From a86a9c12fc49ac7e852aa972d4e2fa6b672f77da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 18 Jul 2025 15:33:17 +0200 Subject: [PATCH 1/7] WIP --- .github/workflows/release_promotion.yml | 70 +++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/release_promotion.yml diff --git a/.github/workflows/release_promotion.yml b/.github/workflows/release_promotion.yml new file mode 100644 index 000000000..7882e84a3 --- /dev/null +++ b/.github/workflows/release_promotion.yml @@ -0,0 +1,70 @@ +name: Release Promotion + +on: + workflow_dispatch: + inputs: + commit_sha: + description: 'SHA of the commit to release' + type: string + required: true + version: + description: 'Version to promote' + required: true + type: string + +jobs: + crate_draft_release_notes: + name: Create draft Release Notes + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' + - name: Setup host + uses: ./.github/actions/setup-ubuntu-host + with: + python-version: '${{ vars.PYTHON_VERSION }}' + # Probably we should just download the Release Notes from the staging registry (together with other artifacts) + - name: Generate Release Notes + id: generate_release_notes + run: python -m scripts.release.release_notes -s $INITIAL_COMMIT_SHA -v $INITIAL_VERSION -o release_notes_final.md + env: + INITIAL_COMMIT_SHA: ${{ vars.RELEASE_INITIAL_COMMIT_SHA }} + INITIAL_VERSION: ${{ vars.RELEASE_INITIAL_VERSION }} + # Add all other assets to the release notes + # Put all of this in single script + - name: Generate draft release + run: | + gh release create $VERSION --target $COMMIT_SHA --draft --prerelease --latest --notes-file release_notes_final.md --title "Release of MCK $VERSION" --fail-on-no-commits + env: + VERSION: ${{ github.event.inputs.version }} + COMMIT_SHA: ${{ github.event.inputs.commit_sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + approve_release: + name: Approve Release + environment: production + runs-on: ubuntu-latest + steps: + - name: Create git tag + run: | + git tag -a $VERSION -m "Release of MCK $VERSION" + git push origin $VERSION + env: + VERSION: ${{ github.event.inputs.version }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_release_notess: + name: Publish Release Notes + environment: production + runs-on: ubuntu-latest + steps: + - name: Publish Release Notes + run: | + gh release edit $VERSION --draft=false --verify-tag + env: + VERSION: ${{ github.event.inputs.version }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c5fea73380470da9d0753d7066e4f831eebda3f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 18 Jul 2025 15:40:55 +0200 Subject: [PATCH 2/7] release fix --- .github/workflows/release_promotion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_promotion.yml b/.github/workflows/release_promotion.yml index 7882e84a3..4db52bf17 100644 --- a/.github/workflows/release_promotion.yml +++ b/.github/workflows/release_promotion.yml @@ -38,7 +38,7 @@ jobs: # Put all of this in single script - name: Generate draft release run: | - gh release create $VERSION --target $COMMIT_SHA --draft --prerelease --latest --notes-file release_notes_final.md --title "Release of MCK $VERSION" --fail-on-no-commits + gh release create $VERSION --target $COMMIT_SHA --draft --prerelease --latest --notes-file release_notes_final.md --title "Release of MCK $VERSION" env: VERSION: ${{ github.event.inputs.version }} COMMIT_SHA: ${{ github.event.inputs.commit_sha }} From 8f8af2754d56596446a8c7b4cb78809ff5a10af3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 18 Jul 2025 15:43:48 +0200 Subject: [PATCH 3/7] permissions fix --- .github/workflows/release_promotion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_promotion.yml b/.github/workflows/release_promotion.yml index 4db52bf17..20533dc3c 100644 --- a/.github/workflows/release_promotion.yml +++ b/.github/workflows/release_promotion.yml @@ -17,7 +17,7 @@ jobs: name: Create draft Release Notes runs-on: ubuntu-latest permissions: - contents: read + contents: write steps: - name: Check out repository uses: actions/checkout@v4 From c6f2db6123b3fac56048252b4f8b954abd176f0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 18 Jul 2025 16:00:33 +0200 Subject: [PATCH 4/7] add pre-production env --- .github/workflows/release_promotion.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release_promotion.yml b/.github/workflows/release_promotion.yml index 20533dc3c..b303f0715 100644 --- a/.github/workflows/release_promotion.yml +++ b/.github/workflows/release_promotion.yml @@ -46,9 +46,13 @@ jobs: approve_release: name: Approve Release - environment: production + environment: pre-production runs-on: ubuntu-latest steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' - name: Create git tag run: | git tag -a $VERSION -m "Release of MCK $VERSION" @@ -62,6 +66,10 @@ jobs: environment: production runs-on: ubuntu-latest steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' - name: Publish Release Notes run: | gh release edit $VERSION --draft=false --verify-tag From 4bdc74c171702b46e32f5e241e8054586cd57ae5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 18 Jul 2025 16:02:15 +0200 Subject: [PATCH 5/7] Add missing depends on --- .github/workflows/release_promotion.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release_promotion.yml b/.github/workflows/release_promotion.yml index b303f0715..58ffafff9 100644 --- a/.github/workflows/release_promotion.yml +++ b/.github/workflows/release_promotion.yml @@ -46,8 +46,9 @@ jobs: approve_release: name: Approve Release - environment: pre-production + environment: production runs-on: ubuntu-latest + needs: crate_draft_release_notes steps: - name: Check out repository uses: actions/checkout@v4 @@ -65,6 +66,7 @@ jobs: name: Publish Release Notes environment: production runs-on: ubuntu-latest + needs: approve_release steps: - name: Check out repository uses: actions/checkout@v4 From 1115c1778ec55fde721fda42016239d46a4462b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 1 Aug 2025 09:13:18 +0200 Subject: [PATCH 6/7] Move test_git_repo.mmd to testdata --- scripts/release/{ => testdata}/test_git_repo.mmd | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/release/{ => testdata}/test_git_repo.mmd (100%) diff --git a/scripts/release/test_git_repo.mmd b/scripts/release/testdata/test_git_repo.mmd similarity index 100% rename from scripts/release/test_git_repo.mmd rename to scripts/release/testdata/test_git_repo.mmd From 585688c9bcc513e768b4f866f6627e396a6db126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kara=C5=9B?= Date: Fri, 1 Aug 2025 09:13:37 +0200 Subject: [PATCH 7/7] Sample graphs for docs --- scripts/release/dev_workflow.mmd | 27 ++++++++++++++ scripts/release/staging_workflow.mmd | 36 ++++++++++++++++++ scripts/release/staging_workflow_simple.mmd | 41 +++++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 scripts/release/dev_workflow.mmd create mode 100644 scripts/release/staging_workflow.mmd create mode 100644 scripts/release/staging_workflow_simple.mmd diff --git a/scripts/release/dev_workflow.mmd b/scripts/release/dev_workflow.mmd new file mode 100644 index 000000000..3b6102b16 --- /dev/null +++ b/scripts/release/dev_workflow.mmd @@ -0,0 +1,27 @@ +%%{ + init: { + 'flowchart': { + 'htmlLabels': true + } + } +}%% +flowchart LR +%% ─────────────── Build stage ─────────────── + subgraph Build ["Build"] + direction LR + CONTAINER_IMAGES["Build Container Images
Arch: multi
Signing: yes
Tag: build_id
Registry: ECR dev"] + KUBECTL_MONGODB["Build kubectl-mongodb
Arch: multi
Signing: yes
Tag: build_id
Store: S3 dev
"] + HELM_CHARTS["Helm charts
Signing: yes
Tag: build_id
Registry: OCI ECR dev"] + OLM_BUNDLES["Openshift Bundles
Push to dev S3
Tag: build_id"] + end + +%% ─────────────── Test stage ─────────────── + subgraph Testing ["Testing"] + direction LR + TESTS["Run e2e tests"] + OLM_TESTS["Run OLM e2e tests"] + end + +%% ─────────────── Dependencies ─────────────── + + Build --> Testing diff --git a/scripts/release/staging_workflow.mmd b/scripts/release/staging_workflow.mmd new file mode 100644 index 000000000..00e112609 --- /dev/null +++ b/scripts/release/staging_workflow.mmd @@ -0,0 +1,36 @@ +--- +config: + flowchart: + htmlLabels: true +--- +flowchart TD +%% ─────────────── Build stage ─────────────── + subgraph Build["Build"] + CONTAINER_IMAGES["Build Container Images
Arch: multi
Signing: yes
Tag: commit_sha
Registry: quay.io staging"] + KUBECTL_MONGODB["Build kubectl-mongodb
Arch: multi
Signing: yes
Tag: commit_sha
Store: S3 staging/commit_sha
"] + HELM_CHARTS["Helm charts
Signing: yes
Tag: commit_sha
Registry: OCI quay.io staging"] + OLM_BUNDLES["Openshift Bundles
Preflight: yes
Tag: commit_sha
Store: S3 staging/commit_sha"] + RELEASE_NOTES["Generate Release Notes
Store: S3 staging/commit_sha"] + RELATED_VERSIONS_JSON["Generate related_versions.json
Store: S3 staging/commit_sha"] + end + +%% ─────────────── Test stage ─────────────── + subgraph Testing["Testing"] + TESTS["Run e2e tests"] + CODE_SNIPPETS["Run code snippets
Save outputs: yes
Store: S3 staging/commit_sha"] + OLM_TESTS["Run OLM e2e tests"] + end + +%% ─────────────── SBOM Generation ─────────────── + subgraph SBOM ["SBOM Generation"] + IMAGE_SBOM["Images SBOM
CycloneDX"] + KUBECTL_SBOM["Kubectl SBOM"] + AUGUMENTED_SBOM["Augment SBOMs
with Kondukto
Store: S3 staging/commit_sha"] + end + +%% ─────────────── Dependencies ─────────────── + CONTAINER_IMAGES --> TESTS & OLM_TESTS & IMAGE_SBOM & CODE_SNIPPETS + KUBECTL_MONGODB --> TESTS & KUBECTL_SBOM & CODE_SNIPPETS + IMAGE_SBOM & KUBECTL_SBOM --> AUGUMENTED_SBOM + HELM_CHARTS --> TESTS & CODE_SNIPPETS + OLM_BUNDLES --> OLM_TESTS diff --git a/scripts/release/staging_workflow_simple.mmd b/scripts/release/staging_workflow_simple.mmd new file mode 100644 index 000000000..50b2346f5 --- /dev/null +++ b/scripts/release/staging_workflow_simple.mmd @@ -0,0 +1,41 @@ +--- +config: + flowchart: + htmlLabels: true +--- +flowchart LR +%% ─────────────── Build stage ─────────────── + subgraph Build["Build"] + direction LR + CONTAINER_IMAGES["Build Container Images
Arch: multi
Signing: yes
Tag: commit_sha
Registry: quay.io staging"] + KUBECTL_MONGODB["Build kubectl-mongodb
Arch: multi
Signing: yes
Tag: commit_sha
Store: S3 staging/commit_sha
"] + HELM_CHARTS["Helm charts
Signing: yes
Tag: commit_sha
Registry: OCI quay.io staging"] + OLM_BUNDLES["Openshift Bundles
Preflight: yes
Tag: commit_sha
Store: S3 staging/commit_sha"] + end + +%% ─────────────── Other stage ─────────────── + subgraph Other["Other build artifacts"] + direction LR + RELEASE_NOTES["Generate Release Notes
Store: S3 staging/commit_sha"] + RELATED_VERSIONS_JSON["Generate related_versions.json
Store: S3 staging/commit_sha"] + end + +%% ─────────────── Test stage ─────────────── + subgraph Testing["Testing"] + direction LR + TESTS["Run e2e tests"] + OLM_TESTS["Run OLM e2e tests"] + CODE_SNIPPETS["Run code snippets
Save outputs: yes
Store: S3 staging/commit_sha"] + end + +%% ─────────────── SBOM Generation ─────────────── + subgraph SBOM ["SBOM Generation"] + direction LR + IMAGE_SBOM["Container Images SBOM
CycloneDX"] + KUBECTL_SBOM["Kubectl SBOM"] + AUGUMENTED_SBOM["Augment SBOMs
with Kondukto
Store: S3 staging/commit_sha"] + end + +%% ─────────────── Dependencies ─────────────── + Build --> Testing & SBOM + IMAGE_SBOM & KUBECTL_SBOM --> AUGUMENTED_SBOM