Skip to content

Commit

Permalink
Clean up release promotions [cp #8657]
Browse files Browse the repository at this point in the history
  • Loading branch information
@danudey
danudey committed Aug 27, 2024
1 parent 2130210 commit c1075d6
Showing 1 changed file with 67 additions and 28 deletions.
95 changes: 67 additions & 28 deletions .semaphore/release/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,44 @@ version: v1.0
name: Publish official release
agent:
machine:
type: f1-standard-2
type: f1-standard-4
os_image: ubuntu2004

execution_time_limit:
minutes: 600
minutes: 800

blocks:
- name: "Publish official release"
dependencies: []
skip:
# Only run on branches, not PRs.
when: "branch !~ '.+'"
task:
secrets:
- name: quay-robot-calico+semaphoreci
- name: docker
- name: oss-release-secrets
- name: google-service-account-for-gce
- name: openstack-signing-publishing
- name: quay-robot-calico+semaphoreci
- name: docker
- name: oss-release-secrets
- name: google-service-account-for-gce
- name: openstack-signing-publishing
prologue:
commands:
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa
# For some reason, /mnt is 100 GB and has a qemu-nbd image file.
# Let's delete it and use it for our own purposes (building calico
# without running out of space)
- sudo killall qemu-nbd || true
- sudo rm -f /mnt/docker.qcow2
- sudo chown $(id -u):$(id -g) /mnt/
- mkdir calico
- sudo mount --bind /mnt calico
# Checkout the code and unshallow it.
# (this is going to throw an error because it can't remove
# the `calico` directory, which is a mount, but it will
# continue anyway)
- checkout
- retry git fetch --unshallow
- retry git fetch --quiet --unshallow
# Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
# some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
# how much we churn docker containers during the build. Disable it.
Expand All @@ -39,35 +51,62 @@ blocks:
# Log in to container registries needed for release.
- echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
- echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
# Credentials for accessing gcloud, needed to create a GCP VM.
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/secret.google-service-account-key.json
# Credentials for accessing gcloud, needed to push images to gcr
- export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
- gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
# Manually log in to GCR until we can test the gcr credentials helper
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io
- cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
jobs:
- name: "Release on GCP VM"
- name: "Release on Semaphore VM"
execution_time_limit:
minutes: 180
minutes: 360
env_vars:
- name: VAR_FILE
value: /home/semaphore/secrets/release.tfvars
commands:
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} -C hack/release apply; fi
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} -C hack/release release; fi
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} -C hack/release release-publish; fi
- name: "Build Openstack Packages"
execution_time_limit:
minutes: 60
env_vars:
- name: SECRET_KEY
value: /home/semaphore/secrets/launchpad-gpg-key-dfox.key
- name: GCLOUD_ARGS
value: --zone us-east1-c --project tigera-wp-tcp-redirect
- name: HOST
value: ubuntu@binaries-projectcalico-org
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi
- name: "Build Openstack Packages"
dependencies: ["Publish official release"]
skip:
when: "branch !~ '.+'"
task:
secrets:
- name: quay-robot-calico+semaphoreci
- name: docker
- name: oss-release-secrets
- name: google-service-account-for-gce
- name: openstack-signing-publishing
prologue:
commands:
# Load the github access secrets. First fix the permissions.
- chmod 0600 /home/semaphore/.keys/git_ssh_rsa
- ssh-add /home/semaphore/.keys/git_ssh_rsa
# Checkout the code and unshallow it.
- checkout
# Free up space on the build machine.
- sudo rm -rf ~/.kiex ~/.phpbrew ~/.rbenv ~/.nvm ~/.kerl ~/.sbt ~/.npm /usr/lib/jvm /opt/firefox* /opt/apache-maven* /opt/scala /usr/local/golang
# Install more tools
- sudo apt update
- sudo apt install -y moreutils
- make publish-openstack
- sudo apt install -y moreutils patchelf
jobs:
- name: "Build Openstack Packages"
execution_time_limit:
minutes: 60
env_vars:
- name: SECRET_KEY
value: /home/semaphore/secrets/launchpad-gpg-key-dfox.key
- name: GCLOUD_ARGS
value: --zone us-east1-c --project tigera-wp-tcp-redirect
- name: HOST
value: ubuntu@binaries-projectcalico-org
commands:
- if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make publish-openstack; fi
epilogue:
always:
commands:
- make VAR_FILE=/home/semaphore/secrets/release.tfvars -C hack/release destroy
- test -d hack/release/packaging/output && mv -v hack/release/packaging/output hack/release/packaging/openstack
- artifact push workflow hack/release/packaging/openstack

0 comments on commit c1075d6

Please sign in to comment.