mirror of https://github.com/grafana/loki
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
426 lines
16 KiB
426 lines
16 KiB
concurrency:
|
|
group: "create-release-${{ github.sha }}"
|
|
env:
|
|
BUILD_ARTIFACTS_BUCKET: "loki-build-artifacts"
|
|
GITHUB_APP: "loki-gh-app"
|
|
IMAGE_PREFIX: "grafana"
|
|
PUBLISH_TO_GCS: false
|
|
RELEASE_LIB_REF: "main"
|
|
RELEASE_REPO: "grafana/loki"
|
|
USE_GITHUB_APP_TOKEN: true
|
|
jobs:
|
|
createRelease:
|
|
env:
|
|
SHA: "${{ needs.shouldRelease.outputs.sha }}"
|
|
if: "${{ fromJSON(needs.shouldRelease.outputs.shouldRelease) }}"
|
|
needs:
|
|
- "shouldRelease"
|
|
outputs:
|
|
draft: "${{ steps.check_release.outputs.draft }}"
|
|
exists: "${{ steps.check_release.outputs.exists }}"
|
|
isLatest: "${{ needs.shouldRelease.outputs.isLatest }}"
|
|
name: "${{ needs.shouldRelease.outputs.name }}"
|
|
sha: "${{ needs.shouldRelease.outputs.sha }}"
|
|
permissions:
|
|
contents: "write"
|
|
id-token: "write"
|
|
pull-requests: "write"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull code to release"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "release"
|
|
persist-credentials: false
|
|
repository: "${{ env.RELEASE_REPO }}"
|
|
- name: "pull release library code"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "lib"
|
|
persist-credentials: false
|
|
ref: "${{ env.RELEASE_LIB_REF }}"
|
|
repository: "grafana/loki-release"
|
|
- name: "setup node"
|
|
uses: "actions/setup-node@v4"
|
|
with:
|
|
node-version: 20
|
|
- name: "auth gcs"
|
|
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
|
|
with:
|
|
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
|
|
- name: "Set up Cloud SDK"
|
|
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
|
|
with:
|
|
version: ">= 452.0.0"
|
|
- id: "fetch_app_credentials"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "fetch app credentials from vault"
|
|
uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760"
|
|
with:
|
|
repo_secrets: |
|
|
APP_ID=${{ env.GITHUB_APP }}:app-id
|
|
PRIVATE_KEY=${{ env.GITHUB_APP }}:private-key
|
|
- id: "get_github_app_token"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "get github app token"
|
|
uses: "actions/create-github-app-token@v1"
|
|
with:
|
|
app-id: "${{ env.APP_ID }}"
|
|
owner: "${{ github.repository_owner }}"
|
|
private-key: "${{ env.PRIVATE_KEY }}"
|
|
- env:
|
|
OUTPUTS_TOKEN: "${{ steps.get_github_app_token.outputs.token }}"
|
|
id: "github_app_token"
|
|
name: "set github token"
|
|
run: |
|
|
if [[ "${USE_GITHUB_APP_TOKEN}" == "true" ]]; then
|
|
echo "token=$OUTPUTS_TOKEN" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "token=${{ secrets.GH_TOKEN }}" >> $GITHUB_OUTPUT
|
|
fi
|
|
- name: "download binaries"
|
|
run: |
|
|
echo "downloading binaries to $(pwd)/dist"
|
|
gsutil cp -r gs://${BUILD_ARTIFACTS_BUCKET}/$(echo ${SHA} | tr -d '"')/dist .
|
|
working-directory: "release"
|
|
- env:
|
|
GH_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
OUTPUTS_NAME: "${{ needs.shouldRelease.outputs.name }}"
|
|
id: "check_release"
|
|
name: "check if release exists"
|
|
run: |
|
|
set +e
|
|
isDraft="$(gh release view --json="isDraft" --jq=".isDraft" $(echo $OUTPUTS_NAME | tr -d '"') 2>&1)"
|
|
set -e
|
|
if [[ "$isDraft" == "release not found" ]]; then
|
|
echo "exists=false" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "exists=true" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
if [[ "$isDraft" == "true" ]]; then
|
|
echo "draft=true" >> $GITHUB_OUTPUT
|
|
fi
|
|
working-directory: "release"
|
|
- env:
|
|
OUTPUTS_BRANCH: "${{ needs.shouldRelease.outputs.branch }}"
|
|
OUTPUTS_PR_NUMBER: "${{ needs.shouldRelease.outputs.prNumber }}"
|
|
OUTPUTS_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
SHA: "${{ needs.shouldRelease.outputs.sha }}"
|
|
id: "release"
|
|
if: "${{ !fromJSON(steps.check_release.outputs.exists) }}"
|
|
name: "create release"
|
|
run: |
|
|
npm install
|
|
npm exec -- release-please github-release \
|
|
--draft \
|
|
--release-type simple \
|
|
--repo-url "${{ env.RELEASE_REPO }}" \
|
|
--target-branch "$(echo $OUTPUTS_BRANCH | tr -d '"')" \
|
|
--token "$(echo $OUTPUTS_TOKEN | tr -d '"')" \
|
|
--shas-to-tag "$(echo $OUTPUTS_PR_NUMBER | tr -d '"'):$(echo ${SHA} | tr -d '"')"
|
|
working-directory: "lib"
|
|
- env:
|
|
GH_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
OUTPUTS_NAME: "${{ needs.shouldRelease.outputs.name }}"
|
|
id: "upload"
|
|
name: "upload artifacts"
|
|
run: |
|
|
gh release upload --clobber $(echo $OUTPUTS_NAME | tr -d '"') dist/*
|
|
working-directory: "release"
|
|
- if: "${{ fromJSON(env.PUBLISH_TO_GCS) }}"
|
|
name: "release artifacts"
|
|
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
|
|
with:
|
|
destination: "${{ env.PUBLISH_BUCKET }}"
|
|
parent: false
|
|
path: "release/dist"
|
|
process_gcloudignore: false
|
|
createReleaseBranch:
|
|
needs:
|
|
- "publishRelease"
|
|
outputs:
|
|
branchExists: "${{ steps.create_branch.outputs.branch_exists }}"
|
|
branchName: "${{ steps.create_branch.outputs.branch_name }}"
|
|
permissions:
|
|
contents: "write"
|
|
id-token: "write"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull code to release"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "release"
|
|
persist-credentials: false
|
|
repository: "${{ env.RELEASE_REPO }}"
|
|
- id: "extract_branch"
|
|
name: "extract branch name"
|
|
run: |
|
|
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
|
|
working-directory: "release"
|
|
- id: "fetch_app_credentials"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "fetch app credentials from vault"
|
|
uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760"
|
|
with:
|
|
repo_secrets: |
|
|
APP_ID=${{ env.GITHUB_APP }}:app-id
|
|
PRIVATE_KEY=${{ env.GITHUB_APP }}:private-key
|
|
- id: "get_github_app_token"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "get github app token"
|
|
uses: "actions/create-github-app-token@v1"
|
|
with:
|
|
app-id: "${{ env.APP_ID }}"
|
|
owner: "${{ github.repository_owner }}"
|
|
private-key: "${{ env.PRIVATE_KEY }}"
|
|
- env:
|
|
OUTPUTS_TOKEN: "${{ steps.get_github_app_token.outputs.token }}"
|
|
id: "github_app_token"
|
|
name: "set github token"
|
|
run: |
|
|
if [[ "${USE_GITHUB_APP_TOKEN}" == "true" ]]; then
|
|
echo "token=$OUTPUTS_TOKEN" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "token=${{ secrets.GH_TOKEN }}" >> $GITHUB_OUTPUT
|
|
fi
|
|
- env:
|
|
GH_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
OUTPUTS_BRANCH: "${{ steps.extract_branch.outputs.branch }}"
|
|
OUTPUTS_NAME: "${{ needs.publishRelease.outputs.name }}"
|
|
OUTPUTS_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
VERSION: "${{ needs.publishRelease.outputs.name }}"
|
|
id: "create_branch"
|
|
name: "create release branch"
|
|
run: |
|
|
# Debug and clean the version variable
|
|
echo "Original VERSION: $VERSION"
|
|
|
|
# Remove all quotes (both single and double)
|
|
VERSION=$(echo $VERSION | tr -d '"' | tr -d "'")
|
|
echo "After removing quotes: $VERSION"
|
|
|
|
# Extract version without the 'v' prefix if it exists
|
|
VERSION="${VERSION#v}"
|
|
echo "After removing v prefix: $VERSION"
|
|
|
|
# Extract major and minor versions
|
|
MAJOR=$(echo $VERSION | cut -d. -f1)
|
|
MINOR=$(echo $VERSION | cut -d. -f2)
|
|
echo "MAJOR: $MAJOR, MINOR: $MINOR"
|
|
|
|
# Create branch name from template
|
|
BRANCH_TEMPLATE="release-\${major}.\${minor}.x"
|
|
BRANCH_NAME=${BRANCH_TEMPLATE//\$\{major\}/$MAJOR}
|
|
BRANCH_NAME=${BRANCH_NAME//\$\{minor\}/$MINOR}
|
|
|
|
echo "Checking if branch already exists: $BRANCH_NAME"
|
|
|
|
# Check if branch exists
|
|
if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
|
|
echo "Branch $BRANCH_NAME already exists, skipping creation"
|
|
echo "branch_exists=true" >> $GITHUB_OUTPUT
|
|
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "Creating branch: $BRANCH_NAME from tag: $(echo $OUTPUTS_NAME | tr -d '"')"
|
|
|
|
# Create branch from the tag
|
|
git fetch --tags
|
|
git checkout "$(echo $OUTPUTS_BRANCH | tr -d '"')"
|
|
git checkout -b $BRANCH_NAME
|
|
|
|
# explicity set the github app token to override the release branch protection
|
|
git remote set-url origin "https://x-access-token:$(echo ${OUTPUTS_TOKEN} | tr -d '"')@github.com/${{ env.RELEASE_REPO }}"
|
|
git push -u origin $BRANCH_NAME
|
|
|
|
echo "branch_exists=false" >> $GITHUB_OUTPUT
|
|
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
|
|
fi
|
|
working-directory: "release"
|
|
publishDockerPlugins:
|
|
needs:
|
|
- "createRelease"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull release library code"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "lib"
|
|
persist-credentials: false
|
|
ref: "${{ env.RELEASE_LIB_REF }}"
|
|
repository: "grafana/loki-release"
|
|
- name: "pull code to release"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "release"
|
|
persist-credentials: false
|
|
repository: "${{ env.RELEASE_REPO }}"
|
|
- name: "auth gcs"
|
|
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
|
|
with:
|
|
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
|
|
- name: "Set up Cloud SDK"
|
|
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
|
|
with:
|
|
version: ">= 452.0.0"
|
|
- name: "Set up QEMU"
|
|
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
|
|
- name: "set up docker buildx"
|
|
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
|
|
- name: "Login to DockerHub (from vault)"
|
|
uses: "grafana/shared-workflows/actions/dockerhub-login@fa48192dac470ae356b3f7007229f3ac28c48a25"
|
|
- env:
|
|
SHA: "${{ needs.createRelease.outputs.sha }}"
|
|
name: "download and prepare plugins"
|
|
run: |
|
|
echo "downloading images to $(pwd)/plugins"
|
|
gsutil cp -r gs://${BUILD_ARTIFACTS_BUCKET}/$(echo ${SHA} | tr -d '"')/plugins .
|
|
mkdir -p "release/clients/cmd/docker-driver"
|
|
- name: "publish docker driver"
|
|
uses: "./lib/actions/push-images"
|
|
with:
|
|
buildDir: "release/clients/cmd/docker-driver"
|
|
imageDir: "plugins"
|
|
imagePrefix: "${{ env.IMAGE_PREFIX }}"
|
|
isLatest: "${{ needs.createRelease.outputs.isLatest }}"
|
|
isPlugin: true
|
|
publishImages:
|
|
needs:
|
|
- "createRelease"
|
|
permissions:
|
|
id-token: "write"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull release library code"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "lib"
|
|
persist-credentials: false
|
|
ref: "${{ env.RELEASE_LIB_REF }}"
|
|
repository: "grafana/loki-release"
|
|
- name: "auth gcs"
|
|
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
|
|
with:
|
|
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
|
|
- name: "Set up Cloud SDK"
|
|
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
|
|
with:
|
|
version: ">= 452.0.0"
|
|
- name: "Set up QEMU"
|
|
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
|
|
- name: "set up docker buildx"
|
|
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
|
|
- name: "Login to DockerHub (from vault)"
|
|
uses: "grafana/shared-workflows/actions/dockerhub-login@fa48192dac470ae356b3f7007229f3ac28c48a25"
|
|
- env:
|
|
SHA: "${{ needs.createRelease.outputs.sha }}"
|
|
name: "download images"
|
|
run: |
|
|
echo "downloading images to $(pwd)/images"
|
|
gsutil cp -r gs://${BUILD_ARTIFACTS_BUCKET}/$(echo ${SHA} | tr -d '"')/images .
|
|
- name: "publish docker images"
|
|
uses: "./lib/actions/push-images"
|
|
with:
|
|
imageDir: "images"
|
|
imagePrefix: "${{ env.IMAGE_PREFIX }}"
|
|
isLatest: "${{ needs.createRelease.outputs.isLatest }}"
|
|
publishRelease:
|
|
needs:
|
|
- "createRelease"
|
|
- "publishImages"
|
|
- "publishDockerPlugins"
|
|
outputs:
|
|
name: "${{ needs.createRelease.outputs.name }}"
|
|
permissions:
|
|
contents: "write"
|
|
id-token: "write"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull code to release"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "release"
|
|
persist-credentials: false
|
|
repository: "${{ env.RELEASE_REPO }}"
|
|
- id: "fetch_app_credentials"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "fetch app credentials from vault"
|
|
uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760"
|
|
with:
|
|
repo_secrets: |
|
|
APP_ID=${{ env.GITHUB_APP }}:app-id
|
|
PRIVATE_KEY=${{ env.GITHUB_APP }}:private-key
|
|
- id: "get_github_app_token"
|
|
if: "${{ fromJSON(env.USE_GITHUB_APP_TOKEN) }}"
|
|
name: "get github app token"
|
|
uses: "actions/create-github-app-token@v1"
|
|
with:
|
|
app-id: "${{ env.APP_ID }}"
|
|
owner: "${{ github.repository_owner }}"
|
|
private-key: "${{ env.PRIVATE_KEY }}"
|
|
- env:
|
|
OUTPUTS_TOKEN: "${{ steps.get_github_app_token.outputs.token }}"
|
|
id: "github_app_token"
|
|
name: "set github token"
|
|
run: |
|
|
if [[ "${USE_GITHUB_APP_TOKEN}" == "true" ]]; then
|
|
echo "token=$OUTPUTS_TOKEN" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "token=${{ secrets.GH_TOKEN }}" >> $GITHUB_OUTPUT
|
|
fi
|
|
- env:
|
|
GH_TOKEN: "${{ steps.github_app_token.outputs.token }}"
|
|
OUTPUTS_IS_LATEST: "${{ needs.createRelease.outputs.isLatest }}"
|
|
OUTPUTS_NAME: "${{ needs.createRelease.outputs.name }}"
|
|
if: "${{ !fromJSON(needs.createRelease.outputs.exists) || (needs.createRelease.outputs.draft && fromJSON(needs.createRelease.outputs.draft)) }}"
|
|
name: "publish release"
|
|
run: |
|
|
gh release edit $(echo $OUTPUTS_NAME | tr -d '"') --draft=false --latest=$(echo $OUTPUTS_IS_LATEST | tr -d '"')
|
|
working-directory: "release"
|
|
shouldRelease:
|
|
outputs:
|
|
branch: "${{ steps.extract_branch.outputs.branch }}"
|
|
isLatest: "${{ steps.should_release.outputs.isLatest }}"
|
|
name: "${{ steps.should_release.outputs.name }}"
|
|
prNumber: "${{ steps.should_release.outputs.prNumber }}"
|
|
sha: "${{ steps.should_release.outputs.sha }}"
|
|
shouldRelease: "${{ steps.should_release.outputs.shouldRelease }}"
|
|
permissions:
|
|
contents: "write"
|
|
id-token: "write"
|
|
pull-requests: "write"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
- name: "pull code to release"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "release"
|
|
persist-credentials: false
|
|
repository: "${{ env.RELEASE_REPO }}"
|
|
- name: "pull release library code"
|
|
uses: "actions/checkout@v4"
|
|
with:
|
|
path: "lib"
|
|
persist-credentials: false
|
|
ref: "${{ env.RELEASE_LIB_REF }}"
|
|
repository: "grafana/loki-release"
|
|
- id: "extract_branch"
|
|
name: "extract branch name"
|
|
run: |
|
|
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
|
|
working-directory: "release"
|
|
- id: "should_release"
|
|
name: "should a release be created?"
|
|
uses: "./lib/actions/should-release"
|
|
with:
|
|
baseBranch: "${{ steps.extract_branch.outputs.branch }}"
|
|
name: "create release"
|
|
"on":
|
|
push:
|
|
branches:
|
|
- "release-[0-9]+.[0-9]+.x"
|
|
- "k[0-9]+"
|
|
- "main"
|
|
permissions:
|
|
contents: "read"
|
|
pull-requests: "read" |