release-23.2: release tooling: bundled backport of GHA-migration follow-ups#170837
Open
rail wants to merge 1 commit into
Open
Conversation
|
Thanks for opening a backport. Before merging, please confirm that it falls into one of the following categories (select one):
Add a brief release justification to the PR description explaining your selection. Also, confirm that the change does not break backward compatibility and complies with all aspects of the backport policy. All backports must be reviewed by the TL and EM for the owning area. |
blathers-crl
Bot
added
backport
|
Your pull request contains more than 1000 changes. It is strongly encouraged to split big PRs into smaller chunks. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
Member
|
This change is |
rail
force-pushed
the
backport23.2-170348-170392-170657-170670-170686-170727-170765-170779
branch
from
991ffaa to
263fc73
Compare
Bring release-23.2 in line with release-24.1's release-tooling stack so the new GitHub Actions release pipeline can drive 23.2 patch releases. This bundles the eight release-26.1 PRs already backported to 24.1 (cockroachdb#170348, cockroachdb#170392, cockroachdb#170657, cockroachdb#170670, cockroachdb#170686, cockroachdb#170727, cockroachdb#170765, cockroachdb#170779). Mirrors the release-24.1 (cockroachdb#170823) recipe: legacy email/Jira release tooling that release-23.2 still carries is replaced wholesale with the post-PR state from release-26.1 (tip 97b3f3e). Trimmed for release-23.2's scope — these workflows / scripts were intentionally dropped because the corresponding pipeline isn't run on this branch: - IBM build/sign infrastructure (build-per-platform-ibm, build-docker-ibm, ibm-signing, release-sign-ibm.sh): release-23.2 does not ship IBM / linux-s390x builds. - Cloud-only image (publish-cloud-only, cloud-rollout, release-cloud-only.sh, release-cloud-rollout.sh, build-cockroach-release-cloud-only.sh): no cloud-only image build/publish on this branch. - RAFA rollout (create-rafa-prs, release-publish-rafa-prs.sh): release-23.2 doesn't open RAFA PRs. Other adjustments mirror the 24.1 backport: - cockroachdb/version added as a new dep at the May 2025 pin so the new pkg/cmd/release can use version.IncPreRelease / IncPatch. go-github/v61, plus transitive bumps of cockroachdb/errors v1.11.3, getsentry/sentry-go v0.27.0, google/go-cmp v0.6.0, and stretchr/testify v1.10.0. - Orphaned deps dropped: andygrunwald/go-jira, google/go-github/v42, indirect trivago/tgo. DEPS.bzl + distdir_files.bzl updated. - verify_docker_image reverted to detect FIPS via Go version + OpenSSL fingerprint (release-23.2's cockroach doesn't emit "FIPS enabled: true"). - TEAMCITY_BUILD_PROPERTIES_FILE mount removed from run_bazel. - linux-s390x dropped from matrices. - build-cockroach-release-per-platform.sh reverted to publish-provisional-artifacts and restores --build-arg fips_enabled=1. Release justification: release-tooling backport for GHA migration. Epic: none Release note: None
rail
force-pushed
the
backport23.2-170348-170392-170657-170670-170686-170727-170765-170779
branch
from
263fc73 to
8d30924
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of the GHA-migration follow-ups onto release-23.2 so the new GitHub
Actions release pipeline can drive 23.2 patch releases on behalf of @rail.
Mirrors the release-24.1 (#170823) recipe — pkg/cmd/release lifted from
release-26.1, GHA workflows + build/github/release-*.sh wrappers added,
shared TeamCity-era scripts lifted from release-26.1 (their edits are
additive WIF-auth branches gated on
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE, so the legacy TeamCity codepaths still work).
Trimmed for release-23.2's scope. The following workflows / scripts
from upstream were intentionally dropped — they aren't run on this
branch:
build-per-platform-ibm,build-docker-ibm,ibm-signing,release-sign-ibm.sh) — release-23.2 doesn't ship IBM/ linux-s390x.
publish-cloud-only,cloud-rollout,release-cloud-only.sh,release-cloud-rollout.sh,build-cockroach-release-cloud-only.sh).create-rafa-prs,release-publish-rafa-prs.sh).Dep changes mirror the 24.1 backport:
cockroachdb/versionadded as a new dep,go-github/v61added, plustransitive bumps
cockroachdb/errors v1.11.3,getsentry/sentry-go v0.27.0,google/go-cmp v0.6.0,stretchr/testify v1.10.0.andygrunwald/go-jira,google/go-github/v42, indirecttrivago/tgo. DEPS.bzl +distdir_files.bzl updated.
Branch-specific patches (same as 24.1):
verify_docker_imagereverted to FIPS detection via Go version +OpenSSL fingerprint.
TEAMCITY_BUILD_PROPERTIES_FILEmount removed fromrun_bazel.build-cockroach-release-per-platform.shusespublish-provisional-artifacts -provisional -releaseand restoresthe
--build-arg fips_enabled=1branch for the FIPS docker image.Release justification: release-tooling backport for GHA migration.
Epic: none
Release note: None