diff --git a/.github/workflows/release-v1.yaml b/.github/workflows/release-v1.yaml new file mode 100644 index 00000000000..87c9888ae9e --- /dev/null +++ b/.github/workflows/release-v1.yaml @@ -0,0 +1,95 @@ +name: Release Charts v1 + +on: + push: + tags: + - "v1.*.*" + workflow_dispatch: + inputs: + git_ref: + description: 'Branch or commit hash (for v1.x branch)' + required: true + type: string + release_tag: + description: 'Release tag (empty means the same with GitRef)' + required: false + type: string + br_federation: + description: 'Whether to release BR federation manager' + required: false + type: boolean + default: true + fips: + description: 'Whether to enable FIPS' + required: false + type: boolean + default: false + +jobs: + release-charts: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.git_ref || github.ref }} + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: '3.14.0' + + - name: Determine release tag and validate + id: release_tag + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + RELEASE_TAG="${{ github.event.inputs.release_tag }}" + if [ -z "$RELEASE_TAG" ]; then + RELEASE_TAG="${{ github.event.inputs.git_ref }}" + fi + if [ "${{ github.event.inputs.fips }}" == "true" ]; then + RELEASE_TAG="${RELEASE_TAG}-fips" + fi + BR_FEDERATION="${{ github.event.inputs.br_federation }}" + if [ -z "$BR_FEDERATION" ]; then + BR_FEDERATION="true" + fi + else + # push tags + RELEASE_TAG="${{ github.ref_name }}" + BR_FEDERATION="true" + fi + + if [[ ! "$RELEASE_TAG" =~ ^v1\.[0-9]+\.[0-9]+ ]]; then + echo "Error: Release tag must be v1.x.x format, got: $RELEASE_TAG" + echo "This workflow is only for v1.x releases. Please use the correct version format." + exit 1 + fi + + echo "tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT + echo "br_federation=${BR_FEDERATION}" >> $GITHUB_OUTPUT + + - name: Build charts + env: + V_RELEASE: ${{ steps.release_tag.outputs.tag }} + BR_FEDERATION: ${{ steps.release_tag.outputs.br_federation }} + run: | + make charts/build + + - name: Update index.yaml + if: ${{ !contains(steps.release_tag.outputs.tag, 'latest') && !contains(steps.release_tag.outputs.tag, 'nightly') && !contains(steps.release_tag.outputs.tag, 'test') }} + run: | + set -e + CHARTS_BUILD_DIR="output/chart" + cd ${CHARTS_BUILD_DIR} + curl -f http://charts.pingcap.org/index.yaml -o index.yaml 2>/dev/null || true + helm repo index . --url https://charts.pingcap.org/ --merge index.yaml 2>/dev/null || helm repo index . --url https://charts.pingcap.org/ + + - name: Upload all charts and index.yaml to Tencent COS + uses: sylingd/tencent-cos-and-cdn-action@v1 + with: + secret_id: ${{ secrets.TENCENT_COS_ACCESS_KEY }} + secret_key: ${{ secrets.TENCENT_COS_SECRET_KEY }} + cos_bucket: ${{ vars.TENCENT_COS_BUCKET_NAME }} + cos_region: ap-beijing + local_path: ./output/chart + remote_path: / \ No newline at end of file diff --git a/Makefile b/Makefile index bee03ae2f6b..cecd439ea6d 100644 --- a/Makefile +++ b/Makefile @@ -218,3 +218,8 @@ endef $(addprefix bin/,$(GO_TOOL_BIN)): bin/%: tidy/% $(call make_bin_target,$(patsubst bin/%,%,$@)) ./hack/tools.sh $(patsubst bin/%,%,$@) + + +.PHONY: charts/build +charts/build: + $(ROOT)/hack/charts-build.sh \ No newline at end of file diff --git a/hack/charts-build.sh b/hack/charts-build.sh new file mode 100755 index 00000000000..590fd6124a6 --- /dev/null +++ b/hack/charts-build.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# Copyright 2024 PingCAP, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -o errexit +set -o nounset +set -o pipefail + +ROOT=$(cd $(dirname "${BASH_SOURCE[0]}")/..; pwd -P) + +RELEASE_TAG=${V_RELEASE:-"test"} +CHARTS_BUILD_DIR="output/chart" +CHART_ITEMS="tidb-operator tidb-drainer tidb-lightning" +BR_FEDERATION=${BR_FEDERATION:-"true"} + +mkdir -p ${CHARTS_BUILD_DIR} + +# Build charts +for chartItem in ${CHART_ITEMS}; do + [ ! -d "charts/${chartItem}" ] && continue + + chartPrefixName="${chartItem}-${RELEASE_TAG}" + + # Update Chart.yaml + sed -i.bak "s/^version:.*/version: ${RELEASE_TAG}/g" charts/${chartItem}/Chart.yaml + sed -i.bak "s/^appVersion:.*/appVersion: ${RELEASE_TAG}/g" charts/${chartItem}/Chart.yaml + rm -f charts/${chartItem}/Chart.yaml.bak + + # Update values.yaml + sed -i.bak -E "s#pingcap/(tidb-operator|tidb-backup-manager):[^[:space:]]*#pingcap/\\1:${RELEASE_TAG}#g" charts/${chartItem}/values.yaml 2>/dev/null || true + rm -f charts/${chartItem}/values.yaml.bak 2>/dev/null || true + + # Package chart + tar -zcf ${CHARTS_BUILD_DIR}/${chartPrefixName}.tgz -C charts ${chartItem} + sha256sum ${CHARTS_BUILD_DIR}/${chartPrefixName}.tgz > ${CHARTS_BUILD_DIR}/${chartPrefixName}.sha256 +done + +# Handle br-federation +if [[ "$BR_FEDERATION" == "true" ]] && [ -d "charts/br-federation" ]; then + chartItem="br-federation" + chartPrefixName="${chartItem}-${RELEASE_TAG}" + sed -i.bak "s/^version:.*/version: ${RELEASE_TAG}/g" charts/${chartItem}/Chart.yaml + sed -i.bak "s/^appVersion:.*/appVersion: ${RELEASE_TAG}/g" charts/${chartItem}/Chart.yaml + rm -f charts/${chartItem}/Chart.yaml.bak + sed -i.bak -E "s#pingcap/br-federation-manager:[^[:space:]]*#pingcap/br-federation-manager:${RELEASE_TAG}#g" charts/${chartItem}/values.yaml + rm -f charts/${chartItem}/values.yaml.bak + tar -zcf ${CHARTS_BUILD_DIR}/${chartPrefixName}.tgz -C charts ${chartItem} + sha256sum ${CHARTS_BUILD_DIR}/${chartPrefixName}.tgz > ${CHARTS_BUILD_DIR}/${chartPrefixName}.sha256 +fi \ No newline at end of file