests it is refs/pull/<pr_number>/merge
+          echo ::set-output name=tag::${GITHUB_REF##*/}
+      - name: Downloading Image Digests
+        shell: bash
+        run: |
+          mkdir -p image-digest/
+
+      - name: Download digests of all images built
+        uses: actions/[email protected]
+        with:
+          path: image-digest/
+
+      - name: Image Digests Output
+        shell: bash
+        run: |
+          cd image-digest/
+          echo "## Docker Manifests" > ../image-digest-output.txt
+          echo "" >> ../image-digest-output.txt
+          find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt
+
+      - name: Image Makefile Digests
+        shell: bash
+        run: |
+          cd image-digest/
+          echo "# File generated by .github/workflows/images-legacy-releases.yaml; DO NOT EDIT." > ../Makefile.digests
+          echo "# Copyright "$(date +'%Y')" " >> ../Makefile.digests
+          echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests
+          echo "" >> ../Makefile.digests
+          find -type f  -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests
+
+      # Upload artifact digests
+      - name: Upload artifact digests
+        uses: actions/[email protected]
+        with:
+          name: image-digest-output.txt-${{ steps.tag.outputs.tag }}
+          path: image-digest-output.txt
+          retention-days: 1
+
+      # Upload artifact digests
+      - name: Upload artifact digests
+        uses: actions/[email protected]
+        with:
+          name: Makefile.digests-${{ steps.tag.outputs.tag }}
+          path: Makefile.digests
+          retention-days: 1
+
+
+  release-chart:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    strategy:
+      matrix:
+        include:
+          # !!!!!!!!!!!! add something here !!!!!!!!!!!!!!!
+          - chart_dir: charts/cilium
+
+    steps:
+      - name: Getting tag
+        id: tag
+        continue-on-error: false
+        run: |
+          echo ::set-output name=tag::${GITHUB_REF##*/}
+          dest=${{ env.CHART_DEST_BRANCH }}
+          echo ::set-output name=dest::${dest}
+
+      - name: Checkout Code
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.tag.outputs.tag }}
+
+      - name: Get Base URL
+        id: get_base_url
+        run: |
+          name=${{ github.repository }}
+          proj=${name#*/}
+          url=https://${{ github.repository_owner }}.github.io/${proj}
+          echo "::set-output name=url::${url}"
+
+      - name: Install Helm
+        uses: azure/[email protected]
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Prepare Chart
+        continue-on-error: false
+        run: |
+          chart_dir=${{ matrix.chart_dir }}
+          [ ! -d "${chart_dir}" ] && echo "error, fail to find directory ${chart_dir}" && exit 1
+          mkdir _tmp
+          cd _tmp
+          helm package ../${chart_dir}
+          cd ..
+          mkdir -p docs/charts
+          mv _tmp/*.tgz docs/charts
+          rm -rf _tmp
+
+      - name: Prepare Index
+        continue-on-error: false
+        run: |
+          cd docs
+          helm repo index  ./charts  --url ${{ steps.get_base_url.outputs.url }}/charts
+          mv ./charts/index.yaml ./
+
+      #https://github.com/actions/upload-artifact
+      # Where does the upload go?  At the bottom of the workflow summary page
+      - name: Upload chart
+        uses: actions/[email protected]
+        with:
+          name: chart-package
+          path: docs/charts/*.tgz
+          retention-days: 1
+          if-no-files-found: error
+
+
+      - name: Create Pull Request
+        id: create_pr
+        uses: peter-evans/[email protected]
+        with:
+          title: "robot Update chart from tag ${{ steps.tag.outputs.tag }} to branch ${{ steps.tag.outputs.dest }}"
+          # from branch
+          commit-message: "robot Update chart from tag ${{ steps.tag.outputs.tag }} to branch ${{ steps.tag.outputs.dest }}"
+          # branch name: ${branch}-${branch-suffix}
+          # an branch suffix could make sure the branch is unique
+          branch-suffix: timestamp
+          branch: update_chart
+          # Delete the branch when closing pull requests, and when undeleted after merging
+          delete-branch: true
+          # merge to
+          base: ${{ steps.tag.outputs.dest }}
+          signoff: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: ${{ env.PR_LABEL }}
+          reviewers: ${{ env.PR_REVIWER }}
+
+
+  release-changelog:
+    needs: release-chart
+    name: auto generate release changelog
+    runs-on: ubuntu-latest
+    steps:
+      # checkout code for tag and pr
+      - name: Checkout Code
+        uses: actions/checkout@v2
+        with:
+          # Only a single commit is fetched by default, for the ref/SHA that triggered the workflow
+          # if Set fetch-depth: 0 to fetch all history for all branches and tags
+          fetch-depth: 0
+
+      # https://github.com/mikepenz/release-changelog-builder-action
+      # PRs will only show up in the changelog if assigned one of the default label categories "feature", "fix" or "test" . Or else, we should configure yaml
+      # auto parse the latest tag and previous one
+      - name: Build Changelog By Auto Tag
+        id: create_changelog_by_auto_tag
+        uses: mikepenz/[email protected]
+        with:
+          configuration: ${{ env.CHANGELOG_CONF }}
+          outputFile: ${{ env.CHANGELOG_RESULT_DIR }}/${{ env.CHANGELOG_TEMP_FILE }}
+          failOnError: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate Changelog File
+        id: generate_changelog_file
+        continue-on-error: false
+        run: |
+          TEMP_FILE=${{ env.CHANGELOG_RESULT_DIR }}/${{ env.CHANGELOG_TEMP_FILE }}
+          if [ ! -f "$TEMP_FILE" ] ; then
+               echo "failed to find auto-generated changelog result file $TEMP_FILE"
+               exit 1
+          fi
+          CHANGELOG_FILE_NAME=CHANGELOG-${{ steps.create_changelog_by_auto_tag.outputs.fromTag }}-to-${{ steps.create_changelog_by_auto_tag.outputs.toTag }}.md
+          [ ! -d "${{ env.CHANGELOG_DIR }}" ] && mkdir -p ${{ env.CHANGELOG_DIR }}
+          DEST_FILE=${{ env.CHANGELOG_DIR }}/${CHANGELOG_FILE_NAME}
+          mv ${TEMP_FILE} ${DEST_FILE}
+
+      - name: Upload Changelog
+        uses: actions/[email protected]
+        with:
+          name: changelog-result
+          path: ${{ env.CHANGELOG_DIR }}/CHANGELOG-${{ steps.create_changelog_by_auto_tag.outputs.fromTag }}-to-${{ steps.create_changelog_by_auto_tag.outputs.toTag }}.md
+          retention-days: 1
+          if-no-files-found: error
+
+      # https://github.com/peter-evans/create-pull-request
+      #  all new and modified files will be committed
+      - name: Create Pull Request
+        id: create_pr
+        uses: peter-evans/[email protected]
+        with:
+          title: "robot Update Changelog from tag ${{ steps.create_changelog_by_auto_tag.outputs.fromTag }} to tag ${{ steps.create_changelog_by_auto_tag.outputs.toTag }}"
+          # from branch
+          commit-message: "robot update Changelog from tag ${{ steps.create_changelog_by_auto_tag.outputs.fromTag }} to tag ${{ steps.create_changelog_by_auto_tag.outputs.toTag }}"
+          # branch name: ${branch}-${branch-suffix}
+          # an branch suffix could make sure the branch is unique
+          branch-suffix: timestamp
+          branch: update_changelog
+          # Delete the branch when closing pull requests, and when undeleted after merging
+          delete-branch: true
+          # merge to
+          base: ${{ env.MERGE_TO_BRANCH }}
+          signoff: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: ${{ env.PR_LABEL }}
+          reviewers: ${{ env.PR_REVIWER }}
+
+      - name: Check PR Outputs
+        if: ${{ steps.create_pr.outputs.pull-request-number }}
+        run: |
+          echo "Pull Request Number - ${{ steps.create_pr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.create_pr.outputs.pull-request-url }}"
+
+      # auto apporve the pr if requirements have been satisfied
+      # https://github.com/peter-evans/enable-pull-request-automerge
+      # Can't enable auto-merge for this pull request
+      #- name: PR Auto Approve
+      #  uses: peter-evans/[email protected]
+      #  with:
+      #    token: ${{ env.PAT }}
+      #    pull-request-number: ${{ steps.create_pr.outputs.pull-request-number }}
+      #    merge-method: merge
+
+  create-release:
+    needs: release-changelog
+    name: auto generate release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Getting tag
+        id: tag
+        continue-on-error: false
+        run: |
+          echo ::set-output name=tag::${GITHUB_REF##*/}
+
+      - name: Prepare Directory
+        shell: bash
+        run: |
+          mkdir -p chart-package/
+          mkdir -p changelog-result/
+
+      - name: Download Chart
+        uses: actions/[email protected]
+        with:
+          name: chart-package
+          path: chart-package/
+
+      - name: Download Changelog
+        uses: actions/[email protected]
+        with:
+          name: changelog-result
+          path: changelog-result/
+
+      - name: Display downloaded files
+        continue-on-error: false
+        run: |
+          if ! ls chart-package/*.tgz &>/dev/null ; then
+              echo "error, failed to find any chart "
+              exit 1
+          fi
+          ls chart-package/*.tgz
+          if ! changelog-result/*.md &>/dev/null ; then
+              echo "error, failed to find changelog "
+              exit 1
+          fi
+          cat changelog-result/*.md       
+
+      # https://github.com/softprops/action-gh-release
+      - name: Create Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: chart-package/*.tgz
+          body_path: changelog-result/*.md
+          tag: ${{ steps.tag.outputs.tag }}
+          # Indicator of whether to fail if any of the files globs match nothing
+          fail_on_unmatched_files: true
+          token: ${{ github.token }}
+          append_body: true
+
+      - name: Show Result
+        run: |
+          echo " release url: ${{ steps.create_release.outputs.url }}"
+          echo " release id: ${{ steps.create_release.outputs.id }}"
+          echo " release upload_url: ${{ steps.create_release.outputs.upload_url }}"
+          echo " release assets: ${{ steps.create_release.outputs.assets }}"