ci: automated release using github actions (#4451)

.devcontainer.json

@@ -1,6 +1,6 @@
 {
 	"name": "Go for aks-engine",
-	"image": "mcr.microsoft.com/oss/azcu/go-dev:v1.31.0",
+	"image": "mcr.microsoft.com/oss/azcu/go-dev:v1.32.1",
 	"extensions": [
 		"ms-vscode.go"
 	],

.github/workflows/nightly-build.yaml

@@ -21,7 +21,7 @@ jobs:
           docker run --rm \
           -v ${GITHUB_WORKSPACE}:/go/src/github.com/Azure/aks-engine \
           -w /go/src/github.com/Azure/aks-engine \
-          mcr.microsoft.com/oss/azcu/go-dev:v1.31.0 make dist
+          mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 make dist
 
       - name: Rename outputs
         run: |

.github/workflows/release.yaml

@@ -0,0 +1,124 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set env
+        run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV # refs/tags/v1.0.0 substring starting at v1.0.0
+      - name: Validate CHANGELOG # We require a pre-existing CHANGELOG specific for this release in order to proceed
+        run: |
+          [ -s releases/CHANGELOG-${{ env.RELEASE_VERSION }}.md ]
+      - name: Install go
+        uses: actions/setup-go@v2
+        with:
+          go-version: '^1.15'
+      - name: Install ginkgo
+        run: go get -u github.com/onsi/ginkgo/ginkgo
+      - name: Install helm
+        run: |
+          curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
+          sudo apt-get install apt-transport-https --yes
+          echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+          sudo apt-get update
+          sudo apt-get install helm
+      - name: Install k
+        run: |
+          sudo curl -o /usr/local/bin/k https://raw.githubusercontent.com/jakepearson/k/master/k
+          sudo chmod +x /usr/local/bin/k
+      - name: Build aks-engine binary
+        run: make build-binary
+      - name: Validate 1.18 no-egress scenario
+        env:
+          ORCHESTRATOR_RELEASE: "1.18"
+          CLUSTER_DEFINITION: "examples/no_outbound.json"
+          SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }}
+          CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }}
+          CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
+          LOCATION: "westus2"
+          TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          SKIP_LOGS_COLLECTION: true
+          SKIP_TEST: true
+          AZURE_CORE_ONLY_SHOW_ERRORS: True
+        run: make test-kubernetes
+      - name: Validate 1.19 no-egress scenario
+        env:
+          ORCHESTRATOR_RELEASE: "1.19"
+          CLUSTER_DEFINITION: "examples/no_outbound.json"
+          SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }}
+          CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }}
+          CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
+          LOCATION: "westus2"
+          TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          SKIP_LOGS_COLLECTION: true
+          SKIP_TEST: true
+          AZURE_CORE_ONLY_SHOW_ERRORS: True
+        run: make test-kubernetes
+      - name: Validate 1.20 no-egress scenario
+        env:
+          ORCHESTRATOR_RELEASE: "1.20"
+          CLUSTER_DEFINITION: "examples/no_outbound.json"
+          SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }}
+          CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }}
+          CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
+          LOCATION: "westus2"
+          TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          SKIP_LOGS_COLLECTION: true
+          SKIP_TEST: true
+          AZURE_CORE_ONLY_SHOW_ERRORS: True
+        run: make test-kubernetes
+      - name: Validate 1.21 no-egress scenario
+        env:
+          ORCHESTRATOR_RELEASE: "1.21"
+          CLUSTER_DEFINITION: "examples/no_outbound.json"
+          SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }}
+          CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }}
+          CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
+          LOCATION: "westus2"
+          TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          SKIP_LOGS_COLLECTION: true
+          SKIP_TEST: true
+          AZURE_CORE_ONLY_SHOW_ERRORS: True
+        run: make test-kubernetes
+      - name: Validate 1.20 + containerd E2E
+        env:
+          ORCHESTRATOR_RELEASE: "1.20"
+          CLUSTER_DEFINITION: "examples/e2e-tests/kubernetes/release/default/definition.json"
+          SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }}
+          CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }}
+          CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }}
+          LOCATION: "westus2"
+          TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }}
+          CREATE_VNET: true
+          CLEANUP_ON_EXIT: true
+          CLEANUP_IF_FAIL: false
+          GINKGO_SKIP: ""
+          STABILITY_ITERATIONS: "0"
+          RETAIN_SSH: false
+          CONTAINER_RUNTIME: "containerd"
+          RUN_VMSS_NODE_PROTOTYPE: true
+          BLOCK_SSH: false
+          SKIP_LOGS_COLLECTION: true
+          SKIP_TEST: true
+          AZURE_CORE_ONLY_SHOW_ERRORS: True
+        run: make test-kubernetes
+      - name: Build Artifacts
+        run: |
+          docker run --rm \
+          -v ${GITHUB_WORKSPACE}:/go/src/github.com/Azure/aks-engine \
+          -w /go/src/github.com/Azure/aks-engine \
+          mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 make dist
+      - name: Publish Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: _dist/aks-engine*-*-*.*
+          body_path: releases/CHANGELOG-${{ env.RELEASE_VERSION }}.md
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.pipelines/pr-e2e.yaml

@@ -17,7 +17,7 @@ pr:
 resources:
   containers:
   - container: dev1
-    image: mcr.microsoft.com/oss/azcu/go-dev:v1.31.0
+    image: mcr.microsoft.com/oss/azcu/go-dev:v1.32.1
 
 jobs:
 - job: unit_tests

.pipelines/vhd-builder-ubuntu-gen2.yaml

@@ -7,7 +7,7 @@ trigger: none
 # - POST a new SKU to azure marketplace
 
 variables:
-  CONTAINER_IMAGE:  'mcr.microsoft.com/oss/azcu/go-dev:v1.31.0'
+  CONTAINER_IMAGE:  'mcr.microsoft.com/oss/azcu/go-dev:v1.32.1'
 
 phases:
 - phase: build_vhd

.pipelines/vhd-builder.yaml

@@ -7,7 +7,7 @@ trigger: none
 # - POST a new SKU to azure marketplace
 
 variables:
-  CONTAINER_IMAGE:  'mcr.microsoft.com/oss/azcu/go-dev:v1.31.0'
+  CONTAINER_IMAGE:  'mcr.microsoft.com/oss/azcu/go-dev:v1.32.1'
 
 phases:
 - phase: build_vhd

Makefile

@@ -27,7 +27,7 @@ ifeq ($(GITTAG),)
 GITTAG := $(VERSION_SHORT)
 endif
 
-DEV_ENV_IMAGE := mcr.microsoft.com/oss/azcu/go-dev:v1.31.0
+DEV_ENV_IMAGE := mcr.microsoft.com/oss/azcu/go-dev:v1.32.1
 DEV_ENV_WORK_DIR := /aks-engine
 DEV_ENV_OPTS := --rm -v $(GOPATH)/pkg/mod:/go/pkg/mod -v $(CURDIR):$(DEV_ENV_WORK_DIR) -w $(DEV_ENV_WORK_DIR) $(DEV_ENV_VARS)
 DEV_ENV_CMD := docker run $(DEV_ENV_OPTS) $(DEV_ENV_IMAGE)

docs/community/release-checklist.md

@@ -16,19 +16,15 @@ By releasing often, each release becomes a safe and routine event. This makes it
 and easier for users to obtain specific fixes. Continuous delivery also reduces the work
 necessary to release a product such as AKS Engine, which depends on several external projects.
 
-"Components" applies not just to AKS projects, but also to development and release
-tools, to orchestrator versions, to Docker base images, and to other Azure
-projects that do [semantic version][] releases.
-
 ## AKS Engine Releases As Needed
 
 AKS Engine releases new versions when the team of maintainers determine it is needed. This usually
 amounts to one or more releases each month.
 
-Minor versions—for example, v0.**32**.0—are created from the master branch whenever
+Minor versions—for example, v0.**64**.0—are created from the master branch whenever
 important features or changes have been merged and CI testing shows it to be stable over time.
 
-Patch versions—for example, v0.32.**3**—are based on the previous release and created on demand
+Patch versions—for example, v0.64.**1**—are based on the previous release and created on demand
 whenever important bug fixes arrive.
 
 See "[Creating a New Release](#creating-a-new-release)" for more detail.
@@ -52,24 +48,11 @@ to a patch or to a minor release will not break anything.
 
 Let's go through the process of creating a new release of the [aks-engine][] binary.
 
-We will use **v0.32.3** as an example herein. You should replace this with the new version you're releasing.
+We will use **v0.63.0** as an example herein. You should replace this with the new version you're releasing.
 
 ```
-$ export TAG=v0.32.3
+$ export TAG=v0.63.0
 ```
-
-### Prepare and Tag a Branch
-
-First ensure that all the commits to be included in the release are ready in your local repository.
-
-For a major or minor release, create a branch from master. For a patch, create a branch from the previous release tag and use `git cherry-pick` to apply specific commits.
-
-Tag the release commit and push it to GitHub:
-
-```
-$ git tag $TAG && git push upstream $TAG
-```
-
 ### Generate Release Notes
 
 Use the [`git-chglog`][git-chglog] tool to generate release notes:
@@ -80,34 +63,27 @@ $ git-chglog $TAG
 
 Be sure to proofread the output and verify that the intended commits appear. If a commit made it to master that didn't have a [conventional commit message][conventional-commit], you'll need to add it to the appropriate section by hand.
 
-Save the markdown that it prints so it can be pasted into the GitHub release.
+Save the markdown to a new file under the `releases/` directory, and name it `CHANGELOG-$TAG.md`. For example, for this release we would create a new file:
 
-### Generate Download Artifacts
+- `releases/CHANGELOG-v0.63.0.md`
 
-Make sure your repository has no local changes, then build the aks-engine distribution archives:
+If it is helpful to manually curate the CHANGELOG with more human readable language, please do. This will be the first thing a user encounters when evaluating whether or not to use this release. Create a PR with just the new CHANGELOG file, get it reviewed by maintainers, and ensure it is merged to the master branch.
+
+### Prepare and Tag a Branch
+
+First ensure that all the commits to be included in the release are ready in your local repository.
+
+For a major or minor release, create a branch from master. For a patch, create a branch from the previous release tag and use `git cherry-pick` to apply specific commits. Ensure that the CHANGELOG file that corresponds to this release is present in the release branch.
+
+Tag the release commit and push it to GitHub:
 
 ```
-$ make generate info  # check that the git tree state is clean after a build, and that the tag is correct
-$ make clean dist
+$ git tag $TAG && git push upstream $TAG
 ```
 
-When this finishes, the `_dist` directory will be populated with three .zip and three .tar.gz archive files.
+### Automated Release CI
 
-### Make a GitHub Release
-
-Now navigate to the aks-engine project on GitHub and start a [new release][new-release]:
-
-![draft_new_release.png](../static/img/draft_new_release.png)
-
-Select the tag we pushed previously, and use that tag as the release title. Then paste the release notes from the previous step into the big text field:
-
-![release_notes.png](../static/img/release_notes.png)
-
-Finally, drag all six archive files we created with `make dist` into the "Attach binaries" field at the bottom of the release web form:
-
-![attach_archives.png](../static/img/attach_archives.png)
-
-Proofread the release notes and satisfy yourself that everything is in order. Click the "Publish release" button when the new aks-engine release is ready for the world.
+When you push a new tag that matches the pattern `v*.*.*`, a GitHub Actions job will run automatically and create a new release from that tag, build and publish release artifacts, and populate the release body with the CHANGELOG created earlier for this release. Before actually publishing the release a series of release-gating E2E scenarios will run. It will take 2-3 hours for the entire process to complete.
 
 ### Update Package Managers
 

examples/no_outbound.json

@@ -0,0 +1,45 @@
+{
+    "apiVersion": "vlabs",
+    "properties": {
+        "masterProfile": {
+            "count": 1,
+            "dnsPrefix": "",
+            "vmSize": "Standard_D2_v3"
+        },
+        "agentPoolProfiles": [
+            {
+                "name": "pool1804vhd",
+                "count": 1,
+                "vmSize": "Standard_D2_v3",
+                "availabilityProfile": "VirtualMachineScaleSets",
+                "distro": "aks-ubuntu-18.04"
+            },
+            {
+                "name": "poolwinvhd",
+                "count": 1,
+                "vmSize": "Standard_D2_v3",
+                "availabilityProfile": "VirtualMachineScaleSets",
+                "osType": "Windows"
+            }
+        ],
+        "linuxProfile": {
+            "adminUsername": "azureuser",
+            "ssh": {
+                "publicKeys": [
+                    {
+                        "keyData": ""
+                    }
+                ]
+            }
+        },
+        "windowsProfile": {
+            "adminUsername": "azureuser",
+            "adminPassword": "replacepassword1234$",
+            "enableAutomaticUpdates": false,
+            "sshEnabled": true
+        },
+        "featureFlags": {
+            "BlockOutboundInternet": true
+        }
+    }
+}

makedev.ps1

@@ -1,4 +1,4 @@
-$DEV_ENV_IMAGE = "mcr.microsoft.com/oss/azcu/go-dev:v1.31.0"
+$DEV_ENV_IMAGE = "mcr.microsoft.com/oss/azcu/go-dev:v1.32.1"
 $DEV_ENV_WORK_DIR = "/aks-engine"
 
 # Ensure docker is configured for linux containers

test/e2e/kubernetes/workloads/large-container-daemonset.yaml

@@ -25,7 +25,7 @@ spec:
                 - linux
       containers:
       - name: large-container
-        image: mcr.microsoft.com/oss/azcu/go-dev:v1.31.0
+        image: mcr.microsoft.com/oss/azcu/go-dev:v1.32.1
         imagePullPolicy: IfNotPresent
         command: ["/bin/sh"]
         args: ["-c", "while true; do sleep 1000; done"]