Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: release automation #8

Merged
merged 45 commits into from
Oct 12, 2023
Merged
Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
8c9b891
feat: use relative stack location
jta Oct 5, 2023
fa55932
fix: ignore the W3002 lint rule
obs-gh-colinhutchinson Oct 5, 2023
41bd272
chore: ran the Makefile through a linter
obs-gh-colinhutchinson Oct 4, 2023
18e1979
feat: ability to release to multiple regions
obs-gh-colinhutchinson Oct 5, 2023
f94a8fe
wip
obs-gh-colinhutchinson Oct 6, 2023
cb9d4c9
Merge branch 'main' into feat/release
obs-gh-colinhutchinson Oct 6, 2023
d417641
Merge pull request #1 from observeinc/feat/release
obs-gh-colinhutchinson Oct 6, 2023
c7954de
feat: setup automation for github releases
obs-gh-colinhutchinson Oct 6, 2023
4125646
feat: empty commit to force a release
obs-gh-colinhutchinson Oct 6, 2023
6d2e80d
fix: fix the release logic so commits to main are pre-release
obs-gh-colinhutchinson Oct 6, 2023
50f3921
fix: run the release workflow on tags as well
obs-gh-colinhutchinson Oct 6, 2023
50f8dc1
feat: allow for workflow dispatch to enable proper releases
obs-gh-colinhutchinson Oct 6, 2023
830561b
fix: try debuggin why the config option doesn't work
obs-gh-colinhutchinson Oct 6, 2023
6ade509
fix: debug if the issue is the .releaserc
obs-gh-colinhutchinson Oct 6, 2023
266037f
fix: provide absolute path to the releaserc
obs-gh-colinhutchinson Oct 6, 2023
0244d08
fix: continue debugging
obs-gh-colinhutchinson Oct 6, 2023
0b701d5
feat: needs the file extension to keep node happy
obs-gh-colinhutchinson Oct 6, 2023
50acc1f
feat: empty commit to force a release
obs-gh-colinhutchinson Oct 6, 2023
b2d9015
feat: empty commit to force a release
obs-gh-colinhutchinson Oct 6, 2023
8c31500
feat: terraform to setup the aws / github federation
obs-gh-colinhutchinson Oct 6, 2023
4e7f2a1
chore: check the terraform worked
obs-gh-colinhutchinson Oct 6, 2023
af0dbee
feat: connect github releases with AWS SAM releases
obs-gh-colinhutchinson Oct 6, 2023
0f40bb7
feat: connect github releases with AWS SAM releases
obs-gh-colinhutchinson Oct 6, 2023
8559453
chore: revert to see if we can release now
obs-gh-colinhutchinson Oct 6, 2023
4fdc0d0
feat: connect aws sam releases w\ github releases
obs-gh-colinhutchinson Oct 6, 2023
8aab86d
feat: when releasing do a build before doing the github release in ca…
obs-gh-colinhutchinson Oct 6, 2023
99d026f
feat: make all SAM commands region sensitive
obs-gh-colinhutchinson Oct 6, 2023
c5f5af2
docs: ammend the release workflow to the README.md
obs-gh-colinhutchinson Oct 6, 2023
2d8a12c
chore(release): add get-caller-identity to the release workflow
obs-gh-colinhutchinson Oct 10, 2023
88dcbad
fix: set the release version for prerelease and full releases
obs-gh-colinhutchinson Oct 10, 2023
a14eb81
fix: releases need to include the packaged.yaml cloudformation file
obs-gh-colinhutchinson Oct 10, 2023
132d50b
chore: introduce dependabot
obs-gh-colinhutchinson Oct 11, 2023
87838a1
Merge pull request #3 from observeinc/chore/dependabot
obs-gh-colinhutchinson Oct 11, 2023
6c80275
fix: syntax error with sending arguments to the forwarder aws sam sta…
obs-gh-colinhutchinson Oct 11, 2023
5017eea
chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.6.0 (#10)
dependabot[bot] Oct 11, 2023
89abce7
chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.21.1 …
dependabot[bot] Oct 11, 2023
2c46a3b
chore(deps): bump actions/setup-go from 2 to 4 (#5)
dependabot[bot] Oct 11, 2023
e19573f
chore(deps): bump actions/checkout from 2 to 4 (#4)
dependabot[bot] Oct 11, 2023
d59abd0
chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#7)
dependabot[bot] Oct 11, 2023
a7034dc
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#6)
dependabot[bot] Oct 11, 2023
db6b339
fix: don't run releases on dependabot commits
obs-gh-colinhutchinson Oct 11, 2023
4dd04cb
feat: force a release
obs-gh-colinhutchinson Oct 11, 2023
a7dc8af
feat: add beta/latest convenience releases
obs-gh-colinhutchinson Oct 12, 2023
56bcd91
fix: stable pointer only for workflow dispatch
obs-gh-colinhutchinson Oct 12, 2023
8528446
remove references to colin
obs-gh-colinhutchinson Oct 12, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Release

on:
push:
branches:
- main
workflow_dispatch:

jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
pull-requests: write

steps:
- name: checkout
uses: actions/checkout@v2

- name: build
run: make sam-build-all

- name: Setup AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: us-west-2

- name: github pre-release
id: prerelease
if: github.event_name == 'push'
uses: ahmadnassri/action-semantic-release@v2
with:
config: ${{ github.workspace }}/.releaserc.json
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: github full release
id: fullrelease
if: github.event_name == 'workflow_dispatch'
uses: ahmadnassri/action-semantic-release@v2
with:
config: ${{ github.workspace }}/.releaserc-release.json
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: aws sam release
run: make sam-package-all-regions
env:
VERSION: ${{ steps.prerelease.outputs.release-version }}

2 changes: 2 additions & 0 deletions .github/workflows/sam-lint.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
name: Run Lint

on:
push:
branches:
Expand Down
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,11 @@
.aws-sam/
.*.swp
build/

.terraform
terraform.tfstate
*.tfstate*
terraform.tfvars
tfplan

.terraform.lock.hcl
9 changes: 9 additions & 0 deletions .releaserc-release.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"branches": ["main"],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/changelog",
"@semantic-release/github"
]
}
22 changes: 22 additions & 0 deletions .releaserc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"branches": [
{
"name": "release",
"channel": false,
"prerelease": false,
"type": "maintenance"
},
Comment on lines +3 to +8
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for future historians: this is a hack to trick semantic-release that we want main to do prereleases

{
"name": "main",
"channel": "beta",
"prerelease": "beta"
}
],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/changelog",
"@semantic-release/github"
]
}

45 changes: 39 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ SHELL := /bin/bash
.DEFAULT_GOAL := help
.ONESHELL:

REGIONS := us-west-1 us-east-1
S3_BUCKET_PREFIX ?= colin-observeinc
obs-gh-colinhutchinson marked this conversation as resolved.
Show resolved Hide resolved
VERSION ?= unreleased

define check_var
@if [ -z "$($1)" ]; then
echo >&2 "Please set the $1 variable";
Expand Down Expand Up @@ -41,28 +45,56 @@ sam-lint-all:
APP=$$dir $(MAKE) sam-lint || exit 1;
done

.PHONY: sam-build-all
## sam-build-all: build assets for all SAM applications across all regions
sam-build-all:
@ for app in $(SUBDIR); do \
for region in $(REGIONS); do \
APP=$$app AWS_REGION=$$region $(MAKE) sam-build || exit 1; \
done \
done

## sam-build: build assets
sam-build:
$(call check_var,APP)
$(call check_var,AWS_REGION)
cd apps/$(APP) && sam build --region $(AWS_REGION)
cd apps/$(APP) && sam build --region $(AWS_REGION) --build-dir .aws-sam/build/$(AWS_REGION)

## sam-package: package cloudformation templates and push assets to S3
sam-package: sam-build
$(call check_var,AWS_REGION)
sam package --template apps/$(APP)/.aws-sam/build/template.yaml --output-template-file apps/$(APP)/.aws-sam/build/packaged.yaml --region $(AWS_REGION) --debug --resolve-s3

## sam-publish: publish serverless repo app
sam-publish: sam-package
$(call check_var,AWS_REGION)
sam publish --template-file apps/$(APP)/.aws-sam/build/packaged.yaml --region $(AWS_REGION)
sam publish \
--template-file apps/$(APP)/.aws-sam/build/$(AWS_REGION)/packaged.yaml \
--region $(AWS_REGION)

## sam-package-all: package all cloudformation templates and push assets to S3
sam-package-all:
for dir in $(SUBDIR); do
APP=$$dir $(MAKE) sam-package || exit 1;
done

## sam-package: package cloudformation templates and push assets to S3
sam-package: sam-build
$(call check_var,APP)
$(call check_var,AWS_REGION)
sam package \
--template-file apps/$(APP)/.aws-sam/build/$(AWS_REGION)/template.yaml \
--output-template-file apps/$(APP)/.aws-sam/build/$(AWS_REGION)/packaged.yaml \
--s3-bucket $(S3_BUCKET_PREFIX)-$(AWS_REGION) \
--s3-prefix apps/$(APP)/$(VERSION) \
--region $(AWS_REGION) \
--debug

.PHONY: sam-package-all-regions
## sam-package-all-regions: Packages and uploads all SAM applications to S3 in multiple regions
sam-package-all-regions:
@ for app in $(SUBDIR); do \
for region in $(REGIONS); do \
APP=$$app AWS_REGION=$$region $(MAKE) sam-package || exit 1; \
done \
done

## sam-publish-all: publish all apps
sam-publish-all:
for dir in $(SUBDIR); do
Expand All @@ -79,3 +111,4 @@ build-Forwarder:
APP=forwarder $(MAKE) build-App

.PHONY: help go-lint go-lint-all go-test sam-lint sam-lint-all sam-build sam-package sam-publish sam-package-all sam-publish-all build-App build-Forwarder

7 changes: 7 additions & 0 deletions infrastructure/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
terraform {
backend "s3" {
bucket = "observeinc-terraform-state"
region = "us-west-2"
key = "github.com/observeinc/colin-aws-sam-testing"
obs-gh-colinhutchinson marked this conversation as resolved.
Show resolved Hide resolved
}
}
57 changes: 57 additions & 0 deletions infrastructure/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
locals {
organization = "observeinc"
repository = "colin-aws-sam-testing"
obs-gh-colinhutchinson marked this conversation as resolved.
Show resolved Hide resolved
}

data "aws_iam_openid_connect_provider" "github_actions" {
url = "https://token.actions.githubusercontent.com"
}

locals {
oidc_claim_prefix = trimprefix(data.aws_iam_openid_connect_provider.github_actions.url, "https://")
}

data "aws_iam_policy_document" "github_actions_assume_role" {
statement {
actions = ["sts:AssumeRoleWithWebIdentity"]

principals {
type = "Federated"
identifiers = [data.aws_iam_openid_connect_provider.github_actions.arn]
}

condition {
test = "StringLike"
variable = "${local.oidc_claim_prefix}:sub"
values = ["repo:${local.organization}/${local.repository}:*"]
}

condition {
test = "StringEquals"
variable = "${local.oidc_claim_prefix}:aud"
values = ["sts.amazonaws.com"]
}
}
}

resource "aws_iam_role" "github_actions_ci" {
name = "${local.repository}-gha-ci"

assume_role_policy = data.aws_iam_policy_document.github_actions_assume_role.json

tags = {
Principal = "GitHub Actions"
Repository = "${local.organization}/${local.repository}"
}
}

resource "aws_iam_role_policy_attachment" "admin_policy_attachment" {
role = aws_iam_role.github_actions_ci.name
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}

resource "github_actions_secret" "aws_ci_role" {
repository = local.repository
secret_name = "AWS_ROLE_ARN"
plaintext_value = aws_iam_role.github_actions_ci.arn
}
Empty file added infrastructure/outputs.tf
Empty file.
3 changes: 3 additions & 0 deletions infrastructure/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "github" {
owner = local.organization
}
Empty file added infrastructure/variables.tf
Empty file.
15 changes: 15 additions & 0 deletions infrastructure/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
terraform {
required_version = ">= 1.1.0"

required_providers {
github = {
source = "integrations/github"
version = "~> 5"
}

aws = {
source = "hashicorp/aws"
version = "~> 5"
}
}
}