feat: nightly releases (#800)

defenseunicorns · Jul 16, 2024 · fa6543b · fa6543b
1 parent a74a65d
commit fa6543b
Show file tree

Hide file tree

Showing 7 changed files with 230 additions and 98 deletions.
diff --git a/.github/workflows/nightly-release.yaml b/.github/workflows/nightly-release.yaml
@@ -0,0 +1,69 @@
+name: Nightly Release
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *' ## Every day at midnight UTC
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    needs: checkout
+    steps:
+      - name: Run tests
+        uses: ./.github/workflows/release-tests.yaml
+
+  push:
+    runs-on: ubuntu-latest
+    environment: release
+    needs: test
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Install tools
+        uses: ./.github/actions/install-tools
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: build-artifacts
+          path: build/
+
+      - name: Create tag
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          # try to create a tag, if it already exists, update it
+          script: |
+            github.rest.git.createRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: 'refs/tags/nightly',
+              sha: context.sha
+            }).catch(err => {
+              if (err.status !== 422) throw err;
+              github.rest.git.updateRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: 'tags/nightly',
+                sha: context.sha
+              });
+            })
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --verbose --config .goreleaser-nightly.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/parallel-tests.yaml b/.github/workflows/parallel-tests.yaml
@@ -1,4 +1,4 @@
-name: E2E Tests
+name: Helper workflow for E2E Tests
 on:
   workflow_call: # This is the event that triggers the workflow
 

diff --git a/.github/workflows/release-tests.yaml b/.github/workflows/release-tests.yaml
@@ -0,0 +1,90 @@
+name: E2E Tests
+on:
+  workflow_call: # This is the event that triggers the workflow
+
+jobs:
+  test:
+    uses: ./.github/workflows/parallel-tests.yaml
+
+  test-ghcr:
+    runs-on: ubuntu-latest
+    needs: test
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: build-artifacts
+          path: build/
+
+      - name: setup-using-previous-job
+        uses: ./.github/actions/setup-from-previous
+
+      - name: Login to GHCR
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run GHCR tests
+        run: |
+          build/uds run test:e2e-ghcr
+        env:
+          GITHUB_TOKEN: secrets.GITHUB_TOKEN
+
+      - name: Save logs
+        if: always()
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0
+        with:
+          suffix: test-ghcr
+
+
+  smoke-test:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      # Checkout the repo and setup the tooling for this job
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: build-artifacts
+          path: build/
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Make UDS-CLI executable
+        run: |
+          chmod +x build/uds
+
+      - name: Setup K3d
+        uses: ./.github/actions/k3d
+
+      - name: Login to GHCR
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run UDS Core smoke test
+        run: build/uds run test:ci-uds-core-smoke-test
+        shell: bash
+
+      - name: Save logs
+        if: always()
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0
+        with:
+          suffix: smoke-test
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -9,106 +9,14 @@ on:
       - "v*"
 
 jobs:
-  checkout:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-
   test:
-    uses: ./.github/workflows/parallel-tests.yaml
+    uses: ./.github/workflows/release-tests.yaml
     needs: checkout
 
-  test-ghcr:
-    runs-on: ubuntu-latest
-    needs: test
-    permissions:
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-
-      - name: Download build artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: build-artifacts
-          path: build/
-
-      - name: setup-using-previous-job
-        uses: ./.github/actions/setup-from-previous
-
-      - name: Login to GHCR
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run GHCR tests
-        run: |
-          build/uds run test:e2e-ghcr
-        env:
-          GITHUB_TOKEN: secrets.GITHUB_TOKEN
-
-      - name: Save logs
-        if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0
-        with:
-          suffix: test-ghcr
-
-
-  smoke-test:
-    runs-on: ubuntu-latest
-    needs: test
-    steps:
-      # Checkout the repo and setup the tooling for this job
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-
-      - name: Download build artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: build-artifacts
-          path: build/
-
-      - name: Setup golang
-        uses: ./.github/actions/golang
-
-      - name: Make UDS-CLI executable
-        run: |
-          chmod +x build/uds
-
-      - name: Setup K3d
-        uses: ./.github/actions/k3d
-
-      - name: Login to GHCR
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run UDS Core smoke test
-        run: build/uds run test:ci-uds-core-smoke-test
-        shell: bash
-
-      - name: Save logs
-        if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0
-        with:
-          suffix: smoke-test
-
-
   push:
     runs-on: ubuntu-latest
     environment: release
-    needs: [test, test-ghcr, smoke-test]
+    needs: test
     permissions:
       contents: write
     steps:
@@ -143,7 +51,7 @@ jobs:
         with:
           distribution: goreleaser
           version: latest
-          args: release --clean --verbose
+          args: release --clean --verbose --config .goreleaser.yaml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }}
diff --git a/.github/workflows/test-e2e-pr.yaml b/.github/workflows/test-e2e-pr.yaml
@@ -10,8 +10,8 @@ on:
       - "adr/**"
       - "docs/**"
       - "CODEOWNERS"
-      - "goreleaser.yml"
-      - ".github/workflows/release.yaml"
+      - "goreleaser*.y*ml"
+      - ".github/workflows/*release*.y*ml"
 
 permissions:
   contents: read

diff --git a/.goreleaser-nightly.yaml b/.goreleaser-nightly.yaml
@@ -0,0 +1,59 @@
+before:
+  hooks:
+    - go mod tidy
+
+# Build a universal macOS binary
+universal_binaries:
+  - replace: false
+
+# Build the different combination of goos/arch binaries
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    ldflags:
+      - -s -w -X 'github.com/defenseunicorns/uds-cli/src/config.CLIVersion={{.Tag}}' -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf'
+      - -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf'
+      - -X 'github.com/derailed/k9s/cmd.version=${K9S_VERSION}'
+      - -X 'github.com/google/go-containerregistry/cmd/crane/cmd.Version=${CRANE_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.syftVersion=${SYFT_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.archiverVersion=${ARCHIVER_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.helmVersion=${HELM_VERSION}'
+    goarch:
+      - amd64
+      - arm64
+    binary: uds
+
+# Save the built artifacts as binaries (instead of wrapping them in a tarball)
+archives:
+  - format: binary
+    name_template: "{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}"
+
+# generate a sha256 checksum of all release artifacts
+checksum:
+  name_template: "checksums.txt"
+  algorithm: sha256
+
+# generate sboms for each binary artifact
+sboms:
+  - artifacts: binary
+    documents:
+      - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-snapshot"
+
+# Use the auto-generated changelog github provides
+changelog:
+  use: github-native
+
+# Generate a GitHub release and publish the release for the tag
+release:
+  github:
+    owner: defenseunicorns
+    name: uds-cli
+  prerelease: auto
+  mode: append
+  draft: false
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -15,6 +15,12 @@ builds:
       - darwin
     ldflags:
       - -s -w -X 'github.com/defenseunicorns/uds-cli/src/config.CLIVersion={{.Tag}}' -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf'
+      - -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf'
+      - -X 'github.com/derailed/k9s/cmd.version=${K9S_VERSION}'
+      - -X 'github.com/google/go-containerregistry/cmd/crane/cmd.Version=${CRANE_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.syftVersion=${SYFT_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.archiverVersion=${ARCHIVER_VERSION}'
+      - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.helmVersion=${HELM_VERSION}'
     goarch:
       - amd64
       - arm64