From d1e4cdad65edb1e76f1f2a74577f2642daa8323c Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Sat, 16 Apr 2022 15:03:02 +0200
Subject: [PATCH 1/5] Stop building pre Terraform module artifacts

---
 .github/actions/builder/builder/main.py | 10 -----
 .github/workflows/main.yml              | 40 +----------------
 .github/workflows/promote.yml           | 43 +++++++++++++++++++
 test/kustomize/Dockerfile               | 57 -------------------------
 test/kustomize/Pipfile                  | 12 ------
 test/kustomize/Pipfile.lock             | 30 -------------
 test/kustomize/test.py                  | 54 -----------------------
 7 files changed, 45 insertions(+), 201 deletions(-)
 create mode 100644 .github/workflows/promote.yml
 delete mode 100644 test/kustomize/Dockerfile
 delete mode 100644 test/kustomize/Pipfile
 delete mode 100644 test/kustomize/Pipfile.lock
 delete mode 100755 test/kustomize/test.py

diff --git a/.github/actions/builder/builder/main.py b/.github/actions/builder/builder/main.py
index df0d0a92..a1716ae4 100755
--- a/.github/actions/builder/builder/main.py
+++ b/.github/actions/builder/builder/main.py
@@ -9,16 +9,6 @@
 def create_archive(name, version):
     src = join(SRCDIR, name)
 
-    # legacy format artifacts
-    archive_dist = join(DISTDIR, name)
-    archive = join(DISTDIR, f'{name}-{version}')
-
-    copytree(src, archive_dist, ignore=ignore_patterns('_*', '*.tf'))
-
-    make_archive(archive, 'zip', DISTDIR, name)
-    print(f"[INFO] created `{archive}.zip`")
-
-    # terraform module artifacts
     module_dist = join(DISTDIR, f'module-{name}')
     module = join(DISTDIR, f'module-{name}-{version}')
 
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 2bd5fc7e..d8c62032 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -11,8 +11,6 @@ env:
   TERRAFORM_VERSION: "1.3.4"
 
 jobs:
-
-
   #
   #
   # Build artifacts
@@ -36,7 +34,7 @@ jobs:
 
   #
   #
-  # Test `kustomize build`
+  # Run `terraform test`
   test-terraform:
     runs-on: ubuntu-latest
 
@@ -56,38 +54,6 @@ jobs:
       run: make test-terraform
 
 
-  #
-  #
-  # Test `kustomize build`
-  test-kustomize:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        kustomize-version: ["4.5.2"]
-    needs: build
-
-    steps:
-    # Checkout
-    - uses: actions/checkout@v3.0.0
-
-    # Download build artifacts
-    - name: 'Download build-artifacts'
-      uses: actions/download-artifact@v3.0.0
-      with:
-        name: _dist
-        path: _dist
-
-    # Build image
-    - name: Build image
-      env:
-        DOCKER_BUILDKIT: 1
-      run: docker build --build-arg KUSTOMIZE_VERSION=${{ matrix.kustomize-version }} -t test-kustomize:${{ matrix.kustomize-version }} test/kustomize/
-
-    # Run tests
-    - name: Run tests
-      run: docker run -v `pwd`/_dist:/_dist test-kustomize:${{ matrix.kustomize-version }}
-
-
   #
   #
   # Test deploy to k3d
@@ -129,7 +95,7 @@ jobs:
   #
   publish:
     runs-on: ubuntu-latest
-    needs: [test-kustomize, test-k3d, test-terraform]
+    needs: [test-k3d, test-terraform]
 
     steps:
     # Download build artifacts
@@ -169,7 +135,6 @@ jobs:
             set +e
             while true
             do
-                gsutil cp gs://dev.catalog.kubestack.com/${NAME}.zip gs://catalog.kubestack.com/${NAME}.zip &&\
                 gsutil cp gs://dev.catalog.kubestack.com/module-${NAME}.zip gs://catalog.kubestack.com/module-${NAME}.zip &&\
                 break
                 sleep 15
@@ -179,5 +144,4 @@ jobs:
     - name: Check promotion
       run: |
             export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
-            wget https://storage.googleapis.com/catalog.kubestack.com/${NAME}.zip
             wget https://storage.googleapis.com/catalog.kubestack.com/module-${NAME}.zip
diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml
new file mode 100644
index 00000000..d4f24f09
--- /dev/null
+++ b/.github/workflows/promote.yml
@@ -0,0 +1,43 @@
+name: Promote
+
+on:
+  push:
+    branches:
+    - "!*" # do not run for branches
+    tags:
+    - "*"  # run for tags
+
+jobs:
+  #
+  #
+  # Promote tagged releases
+  # from `dev.catalog.kubestack.com` to `catalog.kubestack.com`
+  promote:
+    runs-on: ubuntu-latest
+    needs: publish
+    # promote only for tags
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+    # Setup gcloud CLI
+    - uses: google-github-actions/setup-gcloud@v0.5.1
+      with:
+        service_account_key: ${{ secrets.GCLOUD_AUTH }}
+
+    # Promote archive
+    - run: |
+            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
+            set +e
+            while true
+            do
+                gsutil cp gs://dev.catalog.kubestack.com/${NAME}.zip gs://catalog.kubestack.com/${NAME}.zip &&\
+                gsutil cp gs://dev.catalog.kubestack.com/module-${NAME}.zip gs://catalog.kubestack.com/module-${NAME}.zip &&\
+                break
+                sleep 15
+            done
+
+    # Check promotion
+    - name: Check promotion
+      run: |
+            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
+            wget https://storage.googleapis.com/catalog.kubestack.com/module-${NAME}.zip
diff --git a/test/kustomize/Dockerfile b/test/kustomize/Dockerfile
deleted file mode 100644
index 22a1a112..00000000
--- a/test/kustomize/Dockerfile
+++ /dev/null
@@ -1,57 +0,0 @@
-FROM python:3.8 as base
-
-#
-#
-# tmp image to handle kustomize changing release artifacts
-FROM base as tmp
-
-ARG KUSTOMIZE_VERSION=4.4.0
-
-WORKDIR /tmp
-
-# Reject kustomize versions before 3.2.1
-RUN if dpkg --compare-versions "$KUSTOMIZE_VERSION" "lt" "3.2.1"; then \
-  echo "kustomize versions lower than 3.2.1 not supported" && \
-  exit; \
-  fi
-
-# Handle kustomize versions before 3.3.0
-# distributed as binaries
-RUN if dpkg --compare-versions "$KUSTOMIZE_VERSION" "lt" "3.3.0"; then \
-  KUSTOMIZE_BINARY_PATH="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_kustomize.v${KUSTOMIZE_VERSION}_linux_amd64"; \
-  curl -Lso /usr/local/bin/kustomize ${KUSTOMIZE_BINARY_PATH} && \
-  chmod +x /usr/local/bin/kustomize && \
-  kustomize version; \
-  fi
-
-# Handle kustomize versions after 3.3.0
-# distributed as tar files
-RUN if dpkg --compare-versions "$KUSTOMIZE_VERSION" "ge" "3.3.0"; \
-  then \
-  KUSTOMIZE_BINARY_PATH="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"; \
-  curl -LOs ${KUSTOMIZE_BINARY_PATH} && \
-  tar -xf kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
-  mv kustomize /usr/local/bin/kustomize && \
-  chmod +x /usr/local/bin/kustomize && \
-  kustomize version; \
-  fi
-
-#
-#
-# final image
-FROM base
-
-COPY Pipfile Pipfile.lock /opt/
-WORKDIR /opt
-
-RUN pip install --no-cache-dir pipenv &&\
-  PIPENV_VENV_IN_PROJECT=true pipenv install
-
-COPY test.py /opt/test/test.py
-
-COPY --from=tmp /usr/local/bin/kustomize /usr/local/bin/kustomize
-
-ENV PATH=/opt/.venv/bin:$PATH
-
-WORKDIR /opt/test
-CMD ["nosetests", "-s", "test.py"]
diff --git a/test/kustomize/Pipfile b/test/kustomize/Pipfile
deleted file mode 100644
index c92e4fac..00000000
--- a/test/kustomize/Pipfile
+++ /dev/null
@@ -1,12 +0,0 @@
-[[source]]
-name = "pypi"
-url = "https://pypi.org/simple"
-verify_ssl = true
-
-[dev-packages]
-
-[packages]
-nose = "*"
-
-[requires]
-python_version = "3"
diff --git a/test/kustomize/Pipfile.lock b/test/kustomize/Pipfile.lock
deleted file mode 100644
index 556246b3..00000000
--- a/test/kustomize/Pipfile.lock
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-    "_meta": {
-        "hash": {
-            "sha256": "5fd3f8a4dda2650fbc9a8fd75028acc33c4138bbbad10f2ebcf27e4b22faf679"
-        },
-        "pipfile-spec": 6,
-        "requires": {
-            "python_version": "3"
-        },
-        "sources": [
-            {
-                "name": "pypi",
-                "url": "https://pypi.org/simple",
-                "verify_ssl": true
-            }
-        ]
-    },
-    "default": {
-        "nose": {
-            "hashes": [
-                "sha256:9ff7c6cc443f8c51994b34a667bbcf45afd6d945be7477b52e97516fd17c53ac",
-                "sha256:dadcddc0aefbf99eea214e0f1232b94f2fa9bd98fa8353711dacb112bfcbbb2a",
-                "sha256:f1bffef9cbc82628f6e7d7b40d7e255aefaa1adb6a1b1d26c69a8b79e6208a98"
-            ],
-            "index": "pypi",
-            "version": "==1.3.7"
-        }
-    },
-    "develop": {}
-}
diff --git a/test/kustomize/test.py b/test/kustomize/test.py
deleted file mode 100755
index 53868f75..00000000
--- a/test/kustomize/test.py
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/env python3
-
-from os import listdir
-from os.path import isdir, isfile, join
-from subprocess import CalledProcessError, run
-from tempfile import TemporaryDirectory
-from nose import with_setup
-from shutil import unpack_archive
-
-DISTDIR = "/_dist"
-TESTDIR = TemporaryDirectory()
-
-
-def run_cmd(build_path):
-    try:
-        build = run(
-            ['kustomize', 'build', build_path],
-            check=True,
-            capture_output=True,
-            text=True)
-    except CalledProcessError as failed_build:
-        print(failed_build.stdout)
-        print(failed_build.stderr)
-
-    assert build.returncode == 0
-
-
-def setup():
-    # unpack zip archives in DISTDIR
-    for name in listdir(DISTDIR):
-        path = join(DISTDIR, name)
-        if not isfile(path) and not path.endswith(".zip"):
-            continue
-
-        unpack_archive(path, TESTDIR.name, "zip")
-
-
-def teardown():
-    TESTDIR.cleanup()
-
-
-@with_setup(setup, teardown)
-def test_build():
-    for entry in listdir(TESTDIR.name):
-        entry_path = join(TESTDIR.name, entry)
-        if not isdir(entry_path):
-            continue
-
-        for overlay in listdir(entry_path):
-            build_path = join(entry_path, overlay)
-            if not isdir(build_path):
-                continue
-
-            yield run_cmd, build_path

From fe088a9c3fd0c0e5b5d8395f631f78d08d293c30 Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Sat, 16 Apr 2022 15:45:33 +0200
Subject: [PATCH 2/5] Use full git hash as test artifact version for easier
 automated promotion

---
 .github/actions/builder/builder/main.py | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/actions/builder/builder/main.py b/.github/actions/builder/builder/main.py
index a1716ae4..bff052e3 100755
--- a/.github/actions/builder/builder/main.py
+++ b/.github/actions/builder/builder/main.py
@@ -37,14 +37,10 @@ def get_build_targets(ref):
 
     if ref.startswith('refs/tags/'):
         ref_name = ref.replace('refs/tags/', '')
-        hash_suffx = False
+        is_tag = True
     elif ref.startswith('refs/heads/'):
         ref_name = ref.replace('refs/heads/', '')
-        hash_suffx = True
-
-    hash = environ.get('GITHUB_SHA', None)[0:7]
-    if not hash:
-        exit(f"[ERROR] `GITHUB_SHA` env var not set")
+        is_tag = False
 
     available_names = [n for n in listdir(SRCDIR) if not n.startswith('_')]
 
@@ -56,10 +52,11 @@ def get_build_targets(ref):
         version = ref_name.replace(prefix, '')
 
         # Version based on branch (e.g. refs/heads/nginx-mychange)
-        if hash_suffx:
-
-            # Append hash to `mychange` from branch name
-            version = f'{version}-{hash}'
+        if not is_tag:
+            hash = environ.get('GITHUB_SHA', None)
+            if not hash:
+                exit(f"[ERROR] `GITHUB_SHA` env var not set")
+            version = hash
 
         if ref_name.startswith(prefix):
             # We're building a specific target
@@ -79,7 +76,7 @@ def get_build_targets(ref):
 
     # if neither a specifc nor all entries were requested
     # we default to the test entry
-    return [("test", f"{ref_name}-{hash}")]
+    return [("test", hash)]
 
 
 if __name__ == "__main__":

From 27bfd3bbb0948d92f2b64e8a80da9c5ca647c4ec Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Sat, 16 Apr 2022 16:46:42 +0200
Subject: [PATCH 3/5] Auto-promote by setting tag if tests pass

---
 .github/workflows/main.yml    | 33 +++++++--------------------------
 .github/workflows/promote.yml | 10 +++++-----
 2 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d8c62032..013fdc44 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -5,7 +5,7 @@ on:
     branches:
     - "*"  # run for branches
     tags:
-    - "*"  # run for tags
+    - "!*" # do not run for tags
 
 env:
   TERRAFORM_VERSION: "1.3.4"
@@ -115,33 +115,14 @@ jobs:
 
   #
   #
-  # Promote tagged releases
-  # from `dev.catalog.kubestack.com` to `catalog.kubestack.com`
-  promote:
+  # trigger promotion by tagging release
+  trigger-promote:
     runs-on: ubuntu-latest
     needs: publish
-    # promote only for tags
-    if: startsWith(github.ref, 'refs/tags/')
 
     steps:
-    # Setup gcloud CLI
-    - uses: google-github-actions/setup-gcloud@v0.5.1
-      with:
-        service_account_key: ${{ secrets.GCLOUD_AUTH }}
-
-    # Promote archive
+    - uses: actions/checkout@v3.0.0
     - run: |
-            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
-            set +e
-            while true
-            do
-                gsutil cp gs://dev.catalog.kubestack.com/module-${NAME}.zip gs://catalog.kubestack.com/module-${NAME}.zip &&\
-                break
-                sleep 15
-            done
-
-    # Check promotion
-    - name: Check promotion
-      run: |
-            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
-            wget https://storage.googleapis.com/catalog.kubestack.com/module-${NAME}.zip
+            export TAG=$(echo $GITHUB_REF | sed -e "s#^refs/heads/##")
+            git tag $TAG
+            git tag
diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml
index d4f24f09..1c39c0b4 100644
--- a/.github/workflows/promote.yml
+++ b/.github/workflows/promote.yml
@@ -26,12 +26,12 @@ jobs:
 
     # Promote archive
     - run: |
-            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
+            export TAG=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
+            export NAME=$(echo $TAG | sed -r 's#-v[0-9]+.*$##')
             set +e
             while true
             do
-                gsutil cp gs://dev.catalog.kubestack.com/${NAME}.zip gs://catalog.kubestack.com/${NAME}.zip &&\
-                gsutil cp gs://dev.catalog.kubestack.com/module-${NAME}.zip gs://catalog.kubestack.com/module-${NAME}.zip &&\
+                gsutil cp gs://dev.catalog.kubestack.com/module-${NAME}-${GITHUB_SHA}.zip gs://catalog.kubestack.com/module-${TAG}.zip &&\
                 break
                 sleep 15
             done
@@ -39,5 +39,5 @@ jobs:
     # Check promotion
     - name: Check promotion
       run: |
-            export NAME=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
-            wget https://storage.googleapis.com/catalog.kubestack.com/module-${NAME}.zip
+            export TAG=$(echo $GITHUB_REF | sed -e "s#^refs/tags/##")
+            wget https://storage.googleapis.com/catalog.kubestack.com/module-${TAG}.zip

From 052c0a0c5714fb5d2e89d80e792ad447503dadd7 Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Sun, 17 Apr 2022 16:58:11 +0200
Subject: [PATCH 4/5] Auto-tag updater created brances with release- prefix

---
 .github/actions/updater/updater/catalog.py | 2 +-
 .github/workflows/main.yml                 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/actions/updater/updater/catalog.py b/.github/actions/updater/updater/catalog.py
index 36309382..cda52d69 100644
--- a/.github/actions/updater/updater/catalog.py
+++ b/.github/actions/updater/updater/catalog.py
@@ -112,7 +112,7 @@ def update_entry(self, entry):
         # checkout tag to build in source repo
         entry.repo.git.checkout('-f', entry.tag)
 
-        self.branch_name = f'{release_tag}'
+        self.branch_name = f'release-{release_tag}'
         self.repo.git.checkout(settings.CATALOG_REF)
         self.repo.git.clean('-xdf')
         self.repo.git.checkout('-B', self.branch_name)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 013fdc44..43abbb33 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -119,10 +119,10 @@ jobs:
   trigger-promote:
     runs-on: ubuntu-latest
     needs: publish
+    if: startsWith(github.ref, 'refs/heads/release-')
 
     steps:
     - uses: actions/checkout@v3.0.0
     - run: |
-            export TAG=$(echo $GITHUB_REF | sed -e "s#^refs/heads/##")
+            export TAG=$(echo $GITHUB_REF | sed -e "s#^refs/heads/release-##")
             git tag $TAG
-            git tag

From 1dc0b2ce63a34c59b9028727461b5787f916c99d Mon Sep 17 00:00:00 2001
From: Philipp Strube <pst@kubestack.com>
Date: Sun, 10 Sep 2023 10:03:15 +0200
Subject: [PATCH 5/5] Update actions

---
 .github/workflows/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 43abbb33..c6dca5bd 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,7 +8,7 @@ on:
     - "!*" # do not run for tags
 
 env:
-  TERRAFORM_VERSION: "1.3.4"
+  TERRAFORM_VERSION: "1.5.7"
 
 jobs:
   #
@@ -44,7 +44,7 @@ jobs:
 
     # Setup Terraform
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1.3.2
+      uses: hashicorp/setup-terraform@v2.0.3
       with:
         terraform_wrapper: false
         terraform_version: "${{ env.TERRAFORM_VERSION }}"
@@ -67,7 +67,7 @@ jobs:
 
     # Setup k3d
     - name: Setup k3d
-      uses: rinx/setup-k3d@v0.0.3
+      uses: rinx/setup-k3d@v0.0.4
       with:
         skipClusterCreation: true