Apply our customizations on top of upstream release-2.5

.circleci/config.yml

@@ -0,0 +1,100 @@
+version: 2.1
+orbs:
+  go: circleci/go@1.11.0
+
+jobs:
+  test:
+    resource_class: large
+    executor:
+      name: go/default
+      tag: "1.22.3"
+    steps:
+      - checkout
+      - go/load-cache
+      - go/mod-download
+      - run:
+          command: make setup-envtest
+      - go/save-cache
+      - run:
+          command: make test
+
+  build:
+    machine:
+      image: "ubuntu-2204:2024.05.1"
+    environment:
+      ALL_ARCH: "amd64 arm64"
+      REGISTRY_AZURE: gsoci.azurecr.io/giantswarm
+      REGISTRY_QUAY: quay.io/giantswarm
+      REGISTRY_CHINA: giantswarm-registry.cn-shanghai.cr.aliyuncs.com/giantswarm
+    steps:
+      - checkout
+
+      - run:
+          name: Build the CAPA docker images
+          command: |
+            for registry in $REGISTRY_AZURE $REGISTRY_QUAY $REGISTRY_CHINA; do
+              make docker-build-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$registry
+
+              if [ -n "$CIRCLE_TAG" ]; then
+                echo "Building tag $CIRCLE_TAG"
+                make docker-build-all ALL_ARCH="$ALL_ARCH" TAG="$CIRCLE_TAG" REGISTRY=$registry
+              fi
+            done
+
+      - run:
+          name: Push to Azure
+          command: |
+            docker login --username $ACR_GSOCI_USERNAME --password $ACR_GSOCI_PASSWORD "${REGISTRY_AZURE%/*}"
+
+            make docker-push-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$REGISTRY_AZURE
+
+            if [ -n "$CIRCLE_TAG" ]; then
+              echo "Pushing tag $CIRCLE_TAG"
+              make docker-push-all ALL_ARCH="$ALL_ARCH" TAG="$CIRCLE_TAG" REGISTRY=$REGISTRY_AZURE
+            fi
+
+      - run:
+          name: Push to quay
+          command: |
+            docker login --username $QUAY_USERNAME --password $QUAY_PASSWORD quay.io
+
+            make docker-push-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$REGISTRY_QUAY
+
+            if [ -n "$CIRCLE_TAG" ]; then
+              echo "Pushing tag $CIRCLE_TAG"
+              make docker-push-all ALL_ARCH="$ALL_ARCH" TAG="$CIRCLE_TAG" REGISTRY=$REGISTRY_QUAY
+            fi
+
+      - run:
+          name: Push to aliyun
+          command: |
+            for n in $(seq 1 5); do
+              (
+                set -eu
+                docker login --username $ALIYUN_USERNAME --password $ALIYUN_PASSWORD giantswarm-registry.cn-shanghai.cr.aliyuncs.com
+
+                make docker-push-all ALL_ARCH="$ALL_ARCH" TAG=$CIRCLE_SHA1 REGISTRY=$REGISTRY_CHINA
+
+                if [ -n "${CIRCLE_TAG:-}" ]; then
+                  echo "Pushing tag $CIRCLE_TAG"
+                  make docker-push-all ALL_ARCH="$ALL_ARCH" TAG="$CIRCLE_TAG" REGISTRY=$REGISTRY_CHINA
+                fi
+              ) || { echo "Failed attempt ${n}"; sleep 30; continue; }
+
+              echo "Succeeded in attempt ${n}"
+              exit 0
+            done
+
+            exit 1
+
+workflows:
+  version: 2
+  build_and_update:
+    jobs:
+      - build:
+          context:
+            - architect
+          filters:
+            tags:
+              only: /^v.*/
+      - test

.github/workflows/release.yaml

@@ -1,38 +1,76 @@
+# As opposed to https://github.com/kubernetes-sigs/cluster-api (CAPI), the CAPA upstream project does not offer
+# a GitHub action to automatically create releases from tags (as of 2023-08-21). Therefore, this is a Giant Swarm
+# fork-specific addition. We require a GitHub release containing the YAML manifests which we use in
+# cluster-api-provider-aws-app. Since doing this manually is very error-prone (see
+# `docs/book/src/development/releasing.md`), we run the needed commands here.
+
 name: release
 
 on:
   push:
     tags:
-    - 'v*'
+      - 'v*'
 
 permissions:
-  contents: write # required to write to github release.
+  contents: write # allow creating a release
 
 jobs:
-  release:
+  build:
     name: Create draft release
     runs-on: ubuntu-latest
+    env:
+      GH_ORG_NAME: giantswarm
     steps:
-      - name: checkout code
-        uses: actions/checkout@v4
+      - name: Set env
+        run: |
+          if echo "${GITHUB_REF}" | grep -qF "vX.Y"; then
+            >&2 echo "ERROR: Oops, you copy-pasted verbatim from the README.md - please ensure to replace 'vX.Y.Z' with an actual tag"
+            exit 1
+          fi
+
+          echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV # strip off `refs/tags/` prefix
+
+      - name: Check out code
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3.5.0
         with:
           fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      - name: Set version info
-        run: |
-          echo "VERSION=${GITHUB_REF_NAME}" >> $GITHUB_ENV
-          echo "PREVIOUS_VERSION=$(git describe --abbrev=0 2> /dev/null)" >> $GITHUB_ENV
-          echo "RELEASE_BRANCH=release-$(echo ${GITHUB_REF_NAME} | grep -Eo '[0-9]\.[0-9]+')" >> $GITHUB_ENV
-          echo "RELEASE_TAG=${GITHUB_REF_NAME}" >> $GITHUB_ENV
-      - name: Run release
-        run: |
-          echo "Version is: $VERSION"
-          echo "Previous version is: $PREVIOUS_VERSION"
-          echo "Release branch is: $RELEASE_BRANCH"
-          echo "Release tag is: $RELEASE_TAG"
-          make release
+
+      # - name: Calculate Go version
+      #   run: echo "go_version=$(make go-version)" >> $GITHUB_ENV
+
+      # - name: Set up Go
+      #   uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # tag=v3.5.0
+      #   with:
+      #     go-version: ${{ env.go_version }}
+
+      - name: Generate release artifacts
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: "unused" # since we create the release without using CAPA's Makefile target
+        run: |
+          # Dealing with changelogs isn't that easy since Giant Swarm releases can jump from `v2.2.0` to `v2.3.1`
+          # as we skip intermediate releases. Therefore, finding the required value for `PREVIOUS_VERSION` would be
+          # a manual task. Better not deal with the changelog right now since it's unlikely that someone will look
+          # at those in our fork (as compared to upstream's releases).
+          printf '#!/bin/sh\necho "Changelogs are not filled in this fork"\n' > hack/releasechangelog.sh # old path of this tool
+          mkdir -p hack/tools/bin
+          printf '#!/bin/sh\necho "Changelogs are not filled in this fork" > out/CHANGELOG.md\n' > hack/tools/bin/release-notes
+          chmod +x hack/tools/bin/release-notes
+
+          # We don't need the binaries and other stuff in the release, either. Really only the YAML manifests.
+          sed -i -E -e '/\$\(MAKE\) (release-binaries|release-templates|release-policies)/d' Makefile
+          sed -i -E -e '/cp metadata.yaml/d' Makefile
+
+          # To allow the above changes since normally the Makefile wouldn't allow a dirty Git repo
+          sed -i -e '/Your local git repository contains uncommitted changes/d' Makefile
+
+          (set -x; make PREVIOUS_VERSION="${RELEASE_TAG}" RELEASE_TAG="${RELEASE_TAG}" release)
+
+      # Instead of `make VERSION="${RELEASE_TAG}" create-gh-release upload-gh-artifacts`, which requires GitHub CLI
+      # authentication, use an action which does the same.
+      - name: Release
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag=v1
+        with:
+          draft: true
+          files: out/*
+          body: "This fork does not provide release changelogs."
+          # `name` not needed since this takes the tag by default (which we also use above as ${RELEASE_TAG})