From 8cf20ed7f5ece5f7b11127b1fdf917ee93d15179 Mon Sep 17 00:00:00 2001 From: Chaminda Divitotawela Date: Thu, 3 Oct 2024 12:07:19 +1000 Subject: [PATCH] Changes to release workflow (#7711) * Changes to release workflow - Workflow environment variable changed to RELEASE_VERSION instead of RELEASE_NAME to make it more meaningful - Workflows draft-release and docker-promote previously trigger workflow container-verify. This can result in trigger is successful but actual verification workflow fails. This will not be reflected in the draft-release and docker-promote workflows. Container verify code is embedded in the draft-release and docker-promote workflows to avoid this confusion Signed-off-by: Chaminda Divitotawela * PR comment improvements Signed-off-by: Chaminda Divitotawela * Match the only tags starting with word latest for latest check Signed-off-by: Chaminda Divitotawela --------- Signed-off-by: Chaminda Divitotawela Co-authored-by: Simon Dudley --- .github/workflows/BesuContainerVerify.sh | 2 +- .github/workflows/docker-promote.yml | 64 ++++++--- .github/workflows/draft-release.yml | 160 +++++++++++++---------- 3 files changed, 139 insertions(+), 87 deletions(-) diff --git a/.github/workflows/BesuContainerVerify.sh b/.github/workflows/BesuContainerVerify.sh index 81537f3264..1560de5c44 100644 --- a/.github/workflows/BesuContainerVerify.sh +++ b/.github/workflows/BesuContainerVerify.sh @@ -57,7 +57,7 @@ else fi # For the latest tag check the version match -if [[ ${TAG} == "latest" && ${CHECK_LATEST} == "true" ]] +if [[ ${TAG} =~ ^latest && ${CHECK_LATEST} == "true" ]] then _VERSION_IN_LOG=$(docker logs ${CONTAINER_NAME} | grep "#" | grep "Besu version" | cut -d " " -f 4 | sed 's/\s//g') echo "Extracted version from logs [$_VERSION_IN_LOG]" diff --git a/.github/workflows/docker-promote.yml b/.github/workflows/docker-promote.yml index 858ea7d20e..18a3cc3170 100644 --- a/.github/workflows/docker-promote.yml +++ b/.github/workflows/docker-promote.yml @@ -14,25 +14,25 @@ jobs: validate: runs-on: ubuntu-22.04 env: - RELEASE_NAME: "${{ github.event.release.name }}" + RELEASE_VERSION: "${{ github.event.release.name }}" steps: - name: Pre-process Release Name - id: pre_process_release_name + id: pre_process_release_version run: | # strip all whitespace - RELEASE_NAME="${RELEASE_NAME//[[:space:]]/}" - if [[ ! "$RELEASE_NAME" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?(-.*)?$ ]]; then + RELEASE_VERSION="${RELEASE_VERSION//[[:space:]]/}" + if [[ ! "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?(-.*)?$ ]]; then echo "Release name does not conform to a valid besu release format YY.M.v[-suffix], e.g. 24.8.0-RC1." exit 1 fi - echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT # Set as output using the new syntax + echo "release_version=$RELEASE_VERSION" >> $GITHUB_OUTPUT # Set as output using the new syntax outputs: - release_name: ${{ steps.pre_process_release_name.outputs.release_name }} + release_version: ${{ steps.pre_process_release_version.outputs.release_version }} docker-promote: needs: [validate] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} runs-on: ubuntu-22.04 steps: - name: Checkout @@ -58,24 +58,52 @@ jobs: cache-disabled: true - name: Docker upload - run: ./gradlew "-Prelease.releaseVersion=${{ env.RELEASE_NAME }}" "-PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }}" dockerUploadRelease + run: ./gradlew "-Prelease.releaseVersion=${{ env.RELEASE_VERSION }}" "-PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }}" dockerUploadRelease - name: Docker manifest - run: ./gradlew "-Prelease.releaseVersion=${{ env.RELEASE_NAME }}" "-PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }}" manifestDockerRelease + run: ./gradlew "-Prelease.releaseVersion=${{ env.RELEASE_VERSION }}" "-PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }}" manifestDockerRelease docker-verify: - needs: [validate, docker-promote] + needs: [validate,docker-promote] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job - runs-on: ubuntu-22.04 - permissions: - contents: read - actions: write + CONTAINER_NAME: besu-check + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} + runs-on: ${{ matrix.combination.runner }} + timeout-minutes: 4 + strategy: + matrix: + combination: + - tag: latest-amd64 + platform: 'linux/amd64' + runner: ubuntu-22.04 + - tag: latest + platform: '' + runner: ubuntu-22.04 + - tag: latest-arm64 + platform: '' + runner: besu-arm64 + - tag: latest + platform: '' + runner: besu-arm64 + steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + sparse-checkout: '.github/workflows/BesuContainerVerify.sh' - - name: Trigger container verify - run: echo '{"version":"${{ env.RELEASE_NAME }}","verify-latest-version":"true"}' | gh workflow run container-verify.yml --json + - name: Start container + run: | + PLATFORM_OPT="" + [[ x${{ matrix.combination.platform }} != 'x' ]] && PLATFORM_OPT="--platform ${{ matrix.combination.platform }}" + docker run -d $PLATFORM_OPT --name ${{ env.CONTAINER_NAME }} ${{ secrets.DOCKER_ORG }}/besu:${{ matrix.combination.tag }} + + - name: Verify besu container + run: bash .github/workflows/BesuContainerVerify.sh env: - GH_TOKEN: ${{ github.token }} + TAG: ${{ matrix.combination.tag }} + VERSION: ${{ env.RELEASE_VERSION }} + CHECK_LATEST: true + + - name: Stop container + run: docker stop ${{ env.CONTAINER_NAME }} diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index f6e01e1890..8dc61bec46 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -16,7 +16,7 @@ jobs: validate: runs-on: ubuntu-22.04 env: - RELEASE_NAME: "${{ inputs.tag }}" + RELEASE_VERSION: "${{ inputs.tag }}" steps: - name: Check default branch run: | @@ -24,36 +24,36 @@ jobs: echo "Default Branch: ${{ github.event.repository.default_branch }}" if [[ ${{ github.ref_name }} != ${{ github.event.repository.default_branch }} ]] then - echo "This workflow can only be run on default branch" + echo "This workflow can only be run on default branch. This is not an issue for hot fixes as code is checked out from the tag" exit 1 fi - + - name: Pre-process Release Name - id: pre_process_release_name + id: validate_release_version run: | # strip all whitespace - RELEASE_NAME="${RELEASE_NAME//[[:space:]]/}" - if [[ ! "$RELEASE_NAME" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?(-.*)?$ ]]; then + RELEASE_VERSION="${RELEASE_VERSION//[[:space:]]/}" + if [[ ! "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?(-.*)?$ ]]; then echo "Release name does not conform to a valid besu release format YY.M.v[-suffix], e.g. 24.8.0-RC1." exit 1 fi - echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT # Set as output using the new syntax - + echo "release_version=$RELEASE_VERSION" >> $GITHUB_OUTPUT # Set as output using the new syntax + # Perform a tag checkout to ensure tag is available - name: Verify tag Exist uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - with: - ref: ${{ steps.pre_process_release_name.outputs.release_name }} + with: + ref: ${{ steps.validate_release_version.outputs.release_version }} fetch-depth: 1 outputs: - release_name: ${{ steps.pre_process_release_name.outputs.release_name }} + release_version: ${{ steps.validate_release_version.outputs.release_version }} build: runs-on: ubuntu-22.04 needs: validate env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} # Use the output from the pre_process_release job outputs: tarSha: ${{steps.hashes.outputs.tarSha}} zipSha: ${{steps.hashes.outputs.zipSha}} @@ -61,22 +61,22 @@ jobs: - name: Checkout tag uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} - + ref: ${{ env.RELEASE_VERSION }} + - name: Set up Java uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 21 - + - name: Setup gradle uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1 with: cache-disabled: true - + - name: Assemble release run: - ./gradlew -Prelease.releaseVersion=${{env.RELEASE_NAME}} -Pversion=${{env.RELEASE_NAME}} assemble + ./gradlew -Prelease.releaseVersion=${{env.RELEASE_VERSION}} -Pversion=${{env.RELEASE_VERSION}} assemble - name: Hashes id: hashes @@ -86,35 +86,35 @@ jobs: echo "tarSha=$(shasum -a 256 besu*.tar.gz)" echo "zipSha=$(shasum -a 256 besu*.zip)" >> $GITHUB_OUTPUT echo "tarSha=$(shasum -a 256 besu*.tar.gz)" >> $GITHUB_OUTPUT - shasum -a 256 besu-${{env.RELEASE_NAME}}.tar.gz > besu-${{env.RELEASE_NAME}}.tar.gz.sha256 - shasum -a 256 besu-${{env.RELEASE_NAME}}.zip > besu-${{env.RELEASE_NAME}}.zip.sha256 - + shasum -a 256 besu-${{env.RELEASE_VERSION}}.tar.gz > besu-${{env.RELEASE_VERSION}}.tar.gz.sha256 + shasum -a 256 besu-${{env.RELEASE_VERSION}}.zip > besu-${{env.RELEASE_VERSION}}.zip.sha256 + - name: Upload tarball uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: - path: 'build/distributions/besu-${{ env.RELEASE_NAME }}.tar.gz' - name: besu-${{ env.RELEASE_NAME }}.tar.gz + path: 'build/distributions/besu-${{ env.RELEASE_VERSION }}.tar.gz' + name: besu-${{ env.RELEASE_VERSION }}.tar.gz compression-level: 0 - + - name: upload zipfile uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: - path: 'build/distributions/besu-${{ env.RELEASE_NAME }}.zip' - name: besu-${{ env.RELEASE_NAME }}.zip + path: 'build/distributions/besu-${{ env.RELEASE_VERSION }}.zip' + name: besu-${{ env.RELEASE_VERSION }}.zip compression-level: 0 - name: upload checksum zip uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: - path: 'build/distributions/besu-${{ env.RELEASE_NAME }}.zip.sha256' - name: besu-${{ env.RELEASE_NAME }}.zip.sha256 + path: 'build/distributions/besu-${{ env.RELEASE_VERSION }}.zip.sha256' + name: besu-${{ env.RELEASE_VERSION }}.zip.sha256 compression-level: 0 - name: upload checksum tar.gz uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: - path: 'build/distributions/besu-${{ env.RELEASE_NAME }}.tar.gz.sha256' - name: besu-${{ env.RELEASE_NAME }}.tar.gz.sha256 + path: 'build/distributions/besu-${{ env.RELEASE_VERSION }}.tar.gz.sha256' + name: besu-${{ env.RELEASE_VERSION }}.tar.gz.sha256 compression-level: 0 test-windows: @@ -127,7 +127,7 @@ jobs: with: distribution: temurin java-version: 21 - + - name: Download zip uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe with: @@ -153,7 +153,7 @@ jobs: with: distribution: temurin java-version: 21 - + - name: Download tar.gz uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe with: @@ -172,20 +172,20 @@ jobs: runs-on: ubuntu-22.04 needs: [test-linux, test-windows] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} # Use the output from the pre_process_release job steps: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} + ref: ${{ env.RELEASE_VERSION }} - name: hadoLint run: docker run --rm -i hadolint/hadolint < docker/Dockerfile - + docker-publish: needs: [validate, docker-lint] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} # Use the output from the pre_process_release job strategy: fail-fast: false matrix: @@ -198,7 +198,7 @@ jobs: id: prep run: | platform=${{ matrix.platform }} - if [ "$platform" = 'ubuntu-22.04' ]; then + if [ "$platform" = 'ubuntu-22.04' ]; then echo "PLATFORM_PAIR=linux-amd64" >> $GITHUB_OUTPUT echo "ARCH=amd64" >> $GITHUB_OUTPUT else @@ -209,7 +209,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} + ref: ${{ env.RELEASE_VERSION }} - name: short sha id: shortSha @@ -225,7 +225,7 @@ jobs: uses: gradle/actions/setup-gradle@9e899d11ad247ec76be7a60bc1cf9d3abbb9e7f1 with: cache-disabled: true - + - name: install goss run: | mkdir -p docker/reports @@ -244,23 +244,23 @@ jobs: architecture: ${{ steps.prep.outputs.ARCH }} with: cache-disabled: true - arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_NAME}} -Prelease.releaseVersion=${{ env.RELEASE_NAME }} + arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_VERSION}} -Prelease.releaseVersion=${{ env.RELEASE_VERSION }} - name: publish env: architecture: ${{ steps.prep.outputs.ARCH }} - run: ./gradlew --no-daemon dockerUpload -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_NAME}} -Prelease.releaseVersion=${{ env.RELEASE_NAME }} + run: ./gradlew --no-daemon dockerUpload -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_VERSION}} -Prelease.releaseVersion=${{ env.RELEASE_VERSION }} docker-manifest: needs: [validate, docker-publish] runs-on: ubuntu-22.04 env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} steps: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} + ref: ${{ env.RELEASE_VERSION }} - name: Set up Java uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 @@ -281,24 +281,48 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD_RW }} - name: multi-arch docker - run: ./gradlew manifestDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_NAME}} -Prelease.releaseVersion=${{ env.RELEASE_NAME }} + run: ./gradlew manifestDocker -PdockerOrgName=${{ env.registry }}/${{ secrets.DOCKER_ORG }} -Pversion=${{env.RELEASE_VERSION}} -Prelease.releaseVersion=${{ env.RELEASE_VERSION }} docker-verify: needs: [validate,docker-manifest] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} # Use the output from the pre_process_release job - runs-on: ubuntu-22.04 - permissions: - contents: read - actions: write + CONTAINER_NAME: besu-check + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} + runs-on: ${{ matrix.combination.runner }} + timeout-minutes: 4 + strategy: + matrix: + combination: + - tag: ${{ needs.validate.outputs.release_version }} + platform: '' + runner: ubuntu-22.04 + - tag: ${{ needs.validate.outputs.release_version }}-amd64 + platform: 'linux/amd64' + runner: ubuntu-22.04 + - tag: ${{ needs.validate.outputs.release_version }}-arm64 + platform: '' + runner: besu-arm64 steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + sparse-checkout: '.github/workflows/BesuContainerVerify.sh' + + - name: Start container + run: | + PLATFORM_OPT="" + [[ x${{ matrix.combination.platform }} != 'x' ]] && PLATFORM_OPT="--platform ${{ matrix.combination.platform }}" + docker run -d $PLATFORM_OPT --name ${{ env.CONTAINER_NAME }} ${{ secrets.DOCKER_ORG }}/besu:${{ matrix.combination.tag }} - - name: Trigger container verify - run: echo '{"version":"${{ env.RELEASE_NAME }}","verify-latest-version":"false"}' | gh workflow run container-verify.yml --json + - name: Verify besu container + run: bash .github/workflows/BesuContainerVerify.sh env: - GH_TOKEN: ${{ github.token }} + TAG: ${{ matrix.combination.tag }} + VERSION: ${{ env.RELEASE_VERSION }} + CHECK_LATEST: false + + - name: Stop container + run: docker stop ${{ env.CONTAINER_NAME }} release-draft: runs-on: ubuntu-22.04 @@ -306,42 +330,42 @@ jobs: permissions: contents: write env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} steps: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} + ref: ${{ env.RELEASE_VERSION }} - name: Download Besu artifacts uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe with: - pattern: besu-${{env.RELEASE_NAME}}* + pattern: besu-${{env.RELEASE_VERSION}}* merge-multiple: true - name: Draft release notes run: | - echo "## ${{env.RELEASE_NAME}}" > draft-release-notes.md + echo "## ${{env.RELEASE_VERSION}}" > draft-release-notes.md echo "## Upcoming Breaking Changes" >> draft-release-notes.md echo "## Breaking Changes" >> draft-release-notes.md echo "## Additions and Improvements" >> draft-release-notes.md echo "## Bug fixes" >> draft-release-notes.md - echo "`$(cat besu-${{env.RELEASE_NAME}}.zip.sha256)`" >> draft-release-notes.md - echo "`$(cat besu-${{env.RELEASE_NAME}}.tar.gz.sha256)`" >> draft-release-notes.md - cat besu-${{env.RELEASE_NAME}}.zip.sha256 >> draft-release-notes.md - cat besu-${{env.RELEASE_NAME}}.tar.gz.sha256 >> draft-release-notes.md + echo "`$(cat besu-${{env.RELEASE_VERSION}}.zip.sha256)`" >> draft-release-notes.md + echo "`$(cat besu-${{env.RELEASE_VERSION}}.tar.gz.sha256)`" >> draft-release-notes.md + cat besu-${{env.RELEASE_VERSION}}.zip.sha256 >> draft-release-notes.md + cat besu-${{env.RELEASE_VERSION}}.tar.gz.sha256 >> draft-release-notes.md - name: Draft release run: | gh release create \ --draft \ - --title=${{env.RELEASE_NAME}} \ + --title=${{env.RELEASE_VERSION}} \ --notes-file draft-release-notes.md \ - --verify-tag ${{env.RELEASE_NAME}} \ - besu-${{env.RELEASE_NAME}}.tar.gz \ - besu-${{env.RELEASE_NAME}}.zip \ - besu-${{env.RELEASE_NAME}}.zip.sha256 \ - besu-${{env.RELEASE_NAME}}.tar.gz.sha256 + --verify-tag ${{env.RELEASE_VERSION}} \ + besu-${{env.RELEASE_VERSION}}.tar.gz \ + besu-${{env.RELEASE_VERSION}}.zip \ + besu-${{env.RELEASE_VERSION}}.zip.sha256 \ + besu-${{env.RELEASE_VERSION}}.tar.gz.sha256 env: GH_TOKEN: ${{ github.token }} @@ -349,12 +373,12 @@ jobs: runs-on: ubuntu-22.04 needs: [validate, test-linux, test-windows] env: - RELEASE_NAME: ${{ needs.validate.outputs.release_name }} + RELEASE_VERSION: ${{ needs.validate.outputs.release_version }} steps: - name: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: - ref: ${{ env.RELEASE_NAME }} + ref: ${{ env.RELEASE_VERSION }} - name: Set up Java uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 @@ -371,4 +395,4 @@ jobs: env: ARTIFACTORY_USER: ${{ secrets.BESU_ARTIFACTORY_USER }} ARTIFACTORY_KEY: ${{ secrets.BESU_ARTIFACTORY_TOKEN }} - run: ./gradlew -Prelease.releaseVersion=${{ env.RELEASE_NAME }} -Pversion=${{env.RELEASE_NAME}} artifactoryPublish + run: ./gradlew -Prelease.releaseVersion=${{ env.RELEASE_VERSION }} -Pversion=${{env.RELEASE_VERSION}} artifactoryPublish