From f17b1e71a32f689d2eb88f08c697d0382d11a306 Mon Sep 17 00:00:00 2001 From: AnishMudaraddi Date: Wed, 4 Feb 2026 12:56:06 +0000 Subject: [PATCH 1/9] install yq for set-env because we now run set-env.sh first, we need to install yq in set-env.sh so it works --- set-env.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/set-env.sh b/set-env.sh index 0febd82..4a28a7c 100755 --- a/set-env.sh +++ b/set-env.sh @@ -4,6 +4,10 @@ # if we do this and run into any errors it will kill the user's # current shell (e.g. a typo) +echo "Installing required tools..." +export PATH=$PATH:/snap/bin +sudo snap install yq + # Function to convert dependencies to a valid environment variables sanitize_var_name() { echo "$1" | tr '-' '_' | tr '[:lower:]' '[:upper:]' From 8547b51fe3008e29686b47623f08b2eafb24ccee Mon Sep 17 00:00:00 2001 From: AnishMudaraddi Date: Thu, 5 Feb 2026 14:05:42 +0000 Subject: [PATCH 2/9] use apt to install yq instead of snap add check if yq is already installed for yq so we're not forced to initiate apt if it is already installed --- bootstrap.sh | 14 +++++++------- set-env.sh | 7 ++++--- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/bootstrap.sh b/bootstrap.sh index cc8b0ab..a6a72c4 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,13 +1,6 @@ #!/usr/bin/env bash set -euo pipefail -echo "Installing required tools..." -sudo apt-get install -y snapd python3-openstackclient -export PATH=$PATH:/snap/bin -sudo snap install kubectl --classic -sudo snap install helm --classic -sudo snap install yq - echo "Updating system to apply latest security patches..." export DEBIAN_FRONTEND=noninteractive sudo apt-get update -qq @@ -17,6 +10,13 @@ sudo apt-get -o Dpkg::Options::="--force-confold" \ -o Dpkg::Options::="--force-confdef" \ -y -qq upgrade > /dev/null +echo "Installing required tools..." +sudo apt-get install -y snapd python3-openstackclient yq + +export PATH=$PATH:/snap/bin +sudo snap install kubectl --classic +sudo snap install helm --classic + # Check a clouds.yaml file exists in the same directory as the script if [ ! -f clouds.yaml ]; then echo "A clouds.yaml file is required in the same directory as this script" diff --git a/set-env.sh b/set-env.sh index 4a28a7c..540fbaa 100755 --- a/set-env.sh +++ b/set-env.sh @@ -4,9 +4,10 @@ # if we do this and run into any errors it will kill the user's # current shell (e.g. a typo) -echo "Installing required tools..." -export PATH=$PATH:/snap/bin -sudo snap install yq +if [ ! -f "/usr/bin/yq" ]; then + echo "Installing yq..." + sudo apt-get -y install yq +fi # Function to convert dependencies to a valid environment variables sanitize_var_name() { From 68cc49a17b46bd8a0a4312cdf397bbc75d861fd9 Mon Sep 17 00:00:00 2001 From: AnishMudaraddi Date: Thu, 5 Feb 2026 14:33:57 +0000 Subject: [PATCH 3/9] change base branch for PR to staging instead of master - test github action changes before promotion --- .github/workflows/update-deps.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index db2dca8..c31ce85 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -28,7 +28,9 @@ jobs: private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + uses: actions/checkout@v6 + with: + ref: staging - name: Get latest upstream chart version id: capi-helm-chart From ce148b8399d42bd7a94906ef0f6b6f98c5de178c Mon Sep 17 00:00:00 2001 From: Chris Green <138027265+Chris-green-stfc@users.noreply.github.com> Date: Wed, 11 Mar 2026 13:24:55 +0000 Subject: [PATCH 4/9] Updated monitoring addon link comment The monitoring addon comment linked to an archived stackhpc repo, rather than the azimuth-cloud repo --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 70118a0..f07cc6b 100644 --- a/values.yaml +++ b/values.yaml @@ -164,7 +164,7 @@ apiServer: addons: # Enable monitoring by default, this deploys - # https://github.com/stackhpc/capi-helm-charts/blob/main/charts/cluster-addons/README.md#monitoring-and-logging + # https://github.com/azimuth-cloud/capi-helm-charts/blob/main/charts/cluster-addons/README.md#monitoring-and-logging # and includes Loki which is required for central logging as per UKRI policy monitoring: enabled: true From 4829b68f1fe95baa74f135f595a133dc79dcad30 Mon Sep 17 00:00:00 2001 From: RyanH-STFC Date: Fri, 24 Apr 2026 10:56:35 +0100 Subject: [PATCH 5/9] Change tags to SHAs -Changed the tags from actions to SHAs as it is a defence against supply chain attacks --- .github/workflows/update-deps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index c31ce85..a15ac40 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -28,7 +28,7 @@ jobs: private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: staging From 465eb82c211af63d634895027bcee64e42782d16 Mon Sep 17 00:00:00 2001 From: Aziz Ahmad Date: Tue, 19 May 2026 16:24:35 +0100 Subject: [PATCH 6/9] Bump capi image version to the latest available in OpenStack --- user-values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user-values.yaml b/user-values.yaml index 87e63a7..4865134 100644 --- a/user-values.yaml +++ b/user-values.yaml @@ -25,9 +25,9 @@ controlPlane: # The Kubernetes version of the cluster # This should match the version of kubelet and kubeadm in the image # and will be automatically updated by us -kubernetesVersion: "1.34.6" +kubernetesVersion: "1.34.8" # The name of the image to use for cluster machines -machineImage: "capi-ubuntu-2204-kube-v1.34.6" +machineImage: "capi-ubuntu-2204-kube-v1.34.8" addons: # Monitoring sets up kube-prometheus-stack and loki-stack. From f1abdbe44816350d153c4bface29a21fa1949ba5 Mon Sep 17 00:00:00 2001 From: anish-mudaraddi Date: Wed, 10 Jun 2026 15:13:39 +0100 Subject: [PATCH 7/9] Add github action to promote staging to master --- .github/workflows/promote-to-master.yaml | 43 ++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/promote-to-master.yaml diff --git a/.github/workflows/promote-to-master.yaml b/.github/workflows/promote-to-master.yaml new file mode 100644 index 0000000..736d7e3 --- /dev/null +++ b/.github/workflows/promote-to-master.yaml @@ -0,0 +1,43 @@ +name: Open PR from staging to master + +on: + schedule: + - cron: "0 12 * * 3" # Wednesday at 12pm UTC + workflow_dispatch: {} + +permissions: + contents: write + pull-requests: write + +env: + author: "${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>" + committer: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>" + +jobs: + prod-promotion: + runs-on: ubuntu-latest + steps: + - name: "Setup Github Token" + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 #v3.2.0 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + ref: staging + - name: Create Pull Request + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 #v8.1.1 + with: + token: ${{ steps.app-token.outputs.token }} + commit-message: Update dependencies + title: Update dependencies + author: ${{ env.author }} + committer: ${{ env.committer }} + body: | + Automated promotion PR to copy contents from `staging` to `master`. + + This PR was automatically created by the environment promotion workflow. + labels: | + automated + environment-promotion From fcb15afcf3d225471c0c5d28f655ca9f26c130d5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 13:12:43 +0000 Subject: [PATCH 8/9] Update Build Dependencies to match upstream --- dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.yaml b/dependencies.yaml index b5aa0f6..ca56773 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -1,4 +1,4 @@ # https://github.com/azimuth-cloud/capi-helm-charts -cluster-chart: "0.19.2" +cluster-chart: "0.21.0" # https://github.com/k-orc/openstack-resource-controller k-orc: "2.4.0" From a3d5590d18017bd8dbea5bb5ff4ec3d6bd795786 Mon Sep 17 00:00:00 2001 From: AnishMudaraddi Date: Mon, 15 Jun 2026 10:50:16 +0100 Subject: [PATCH 9/9] fix ci --- .github/workflows/promote-to-master.yaml | 27 ++++++++++++++++++------ 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/promote-to-master.yaml b/.github/workflows/promote-to-master.yaml index 736d7e3..2581460 100644 --- a/.github/workflows/promote-to-master.yaml +++ b/.github/workflows/promote-to-master.yaml @@ -1,5 +1,4 @@ name: Open PR from staging to master - on: schedule: - cron: "0 12 * * 3" # Wednesday at 12pm UTC @@ -23,21 +22,35 @@ jobs: with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + + - name: Checkout master branch + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: - ref: staging + ref: master + token: ${{ steps.app-token.outputs.token }} + + - name: Merge staging into master + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git fetch origin staging + git merge --no-commit --no-ff origin/staging || true + git add -A + - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 #v8.1.1 with: token: ${{ steps.app-token.outputs.token }} - commit-message: Update dependencies - title: Update dependencies + branch: promote-staging-to-prod + base: master + commit-message: "Update dependencies" + title: "Update dependencies" author: ${{ env.author }} committer: ${{ env.committer }} body: | Automated promotion PR to copy contents from `staging` to `master`. - + This PR was automatically created by the environment promotion workflow. labels: | automated - environment-promotion + environment-promotion \ No newline at end of file