mongodb · MaciejKaras · Jul 18, 2025 · Jul 18, 2025 · Jul 18, 2025 · Jul 18, 2025
@@ -0,0 +1,80 @@
+name: Release Promotion
+
+on:
+  workflow_dispatch:
+    inputs:
+      commit_sha:
+        description: 'SHA of the commit to release'
+        type: string
+        required: true
+      version:
+        description: 'Version to promote'
+        required: true
+        type: string
+
+jobs:
+  crate_draft_release_notes:
+    name: Create draft Release Notes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Setup host
+        uses: ./.github/actions/setup-ubuntu-host
+        with:
+          python-version: '${{ vars.PYTHON_VERSION }}'
+      # Probably we should just download the Release Notes from the staging registry (together with other artifacts)
+      - name: Generate Release Notes
+        id: generate_release_notes
+        run: python -m scripts.release.release_notes -s $INITIAL_COMMIT_SHA -v $INITIAL_VERSION -o release_notes_final.md
+        env:
+          INITIAL_COMMIT_SHA: ${{ vars.RELEASE_INITIAL_COMMIT_SHA }}
+          INITIAL_VERSION: ${{ vars.RELEASE_INITIAL_VERSION }}
+      # Add all other assets to the release notes
+      # Put all of this in single script
+      - name: Generate draft release
+        run: |
+          gh release create $VERSION --target $COMMIT_SHA --draft --prerelease --latest --notes-file release_notes_final.md --title "Release of MCK $VERSION"
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+          COMMIT_SHA: ${{ github.event.inputs.commit_sha }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  approve_release:
+    name: Approve Release
+    environment: production
+    runs-on: ubuntu-latest
+    needs: crate_draft_release_notes
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Create git tag
+        run: |
+          git tag -a $VERSION -m "Release of MCK $VERSION"
+          git push origin $VERSION
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish_release_notess:
+    name: Publish Release Notes
+    environment: production
+    runs-on: ubuntu-latest
+    needs: approve_release
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Publish Release Notes
+        run: |
+          gh release edit $VERSION --draft=false --verify-tag
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,27 @@
+%%{
+  init: {
+    'flowchart': {
+      'htmlLabels': true
+    }
+  }
+}%%
+flowchart LR
+%% ─────────────── Build stage ───────────────
+    subgraph Build ["Build"]
+        direction LR
+        CONTAINER_IMAGES["<b>Build Container Images</b><br/>Arch: multi<br/>Signing: yes<br/>Tag: <code>build_id</code><br/>Registry: ECR dev"]
+        KUBECTL_MONGODB["<b>Build kubectl-mongodb</b><br/>Arch: multi<br/>Signing: yes<br/>Tag: <code>build_id</code><br/>Store: S3 dev<br/>"]
+        HELM_CHARTS["<b>Helm charts</b><br/>Signing: yes<br/>Tag: <code>build_id</code><br/>Registry: OCI ECR dev"]
+        OLM_BUNDLES["<b>Openshift Bundles</b><br/>Push to dev S3<br/>Tag: <code>build_id</code>"]
+    end
+
+%% ─────────────── Test stage ───────────────
+    subgraph Testing ["Testing"]
+        direction LR
+        TESTS["Run e2e tests"]
+        OLM_TESTS["Run OLM e2e tests"]
+    end
+
+%% ─────────────── Dependencies ───────────────
+
+    Build --> Testing
@@ -0,0 +1,36 @@
+---
+config:
+  flowchart:
+    htmlLabels: true
+---
+flowchart TD
+%% ─────────────── Build stage ───────────────
+    subgraph Build["Build"]
+        CONTAINER_IMAGES["<b>Build Container Images</b><br>Arch: multi<br>Signing: yes<br>Tag: <code>commit_sha</code><br>Registry: quay.io staging"]
+        KUBECTL_MONGODB["<b>Build kubectl-mongodb</b><br>Arch: multi<br>Signing: yes<br>Tag: <code>commit_sha</code><br>Store: S3 staging/commit_sha<br>"]
+        HELM_CHARTS["<b>Helm charts</b><br>Signing: yes<br>Tag: <code>commit_sha</code><br>Registry: OCI quay.io staging"]
+        OLM_BUNDLES["<b>Openshift Bundles</b><br>Preflight: yes<br>Tag: <code>commit_sha</code><br>Store: S3 staging/commit_sha"]
+        RELEASE_NOTES["<b>Generate Release Notes</b><br>Store: S3 staging/commit_sha"]
+        RELATED_VERSIONS_JSON["<b>Generate related_versions.json</b><br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── Test stage ───────────────
+    subgraph Testing["Testing"]
+        TESTS["<b>Run e2e tests</b>"]
+        CODE_SNIPPETS["<b>Run code snippets</b><br>Save outputs: yes<br>Store: S3 staging/commit_sha"]
+        OLM_TESTS["<b>Run OLM e2e tests</b>"]
+    end
+
+%% ─────────────── SBOM Generation ───────────────
+    subgraph SBOM ["SBOM Generation"]
+        IMAGE_SBOM["<b>Images SBOM</b><br/>CycloneDX"]
+        KUBECTL_SBOM["<b>Kubectl SBOM</b>"]
+        AUGUMENTED_SBOM["<b>Augment SBOMs</b><br/>with&nbsp;Kondukto<br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── Dependencies ───────────────
+    CONTAINER_IMAGES --> TESTS & OLM_TESTS & IMAGE_SBOM & CODE_SNIPPETS
+    KUBECTL_MONGODB --> TESTS & KUBECTL_SBOM & CODE_SNIPPETS
+    IMAGE_SBOM & KUBECTL_SBOM --> AUGUMENTED_SBOM
+    HELM_CHARTS --> TESTS & CODE_SNIPPETS
+    OLM_BUNDLES --> OLM_TESTS
@@ -0,0 +1,41 @@
+---
+config:
+  flowchart:
+    htmlLabels: true
+---
+flowchart LR
+%% ─────────────── Build stage ───────────────
+    subgraph Build["Build"]
+        direction LR
+        CONTAINER_IMAGES["<b>Build Container Images</b><br>Arch: multi<br>Signing: yes<br>Tag: <code>commit_sha</code><br>Registry: quay.io staging"]
+        KUBECTL_MONGODB["<b>Build kubectl-mongodb</b><br>Arch: multi<br>Signing: yes<br>Tag: <code>commit_sha</code><br>Store: S3 staging/commit_sha<br>"]
+        HELM_CHARTS["<b>Helm charts</b><br>Signing: yes<br>Tag: <code>commit_sha</code><br>Registry: OCI quay.io staging"]
+        OLM_BUNDLES["<b>Openshift Bundles</b><br>Preflight: yes<br>Tag: <code>commit_sha</code><br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── Other stage ───────────────
+    subgraph Other["Other build artifacts"]
+        direction LR
+        RELEASE_NOTES["<b>Generate Release Notes</b><br>Store: S3 staging/commit_sha"]
+        RELATED_VERSIONS_JSON["<b>Generate related_versions.json</b><br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── Test stage ───────────────
+    subgraph Testing["Testing"]
+        direction LR
+        TESTS["<b>Run e2e tests</b>"]
+        OLM_TESTS["<b>Run OLM e2e tests</b>"]
+        CODE_SNIPPETS["<b>Run code snippets</b><br>Save outputs: yes<br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── SBOM Generation ───────────────
+    subgraph SBOM ["SBOM Generation"]
+        direction LR
+        IMAGE_SBOM["<b>Container Images SBOM</b><br/>CycloneDX"]
+        KUBECTL_SBOM["<b>Kubectl SBOM</b>"]
+        AUGUMENTED_SBOM["<b>Augment SBOMs</b><br/>with&nbsp;Kondukto<br>Store: S3 staging/commit_sha"]
+    end
+
+%% ─────────────── Dependencies ───────────────
+    Build --> Testing & SBOM
+    IMAGE_SBOM & KUBECTL_SBOM --> AUGUMENTED_SBOM