[BOP-55] CI for releases

.github/workflows/Merge.yml

@@ -12,7 +12,8 @@ jobs:
       uses: ./.github/workflows/unit.yml
   build:
     uses: ./.github/workflows/build.yml
+  # TODO add integration tests
   push-to-ghcr:
-    if: ${{ always() && contains(join(needs.*.result, ','), 'success') }} # if all need jobs are successful
+    if: ${{ always() && contains(join(needs.*.result, ','), 'success') }} # if all `needs` jobs are successful
     needs: [vet, unit-test, build]
     uses: ./.github/workflows/push-to-ghcr.yml

.github/workflows/README.md

@@ -5,6 +5,7 @@ There are two types of workflows in this directory. I would put them in subfolde
 ## Callers
 
 These are the high level workflows that can be associated with what triggers them. PRs, releases, nightlys, merges, etc. These are made up of jobs that are defined the the other workflows. These are the workflows that you will see in the Actions tab of the repo. By grouping these tasks into parent workflows, the jobs are grouped under one action in the actions tab. They share the smaller 'job' workflows so that they always run the same way.
+
 ## Jobs
 
 These are the smaller individual tasks that are used to build up the larger parent workflows. They can be thought of as running unit tests, building the binaries, or linting the code. When you open one of the parent caller actions in the actions tab, they will show these individual jobs.

.github/workflows/Release.yml

@@ -0,0 +1,18 @@
+name: Release
+
+on:
+  release:
+    types: [prereleased]
+
+jobs:
+  vet:
+    uses: ./.github/workflows/vet.yml
+  unit-test:
+      uses: ./.github/workflows/unit.yml
+  build:
+    uses: ./.github/workflows/build.yml
+  # TODO add integration tests
+  push-to-ghcr:
+    if: ${{ always() && contains(join(needs.*.result, ','), 'success') }} # if all `needs` jobs are successful
+    needs: [vet, unit-test, build]
+    uses: ./.github/workflows/push-to-ghcr.yml

.github/workflows/push-to-ghcr.yml

@@ -4,37 +4,75 @@ on:
   workflow_call:
 
 jobs:
-  # push-latest:
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v3
-
-  #     - name: Load environment
-  #       uses: c-py/action-dotenv-to-setenv@v4
-  #       with:
-  #         env-file: .github/development.env
-
-  #     - name: Log in to the Container registry
-  #       uses: docker/[email protected]
-  #       with:
-  #         registry: ${{ env.REGISTRY }}
-  #         username: ${{ github.actor }}
-  #         password: ${{ secrets.GITHUB_TOKEN }}
-
-  #     - name: Download artifact
-  #       uses: actions/download-artifact@v3
-  #       with:
-  #         name: ${{ env.IMAGE }}
-  #         path: /tmp
-
-  #     - name: Load docker image
-  #       working-directory: .
-  #       run: docker load --input /tmp/${{ env.IMAGE }}.tar
-
-  #     - name: Push latest image to ${{ env.REGISTRY }}
-  #       working-directory: .
-  #       run: make docker-push
+  push-latest:
+    if: ${{ github.event_name == 'release' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Load environment
+        uses: c-py/action-dotenv-to-setenv@v4
+        with:
+          env-file: .github/development.env
+
+      - name: Log in to the Container registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ env.IMAGE }}
+          path: /tmp
+
+      - name: Load docker image
+        working-directory: .
+        run: docker load --input /tmp/${{ env.IMAGE }}.tar
+
+      - name: Push latest image to ${{ env.REGISTRY }}
+        working-directory: .
+        run: docker push ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:latest
+
+  push-semver:
+    if: ${{ github.event_name == 'release' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Load environment
+        uses: c-py/action-dotenv-to-setenv@v4
+        with:
+          env-file: .github/development.env
+
+      - name: Log in to the Container registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ env.IMAGE }}
+          path: /tmp
+
+      - name: Load docker image
+        working-directory: .
+        run: docker load --input /tmp/${{ env.IMAGE }}.tar
+
+      - name: Push latest image to ${{ env.REGISTRY }}
+        working-directory: .
+        run: |
+          SEMVER=${GITHUB_REF#refs/*/}
+          echo ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$SEMVER
+          docker tag ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:latest ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$SEMVER
+          docker push ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$SEMVER
 
   push-sha:
     if: ${{ github.event_name == 'push' }}
@@ -69,7 +107,7 @@ jobs:
         working-directory: .
         run: |
           COMMIT_SHA=$(git rev-parse --short "$GITHUB_SHA")
-          echo $COMMIT_SHA
+          echo ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$COMMIT_SHA
           docker tag ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:latest ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$COMMIT_SHA
           docker push ${{ env.REGISTRY }}/${{ env.ORG }}/${{ env.IMAGE }}:$COMMIT_SHA
 

docs/CI.md

@@ -19,4 +19,4 @@ TODO: If you merge a change into main and an issue is found, you will be notifie
 
 ## Releases
 
-A release is triggered when a pre-release is created in the github repo. This will run EVERYTHING from scratch. Starting from zero may take more time but this ensures that nothing slips by us before sending out the release. This includes any static code analysis, unit tests, integration tests, and building the binaries. If everything passes, the same image will pushed with `latest`, `sha`, `semver`, and `dev` tags.
+A release is triggered when a pre-release is created in the github repo. This will run EVERYTHING from scratch. Starting from zero may take more time but this ensures that nothing slips by us before sending out the release. This includes any static code analysis, unit tests, integration tests, and building the binaries. If everything passes, the same image will pushed with `latest`, `sha`, `semver`, and `dev` tags. This process is documented in [Creating a release](docs/creating-a-release.md).

docs/creating-a-release.md

@@ -0,0 +1,19 @@
+# Creating a release
+
+The release process is automated using github actions that trigger when a release is created on the github page.
+
+1. Open releases on the github page
+2. Create a pre-release which includes
+  a. A tag for the latest commit on main. Use semantic versioning: `X.Y.Z`
+  b. The auto generated changelog
+  c. Check the pre-release box
+  d. Publish the release
+3. CI will trigger and begin the release process
+  a. Run through all tests (lint, unit, integration)
+  b. Build the release images
+  c. Publish the release images to
+    i. ghcr.io/mirantis/boundless-operator:<tag>
+    ii. ghcr.io/mirantis/boundless-operator:latest
+    iii. ghcr.io/mirantis/boundless-operator:<commit SHA>
+4. Once CI finished, take a look at the images and make sure they look good
+5. Change the release from pre-release to latest on the github page