Skip to content

Merge pull request #11582 from linkerd/alpeb/stable-2.14.3 #282

Merge pull request #11582 from linkerd/alpeb/stable-2.14.3

Merge pull request #11582 from linkerd/alpeb/stable-2.14.3 #282

Workflow file for this run

name: Release
on:
push:
tags:
- "edge-*"
- "stable-*"
permissions:
contents: read
env:
GH_ANNOTATION: true
DOCKER_REGISTRY: ghcr.io/linkerd
K3D_VERSION: v5.4.4
jobs:
# TODO(ver) We should stop relying so heavily on the environment,
# especially the TAG variable. And it would be great to stop relying
# on the root-tag script altogether.
tag:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT"
id: tag
outputs:
tag: ${{ steps.tag.outputs.tag }}
docker_build:
name: Docker build
needs: [tag]
runs-on: ubuntu-20.04
permissions:
id-token: write # needed for signing the images with GitHub OIDC Token
strategy:
matrix:
component:
- cli-bin
- cni-plugin
- controller
- policy-controller
- debug
- jaeger-webhook
- metrics-api
- proxy
- tap
- web
# policy-controller docker builds have occasionally hit a 30-minute timeout.
timeout-minutes: 45
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- name: Set tag
run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV"
- uses: ./.github/actions/docker-build
id: build
with:
docker-registry: ${{ env.DOCKER_REGISTRY }}
docker-target: multi-arch
docker-push: 1
docker-ghcr-username: ${{ secrets.DOCKER_GHCR_USERNAME }}
docker-ghcr-pat: ${{ secrets.DOCKER_GHCR_PAT }}
component: ${{ matrix.component }}
tag: ${{ needs.tag.outputs.tag }}
- uses: sigstore/cosign-installer@v3
- run: cosign sign '${{ steps.build.outputs.digest }}'
env:
COSIGN_YES: true
- name: Create artifact with CLI
# windows_static_cli_tests below needs this because it can't create linux containers
# inside windows
if: matrix.component == 'cli-bin'
env:
ARCHIVES: /home/runner/archives
DOCKER_TARGET: windows
run: |
bin/docker-pull-binaries "$TAG"
mkdir -p "$ARCHIVES"
cp -r "$PWD/target/release/linkerd2-cli-$TAG-windows.exe" "$ARCHIVES/linkerd-windows.exe"
# `with.path` values do not support environment variables yet, so an
# absolute path is used here.
# https://github.com/actions/upload-artifact/issues/8
- name: Upload artifact
if: matrix.component == 'cli-bin'
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: image-archives
path: /home/runner/archives
windows_static_cli_tests:
name: Static CLI tests (windows)
timeout-minutes: 30
runs-on: windows-latest
needs: [docker_build]
steps:
- name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
with:
go-version: '1.19'
- name: Download image archives
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: image-archives
path: image-archives
- name: Run CLI Integration tests
run: go test --failfast --mod=readonly ".\test\cli" --linkerd="$PWD\image-archives\linkerd-windows.exe" --cli-tests -v
integration_tests:
name: Integration tests
needs: [tag, docker_build]
strategy:
matrix:
integration_test:
- cluster-domain
- cni-calico-deep
- deep
- viz
- default-policy-deny
- external
- rsa-ca
- helm-upgrade
- uninstall
- upgrade-edge
- upgrade-stable
timeout-minutes: 60
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
with:
go-version: '1.19'
- name: Set environment variables from scripts
run: |
TAG='${{ needs.tag.outputs.tag }}'
CMD="$PWD/target/release/linkerd2-cli-$TAG-linux-amd64"
echo "CMD=$CMD" >> "$GITHUB_ENV"
echo "TAG=$TAG" >> "$GITHUB_ENV"
- name: Run integration tests
env:
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
run: |
bin/docker-pull-binaries "$TAG"
# Validate the CLI version matches the current build tag.
[[ "$TAG" == "$($CMD version --short --client)" ]]
bin/tests --images preload --name ${{ matrix.integration_test }} "$CMD"
arm64_integration_tests:
needs: [tag, docker_build]
runs-on: [self-hosted, Linux, ARM64]
timeout-minutes: 30
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
with:
go-version: '1.19'
- uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
- name: Pull linkerd binary
run: |
TAG='${{ needs.tag.outputs.tag }}'
bin/docker-pull-binaries "$TAG"
CMD="$PWD/target/release/linkerd2-cli-$TAG-linux-arm64"
echo "CMD=$CMD" >> "$GITHUB_ENV"
"$CMD" version --client
- uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8
- name: Setup k3d
shell: bash
run: |
mkdir -p "$PWD/target/bin"
PATH=$PATH:"$PWD/target/bin"
echo "PATH=$PATH" >> "$GITHUB_ENV"
bin/scurl "https://raw.githubusercontent.com/k3d-io/k3d/${{ env.K3D_VERSION }}/install.sh" \
| USE_SUDO=false K3D_INSTALL_DIR=$PWD/target/bin bash
- name: Cluster setup
run: |
CLUSTER_NAME=$(printf "${{ github.ref_name }}" | tr -c '[:alnum:]' -)
echo "CLUSTER_NAME=$CLUSTER_NAME" >> "$GITHUB_ENV"
just k3d-name="$CLUSTER_NAME" k3d-create
just k3d-name="$CLUSTER_NAME" k3d-use
- env:
RUN_ARM_TEST: 1
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
run: go test ./test/integration/deep/... --integration-tests --linkerd "$CMD"
- name: Delete cluster
if: always()
run: just k3d-name="$CLUSTER_NAME" k3d-delete
choco_pack:
# only runs for stable tags. The conditionals are at each step level instead of the job level
# otherwise the jobs below that depend on this one won't run
name: Pack Chocolatey release
timeout-minutes: 30
needs: [integration_tests]
runs-on: windows-2019
steps:
- name: Checkout code
if: startsWith(github.ref, 'refs/tags/stable')
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- name: Chocolatey - update nuspec
if: startsWith(github.ref, 'refs/tags/stable')
run: |
$LINKERD_VERSION=$env:GITHUB_REF.Substring(17)
(Get-Content bin\win\linkerd.nuspec).replace('LINKERD_VERSION', "$LINKERD_VERSION") | Set-Content bin\win\linkerd.nuspec
- name: Chocolatey - pack
if: startsWith(github.ref, 'refs/tags/stable')
uses: crazy-max/ghaction-chocolatey@0e015857dd851f84fcb7fb53380eb5c4c8202333
with:
args: pack bin/win/linkerd.nuspec
- name: Chocolatey - upload package
if: startsWith(github.ref, 'refs/tags/stable')
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: choco
path: ./linkerd.*.nupkg
gh_release:
name: Create GH release
needs:
- tag
- integration_tests
- choco_pack
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
timeout-minutes: 30
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- name: Set environment variables
run: |
echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV"
. bin/_release.sh
extract_release_notes NOTES.md
- name: Download choco package
if: startsWith(github.ref, 'refs/tags/stable')
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: choco
path: choco
- name: Pull CLI binaries
env:
DOCKER_TARGET: multi-arch
run : |
bin/docker-pull-binaries "$TAG"
v=${TAG#"stable-"}
mv choco/linkerd.*.nupkg "target/release/linkerd2-cli-stable-$v.nupkg" || true
- name: Create release
id: create_release
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
with:
draft: false
prerelease: false
body_path: NOTES.md
files: |
./target/release/linkerd2-cli-*-darwin*
./target/release/linkerd2-cli-*-linux-*
./target/release/linkerd2-cli-*-windows.*
./target/release/linkerd2-cli-*.nupkg
website_publish:
name: Linkerd website publish
needs: [gh_release]
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
timeout-minutes: 30
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- name: Create linkerd/website repository dispatch event
uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570
with:
token: ${{ secrets.RELEASE_TOKEN }}
repository: linkerd/website
event-type: release
website_publish_check:
name: Linkerd website publish check
needs: [tag, website_publish]
timeout-minutes: 30
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge')
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- name: Set install target for stable
if: startsWith(github.ref, 'refs/tags/stable')
run: echo "INSTALL=install" >> "$GITHUB_ENV"
- name: Set install target for edge
if: startsWith(github.ref, 'refs/tags/edge')
run: echo "INSTALL=install-edge" >> "$GITHUB_ENV"
- name: Check published version
shell: bash
run: |
TAG='${{ needs.tag.outputs.tag }}'
until RES=$(bin/scurl "https://run.linkerd.io/$INSTALL" | grep "LINKERD2_VERSION=\${LINKERD2_VERSION:-$TAG}") \
|| (( count++ >= 10 ))
do
sleep 30
done
if [[ -z "$RES" ]]; then
echo "::error::The version '$TAG' was NOT found published in the website"
exit 1
fi
chart_deploy:
name: Helm chart deploy
needs: [gh_release]
timeout-minutes: 30
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
- name: Log into GCP
uses: 'google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033'
with:
credentials_json: ${{ secrets.LINKERD_SITE_TOKEN }}
- name: Edge Helm chart creation and upload
if: startsWith(github.ref, 'refs/tags/edge')
uses: ./.github/actions/helm-publish
with:
branch: edge
- name: Stable Helm chart creation and upload
if: startsWith(github.ref, 'refs/tags/stable')
uses: ./.github/actions/helm-publish
with:
branch: stable