saltstack/salt-bootstrap
1
0
Fork 0
mirror of https://github.com/saltstack/salt-bootstrap.git synced 2025-04-10 06:41:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove automated PR against salt repo at release

Browse source
This commit is contained in:
ScriptAutomate 2024-01-18 16:20:33 -06:00
parent d6ed8ea269
commit ec283baa3f
No known key found for this signature in database
GPG key ID: 6F4D4968290432A9
2 changed files with 4 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
.github/workflows/release.yml vendored
View file

@ -444,95 +444,3 @@ jobs:
atomic: true atomic: true
branch: develop branch: develop
repository: ${{ github.repository }} repository: ${{ github.repository }}
salt:
name: Update Release on Salt Repo
runs-on:
- self-hosted
- linux
- repo-release
needs:
- update-develop-checksums
environment: release
permissions:
contents: write # For action peter-evans/create-pull-request
pull-requests: write # For action peter-evans/create-pull-request
steps:
- uses: actions/checkout@v3
with:
ref: stable
repository: ${{ github.repository }}
- name: Get bootstrap version
run: |
echo "BS_VERSION=$(sh bootstrap-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV"
- uses: actions/checkout@v3
with:
repository: saltstack/salt
ref: master
path: salt-checkout
token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}
- name: Setup GnuPG
run: |
sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
GNUPGHOME="$(mktemp -d -p /run/gpg)"
echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
cat <<EOF > "${GNUPGHOME}/gpg.conf"
batch
no-tty
pinentry-mode loopback
EOF
- name: Get Secrets
id: get-secrets
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Update bootstrap script on Salt
run: |
cp bootstrap-salt.sh salt-checkout/salt/cloud/deploy/bootstrap-salt.sh
- name: Commit Changes
working-directory: salt-checkout/
run: |
git commit -am "Update the bootstrap script to v${{ env.BS_VERSION }}"
- name: Create Pull Request Against Develop
uses: peter-evans/create-pull-request@v5
with:
title: "Update the bootstrap script to v${{ env.BS_VERSION }}"
path: salt-checkout
base: master
token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}
author: "Salt Project Packaging <saltproject-packaging@vmware.com>"
committer: "Salt Project Packaging <saltproject-packaging@vmware.com>"
commit-message: Update the bootstrap script to v${{ env.BS_VERSION }}
signoff: true
delete-branch: true

11
RELEASE.md
View file

@ -3,13 +3,10 @@
- See if there are any PRs worth squeezing into release. - See if there are any PRs worth squeezing into release.
- Go through the changes since last release, add them to changelog. - Go through the changes since last release, add them to changelog.
- Add any new authors to the AUTHORS file. - Add any new authors to the AUTHORS file.
- If there's a new Salt release(major), update the script to add support for it. - If there's a new Salt release (major), update the script to add support for it.
- Bump version for release. - Bump version for release.
- Open PR against develop with these changes. - Open PR against develop with these changes.
- Once the above PR is merged, open a PR against stable with the changes from develop. - Once the above PR is merged, go to [Cut Release](https://github.com/saltstack/salt-bootstrap/actions/workflows/release.yml) and `Run workflow` against `develop` branch
- Once the above PR is merged, wait until an automatic PR is opened against stable which updates the checksums. - Open a new PR against the branch of the oldest supported version of [the salt repo](https://github.com/saltstack/salt) (ex. `3006.x`), and replace `salt/cloud/deploy/bootstrap-salt.sh` with the latest `bootstrap-salt.sh` file
- Once the above PR is merged, tag the release `v{version-here}` and push the tag. - When that PR is merged into [the salt repo](https://github.com/saltstack/salt), merge-forwards into the latest branches and `master` will ensure that the latest bootstrap script is available
- Wait until an automatic PR is opened against the develop branch updating the checksums in `README.rst`. Merge it.
- Check that an automated PR was opened against the salt repo updating the bootstrap script, located in `salt/cloud/deploy/bootstrap-salt.sh`
- Victory! - Victory!