Skip to content

Commit

Permalink
Add release workflow for this project (#215)
Browse files Browse the repository at this point in the history 
Signed-off-by: Raphael Silva <rapphil@gmail.com>
  • Loading branch information
@rapphil
rapphil authored Jul 17, 2024
1 parent b027284 commit d8d62f2
Show file tree
Hide file tree
Showing 6 changed files with 219 additions and 1 deletion.
25 changes: 25 additions & 0 deletions .github/scripts/integ-tests.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/sh

IMAGE=$1
CONTAINER_NAME="integ-test-$(date +%s)"

docker run -dt -p 8080:8080 \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_REGION=us-east-1 \
--name $CONTAINER_NAME \
$IMAGE

curl -s -H 'host: s3.amazonaws.com' http://localhost:8080 | grep ListAllMyBucketsResult
result=$?

docker stop $CONTAINER_NAME
docker rm $CONTAINER_NAME

if [ "$result" == "1" ]; then
echo "Integration tests failed"
exit 1
fi

exit 0
83 changes: 83 additions & 0 deletions .github/workflows/CI.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Continuous integration
on:
push:
branches:
- main
- "release/v*"
env:
AWS_STAGING_REGION: us-west-2
STAGING_ECR_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com
STAGING_ECR_REPOSITORY: aws-sigv4-proxy-staging

jobs:
build:
name: Build and publish to staging
runs-on: ubuntu-latest
outputs:
commit-short-sha: ${{ steps.staging-info.outputs.commit-short-sha }}
steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.22.4

- name: Build
run: |
go build -v ./cmd/aws-sigv4-proxy
- name: Run tests
run: go test -v ./...

- name: Configure AWS Credentials for Private ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_STAGING }}
aws-region: ${{ env.AWS_STAGING_REGION }}

- name: Log in to AWS private ECR
uses: docker/login-action@v3
with:
registry: ${{ env.STAGING_ECR_REGISTRY }}

- name: Get short sha
id: staging-info
run: |
shortSha=$(git rev-parse --short ${{ github.sha }})
echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT
- name: Build and push image to staging
uses: docker/build-push-action@v5
with:
file: Dockerfile
context: .
push: true
tags: |
${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ steps.staging-info.outputs.commit-short-sha }}
platforms : linux/amd64, linux/arm64

integration-tests:
name: Run integration tests on image from staging
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Configure AWS Credentials for Private ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_INTEG_TESTS }}
aws-region: ${{ env.AWS_STAGING_REGION }}

- name: Run integration tests
run: ./github/scripts/integ-tests.sh ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ needs.build.outputs.commit-short-sha }}
2 changes: 1 addition & 1 deletion .github/workflows/CD.yaml → .github/workflows/pr-build.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: CD
name: Build

on: [push, pull_request]

Expand Down
100 changes: 100 additions & 0 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@

name: Release aws-sigv4-proxy

on:
workflow_dispatch:
inputs:
dryrunMode:
description: 'Run workflow in dry-run mode (nothing will be published)'
required: true
default: 'true'
type: choice
options:
- 'true'
- 'false'

env:
AWS_PUBLIC_ECR_REGION: us-east-1
AWS_PRIVATE_ECR_REGION: us-west-2
PUBLIC_REGISTRY: public.ecr.aws
STAGING_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com
RELEASE_IMAGE_NAME: aws-sigv4-proxy
STAGING_IMAGE_NAME: aws-sigv4-proxy-staging

jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Get version and sha
id: release-info
run: |
echo "release-version=$(cat VERSION)" >> $GITHUB_OUTPUT
shortSha=$(git rev-parse --short ${{ github.sha }})
echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}

- name: Log in to AWS ECR
uses: docker/login-action@v3
with:
registry: ${{ env.PUBLIC_REGISTRY }}

- name: Configure AWS Credentials for Private ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }}

- name: Log in to AWS private ECR
uses: docker/login-action@v3
with:
registry: ${{ env.STAGING_REGISTRY }}

- name: Push image to public ecr - dryrun
if: ${{ inputs.dryrunMode == 'true' }}
run: |
docker buildx imagetools create \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }}
--dry-run
- name: Create release - dryrun
if: ${{ inputs.dryrunMode == 'true' }}
run: |
echo gh release create --target "$GITHUB_REF_NAME" \
--title "Release v${{ steps.release-info.outputs.release-version }}" \
--draft \
"v${{ steps.release-info.outputs.release-version }}" \
- name: Push image to public ecr
if: ${{ inputs.dryrunMode == 'false' }}
run: |
docker buildx imagetools create \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \
${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }}
- name: Create release
if: ${{ inputs.dryrunMode == 'false'}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
run: |
gh release create --target "$GITHUB_REF_NAME" \
--title "Release v${{ steps.release-info.outputs.release-version }}" \
--draft \
"v${{ steps.release-info.outputs.release-version }}" \
9 changes: 9 additions & 0 deletions RELEASING.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Instructions to release a new version

To release a new version of the aws-sigv4-proxy, please follow these steps:

1. Create a release branch for this minor version series, if one does not exist yet. The convention is to name this branch: `release/v<release series>` where release series has the format `<major version>.<minor version>.x`. Example of branch `release/v1.8.x`
2. From the release branch, update the content of the `VERSION` file in the root of this repository. The convention is to ommit the patch version if that is in 0. Example of content: `1.8` or `1.8.1`. Merge the PR that updates the `VERSION` file. Confirm that the continuous integration workflow will succeed.
3. Run the release workflow. Go to the GitHub UI in this repository and select `Actions`. Then select the `Release aws-sigv4-proxy` workflow. Select the release branch. You can optionally test with dry-run mode before releasing.
4. After the release is completed. Update the release notes for this release.
5. Merge the changes from the release branch into mainline.
1 change: 1 addition & 0 deletions VERSION
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.8

0 comments on commit d8d62f2

Please sign in to comment.