kyma-project · kevin-kho · Jul 27, 2025 · Jul 28, 2025 · Jul 30, 2025 · Jul 30, 2025
@@ -0,0 +1,47 @@
+name: Bump version
+on:
+  workflow_dispatch:
+    inputs:
+      version: # github.event.inputs.version
+        description: 'Release version ( e.g. "2.1.3")'
+        default: ""
+        required: true
+
+jobs:
+  bump-version:
+    name: Bump version
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      RELEASE_TAG: ${{github.event.inputs.VERSION}}
+      REPOSITORY: ${{github.repository}}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Generate sec-scanners-config
+        run: |
+          echo "Creating sec-scanners-config.yaml"
+          ./tools/scripts/release/render-sec-scanners-config.sh ${RELEASE_TAG}
+
+      - name: Generate sec-scanners-config-release
+        run: |
+          echo "Creating sec-scanners-config-release.yaml"
+          ./tools/scripts/release/render-sec-scanners-config-release.sh ${RELEASE_TAG}
+
+      - name: Check if generated sec-scanners-config differs and commit
+        run: |
+          if [ -z "$(git status --porcelain)" ]; then
+             echo "No changes found"
+          else
+            echo "Changes found. Commiting to repo"
+            echo "bumped sec-scanners-config.yaml to ${RELEASE_TAG}"
+            git config --global user.email "[email protected]"
+            git config --global user.name "Test Test"
+            git add ./sec-scanners-config.yaml
+            git commit -m "bumped sec-scanners-config.yaml to ${RELEASE_TAG}"
+            git push
+          fi
@@ -0,0 +1,46 @@
+name: Create release
+on:
+  workflow_dispatch:
+    inputs:
+      version: # github.event.inputs.version
+        description: 'Release version ( e.g. "2.1.3")'
+        default: ""
+        required: true
+
+jobs:
+  create-draft:
+    name: Create draft
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      RELEASE_TAG: ${{github.event.inputs.VERSION}}
+      REPOSITORY: ${{github.repository}}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create changelog
+        run: ./tools/scripts/release/create_changelog.sh $REPOSITORY $RELEASE_TAG
+
+      - name: Create draft release
+        id: create-draft
+        run: |
+          RELEASE_ID=$(./tools/scripts/release/create_draft_release.sh $REPOSITORY $RELEASE_TAG)
+          echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
+
+      - name: Get manifest and example
+        run: |
+          MANIFEST_FILEPATH=./config/crd/bases/cloud-resources.kyma-project.io_cloudresources.yaml
+          EXAMPLE_FILEPATH=./config/samples/cloud-resources_v1beta1_cloudresources.yaml
+          ./tools/scripts/upload_manifests.sh $REPOSITORY $MANIFEST_FILEPATH $EXAMPLE_FILEPATH ${{steps.create-draft.outputs.release_id}}
+
+      - name: Add lightweight tag
+        run: |
+          git tag $RELEASE_TAG
+          git push origin $RELEASE_TAG
+
+    outputs:
+      release_id: ${{steps.create-draft.outputs.release_id}}
@@ -0,0 +1,184 @@
+name: Update Module Manifest
+on:
+  release:
+    types: [published]
+
+jobs:
+  fetch-vars:
+    name: Fetch variables
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # for github.com
+      TOOLS_TOKEN: ${{secrets.TOOLS_TOKEN}} # for github.tools.sap TODO: figure out which token to use
+      MODULE_MANIFEST_REPO: ${{vars.MODULE_MANIFEST_REPO}} # github.tools.sap
+      CLOUD_MANAGER_REPO: ${{vars.CLOUD_MANAGER_REPO}} # github.com
+    outputs:
+      MAIN_SHA: ${{steps.main_sha.outputs.main_sha}}
+      RELEASE_TAG: ${{steps.get_release_tag.outputs.tag}}
+      MODULE_RELEASE_SHA: ${{steps.get_sha_content.outputs.sha}}
+      MODULE_RELEASE_CONTENT: ${{steps.get_sha_content.outputs.content}}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get Main Sha
+        id: main_sha
+        run: |
+          RES=$(curl -L \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/branches/main)
+          SHA=$(echo $RES | yq -e ".commit.sha")
+          echo "main_sha=$SHA" >> $GITHUB_OUTPUT
+      - name: Get Release Tag
+        id: get_release_tag
+        run: |
+          RES=$(curl -L \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/${CLOUD_MANAGER_REPO}/releases/latest)
+
+          TAG=$(echo $RES | yq -e .tag_name)
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+      - name: Get SHA and Content of current module-release
+        id: get_sha_content
+        run: |
+          RES=$(curl -L \
+            -H "Accept: application/vnd.github.object" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/contents/modules/cloud-manager/module-releases.yaml)
+
+          SHA=$(echo $RES | yq -e .sha)
+          CONTENT=$(echo $RES | yq -e .content)
+          CONTENT=$(echo $CONTENT | tr -d ' ')
+
+          echo "sha=$SHA" >> $GITHUB_OUTPUT
+          echo "content=$CONTENT" >> $GITHUB_OUTPUT
+
+  create-branch:
+    name: Create branch
+    needs: fetch-vars
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # for github.com
+      TOOLS_TOKEN: ${{secrets.TOOLS_TOKEN}} # for github.tools.sap TODO: figure out which token to use
+      MODULE_MANIFEST_REPO: ${{vars.MODULE_MANIFEST_REPO}} # github.tools.sap
+      CLOUD_MANAGER_REPO: ${{vars.CLOUD_MANAGER_REPO}} # github.com
+    outputs:
+      BRANCH_NAME_MODULE_CONFIG: ${{steps.create_branch_module_config.outputs.BRANCH_NAME_MODULE_CONFIG}}
+      BRANCH_NAME_MODULE_RELEASE: ${{steps.create_branch_module_release.outputs.BRANCH_NAME_MODULE_RELEASE}}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: create branch # TODO: fix branch name
+        id: create_branch_module_config
+        run: |
+          MAIN_SHA=${{needs.fetch-vars.outputs.MAIN_SHA}}
+
+          BRANCH_NAME=$(echo "cloud-manager-${{needs.fetch-vars.outputs.RELEASE_TAG}}-module-config")
+          REF=$(echo "refs/heads/$BRANCH_NAME")
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/git/refs \
+            -d '{"ref":"'"$REF"'","sha":"'"$MAIN_SHA"'"}'
+
+          echo "BRANCH_NAME_MODULE_CONFIG=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: create branch module-release
+        id: create_branch_module_release
+        run: |
+          MAIN_SHA=${{needs.fetch-vars.outputs.MAIN_SHA}}
+          BRANCH_NAME=$(echo "cloud-manager-${{needs.fetch-vars.outputs.RELEASE_TAG}}-module-release")
+          REF=$(echo "refs/heads/$BRANCH_NAME")
+
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/git/refs \
+            -d '{"ref":"'"$REF"'","sha":"'"$MAIN_SHA"'"}'
+
+          echo "BRANCH_NAME_MODULE_RELEASE=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+  create-module-config:
+    name: Create Module Config
+    runs-on: ubuntu-latest
+    needs: [fetch-vars, create-branch]
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # for github.com
+      TOOLS_TOKEN: ${{secrets.TOOLS_TOKEN}} # for github.tools.sap TODO: figure out which token to use
+      MODULE_MANIFEST_REPO: ${{vars.MODULE_MANIFEST_REPO}} # github.tools.sap
+      CLOUD_MANAGER_REPO: ${{vars.CLOUD_MANAGER_REPO}} # github.com
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: create module-config.yaml # TODO: fix JSON body
+        run: |
+          MODULE_CONFIG_BASE=$(./tools/scripts/release/create_module_config.sh | base64)
+          MODULE_CONFIG_BASE=$(echo $MODULE_CONFIG_BASE | tr -d ' ')
+          BRANCH_NAME=${{needs.create-branch.outputs.BRANCH_NAME_MODULE_CONFIG}}
+
+          curl -L \
+            -X PUT \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/contents/modules/cloud-manager/1.4.2/module-config.yaml \
+            -d '{"message":"'"$BRANCH_NAME"'","branch":"'"$BRANCH_NAME"'","content":"'"$MODULE_CONFIG_BASE"'"}'
+
+  update-module-release:
+    name: Update Module Release
+    runs-on: ubuntu-latest
+    needs: [fetch-vars, create-branch, create-module-config]
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # for github.com
+      TOOLS_TOKEN: ${{secrets.TOOLS_TOKEN}} # for github.tools.sap TODO: figure out which token to use
+      MODULE_MANIFEST_REPO: ${{vars.MODULE_MANIFEST_REPO}} # github.tools.sap
+      CLOUD_MANAGER_REPO: ${{vars.CLOUD_MANAGER_REPO}} # github.com
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Generate module-release.yaml # TODO: fix JSON body
+        run: |
+          SHA=${{needs.fetch-vars.outputs.MODULE_RELEASE_SHA}}
+          CONTENT=${{needs.fetch-vars.outputs.MODULE_RELEASE_CONTENT}}
+          BRANCH_NAME=${{needs.create-branch.outputs.BRANCH_NAME_MODULE_RELEASE}}
+
+          DEV_VER=$(echo $CONTENT | base64 -d | yq '.channels[] | select(.channel == "dev") | .version' )
+          EXPERIMENTAL_VER=$(echo $CONTENT | base64 -d | yq '.channels[] | select(.channel == "experimental") | .version' )
+          FAST_VER=$(echo $CONTENT | base64 -d | yq '.channels[] | select(.channel == "fast") | .version' )
+          REGULAR_VER=$(echo $CONTENT | base64 -d | yq '.channels[] | select(.channel == "regular") | .version' )
+
+          # update dev version & keep others the same
+          NEW_DEV_VER=${{needs.fetch-vars.outputs.RELEASE_TAG}}
+
+          MODULE_RELEASE=$(./tools/scripts/release/create_module_release.sh $NEW_DEV_VER $EXPERIMENTAL_VER $FAST_VER $REGULAR_VER | base64)
+          MODULE_RELEASE=$(echo $MODULE_RELEASE | tr -d ' ')
+
+          curl -L \
+            -X PUT \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${TOOLS_TOKEN}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://github.tools.sap/api/v3/repos/${MODULE_MANIFEST_REPO}/contents/modules/cloud-manager/module-releases.yaml \
+            -d '{"message":"updated cloud-manager module-releases.yaml","branch":"'"$BRANCH_NAME"'","content":"'"$MODULE_RELEASE"'","sha":"'"$SHA"'"}'
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# This script will create a changelog for a release based on the latest commits.
+
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+REPOSITORY=$1
+RELEASE_TAG=$2
+
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
+CHANGELOG_FILE="CHANGELOG.md"
+
+PREVIOUS_RELEASE=$(git describe --tags --abbrev=0)
+
+echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE}
+
+# cleanup
+echo "CHANGELOG.md created"
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# This script creates a draft release and returns its id .
+
+# Error handling:
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+REPOSITORY=$1
+RELEASE_TAG=$2
+
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
+CHANGELOG_FILE=$(cat CHANGELOG.md)
+
+# Create the json payload to create a draft release.
+JSON_PAYLOAD=$(jq -n \
+	--arg tag_name "$RELEASE_TAG" \
+	--arg name "$RELEASE_TAG" \
+	--arg body "$CHANGELOG_FILE" \
+	'{
+    "tag_name": $tag_name,
+    "name": $name,
+    "body": $body,
+    "draft": true
+  }')
+
+# # Send the payload to github to create the draft release. The response contains the id of the release.
+CURL_RESPONSE=$(curl -L \
+	-X POST \
+	-H "Accept: application/vnd.github+json" \
+	-H "${GITHUB_AUTH_HEADER}" \
+	-H "X-GitHub-Api-Version: 2022-11-28" \
+	${GITHUB_URL}/releases \
+	-d "$JSON_PAYLOAD")
+
+# Return the draft release id.
+echo "$(echo $CURL_RESPONSE | jq -r ".id")"
+
+
@@ -0,0 +1,20 @@
+# TODO: make version and repositoryTag be CLI variables
+cat <<EOF
+name: kyma-project.io/module/cloud-manager
+version: 1.4.1
+manifest: cloud-resources.kyma-project.io_cloudresources.yaml
+defaultCR: cloud-resources_v1beta1_cloudresources.yaml
+documentation: https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-manager-module?version=Cloud
+repository: https://github.com/kyma-project/cloud-manager.git
+repositoryTag: 1.4.1
+security: sec-scanners-config-release.yaml
+manager:
+  name: cloud-manager
+  namespace: kyma-system
+  group: apps
+  version: v1beta1
+  kind: Deployment
+  icons:
+    - name: module-icon
+      link: https://raw.githubusercontent.com/kyma-project/kyma/refs/heads/main/docs/assets/logo_icon.svg
+EOF
@@ -0,0 +1,20 @@
+DEV_VER=$1
+EXPERIMENTAL_VER=$2
+FAST_VER=$3
+REGULAR_VER=$4
+
+cat <<EOF
+targetLandscapes:
+  - dev
+  - stage
+  - prod
+channels:
+  - channel: dev
+    version: $DEV_VER
+  - channel: experimental
+    version: $EXPERIMENTAL_VER
+  - channel: fast
+    version: $FAST_VER
+  - channel: regular
+    version: $REGULAR_VER
+EOF