-
Notifications
You must be signed in to change notification settings - Fork 104
233 lines (208 loc) · 10 KB
/
Copy pathbuild.yml
File metadata and controls
233 lines (208 loc) · 10 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
name: build
on:
push:
branches:
- master
- v*
# below will give us tagged releases (both pre-release and final)
release:
types:
- published
pull_request:
env:
# Fake up DRONE_BRANCH so it's picked up when dapper gets to
# scripts/version. For branches, github.ref_name will be
# "master" or "v1.x", which is fine, but for PRs it will be
# something like "697/merge", which doesn't work as a version,
# so wet just set it to master in this case.
DRONE_BRANCH: ${{ endsWith(github.ref_name, '/merge') && 'master' || github.ref_name }}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' && !startsWith(github.ref, 'refs/heads/v') && !startsWith(github.ref, 'refs/tags/v') }}
jobs:
build-iso:
name: Build ISO Images
strategy:
matrix:
arch:
- amd64
- arm64
# hdd=50 is somewhat arbitrary here, but seems to give a
# 77G disk, which is sufficient for ISO builds.
# The VM runners are named "x64", not "amd64" like other docker things.
runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch == 'amd64' && 'x64' || matrix.arch }},hdd=50,run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
# Build ISO
- name: Run make ci
run: make ci
# Below is essentially duplicated from the main Harvester repo's
# .github/workflows/build.yml, except we're only publishing branches,
# not tags.
- name: Declare branch
run: |
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
- name: Read Secrets
if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/google-auth-key/credentials credential | GOOGLE_AUTH ;
- name: Login to Docker Hub
if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
# rancher/harvester-cluster-repo image
- name: docker-publish-harvester-cluster-repo
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: dist/harvester-cluster-repo
push: true
platforms: linux/${{ matrix.arch }}
tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ matrix.arch }}
file: dist/harvester-cluster-repo/Dockerfile
sbom: true
provenance: mode=max
# rancher/harvester-installer image
- name: docker-publish-harvester-installer
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: dist/harvester-installer
push: true
platforms: linux/${{ matrix.arch }}
tags: rancher/harvester-installer:${{ env.branch }}-head-${{ matrix.arch }}
file: dist/harvester-installer/Dockerfile
sbom: true
provenance: mode=max
- name: docker-publish-harvester-installer-with-tag
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: dist/harvester-installer
push: true
platforms: linux/${{ matrix.arch }}
tags: rancher/harvester-installer:${{ github.ref_name }}-${{ matrix.arch }}
file: dist/harvester-installer/Dockerfile
sbom: true
provenance: mode=max
- name: Login to Google Cloud
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2
with:
credentials_json: '${{ env.GOOGLE_AUTH }}'
- name: upload-iso
uses: google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2
if: ${{ startsWith(github.ref, 'refs/heads/') }}
with:
path: dist/artifacts
parent: false
destination: releases.rancher.com/harvester/${{ env.branch }}
predefinedAcl: publicRead
headers: |-
cache-control: public,no-cache,proxy-revalidate
- name: upload-iso-artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'iso-artifacts')
with:
name: harvester-master-pr-${{ github.event.pull_request.number }}-${{ matrix.arch }}.iso
path: dist/artifacts/harvester-master-${{ matrix.arch }}.iso
retention-days: 1
overwrite: true
manifest-cluster-repo-image:
name: Manifest harvester-cluster-repo image
runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
needs: build-iso
if: ${{ startsWith(github.ref, 'refs/heads/') }}
permissions:
contents: read
id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Declare branch
run: |
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Read Secrets
uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
# rancher/harvester-cluster-repo image
- name: docker-pull-harvester-cluster-repo
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64
docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64
docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \
rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \
rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64
manifest-harvester-installer-image:
name: Manifest harvester-installer image
runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
needs: build-iso
if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
permissions:
contents: read
id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Declare branch
run: |
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Read Secrets
uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
# rancher/harvester-installer image
- name: docker-pull-harvester-installer
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
docker pull --platform linux/amd64 rancher/harvester-installer:${{ env.branch }}-head-amd64
docker pull --platform linux/arm64 rancher/harvester-installer:${{ env.branch }}-head-arm64
docker buildx imagetools create -t rancher/harvester-installer:${{ env.branch }}-head \
rancher/harvester-installer:${{ env.branch }}-head-amd64 \
rancher/harvester-installer:${{ env.branch }}-head-arm64
- name: docker-pull-harvester-installer-with-tag
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
docker pull --platform linux/amd64 rancher/harvester-installer:${{ github.ref_name }}-amd64
docker pull --platform linux/arm64 rancher/harvester-installer:${{ github.ref_name }}-arm64
docker buildx imagetools create -t rancher/harvester-installer:${{ github.ref_name }} \
rancher/harvester-installer:${{ github.ref_name }}-amd64 \
rancher/harvester-installer:${{ github.ref_name }}-arm64