Skip to content
Snippets Groups Projects
Unverified Commit 57605e33 authored by Bruno Bachmann's avatar Bruno Bachmann Committed by GitHub
Browse files

Merge pull request #311 from bfbachmann/gha 

Add GHA workflows
parents 4a643535 64b5355e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
.drone.yml deleted 100644 → 0
+ 0
245
View file @ 4a643535
---
kind: pipeline
name: amd64
platform:
os: linux
arch: amd64
steps:
- name: build
image: rancher/dapper:v0.6.0
commands:
- dapper ci
- dapper e2e-sonobuoy
- dapper e2e-verify
volumes:
- name: docker
path: /var/run/docker.sock
- name: upload-artifacts
image: plugins/github-release
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-amd64.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: push-controller
image: plugins/docker
settings:
dockerfile: package/Dockerfile
build_args:
- ARCH=amd64
- TAG=${DRONE_TAG}-amd64
password:
from_secret: docker_password
repo: "rancher/system-upgrade-controller"
tag: "${DRONE_TAG}-amd64"
username:
from_secret: docker_username
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: push-e2e-tests
image: plugins/docker
settings:
dockerfile: package/Dockerfile
build_args:
- ARCH=amd64
- TAG=${DRONE_TAG}-amd64
target: e2e-tests
password:
from_secret: docker_password
repo: "rancher/system-upgrade-controller"
tag: "${DRONE_TAG}-amd64-e2e-tests"
username:
from_secret: docker_username
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: arm64
platform:
os: linux
arch: arm64
steps:
- name: build
image: rancher/dapper:v0.6.0
commands:
- dapper ci
volumes:
- name: docker
path: /var/run/docker.sock
- name: upload-artifacts
image: plugins/github-release
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-arm64.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: push-controller
image: plugins/docker
settings:
dockerfile: package/Dockerfile
build_args:
- ARCH=arm64
- TAG=${DRONE_TAG}-arm64
password:
from_secret: docker_password
repo: "rancher/system-upgrade-controller"
tag: "${DRONE_TAG}-arm64"
username:
from_secret: docker_username
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: push-e2e-tests
image: plugins/docker
settings:
dockerfile: package/Dockerfile
build_args:
- ARCH=arm64
- TAG=${DRONE_TAG}-arm64
target: e2e-tests
password:
from_secret: docker_password
repo: "rancher/system-upgrade-controller"
tag: "${DRONE_TAG}-arm64-e2e-tests"
username:
from_secret: docker_username
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: manifest
platform:
os: linux
arch: amd64
steps:
- name: controller
image: plugins/manifest
settings:
username:
from_secret: docker_username
password:
from_secret: docker_password
platforms:
- linux/amd64
- linux/arm64
target: "rancher/system-upgrade-controller:${DRONE_TAG}"
template: "rancher/system-upgrade-controller:${DRONE_TAG}-ARCH"
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: e2e-tests
image: plugins/manifest
settings:
username:
from_secret: docker_username
password:
from_secret: docker_password
platforms:
- linux/amd64
- linux/arm64
target: "rancher/system-upgrade-controller:${DRONE_TAG}-e2e-tests"
template: "rancher/system-upgrade-controller:${DRONE_TAG}-ARCH-e2e-tests"
when:
instance:
- drone-publish.rancher.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
depends_on:
- amd64
- arm64
---
kind: pipeline
name: fossa
steps:
- name: fossa
image: rancher/drone-fossa:latest
settings:
api_key:
from_secret: FOSSA_API_KEY
when:
instance:
- drone-publish.rancher.io
.github/workflows/fossa.yaml 0 → 100644
+ 34
0
View file @ 57605e33
name: FOSSA Scanning
on:
push:
branches: [ "master" ]
# For manual scans.
workflow_dispatch:
permissions:
# Basic read access needed.
contents: read
# Required to authenticate in EIO's Vault.
id-token: write
jobs:
fossa-scanning:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read FOSSA token
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
- name: FOSSA scan
uses: fossas/fossa-action@main
with:
api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
# Only runs the scan and do not provide/return any results back to the
# pipeline.
run-tests: false
\ No newline at end of file
.github/workflows/pull-request.yaml 0 → 100644
+ 47
0
View file @ 57605e33
name: CI on Pull Request
# The jobs below will execute any time a PR is created.
on:
pull_request:
push:
branches:
- 'master'
jobs:
# Runs e2e tests.
build-test:
runs-on: ubuntu-latest
container: rancher/dapper:v0.6.0
permissions:
contents: read
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Add Git
run: apk add -U git
- name: Checkout code
uses: actions/checkout@v4
- name: Fix the not-a-git-repository issue
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set environment variables
run: echo "DAPPER_HOST_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV
- name: Run CI
run: dapper ci
- name: Run e2e
if: ${{ matrix.arch == 'amd64' }}
run: |
dapper e2e-sonobuoy
dapper e2e-verify
.github/workflows/release.yaml 0 → 100644
+ 224
0
View file @ 57605e33
name: CI on Release Tag
# The jobs below will execute any time a tag is pushed to any branch in the repo.
on:
push:
tags:
- '*'
env:
IMAGE: rancher/system-upgrade-controller
TAG: ${{ github.ref_name }}
jobs:
# Runs e2e tests and uploads the artifact files that Dapper generates to
# GitHub Actions so we can reference them when we create the GitHub release.
build-test:
runs-on: ubuntu-latest
container: rancher/dapper:v0.6.0
permissions:
contents: read
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Add Git
run: apk add -U git
- name: Checkout code
uses: actions/checkout@v4
- name: Fix the not-a-git-repository issue
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set environment variables
run: echo "DAPPER_HOST_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV
- name: Run CI
run: dapper ci
- name: Run e2e
if: ${{ matrix.arch == 'amd64' }}
run: |
dapper e2e-sonobuoy
dapper e2e-verify
- name: Generate artifact checksums
run: find dist/artifacts -type f -exec sha256sum {} \; > "dist/artifacts/sha256sum-${{ matrix.arch }}.txt"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: "artifacts-${{ matrix.os }}-${{ matrix.arch }}"
path: dist/artifacts/*
if-no-files-found: error
overwrite: true
# Creates a GitHub release using artifacts from the `build-test` job.
create-gh-release:
runs-on: ubuntu-latest
needs:
- build-test
permissions:
contents: write # needed for creating the GH release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Fix the not-a-git-repository issue
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: dist/artifacts
pattern: artifacts-*
merge-multiple: true
- name: Create GitHub release
run: gh release create "${{ env.TAG }}" --prerelease --title "${{ env.TAG }}" dist/artifacts/*
# Builds Docker images using artifacts from the `build-test` job and pushes
# them to DockerHub.
build-push-images:
runs-on: ubuntu-latest
needs:
- build-test
permissions:
contents: read
id-token: write # needed for the Vault authentication
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: latest=false
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=raw,value={{ tag }}-${{ matrix.arch }}
- name: Fix the not-a-git-repository issue
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: dist/artifacts
pattern: artifacts-*
merge-multiple: true
- name: Build and push controller image to DockerHub
uses: docker/build-push-action@v5
id: build
with:
context: .
file: package/Dockerfile
target: controller
build-args: |
ARCH=${{ matrix.arch }}
push: true
tags: "${{ steps.meta.outputs.tags }}"
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
labels: "${{ steps.meta.outputs.labels }}"
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: "digests-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp/digests/*
if-no-files-found: error
overwrite: true
# Creates a manifest for the images built in the `build-push-images` job
# and pushes it to DockerHub.
build-push-manifest:
runs-on: ubuntu-latest
needs:
- build-push-images
permissions:
id-token: write # needed for the Vault authentication
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment