Add Create Final Release Job in CI

[#104050546]

Signed-off-by: Christian Ang <[email protected]>

Author: valeriap

ci/pipelines/postgres.yml

@@ -5,6 +5,7 @@ groups:
   - deploy-with-diego
   - test-with-diego
   - delete-deployments
+  - create-final-release
 
 resources:
 - name: cf-release
@@ -33,6 +34,19 @@ resources:
     ignore_paths: [.final_builds, releases]
     uri: https://github.com/cloudfoundry/diego-release.git
 
+- name: oss-s3-buckets-stack
+  type: git
+  source:
+    branch: master
+    private_key: {{oss-s3-buckets-stack-private-key}}
+    uri: [email protected]:cloudfoundry/oss-s3-buckets-stack.git
+
+- name: postgres-release-master
+  type: git
+  source:
+    uri: https://github.com/cloudfoundry/postgres-release.git
+    branch: master
+
 jobs:
 - name: deploy-with-cf
   serial_groups: [cf]
@@ -114,3 +128,27 @@ jobs:
       BOSH_DIRECTOR: {{postgres_cf_bosh_director}}
       BOSH_USER: {{postgres_cf_bosh_user}}
       BOSH_PASSWORD: {{postgres_cf_bosh_password}}
+
+- name: create-final-release
+  serial_groups: [cf]
+  plan:
+  - aggregate:
+    - get: postgres-release
+      resource: postgres-release-develop
+    - get: oss-s3-buckets-stack
+      resource: oss-s3-buckets-stack
+    - get: release-repo
+      resource: postgres-release-develop
+      passed: [delete-deployments]
+      trigger: true
+    - get: release-repo-master
+      resource: postgres-release-master
+  - task: create-final-release
+    file: postgres-release/ci/scripts/create-final-release/task.yml
+    params:
+      RELEASE_NAME: postgres
+  #- put: postgres-release-master
+    #params:
+      #repository: final-release-repo
+      #tag: final-release-repo/version_number
+      #tag_prefix: v

ci/scripts/configure_final_release_bucket

@@ -0,0 +1,184 @@
+#!/bin/bash -exu
+
+function validate_arguments() {
+  if [ $# -ne 3 ]; then
+    echo "Expected 3 argument (release_name path_to_aws_credentials_dir path_to_config_dir) received $#"
+    exit 1
+  fi
+}
+
+function check_dependencies() {
+  command -v aws >/dev/null || { echo "aws is required"; exit 1; }
+  command -v jq >/dev/null || { echo "jq is required"; exit 1; }
+}
+
+function load_credentials() {
+  set +x
+    source "${credentials_dir}/aws_environment"
+
+    if [[ -z "${AWS_DEFAULT_REGION}" ]]; then
+      echo "AWS_DEFAULT_REGION is not set"
+      exit 1
+    fi
+
+    if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
+      echo "AWS_DEFAULT_REGION is not set"
+      exit 1
+    fi
+
+    if [[ -z "${AWS_SECRET_ACCESS_KEY}" ]]; then
+      echo "AWS_DEFAULT_REGION is not set"
+      exit 1
+    fi
+
+  set -x
+}
+
+function apply_cloudformation_template() {
+  local release_name
+  release_name="${1}"
+
+  local script_dir
+  script_dir="${2}"
+
+  if aws cloudformation describe-stacks --stack-name "${release_name}-buckets" > /dev/null; then
+    apply_stack_operation update "${release_name}" "${script_dir}" || true
+  else
+    apply_stack_operation create "${release_name}" "${script_dir}"
+  fi
+
+  wait_on_cloudformation "${release_name}"
+  check_final_cloudformation_state "${release_name}"
+}
+
+function apply_stack_operation() {
+  local operation
+  operation="${1}"
+
+  local release_name
+  release_name="${2}"
+
+  local script_dir
+  script_dir="${3}"
+
+  ls -a ${script_dir}/..
+  ls -a ${script_dir}/../templates
+  ls -a ${script_dir}/../templates/final-release
+
+  aws cloudformation "${operation}-stack" \
+    --stack-name "${release_name}-buckets" \
+    --parameters "ParameterKey=BucketName,ParameterValue=${release_name}-release-blobs" \
+    --template-body "file://${script_dir}/../templates/final-release/bucket.json" \
+    --capabilities CAPABILITY_IAM > /dev/null
+}
+
+function cloudformation_stack_status() {
+  local release_name
+  release_name="${1}"
+
+  local status
+  status="$(aws cloudformation describe-stacks --stack-name "${release_name}-buckets" | jq -r .Stacks[].StackStatus)"
+
+  printf "%s" "${status}"
+}
+
+function wait_on_cloudformation() {
+  local release_name
+  release_name="${1}"
+
+  local half_an_hour
+  half_an_hour="$((30 * 60))"
+
+  local deadline_in_seconds
+  deadline_in_seconds=$(($(date +%s) + ${half_an_hour}))
+
+  while cloudformation_stack_status "${release_name}" | grep IN_PROGRESS ; do
+    echo "CloudFormation stack '${release_name}-buckets' still in progress..."
+
+    local remaining_time_in_seconds
+    remaining_time_in_seconds="$((deadline_in_seconds - $(date +%s)))"
+
+    if [ "${remaining_time_in_seconds}" -gt 0 ]; then
+      echo "   Waiting ${remaining_time_in_seconds} more seconds."
+      sleep 15
+    else
+      echo "   Waited ${half_an_hour} seconds, aborting."
+      exit 1
+    fi
+  done
+}
+
+function check_final_cloudformation_state() {
+  local release_name
+  release_name="${1}"
+
+  local status
+  status="$(cloudformation_stack_status "${release_name}")"
+
+  if echo "${status}" | grep ROLLBACK ; then
+    echo "CloudFormation failed to apply template: ${status}"
+    exit 1
+  fi
+
+  if ! echo "${status}" | grep COMPLETE ; then
+    echo "CloudFormation failed to apply template: ${status}"
+    exit 1
+  fi
+}
+
+function write_private_yaml() {
+  local release_name
+  release_name="${1}"
+
+  local credentials_dir
+  credentials_dir="${2}"
+
+  local release_config_dir
+  release_config_dir="${3}"
+
+  local bucket_output
+  bucket_output="${credentials_dir}/bucket.json"
+
+  aws cloudformation describe-stacks --stack-name "${release_name}-buckets" > "${bucket_output}"
+
+  local access_key_id
+  local secret_access_key
+
+  set +x
+  secret_access_key="$(jq -e -r ".Stacks[0].Outputs[0].OutputValue" "${bucket_output}")"
+  access_key_id="$(jq -e -r ".Stacks[0].Outputs[1].OutputValue" "${bucket_output}")"
+  set -x
+
+  cat > "${release_config_dir}/private.yml" <<EOF
+---
+blobstore:
+  s3:
+    access_key_id: ${access_key_id}
+    secret_access_key: ${secret_access_key}
+EOF
+
+  rm "${bucket_output}"
+}
+
+function main() {
+  local script_dir
+  script_dir="$(cd "$(dirname "$0")" && pwd)"
+
+  validate_arguments "${@}"
+
+  local release_name
+  release_name="${1}"
+
+  local credentials_dir
+  credentials_dir="${2}"
+
+  local release_config_dir
+  release_config_dir="${3}"
+
+  check_dependencies
+  load_credentials "${credentials_dir}"
+  apply_cloudformation_template "${release_name}" "${script_dir}"
+  write_private_yaml "${release_name}" "${credentials_dir}" "${release_config_dir}"
+}
+
+main "${@}"

ci/scripts/create-final-release/task.sh

@@ -0,0 +1,83 @@
+#!/bin/bash -exu
+
+# Cannot set -u before sourcing .bashrc because of all
+# the unbound variables in things beyond our control.
+set +u
+source ~/.bashrc
+set -u
+
+function main() {
+  local root_dir
+  root_dir="${PWD}"
+
+  local release_name
+  release_name="${1}"
+
+  local master_branch
+  master_branch="${2}"
+
+  configure_bucket "${release_name}"
+  create_and_commit "${root_dir}" "${release_name}" "${master_branch}"
+  copy_to_output "${root_dir}"
+}
+
+function configure_bucket() {
+  local release_name
+  release_name="${1}"
+
+  set +x
+  ./postgres-release/ci/scripts/configure_final_release_bucket "${release_name}" ./oss-s3-buckets-stack ./release-repo/config
+  set -x
+}
+
+function create_and_commit() {
+  local root_dir
+  root_dir="${1}"
+
+  local release_name
+  release_name="${2}"
+
+  local master_branch
+  master_branch="${3}"
+
+  pushd "${root_dir}/release-repo" > /dev/null
+    git config user.name "CF MEGA BOT"
+    git config user.email "[email protected]"
+
+    git remote add -f master-repo "${root_dir}/release-repo-master"
+    git merge "master-repo/${master_branch}" -m 'Merge with master'
+
+    local exit_status
+    for i in {1..5}; do
+      bosh -n create release --with-tarball --final
+      exit_status="${PIPESTATUS[0]}"
+
+      if [[ "${exit_status}" == "0" ]]; then
+        break
+      fi
+    done
+
+    if [[ "${exit_status}" != "0" ]]; then
+      echo "Failed to Create ${release_name} Release"
+      exit "${exit_status}"
+    fi
+
+    local new_release_version
+    new_release_version="$(find releases -regex ".*${release_name}-[0-9]*.yml" | egrep -o "${release_name}-[0-9]+" | egrep -o "[0-9]+" | sort -n | tail -n 1)"
+
+    git add .final_builds releases
+    git commit -m "Final release ${new_release_version}"
+
+    echo "${new_release_version}" > version_number
+  popd > /dev/null
+}
+
+function copy_to_output() {
+  local root_dir
+  root_dir="${1}"
+
+  shopt -s dotglob
+  cp -R "${root_dir}/release-repo/"* "${root_dir}/final-release-repo"
+}
+
+main "${RELEASE_NAME}" "${MASTER_BRANCH:-"master"}"

ci/scripts/create-final-release/task.yml

@@ -0,0 +1,20 @@
+---
+platform: linux
+
+image: docker:///cfinfrastructure/deployment
+
+inputs:
+  - name: postgres-release
+  - name: oss-s3-buckets-stack
+  - name: release-repo
+  - name: release-repo-master
+
+outputs:
+  - name: final-release-repo
+
+run:
+  path: postgres-release/ci/scripts/create-final-release/task.sh
+
+params:
+  RELEASE_NAME:
+  MASTER_BRANCH: