feat: bump rancher to v2.14.2-alpha6 and rke2 to v1.35.5+rke2r1 (#1278) #1569
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - v* | |
| # below will give us tagged releases (both pre-release and final) | |
| release: | |
| types: | |
| - published | |
| pull_request: | |
| env: | |
| # Fake up DRONE_BRANCH so it's picked up when dapper gets to | |
| # scripts/version. For branches, github.ref_name will be | |
| # "master" or "v1.x", which is fine, but for PRs it will be | |
| # something like "697/merge", which doesn't work as a version, | |
| # so wet just set it to master in this case. | |
| DRONE_BRANCH: ${{ endsWith(github.ref_name, '/merge') && 'master' || github.ref_name }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/master' && !startsWith(github.ref, 'refs/heads/v') && !startsWith(github.ref, 'refs/tags/v') }} | |
| jobs: | |
| build-iso: | |
| name: Build ISO Images | |
| strategy: | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| # hdd=50 is somewhat arbitrary here, but seems to give a | |
| # 77G disk, which is sufficient for ISO builds. | |
| # The VM runners are named "x64", not "amd64" like other docker things. | |
| runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch == 'amd64' && 'x64' || matrix.arch }},hdd=50,run-id=${{ github.run_id }} | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| # Build ISO | |
| - name: Run make ci | |
| run: make ci | |
| # Below is essentially duplicated from the main Harvester repo's | |
| # .github/workflows/build.yml, except we're only publishing branches, | |
| # not tags. | |
| - name: Declare branch | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| - name: Read Secrets | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89 | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; | |
| secret/data/github/repo/${{ github.repository }}/google-auth-key/credentials credential | GOOGLE_AUTH ; | |
| - name: Login to Docker Hub | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| # rancher/harvester-cluster-repo image | |
| - name: docker-publish-harvester-cluster-repo | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 | |
| with: | |
| context: dist/harvester-cluster-repo | |
| push: true | |
| platforms: linux/${{ matrix.arch }} | |
| tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ matrix.arch }} | |
| file: dist/harvester-cluster-repo/Dockerfile | |
| sbom: true | |
| provenance: mode=max | |
| # rancher/harvester-installer image | |
| - name: docker-publish-harvester-installer | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 | |
| with: | |
| context: dist/harvester-installer | |
| push: true | |
| platforms: linux/${{ matrix.arch }} | |
| tags: rancher/harvester-installer:${{ env.branch }}-head-${{ matrix.arch }} | |
| file: dist/harvester-installer/Dockerfile | |
| sbom: true | |
| provenance: mode=max | |
| - name: docker-publish-harvester-installer-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 | |
| with: | |
| context: dist/harvester-installer | |
| push: true | |
| platforms: linux/${{ matrix.arch }} | |
| tags: rancher/harvester-installer:${{ github.ref_name }}-${{ matrix.arch }} | |
| file: dist/harvester-installer/Dockerfile | |
| sbom: true | |
| provenance: mode=max | |
| - name: Login to Google Cloud | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 | |
| with: | |
| credentials_json: '${{ env.GOOGLE_AUTH }}' | |
| - name: upload-iso | |
| uses: google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2 | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| with: | |
| path: dist/artifacts | |
| parent: false | |
| destination: releases.rancher.com/harvester/${{ env.branch }} | |
| predefinedAcl: publicRead | |
| headers: |- | |
| cache-control: public,no-cache,proxy-revalidate | |
| - name: upload-iso-artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'iso-artifacts') | |
| with: | |
| name: harvester-master-pr-${{ github.event.pull_request.number }}-${{ matrix.arch }}.iso | |
| path: dist/artifacts/harvester-master-${{ matrix.arch }}.iso | |
| retention-days: 1 | |
| overwrite: true | |
| manifest-cluster-repo-image: | |
| name: Manifest harvester-cluster-repo image | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| needs: build-iso | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Declare branch | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89 | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester-cluster-repo image | |
| - name: docker-pull-harvester-cluster-repo | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \ | |
| rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 | |
| manifest-harvester-installer-image: | |
| name: Manifest harvester-installer image | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| needs: build-iso | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Declare branch | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89 | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester-installer image | |
| - name: docker-pull-harvester-installer | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-installer:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-installer:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester-installer:${{ env.branch }}-head \ | |
| rancher/harvester-installer:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester-installer:${{ env.branch }}-head-arm64 | |
| - name: docker-pull-harvester-installer-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-installer:${{ github.ref_name }}-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-installer:${{ github.ref_name }}-arm64 | |
| docker buildx imagetools create -t rancher/harvester-installer:${{ github.ref_name }} \ | |
| rancher/harvester-installer:${{ github.ref_name }}-amd64 \ | |
| rancher/harvester-installer:${{ github.ref_name }}-arm64 |