From 1f0eab7d8b2ba7150956f2e58a5ff747756ac7f8 Mon Sep 17 00:00:00 2001 From: Nathan Klick Date: Mon, 26 Aug 2024 16:43:57 -0500 Subject: [PATCH] ci: add support for multiple releases of the same upstream version (#31) Signed-off-by: Nathan Klick --- .../workflows/flow-release-legacy-images.yaml | 10 ++-- .../flow-release-scaleset-images.yaml | 10 ++-- .../workflows/zxc-build-scaleset-images.yaml | 8 ++- .../zxc-retrieve-upstream-versions.yaml | 15 ++++++ .../workflows/zxcron-automatic-releases.yaml | 52 +++++++++++++++++-- scaleset/runner/Dockerfile | 7 ++- 6 files changed, 84 insertions(+), 18 deletions(-) diff --git a/.github/workflows/flow-release-legacy-images.yaml b/.github/workflows/flow-release-legacy-images.yaml index 1b3f3b2..81881dc 100644 --- a/.github/workflows/flow-release-legacy-images.yaml +++ b/.github/workflows/flow-release-legacy-images.yaml @@ -109,8 +109,8 @@ jobs: - name: Check for Existing Releases run: | - if gh release view legacy-v${{ needs.versions.outputs.runner }} --json id >/dev/null 2>&1; then - echo "::error title=Release Version::Release legacy-v${{ needs.versions.outputs.runner }} already exists and may not be redeployed." + if gh release view legacy-v${{ needs.versions.outputs.tag }} --json id >/dev/null 2>&1; then + echo "::error title=Release Version::Release legacy-v${{ needs.versions.outputs.tag }} already exists and may not be redeployed." exit 1 fi @@ -169,7 +169,7 @@ jobs: - name: Update Version Descriptor working-directory: legacy/runner - run: printf "RUNNER_VERSION=%s\nRUNNER_CONTAINER_HOOKS_VERSION=%s\n" "${{ needs.versions.outputs.runner }}" "${{ needs.versions.outputs.hooks }}" >VERSION + run: printf "CONTAINER_VERSION=%s\nRUNNER_VERSION=%s\nRUNNER_CONTAINER_HOOKS_VERSION=%s\n" "${{ needs.versions.outputs.tag }}" "${{ needs.versions.outputs.runner }}" "${{ needs.versions.outputs.hooks }}" >VERSION - name: Commit Changes uses: actions-js/push@5a7cbd780d82c0c937b5977586e641b2fd94acc5 # v1.5 @@ -177,7 +177,7 @@ jobs: github_token: ${{ secrets.GH_ACCESS_TOKEN }} author_name: ${{ vars.GIT_USER_NAME }} author_email: ${{ vars.GIT_USER_EMAIL }} - message: "chore(release): legacy-v${{ needs.versions.outputs.runner }} [skip ci]" + message: "chore(release): legacy-v${{ needs.versions.outputs.tag }} [skip ci]" finalize-release: name: Finalize Release @@ -228,5 +228,5 @@ jobs: with: token: ${{ secrets.GH_ACCESS_TOKEN }} commit: ${{ github.ref_name }} - tag: legacy-v${{ needs.versions.outputs.runner }} + tag: legacy-v${{ needs.versions.outputs.tag }} bodyFile: .github/RELEASE_BODY.md diff --git a/.github/workflows/flow-release-scaleset-images.yaml b/.github/workflows/flow-release-scaleset-images.yaml index f11ea41..349461e 100644 --- a/.github/workflows/flow-release-scaleset-images.yaml +++ b/.github/workflows/flow-release-scaleset-images.yaml @@ -105,8 +105,8 @@ jobs: - name: Check for Existing Releases run: | - if gh release view scaleset-v${{ needs.versions.outputs.runner }} --json id >/dev/null 2>&1; then - echo "::error title=Release Version::Release scaleset-v${{ needs.versions.outputs.runner }} already exists and may not be redeployed." + if gh release view scaleset-v${{ needs.versions.outputs.tag }} --json id >/dev/null 2>&1; then + echo "::error title=Release Version::Release scaleset-v${{ needs.versions.outputs.tag }} already exists and may not be redeployed." exit 1 fi @@ -163,7 +163,7 @@ jobs: - name: Update Version Descriptor working-directory: scaleset/runner - run: printf "RUNNER_VERSION=%s\nRUNNER_CONTAINER_HOOKS_VERSION=%s\n" "${{ needs.versions.outputs.runner }}" "${{ needs.versions.outputs.hooks }}" >VERSION + run: printf "CONTAINER_VERSION=%s\nRUNNER_VERSION=%s\nRUNNER_CONTAINER_HOOKS_VERSION=%s\n" "${{ needs.versions.outputs.tag }}" "${{ needs.versions.outputs.runner }}" "${{ needs.versions.outputs.hooks }}" >VERSION - name: Commit Changes uses: actions-js/push@5a7cbd780d82c0c937b5977586e641b2fd94acc5 # v1.5 @@ -171,7 +171,7 @@ jobs: github_token: ${{ secrets.GH_ACCESS_TOKEN }} author_name: ${{ vars.GIT_USER_NAME }} author_email: ${{ vars.GIT_USER_EMAIL }} - message: "chore(release): scaleset-v${{ needs.versions.outputs.runner }} [skip ci]" + message: "chore(release): scaleset-v${{ needs.versions.outputs.tag }} [skip ci]" finalize-release: name: Finalize Release @@ -222,5 +222,5 @@ jobs: with: token: ${{ secrets.GH_ACCESS_TOKEN }} commit: ${{ github.ref_name }} - tag: scaleset-v${{ needs.versions.outputs.runner }} + tag: scaleset-v${{ needs.versions.outputs.tag }} bodyFile: .github/RELEASE_BODY.md diff --git a/.github/workflows/zxc-build-scaleset-images.yaml b/.github/workflows/zxc-build-scaleset-images.yaml index 964e0e2..479336f 100644 --- a/.github/workflows/zxc-build-scaleset-images.yaml +++ b/.github/workflows/zxc-build-scaleset-images.yaml @@ -183,6 +183,9 @@ jobs: version: v0.16.2 driver-opts: network=host + - name: Setup Terraform + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + - name: Archive Tool Cache working-directory: ${{ runner.tool_cache }} run: tar -czf ${{ env.TOOL_CACHE_ARTIFACT_NAME }} * @@ -194,7 +197,7 @@ jobs: retention-days: 1 path: ${{ runner.tool_cache }}/${{ env.TOOL_CACHE_ARTIFACT_NAME }} - build-legacy-images: + build-scaleset-images: name: ${{ inputs.custom-job-label || 'Build' }} runs-on: ubuntu-22.04 needs: @@ -250,7 +253,7 @@ jobs: if [[ "${{ inputs.dry-run-enabled }}" == "true" ]]; then DOCKER_REGISTRY_PREFIX="local" - IMG_RESULT="load" + IMG_RESULT="cache" fi echo "prefix=${DOCKER_REGISTRY_PREFIX}" >>"${GITHUB_OUTPUT}" @@ -262,6 +265,7 @@ jobs: context: ${{ github.workspace }}/scaleset/runner platforms: ${{ inputs.platforms }} push: ${{ steps.registry.outputs.operation == 'push' }} + load: ${{ steps.registry.outputs.operation == 'load' }} tags: | ${{ steps.registry.outputs.prefix }}/scaleset-runner:${{ inputs.base-os-image }} ${{ steps.registry.outputs.prefix }}/scaleset-runner:v${{ inputs.runner-version }}-${{ inputs.base-os-image }} diff --git a/.github/workflows/zxc-retrieve-upstream-versions.yaml b/.github/workflows/zxc-retrieve-upstream-versions.yaml index f570f54..f8b9fa6 100644 --- a/.github/workflows/zxc-retrieve-upstream-versions.yaml +++ b/.github/workflows/zxc-retrieve-upstream-versions.yaml @@ -38,6 +38,9 @@ on: required: false default: "Check" outputs: + tag: + description: "Tag Version" + value: ${{ jobs.versions.outputs.tag-version }} runner: description: "Runner Version" value: ${{ jobs.versions.outputs.runner-version }} @@ -57,6 +60,7 @@ jobs: name: ${{ inputs.custom-job-label || 'Check' }} runs-on: ubuntu-22.04 outputs: + tag-version: ${{ steps.tag.outputs.version }} runner-version: ${{ steps.runner.outputs.version }} hooks-version: ${{ steps.hooks.outputs.version }} steps: @@ -130,3 +134,14 @@ jobs: LATEST_TAG="$(gh release view ${TARGET_TAG} -R actions/runner-container-hooks --json tagName | jq -r '.tagName')" VERSION="$(semver get release ${LATEST_TAG})" echo "version=${VERSION}" >>"${GITHUB_OUTPUT}" + + - name: Tag Version Information + id: tag + run: | + RELEASE="$(semver get release "${{ inputs.explicit-runner-version || steps.runner.outputs.version }}")" + BUILD="$(semver get build "${{ inputs.explicit-runner-version || steps.runner.outputs.version }}")" + + VERSION="${RELEASE}" + [[ -n "${BUILD}" ]] && VERSION="${VERSION}+${BUILD}" + + echo "version=${VERSION}" >>"${GITHUB_OUTPUT}" diff --git a/.github/workflows/zxcron-automatic-releases.yaml b/.github/workflows/zxcron-automatic-releases.yaml index 939dd59..772580b 100644 --- a/.github/workflows/zxcron-automatic-releases.yaml +++ b/.github/workflows/zxcron-automatic-releases.yaml @@ -39,7 +39,8 @@ jobs: needs: - versions outputs: - release-needed: ${{ steps.release.outputs.needed }} + legacy-release-needed: ${{ steps.legacy-release.outputs.needed }} + scaleset-release-needed: ${{ steps.scaleset-release.outputs.needed }} steps: - name: Harden Runner uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 @@ -57,8 +58,8 @@ jobs: - name: Authorize GH CLI run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token - - name: Check for Existing Releases - id: release + - name: Check for Existing Legacy Releases + id: legacy-release run: | NEEDED="true" if gh release view legacy-v${{ needs.versions.outputs.runner }} --json id >/dev/null 2>&1; then @@ -68,13 +69,24 @@ jobs: echo "needed=${NEEDED}" >> "${GITHUB_OUTPUT}" + - name: Check for Existing ScaleSet Releases + id: scaleset-release + run: | + NEEDED="true" + if gh release view scaleset-v${{ needs.versions.outputs.runner }} --json id >/dev/null 2>&1; then + echo "::info title=Release Version::Release scaleset-v${{ needs.versions.outputs.runner }} already exists and may not be redeployed." + NEEDED="false" + fi + + echo "needed=${NEEDED}" >> "${GITHUB_OUTPUT}" + legacy-release: name: Legacy Release runs-on: ubuntu-22.04 needs: - versions - safety-checks - if: ${{ needs.safety-checks.outputs.release-needed == 'true' }} + if: ${{ needs.safety-checks.outputs.legacy-release-needed == 'true' }} steps: - name: Harden Runner uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 @@ -101,3 +113,35 @@ jobs: -f "build-default-image=true" \ -f "build-dind-image=true" \ -f "dry-run-enabled=false" + + scaleset-release: + name: ScaleSet Release + runs-on: ubuntu-22.04 + needs: + - versions + - safety-checks + if: ${{ needs.safety-checks.outputs.scaleset-release-needed == 'true' }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + with: + egress-policy: audit + + - name: Checkout Code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Install GH CLI + uses: sersoft-gmbh/setup-gh-cli-action@2d02c06e284b7d55e954d6d6406e7a886f45a818 # v2.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Authorize GH CLI + run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token + + - name: Launch ScaleSet Release Workflow + run: | + gh workflow run "flow-release-scaleset-images.yaml" \ + -r main \ + -f "runner-version=${{ needs.versions.outputs.runner }}" \ + -f "runner-container-hooks-version=${{ needs.versions.outputs.hooks }}" \ + -f "dry-run-enabled=false" diff --git a/scaleset/runner/Dockerfile b/scaleset/runner/Dockerfile index 376857c..6f95643 100644 --- a/scaleset/runner/Dockerfile +++ b/scaleset/runner/Dockerfile @@ -1,5 +1,5 @@ # Source: https://github.com/dotnet/dotnet-docker -FROM mcr.microsoft.com/dotnet/runtime:6.0-jammy as build +FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy as build ARG TARGETOS ARG TARGETARCH @@ -32,7 +32,7 @@ RUN export RUNNER_ARCH=${TARGETARCH} \ "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \ && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx -FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy +FROM mcr.microsoft.com/dotnet/runtime:6.0-jammy ENV DEBIAN_FRONTEND=noninteractive ENV RUNNER_MANUALLY_TRAP_SIG=1 @@ -85,6 +85,7 @@ RUN apt-get update -y \ zip \ gzip \ jq \ + skopeo \ python3-pip \ htop \ psmisc \ @@ -113,6 +114,8 @@ RUN export RUNNER_ARCH=${TARGETARCH} \ && curl -fLo /usr/local/lib/docker/cli-plugins/docker-compose \ "https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-linux-${DOCKER_ARCH}" \ && chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + +RUN pip3 install ansible ######################################### ## End OS Software Customizations ## #########################################