Update Kubernetes Versions #193
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Kubernetes Versions | |
| on: | |
| schedule: | |
| # Run once daily at 6am UTC | |
| - cron: "0 6 * * *" | |
| # Allow manual trigger | |
| workflow_dispatch: | |
| inputs: | |
| disable_dockerhub: | |
| description: 'Disable fetching versions from Docker Hub' | |
| required: false | |
| default: false | |
| type: boolean | |
| disable_github: | |
| description: 'Disable fetching RC versions from GitHub' | |
| required: false | |
| default: false | |
| type: boolean | |
| permissions: {} | |
| jobs: | |
| update-k8s-versions: | |
| timeout-minutes: 30 | |
| name: Check for new Kubernetes version | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Required for OIDC token from GitHub | |
| environment: | |
| name: main | |
| env: | |
| AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }} | |
| ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| ECR_REGION: ${{ vars.ECR_REGION }} | |
| steps: | |
| - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4 | |
| id: octo-sts | |
| with: | |
| scope: DataDog/datadog-agent | |
| policy: self.update-kubernetes-versions.create-pr | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: true | |
| token: ${{ steps.octo-sts.outputs.token }} | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install dda | |
| uses: ./.github/actions/install-dda | |
| with: | |
| features: legacy-tasks | |
| - name: Install Python dependencies | |
| run: pip install requests==2.33.1 pyyaml==6.0.3 semver==3.0.4 | |
| - name: Install kind | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc #v1.14.0 | |
| with: | |
| install_only: true | |
| - name: Fetch latest Kubernetes version | |
| id: fetch-versions | |
| run: | | |
| args=() | |
| if [ "${{ inputs.disable_dockerhub }}" = "true" ]; then | |
| args+=(--disable-dockerhub) | |
| fi | |
| if [ "${{ inputs.disable_github }}" = "true" ]; then | |
| args+=(--disable-github) | |
| fi | |
| dda inv k8s-versions.fetch-versions "${args[@]}" | |
| - name: Build RC images | |
| if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' | |
| id: build-rc-images | |
| run: | | |
| dda inv kind-node-image.build-rc-images --versions='${{ steps.fetch-versions.outputs.new_versions }}' | |
| - name: Configure AWS credentials | |
| if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0 | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/datadog-agent-kind-image-publisher-oidc | |
| aws-region: us-east-1 | |
| - name: Log in to AWS ECR | |
| if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0 | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | |
| with: | |
| registry: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.ECR_REGION }}.amazonaws.com | |
| - name: Tag and push RC images to ECR | |
| if: steps.fetch-versions.outputs.has_new_rc_versions == 'true' && steps.build-rc-images.outputs.built_count > 0 | |
| id: push-rc-images | |
| env: | |
| ECR_REGISTRY: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.ECR_REGION }}.amazonaws.com | |
| run: | | |
| set -euo pipefail | |
| new_versions='${{ steps.fetch-versions.outputs.new_versions }}' | |
| # Capture the kind version used to build these RC images | |
| kind_version=$(kind version | awk '{print $2}') | |
| for image in ${{ steps.build-rc-images.outputs.built_images }}; do | |
| tag="${image##*:}" | |
| ecr_image="$ECR_REGISTRY/$ECR_REPOSITORY:$tag" | |
| docker tag "$image" "$ecr_image" | |
| docker push "$ecr_image" | |
| # Get digest from local image after push | |
| digest=$(docker inspect --format='{{index .RepoDigests 0}}' "$ecr_image" | cut -d@ -f2) | |
| [ -n "$digest" ] || { echo "Error: Could not get digest for $tag"; exit 1; } | |
| # Append digest and kind_version into the new versions JSON | |
| # Must use the -c option (compact) to keep the jq output to a single-line | |
| new_versions=$(jq -c --arg tag "$tag" --arg digest "$digest" --arg kind_version "$kind_version" \ | |
| '.[$tag].digest = $digest | .[$tag].kind_version = $kind_version' <<< "$new_versions") | |
| done | |
| echo "new_versions=$new_versions" >> "$GITHUB_OUTPUT" | |
| - name: Save new versions to file | |
| if: steps.fetch-versions.outputs.has_new_versions == 'true' | |
| run: | | |
| # Use push-rc-images output if RC images were built (includes digests from ECR) | |
| # Otherwise use fetch-versions output (includes digests from Docker Hub for final releases) | |
| VERSIONS='${{ steps.push-rc-images.outputs.new_versions || steps.fetch-versions.outputs.new_versions }}' | |
| dda inv k8s-versions.save-versions --versions="$VERSIONS" | |
| - name: Update kind_versions.json | |
| if: steps.fetch-versions.outputs.has_new_versions == 'true' | |
| run: dda inv k8s-versions.update-kind-versions-file | |
| - name: Update e2e.yml with new version | |
| id: update-yaml | |
| if: steps.fetch-versions.outputs.has_new_versions == 'true' | |
| run: | | |
| dda inv k8s-versions.update-e2e-yaml | |
| - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 | |
| name: Create pull request | |
| if: steps.update-yaml.outputs.updated == 'true' | |
| with: | |
| commit-message: "chore(e2e): add new Kubernetes version to e2e tests" | |
| branch: update-k8s-versions-automated | |
| token: ${{ steps.octo-sts.outputs.token }} | |
| sign-commits: true | |
| title: "[automated] Update Kubernetes latest version in e2e tests" | |
| body: | | |
| ### What does this PR do? | |
| Updates the Kubernetes version used by the `new-e2e-containers-k8s-latest` job in `.gitlab/test/e2e/e2e.yml` to the latest stable release from `kindest/node`. | |
| ### Motivation | |
| Keep e2e tests running against the latest Kubernetes version to ensure compatibility. | |
| ### New version added: | |
| ${{ steps.update-yaml.outputs.new_versions }} | |
| ### Describe how you validated your changes | |
| CI will validate the new versions work correctly. | |
| team-reviewers: container-integrations | |
| labels: team/container-integrations,qa/done,changelog/no-changelog,ask-review |