44 workflow_dispatch :
55 inputs :
66 version :
7- description : " Release version"
7+ description : " Release version (e.g. v1.2.3) "
88 required : true
99 type : string
1010 authors :
11- description : " Comma-separated list of author emails"
11+ description :
" Comma-separated list of author emails (e.g. [email protected] ) " 1212 required : true
1313 type : string
1414 image_sha :
@@ -24,6 +24,7 @@ permissions:
2424 contents : write
2525 pull-requests : write
2626
27+
2728jobs :
2829 # Image2commit: Creates a mapping between the image_sha given as input and the actual git commit
2930 # This is necassary for the release-image step that requires checking out that exact git commit
6667 release-image :
6768 runs-on : ubuntu-latest
6869 environment : release
69- needs : image2commit
7070 env :
7171 VERSION : ${{ github.event.inputs.version || 'test-0.0.0-dev' }}
7272 AUTHORS : ${{ github.event.inputs.authors || 'unknown' }}
@@ -95,15 +95,15 @@ jobs:
9595 uses : docker/login-action@v3
9696 with :
9797 registry : docker.io
98- username : ${{ secrets.ANDRPAC_DOCKER_USERNAME }}
99- password : ${{ secrets.ANDRPAC_DOCKER_PASSWORD }}
98+ username : ${{ secrets.DOCKER_USERNAME }}
99+ password : ${{ secrets.DOCKER_PASSWORD }}
100100
101101 - name : Log in to Quay registry
102102 uses : docker/login-action@v3
103103 with :
104104 registry : quay.io
105- username : ${{ secrets.ANDRPAC_QUAY_USERNAME }}
106- password : ${{ secrets.ANDRPAC_QUAY_PASSWORD }}
105+ username : ${{ secrets.QUAY_USERNAME }}
106+ password : ${{ secrets.QUAY_PASSWORD }}
107107
108108 - name : Log in to Artifactory
109109 uses : docker/login-action@v3
@@ -112,9 +112,6 @@ jobs:
112112 username : ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
113113 password : ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}
114114
115- - name : Install devbox
116- uses :
jetify-com/[email protected] 117-
118115 # This step configures all of the dynamic variables needed for later steps
119116 - name : Configure job environment for downstream steps
120117 id : tags
@@ -135,30 +132,6 @@ jobs:
135132 echo "quay_certified_image_url=$quay_certified_image_url" >> $GITHUB_OUTPUT
136133
137134# Move prerelease images to official release registries in Docker Hub and Quay
138- - name : Move image to Docker registry release from prerelease
139- run : devbox run -- ./scripts/move-image.sh
140- env :
141- IMAGE_SRC_REPO : ${{ env.DOCKER_PRERELEASE_REPO }}
142- IMAGE_DEST_REPO : ${{ env.DOCKER_RELEASE_REPO }}
143- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
144- IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
145-
146- - name : Move image to Quay registry release from prerelease
147- run : devbox run -- ./scripts/move-image.sh
148- env :
149- IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
150- IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
151- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
152- IMAGE_DEST_TAG : ${{ steps.tags.outputs.release_tag }}
153-
154- # Create Openshift certified images
155- - name : Create OpenShift certified image on Quay
156- run : devbox run -- ./scripts/move-image.sh
157- env :
158- IMAGE_SRC_REPO : ${{ env.QUAY_PRERELEASE_REPO }}
159- IMAGE_DEST_REPO : ${{ env.QUAY_RELEASE_REPO }}
160- IMAGE_SRC_TAG : ${{ steps.tags.outputs.promoted_tag }}
161- IMAGE_DEST_TAG : ${{ steps.tags.outputs.certified_tag }}
162135
163136 # Link updates to pr: all-in-one.yml, helm-updates, sdlc requirements
164137 - name : Generate deployment configurations
@@ -168,55 +141,76 @@ jobs:
168141 IMAGE_URL : ${{ steps.tags.outputs.docker_image_url }}
169142
170143 - name : Bump Helm chart version
171- run : devbox run -- ./scripts/bump-helm-chart-version.sh
144+ run : ./scripts/bump-helm-chart-version.sh
172145
173146 # Prepare SDLC requirement: signatures, sboms, compliance reports
174147 # Note, signed images will live in mongodb/release and mongodb/signature repos
175- - name : Sign released images
176- run : |
177- devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_RELEASE_REPO }}"
178- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
179- devbox run -- make sign IMG="${{ steps.tags.outputs.docker_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
180- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.QUAY_RELEASE_REPO }}"
181- devbox run -- make sign IMG="${{ steps.tags.outputs.quay_certified_image_url }}" SIGNATURE_REPO="${{ env.DOCKER_SIGNATURE_REPO }}"
182- env :
183- PKCS11_URI : ${{ secrets.PKCS11_URI }}
184- GRS_USERNAME : ${{ secrets.GRS_USERNAME }}
185- GRS_PASSWORD : ${{ secrets.GRS_PASSWORD }}
186-
187- - name : Generate SBOMs
188- run : devbox run -- make generate-sboms RELEASED_OPERATOR_IMAGE="${{ env.DOCKER_RELEASE_REPO }}"
189148
190149 - name : Create SDLC report
191- run : devbox run -- make gen-sdlc-checklist
150+ run : make gen-sdlc-checklist
192151
193152 # Create PR on release branch with all updates generated
194- - name : Create release branch with updates, tag new updates
153+ - name : Create release pr with all updated artefacts
195154 env :
196- GITHUB_TOKEN : ${{ steps.generate_token.outputs.token }}
155+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
197156 run : |
198- git config --global user.name "${{ steps.generate_token.outputs.user-name }}"
199- git config --global user.email "${{ steps.generate_token.outputs.user-email }}"
200-
157+ export VERSION="${VERSION}"
201158 export BRANCH="new-release/${VERSION}"
202159 export COMMIT_MESSAGE="feat: release ${VERSION} from release-image workflow"
203- export RELEASE_DIR="docs/releases/${VERSION}"
160+ export RELEASE_DIR="releases/${VERSION}"
161+ export SOURCE_COMMIT=$(git rev-parse HEAD)
162+
163+ git config --global user.name "${{ steps.generate_token.outputs.user-name }}"
164+ git config --global user.email "${{ steps.generate_token.outputs.user-email }}"
204165
205- git checkout -b "$BRANCH"
206-
207166 mkdir -p "$RELEASE_DIR"
208- mv deploy "$RELEASE_DIR"/deploy
209- mv bundle "$RELEASE_DIR"/bundle
210- mv bundle.Dockerfile "$RELEASE_DIR"/bundle.Dockerfile
211-
167+ mv deploy "$RELEASE_DIR/deploy"
168+ mv bundle "$RELEASE_DIR/bundle"
169+ mv helm-charts "$RELEASE_DIR/helm-charts"
170+ mv bundle.Dockerfile "$RELEASE_DIR/bundle.Dockerfile"
171+
172+ git fetch origin
173+ git checkout -b "$BRANCH" origin/main
174+ git push -ff origin "$BRANCH"
175+
212176 git add -f "$RELEASE_DIR"
213177 scripts/create-signed-commit.sh
214178
215179 gh pr create \
216180 --draft \
217- --head="$BRANCH" \
181+ --base main \
182+ --head "$BRANCH" \
218183 --title "$COMMIT_MESSAGE" \
219- --body "This is an autogenerated PR to prepare for the release"
184+ --body "This is an autogenerated PR to prepare for the release"
185+
186+ git checkout $SOURCE_COMMIT
187+
188+ # Create release artefacts on GitHub
189+ - name : Create configuration package
190+ run : |
191+ set -x
192+ tar czvf atlas-operator-all-in-one-${{ env.VERSION }}.tar.gz -C deploy all-in-one.yaml
193+
194+ name : Tag the release assets
195+ run : |
196+ git fetch --tags
197+ git tag ${{ env.VERSION }}
198+ git push -ff origin ${{ env.VERSION }}
199+
200+ name : Create release on GitHub
201+ uses : softprops/action-gh-release@v2
202+ with :
203+ draft : true
204+ prerelease : false
205+ tag_name : ${{ env.VERSION }}
206+ name : ${{ env.VERSION }}
207+ token : ${{ secrets.GITHUB_TOKEN }}
208+ body_path : docs/release-notes/release-notes-template.md
209+ files : |
210+ ./atlas-operator-all-in-one-${{ env.VERSION }}.tar.gz
211+ ./docs/releases/v${{ env.VERSION }}/sdlc-compliance.md
212+ ./docs/releases/v${{ env.VERSION }}/linux-amd64.sbom.json
213+ ./docs/releases/v${{ env.VERSION }}/linux-arm64.sbom.json
220214
221215prepare-environment :
222216 name : Set up Environment Variables
0 commit comments