Publish All Operators - scheduled Release #149
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish All Operators | |
| run-name: ${{ format('Publish All Operators - {0} Release', github.event.inputs.release_type || 'scheduled') }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_type: | |
| type: choice | |
| description: The type of release | |
| options: | |
| - Patch | |
| - Minor | |
| - Major | |
| - Snapshot | |
| vulnerability_severity: | |
| description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. | |
| type: choice | |
| options: | |
| - CRITICAL,HIGH | |
| - CRITICAL,HIGH,MEDIUM | |
| - CRITICAL (DO NOT use if JIRA ticket not raised) | |
| schedule: | |
| - cron: "0 0 * * *" | |
| jobs: | |
| start: | |
| name: Start Operator Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_version: ${{ steps.version.outputs.new_version }} | |
| commit_sha: ${{ steps.commit-and-tag.outputs.commit_sha }} | |
| release_type: ${{ steps.set-env.outputs.release_type }} | |
| vulnerability_severity: ${{ steps.set-env.outputs.vulnerability_severity }} | |
| env: | |
| RELEASE_TYPE: ${{ inputs.release_type || (github.event_name == 'schedule' && 'patch') }} | |
| VULNERABILITY_SEVERITY: ${{ inputs.vulnerability_severity || (github.event_name == 'schedule' && 'CRITICAL,HIGH') }} | |
| steps: | |
| - name: Set Environment Variables | |
| id: set-env | |
| run: | | |
| echo "release_type=${{ inputs.release_type || (github.event_name == 'schedule' && 'patch') }}" >> $GITHUB_ENV | |
| echo "vulnerability_severity=${{ inputs.vulnerability_severity || (github.event_name == 'schedule' && 'CRITICAL,HIGH') }}" >> $GITHUB_ENV | |
| echo "release_type=${RELEASE_TYPE}" >> $GITHUB_OUTPUT | |
| echo "vulnerability_severity=${VULNERABILITY_SEVERITY}" >> $GITHUB_OUTPUT | |
| - name: Approve Major release | |
| if: env.RELEASE_TYPE == 'Major' | |
| uses: trstringer/manual-approval@v1 | |
| with: | |
| secret: ${{ github.token }} | |
| approvers: thomasm-ttd,atarassov-ttd,cody-constine-ttd | |
| minimum-approvals: 1 | |
| issue-title: Creating Major version of UID2-Operator | |
| - name: Show Context | |
| run: | | |
| printenv | |
| echo "$GITHUB_CONTEXT" | |
| shell: bash | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| - name: Check branch and release type | |
| uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v2 | |
| with: | |
| release_type: ${{ inputs.release_type }} | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Scan vulnerabilities | |
| uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v3 | |
| with: | |
| scan_severity: HIGH,CRITICAL | |
| failure_severity: CRITICAL | |
| - name: Set version number | |
| id: version | |
| uses: IABTechLab/uid2-shared-actions/actions/version_number@v2 | |
| with: | |
| type: ${{ env.RELEASE_TYPE }} | |
| branch_name: ${{ github.ref }} | |
| - name: Update pom.xml | |
| run: | | |
| current_version=$(grep -o '<version>.*</version>' pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/') | |
| new_version=${{ steps.version.outputs.new_version }} | |
| sed -i "s/$current_version/$new_version/g" pom.xml | |
| echo "Version number updated from $current_version to $new_version" | |
| - name: Commit pom.xml, version.json and set tag | |
| id: commit-and-tag | |
| uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3 | |
| with: | |
| add: 'pom.xml version.json' | |
| message: 'Released ${{ env.RELEASE_TYPE }} version: ${{ steps.version.outputs.new_version }}' | |
| tag: v${{ steps.version.outputs.new_version }} | |
| buildPublic: | |
| name: Public Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-public-operator-docker-image.yaml | |
| with: | |
| release_type: ${{ needs.start.outputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| vulnerability_severity: ${{ needs.start.outputs.vulnerability_severity }} | |
| secrets: inherit | |
| buildGCP: | |
| name: GCP Private Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-gcp-oidc-enclave-docker.yaml | |
| with: | |
| release_type: ${{ needs.start.outputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| commit_sha: ${{ needs.start.outputs.commit_sha }} | |
| vulnerability_severity: ${{ needs.start.outputs.vulnerability_severity }} | |
| secrets: inherit | |
| buildAzure: | |
| name: Azure Private Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-azure-cc-enclave-docker.yaml | |
| with: | |
| release_type: ${{ needs.start.outputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| commit_sha: ${{ needs.start.outputs.commit_sha }} | |
| vulnerability_severity: ${{ needs.start.outputs.vulnerability_severity }} | |
| secrets: inherit | |
| buildAWS: | |
| name: AWS Private Operator EIF | |
| needs: start | |
| uses: ./.github/workflows/publish-aws-nitro-eif.yaml | |
| with: | |
| release_type: ${{ needs.start.outputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| commit_sha: ${{ needs.start.outputs.commit_sha }} | |
| secrets: inherit | |
| buildAMI: | |
| name: Build AWS AMI | |
| needs: [start, buildAWS] | |
| uses: ./.github/workflows/build-uid2-ami.yaml | |
| with: | |
| operator_run_number: ${{ github.run_id }} | |
| secrets: inherit | |
| createRelease: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' | |
| needs: [start, buildPublic, buildGCP, buildAzure, buildAWS, buildAMI] | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download public manifest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: public-image-* | |
| path: ./manifests/public_operator | |
| - name: Download GCP manifest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: gcp-oidc-enclave-ids-* | |
| path: ./manifests/gcp_oidc_operator | |
| - name: Download Azure manifest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: azure-cc-enclave-id-* | |
| path: ./manifests/azure_cc_operator | |
| - name: Download EIF manifest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: 'aws-eif-enclave-ids-*' | |
| path: ./manifests/aws_eif | |
| - name: Download AWS AMI manifest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: 'aws-ami-ids-*' | |
| path: ./manifests/aws_ami | |
| - name: Download Deployment Files | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: '*-deployment-files-*' | |
| path: ./deployment | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: uid2-operator-release-${{ needs.start.outputs.new_version }}-manifests | |
| path: ./manifests | |
| - name: Build changelog | |
| id: changelog | |
| uses: mikepenz/release-changelog-builder-action@v4 | |
| with: | |
| toTag: v${{ needs.start.outputs.new_version }} | |
| configurationJson: | | |
| { | |
| "template": "\n## Integration Guides\n[AWS Marketplace](https://unifiedid.com/docs/guides/operator-guide-aws-marketplace)\n[GCP Confidential Space](https://unifiedid.com/docs/guides/operator-private-gcp-confidential-space)\n[Microsoft Azure](https://unifiedid.com/docs/guides/operator-guide-azure-enclave)\n\n## Installation\n```\ndocker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:${{ needs.start.outputs.new_version }}-gcp-oidc\ndocker pull ghcr.io/iabtechlab/uid2-operator:${{ needs.start.outputs.new_version }}-azure-cc\n```\n## Changelog\n#{{CHANGELOG}}\n#{{UNCATEGORIZED}}", | |
| "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" | |
| } | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Zip files | |
| run: | | |
| (cd ./deployment/aws-euid-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip . ) | |
| (cd ./deployment/aws-uid2-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip . ) | |
| (cd ./deployment/azure-cc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip . ) | |
| (cd ./deployment/gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip . ) | |
| (cd manifests && zip -r ../uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip .) | |
| - name: Create draft release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: v${{ needs.start.outputs.new_version }} | |
| body: ${{ steps.changelog.outputs.changelog }} | |
| draft: true | |
| files: | | |
| ./aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip | |
| ./aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip | |
| ./azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip | |
| ./gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip | |
| ./uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip | |
| notifyFailure: | |
| name: Notify Slack on Failure | |
| runs-on: ubuntu-latest | |
| if: failure() && github.ref == 'refs/heads/main' | |
| needs: [start, buildPublic, buildGCP, buildAzure, buildAWS, buildAMI] | |
| steps: | |
| - name: Send Slack Alert | |
| env: | |
| SLACK_COLOR: danger | |
| SLACK_MESSAGE: ':x: Operator Pipeline failed' | |
| SLACK_TITLE: Pipeline Failed in ${{ github.workflow }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| uses: rtCamp/action-slack-notify@v2 |