Cleanup old EEC after rename (#5848) (#5851) #219

Workflow file for this run

.github/workflows/release.yaml at bbea472

	name: Release
	on:
	push:
	tags:
	- v[0-9]+.[0-9]+.[0-9]+
	- v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+ # include prerelease tags too

	env:
	GOOGLE_MARKETPLACE_ANNOTATION: com.googleapis.cloudmarketplace.product.service.name=services/dynatrace-operator-dynatrace-marketplace-prod.cloudpartnerservices.goog
	PLATFORMS: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
	DEPLOYER_PLATFORMS: linux/amd64

	jobs:
	prepare:
	permissions:
	contents: read
	id-token: write
	name: Prepare properties
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Prepare build parameters
	id: prep
	run: \|
	hack/build/ci/prepare-build-variables.sh
	outputs:
	labels: ${{ steps.prep.outputs.docker_image_labels }}
	version: ${{ steps.prep.outputs.docker_image_tag }}
	version_without_prefix: ${{ steps.prep.outputs.docker_image_tag_without_prefix }}

	build-push:
	name: Build images
	environment: Release
	runs-on: ubuntu-24.04
	permissions:
	id-token: write
	env:
	GCR_IMAGE: gcr.io/${{ secrets.GCR_REPOSITORY }}
	ECR_IMAGE: public.ecr.aws/${{ secrets.ECR_REPOSITORY }}
	RHCC_IMAGE: quay.io/${{ secrets.RHCC_REPOSITORY }}
	DOCKER_IMAGE: docker.io/${{ secrets.DOCKERHUB_REPOSITORY }}
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Login to GCR
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: gcr.io
	username: ${{ secrets.GCR_USERNAME }}
	password: ${{ secrets.GCR_JSON_KEY }}
	- name: Login to RHCC
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: quay.io
	username: ${{ secrets.RHCC_USERNAME }}
	password: ${{ secrets.RHCC_PASSWORD }}
	- name: Login to Docker
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: docker.io
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}
	- name: Configure aws credentials
	uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
	with:
	role-to-assume: ${{ secrets.ECR_IMAGEPUSH_ROLE }}
	aws-region: us-east-1
	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
	with:
	registry-type: public
	- name: Build image
	id: build-image
	uses: ./.github/actions/build-push-image
	with:
	platforms: ${{ env.PLATFORMS }}
	images: ${{ env.RHCC_IMAGE }},${{ env.GCR_IMAGE }},${{ env.ECR_IMAGE }},${{ env.DOCKER_IMAGE }}
	annotation: ${{ env.GOOGLE_MARKETPLACE_ANNOTATION }}
	outputs:
	digest: ${{steps.build-image.outputs.digest}}

	signing:
	name: Sign the image index/manifests + Add SBOM
	environment: Release
	needs: [prepare, build-push]
	runs-on: ubuntu-24.04
	permissions:
	id-token: write
	strategy:
	matrix:
	registry: [gcr, dockerhub, amazon-ecr, rhcc]
	include:
	- registry: gcr
	url: gcr.io
	repository: GCR_REPOSITORY
	username: GCR_USERNAME
	password: GCR_JSON_KEY
	- registry: dockerhub
	url: docker.io
	repository: DOCKERHUB_REPOSITORY
	username: DOCKERHUB_USERNAME
	password: DOCKERHUB_PASSWORD
	- registry: amazon-ecr
	url: public.ecr.aws
	repository: ECR_REPOSITORY
	- registry: rhcc
	url: quay.io
	username: RHCC_USERNAME
	password: RHCC_PASSWORD
	repository: RHCC_REPOSITORY
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Login to Registry
	if: ${{ matrix.registry != 'amazon-ecr' }}
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ${{ matrix.url }}
	username: ${{ secrets[matrix.username] }}
	password: ${{ secrets[matrix.password] }}
	- name: Configure aws credentials
	if: ${{ matrix.registry == 'amazon-ecr' }}
	uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
	with:
	role-to-assume: ${{ secrets.ECR_IMAGEPUSH_ROLE }}
	aws-region: us-east-1
	- name: Login to Amazon ECR
	if: ${{ matrix.registry == 'amazon-ecr' }}
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
	with:
	registry-type: public
	- name: Sign images for ${{matrix.registry}}
	uses: ./.github/actions/sign-image
	with:
	image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{ needs.build-push.outputs.digest }}
	signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	signing-password: ${{ secrets.COSIGN_PASSWORD }}
	- name: Create sbom for ${{matrix.registry}}
	id: sbom
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
	with:
	image-ref: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{ needs.build-push.outputs.digest }}
	format: 'cyclonedx'
	output: 'result.json'
	skip-dirs: '/usr/share/dynatrace-operator/third_party_licenses'
	skip-files: '/usr/local/bin/dynatrace-operator'
	- name: Upload sbom to ${{matrix.registry}}
	uses: ./.github/actions/upload-sbom
	with:
	image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{ needs.build-push.outputs.digest }}
	sbom: 'result.json'
	signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	signing-password: ${{ secrets.COSIGN_PASSWORD }}

	run-preflight-rhcc:
	name: Run preflight for rhcc
	environment: Release
	needs: [ prepare, build-push]
	runs-on: ubuntu-24.04
	env:
	SCAN_REGISTRY: "quay.io"
	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Login to Registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ${{ env.SCAN_REGISTRY }}
	username: ${{ secrets.RHCC_USERNAME }}
	password: ${{ secrets.RHCC_PASSWORD }}
	- name: Run preflight
	uses: ./.github/actions/preflight
	with:
	version: ${{ needs.prepare.outputs.version }}
	registry: ${{ env.SCAN_REGISTRY }}
	repository: ${{ secrets.RHCC_REPOSITORY }}
	report-name: "preflight.json"
	redhat-project-id: ${{ secrets.REDHAT_PROJECT_ID }}
	pyxis-api-token: ${{ secrets.PYXIS_API_TOKEN }}
	should-submit: "true"

	release:
	name: Create release
	needs: [prepare, build-push, signing, run-preflight-rhcc]
	environment: Release
	permissions:
	contents: write
	pull-requests: write
	id-token: write
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout code
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Setup Golang
	uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
	with:
	go-version-file: "${{ github.workspace }}/go.mod"
	- name: Generate release notes
	shell: bash
	env:
	PRE_RELEASE: ${{ contains(github.ref, '-rc.') }}
	run: \|
	hack/build/ci/generate-release-notes.sh
	- name: Generate K8s manifests
	shell: bash
	env:
	VERSION_WITHOUT_PREFIX: ${{ needs.prepare.outputs.version_without_prefix }}
	VERSION: ${{ needs.prepare.outputs.version }}
	run: \|
	make manifests/crd/release CHART_VERSION="${VERSION_WITHOUT_PREFIX}"

	make manifests/kubernetes/olm IMAGE="public.ecr.aws/dynatrace/dynatrace-operator" TAG="${VERSION}@${{needs.build-push.outputs.digest}}"
	make manifests/kubernetes IMAGE="public.ecr.aws/dynatrace/dynatrace-operator" TAG="${VERSION}@${{needs.build-push.outputs.digest}}"
	make manifests/openshift/olm IMAGE="registry.connect.redhat.com/dynatrace/dynatrace-operator" TAG="${VERSION}@${{needs.build-push.outputs.digest}}"
	make manifests/openshift IMAGE="registry.connect.redhat.com/dynatrace/dynatrace-operator" TAG="${VERSION}@${{needs.build-push.outputs.digest}}"
	cp config/deploy/kubernetes/kubernetes.yaml config/deploy/kubernetes/gke-autopilot.yaml
	- name: Build helm packages
	uses: ./.github/actions/build-helm
	with:
	version_without_prefix: ${{ needs.prepare.outputs.version_without_prefix }}
	github-token: ${{ secrets.GITHUB_TOKEN }}
	secring: ${{ secrets.HELM_SECRING }}
	passphrase: ${{ secrets.HELM_PASSPHRASE }}
	output-dir: "./helm-pkg"
	- name: Login Helm to dockerhub
	shell: bash
	run: \|
	helm registry login -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.DOCKERHUB_PASSWORD }}" "registry.hub.docker.com"
	- name: Login Docker to dockerhub
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: docker.io
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}
	- name: Upload and sign helm package to dockerhub
	uses: ./.github/actions/upload-helm
	with:
	version: ${{ needs.prepare.outputs.version }}
	version-without-prefix: ${{ needs.prepare.outputs.version_without_prefix }}
	cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	cosign-password: ${{ secrets.COSIGN_PASSWORD }}
	- name: Configure aws credentials
	uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
	with:
	role-to-assume: ${{ secrets.ECR_IMAGEPUSH_ROLE }}
	aws-region: us-east-1
	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
	with:
	registry-type: public
	- name: Upload and sign helm package to Amazon ECR
	uses: ./.github/actions/upload-helm
	with:
	registry-url: public.ecr.aws
	image-base-url: public.ecr.aws
	version: ${{ needs.prepare.outputs.version }}
	version-without-prefix: ${{ needs.prepare.outputs.version_without_prefix }}
	cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	cosign-password: ${{ secrets.COSIGN_PASSWORD }}
	- name: Prepare cosign.pub artifact
	env:
	COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
	run: \|
	mkdir -p tmp
	echo ${COSIGN_PUBLIC_KEY} \| base64 -d > tmp/cosign.pub
	- name: Create pre-release
	uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
	if: ${{ contains(github.ref, '-rc.') }}
	with:
	body_path: ./CHANGELOG.md
	files: \|
	tmp/cosign.pub
	config/deploy/dynatrace-operator-crd.yaml
	config/deploy/kubernetes/kubernetes.yaml
	config/deploy/openshift/openshift.yaml
	config/deploy/kubernetes/kubernetes-csi.yaml
	config/deploy/openshift/openshift-csi.yaml
	token: ${{ secrets.GITHUB_TOKEN }}
	prerelease: true
	draft: true
	fail_on_unmatched_files: true
	- name: Create release
	uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
	if: ${{ !contains(github.ref, '-rc.') }}
	with:
	body_path: ./CHANGELOG.md
	files: \|
	tmp/cosign.pub
	config/deploy/dynatrace-operator-crd.yaml
	config/deploy/kubernetes/kubernetes.yaml
	config/deploy/kubernetes/gke-autopilot.yaml
	config/deploy/openshift/openshift.yaml
	config/deploy/kubernetes/kubernetes-csi.yaml
	config/deploy/openshift/openshift-csi.yaml
	helm-pkg/dynatrace-operator-${{ needs.prepare.outputs.version_without_prefix }}.tgz
	helm-pkg/dynatrace-operator-${{ needs.prepare.outputs.version_without_prefix }}.tgz.prov
	token: ${{ secrets.GITHUB_TOKEN }}
	prerelease: false
	draft: true
	fail_on_unmatched_files: true
	- name: Upload Changelog as artifact
	uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
	with:
	name: changelog
	path: CHANGELOG.md
	if-no-files-found: warn
	- name: Update index helm file
	if: ${{ !contains(github.ref, '-rc.') }}
	env:
	VERSION_WITHOUT_PREFIX: ${{ needs.prepare.outputs.version_without_prefix }}
	run: \|
	echo "Getting index.yaml from main branch"
	git fetch origin main
	git restore --source origin/main -- config/helm/repos/stable/index.yaml
	echo "Updating Helm repo index"
	hack/build/ci/generate-new-helm-index-yaml.sh "helm-pkg" ${{ needs.prepare.outputs.version_without_prefix }}
	- name: Create pull request for adding helm index to main branch
	if: ${{ !contains(github.ref, '-rc.') }}
	uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
	with:
	base: main
	delete-branch: true
	branch: create-pull-request/update-helm-index
	branch-suffix: short-commit-hash
	add-paths: \|
	./config/helm/repos/stable/index.yaml
	./config/helm/repos/stable/index.yaml.previous
	title: '[Automatic] Update index for ${{ github.ref }} release'
	commit-message: Update index.yaml
	committer: GitHub <[email protected]>
	author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
	body: \|
	# Description
	Upgrade `index.yaml` to include latest version of the helm chart.
	## How can this be tested?
	Helm upgrade to and install of `${{ github.ref }}` works.
	## Checklist
	- [x] PR is labeled accordingly

	update-csv-bundles:
	needs: prepare
	runs-on: ubuntu-24.04
	if: ${{ !contains(github.ref, '-rc.') }}
	permissions:
	contents: write
	pull-requests: write
	steps:
	- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	- name: Download changelog
	uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
	with:
	name: changelog
	path: changelog_artifact
	- uses: ./.github/actions/update-csv-bundles
	with:
	version: ${{ needs.prepare.outputs.version_without_prefix }}
	changelog-path: ./changelog_artifact/CHANGELOG.md
	app-id: ${{ secrets.RELEASE_APP_ID }}
	private-key: ${{ secrets.RELEASE_APP_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cleanup old EEC after rename (#5848) (#5851) #219

Workflow file

Cleanup old EEC after rename (#5848) (#5851) #219

Uh oh!

Workflow file for this run