system-agent/.github/workflows/release.yaml at 4493c21f0bae2c73e9f545b1e61e957229980bff · rancher/system-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: System Agent Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

permissions:
  contents: write # to create releases
  id-token: write # to read vault secrets

env:
  TAG: ${{ github.ref_name }}

jobs:
  # Build Docker images using multi-stage Dockerfile
  release:
    name: Build and push images
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - arch: amd64
            tag-suffix: "linux-amd64"
          - arch: arm64
            tag-suffix: "linux-arm64"
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Read Vault secrets
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD

      - name: Publish Image
        uses: rancher/ecm-distro-tools/actions/publish-image@master
        env:
          TAG: ${{ github.ref_name }}
          ARCH: ${{ matrix.arch }}
          GOOS: linux
          TAG_SUFFIX: ${{ matrix.tag-suffix }}
          COMMIT: ${{ github.sha }}
        with:
          image: "system-agent"
          tag: ${{ github.ref_name }}
          make-target: docker-buildx-push

          public-repo: rancher
          public-username: ${{ env.DOCKER_USERNAME }}
          public-password: ${{ env.DOCKER_PASSWORD }}

          push-to-prime: false

      - name: Publish Image
        uses: rancher/ecm-distro-tools/actions/publish-image@master
        env:
          TAG: ${{ github.ref_name }}
          ARCH: ${{ matrix.arch }}
          GOOS: linux
          TAG_SUFFIX: ${{ matrix.tag-suffix }}
          COMMIT: ${{ github.sha }}
        with:
          image: "system-agent"
          tag: ${{ github.ref_name }}
          make-target: docker-buildx-push-suc

          public-repo: rancher
          public-username: ${{ env.DOCKER_USERNAME }}
          public-password: ${{ env.DOCKER_PASSWORD }}

          push-to-prime: false

  merge:
    runs-on: ubuntu-latest
    needs:
      - release
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Read Vault secrets
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD

      - name: Create and push multi-platform manifests
        uses: rancher/ecm-distro-tools/actions/publish-image@master
        env:
          TAG: ${{ github.ref_name }}
        with:
          image: "system-agent"
          tag: ${{ github.ref_name }}
          make-target: docker-manifest

          public-repo: rancher
          public-username: ${{ env.DOCKER_USERNAME }}
          public-password: ${{ env.DOCKER_PASSWORD }}

          push-to-prime: false

  github_release:
    name: Create GitHub release
    runs-on: ubuntu-latest
    needs:
      - merge
    permissions:
      contents: write
      id-token: write
    steps:
      - name: Read App Secrets
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY

      - name: Create App Token
        uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: ${{ env.APP_ID }}
          private-key: ${{ env.PRIVATE_KEY }}

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          token: ${{ steps.app-token.outputs.token }}

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'

      - name: Build release binaries
        run: make release-binaries
        env:
          VERSION: ${{ github.ref_name }}
          COMMIT: ${{ github.sha }}

      - name: Create GitHub release
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          gh release create ${{ github.ref_name }} \
            --verify-tag \
            --generate-notes \
            dist/*