Skip to content

Merge pull request #47955 from rancherbot/fleet-1731086590 #41

Merge pull request #47955 from rancherbot/fleet-1731086590

Merge pull request #47955 from rancherbot/fleet-1731086590 #41

Workflow file for this run

name: build-docker-images
on:
push:
branches:
- "main"
- "release/v*"
tags:
- "v*"
env:
COMMIT: ${{ github.sha }}
REPOSITORY_OWNER: ${{ github.repository_owner }}
IMAGE: ${{ github.repository_owner }}/rancher
IMAGE_AGENT: ${{ github.repository_owner }}/rancher-agent
IMAGE_INSTALLER: ${{ github.repository_owner }}/system-agent-installer-rancher
REGISTRY: "docker.io"
GH_CLI_VERSION: 2.57.0
jobs:
unit-tests:
uses: ./.github/workflows/unit-test.yml
build-publish-chart:
runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
container: registry.suse.com/bci/bci-base:latest
needs: [push-images]
permissions:
contents: read
id-token: write
concurrency:
# if it is a tag run, use a default group to avoid concurrent runs, if it isn't use a unique group to allow concurrent runs
group: ${{ contains(github.ref, 'tags/') && 'build-chart-tag' || format('build-chart-{0}', github.job) }}
# instead of cancelling other runs, wait until they are finished
cancel-in-progress: false
env:
ARCH: amd64
steps:
- name: install dependencies
shell: bash
run: zypper install -y git jq awk aws-cli
- name: Git safe directory
run: git config --global --add safe.directory "$PWD"
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Tag Env Variables
uses: ./.github/actions/setup-tag-env
- name: install yq
uses: ./.github/actions/install-yq
with:
arch: ${{ env.ARCH }}
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Install Helm dependencies
env:
HELM_URL: https://get.helm.sh/helm-${{ steps.env.outputs.HELM_VERSION }}-linux-amd64.tar.gz
HELM_UNITTEST_VERSION: ${{ steps.env.outputs.HELM_UNITTEST_VERSION }}
run: |
curl ${{ env.HELM_URL }} | tar xvzf - --strip-components=1 -C /tmp/ && \
mv /tmp/helm /usr/bin/helm_v3 && \
chmod +x /usr/bin/helm_v3
helm_v3 plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_UNITTEST_VERSION }}; \
- name: Build
run: ./scripts/chart/build chart
- name: Validate
run: ./scripts/chart/validate
- name: Test
run: ./scripts/chart/test
- name: Package
run: ./scripts/chart/package
- name: Upload chart
uses: actions/upload-artifact@v4
with:
name: chart
path: ./bin/chart/*
if-no-files-found: error
retention-days: 4
overwrite: true
- name: Load Secrets from Vault
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH ;
- name: Authenticate with Google Cloud
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ env.GOOGLE_AUTH }}
- name: Upload
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
uses: google-github-actions/upload-cloud-storage@v2
with:
destination: releases.rancher.com/server-charts
path: ./bin/chart
parent: false
process_gcloudignore: false
predefinedAcl: publicRead
headers: |-
cache-control: public,no-cache,proxy-revalidate
build-server:
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Arch environment variable
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: install yq
shell: bash
run: sudo snap install yq
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create k3s images file
uses: ./.github/actions/k3s-images
with:
k3s_version: ${{ steps.env.outputs.CATTLE_K3S_VERSION }}
- name: Download data.json
run: curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./data.json
- name: Build and export server
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"COMMIT=${{ env.COMMIT }}"
"RKE_VERSION=${{ steps.env.outputs.RKE_VERSION }}"
"ARCH=${{ env.ARCH }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ steps.env.outputs.CATTLE_RANCHER_WEBHOOK_VERSION }}"
"CATTLE_CSP_ADAPTER_MIN_VERSION=${{ steps.env.outputs.CATTLE_CSP_ADAPTER_MIN_VERSION }}"
"CATTLE_FLEET_VERSION=${{ steps.env.outputs.CATTLE_FLEET_VERSION }}"
tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
build-agent:
needs: [build-server]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
services:
registry:
image: registry:2
ports:
- 5000:5000
env:
REGISTRY: "127.0.0.1:5000"
ARCH: ${{ matrix.arch }}
steps:
- name: Arch environment variable
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: install yq
shell: bash
run: sudo snap install yq
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Setup TAG Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Download rancher image
uses: actions/download-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp
- name: Load image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
- name: Build agent
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ env.ARCH }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
"REGISTRY=${{ env.REGISTRY }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ steps.env.outputs.CATTLE_RANCHER_WEBHOOK_VERSION }}"
tags: ${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile.agent
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-agent-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
integration-tests:
needs: [build-agent]
uses: ./.github/workflows/integration-tests.yml
with:
parent_run_id: ${{ github.run_id }}
build-agent-windows:
needs: [integration-tests]
strategy:
matrix:
os: [windows]
version: [2019, 2022]
runs-on: ${{ matrix.os }}-${{ matrix.version }}
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Build Windows Server Image
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }} --build-arg VERSION=${{ env.TAG }} --build-arg SERVERCORE_VERSION=ltsc${{ matrix.version }} -f package/windows/Dockerfile.agent .
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }}
shell: bash
push-images:
needs: [unit-tests, integration-tests]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=2cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Environment variables
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: Download rancher image
uses: actions/download-artifact@v4
with:
pattern: "*-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp
merge-multiple: true
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Push server image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
- name: Push agent image
run: |
image_agent_id=$(docker load --input /tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_agent_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_agent_id" ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
merge-server-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [push-images]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
- name: Create head manifest list and push
run: |
if [[ "${{ github.ref_name }}" == release/v* ]] || [[ "${{ github.ref_name }}" == "main" ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
merge-agent-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [push-images, build-agent-windows]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Create manifest list and push
run: |
# docker manifest is used with windows images to maintain os.version in the manifest
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
# docker buildx imagetools create pushes to the registry by default, which is not the same behavior as docker manifest create
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
--append ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]] || [[ "${{ github.ref_name }}" == "main" ]]; then
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }}
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
--append ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
build-installer:
needs: [build-publish-chart, merge-server-manifest]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Environment variables
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download chart
uses: actions/download-artifact@v4
with:
name: chart
path: ./chart
- name: Build and export agent
id: build
uses: docker/build-push-action@v5
with:
push: true
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ matrix.arch }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile.installer
labels: "${{ steps.meta.outputs.labels }}"
merge-installer-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [build-installer]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_INSTALLER }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }} ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}
create-images-files:
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
permissions:
contents: write
id-token: write
env:
REGISTRY: ""
CHECKSUM_FILE: "sha256sum.txt"
ARTIFACTS_BASE_DIR: "bin"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- uses: actions/setup-go@v5
with:
go-version: '${{ steps.env.outputs.GO_VERSION }}'
- name: Download data.json
run: |
mkdir -p bin
curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./bin/data.json
cp ./bin/data.json ./bin/rancher-data.json
- name: Create k3s images file
uses: ./.github/actions/k3s-images
with:
k3s_version: ${{ steps.env.outputs.CATTLE_K3S_VERSION }}
- name: Create files
run: |
mkdir -p $HOME/bin
touch $HOME/bin/rancher-rke-k8s-versions.txt
- name: Create components and images files
shell: bash
run: ./scripts/create-components-images-files.sh
- name: Move rke-k8s version file
run: mv $HOME/bin/rancher-rke-k8s-versions.txt ./bin
- name: Read App Secrets
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
- name: Create App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ env.APP_ID }}
private-key: ${{ env.PRIVATE_KEY }}
- name: Generate sha256sum
shell: bash
env:
ARTIFACTS_TYPE: "components"
run: scripts/artifacts-hashes.sh
- name: Add release notes
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
NOTES=$(cat bin/rancher-components.txt)
gh release edit -R ${{ github.repository }} ${{ env.TAG }} --notes "$NOTES"
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ;
- name: Upload artifacts to bucket
env:
AWS_ACCESS_KEY_ID: ${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
set -ex
source scripts/artifacts-list.sh
if (( ${#ARTIFACTS[@]} == 0 ));then
>&2 echo "missing ARTIFACTS env var"
exit 1
fi
for artifact in "${ARTIFACTS[@]}"; do
aws s3 cp "$ARTIFACTS_BASE_DIR/$artifact" "s3://prime-artifacts/rancher/${{ env.TAG }}/$artifact"
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$artifact" --clobber
done
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$CHECKSUM_FILE" --clobber
docker-image-digests:
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tag
runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
container: registry.suse.com/bci/bci-base:latest
needs: [create-images-files, merge-agent-manifest, merge-server-manifest]
permissions:
contents: write
id-token: write
env:
ARTIFACTS_BASE_DIR: "dist"
LINUX_AMD64_FILE: "rancher-images-digests-linux-amd64.txt"
LINUX_ARM64_FILE: "rancher-images-digests-linux-arm64.txt"
WINDOWS_2019_FILE: "rancher-images-digests-windows-ltsc2019.txt"
WINDOWS_2022_FILE: "rancher-images-digests-windows-ltsc2022.txt"
CHECKSUM_FILE: "images-digests-sha256sum.txt"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: install dependencies
shell: bash
run: zypper install -y aws-cli wget jq
- name: install gh
shell: bash
run: |
mkdir -p /tmp/gh
curl -fsL https://github.com/cli/cli/releases/download/v${{ env.GH_CLI_VERSION }}/gh_${{ env.GH_CLI_VERSION }}_linux_amd64.tar.gz | tar xvzf - --strip-components=1 -C /tmp/gh
mv /tmp/gh/bin/gh /usr/bin/gh
chmod +x /usr/bin/gh
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Setup ecm-distro-tools
uses: rancher/[email protected]
with:
version: v0.42.0
- name: Create base dir
shell: bash
run: mkdir -p "$ARTIFACTS_BASE_DIR"
- name: Generate linux docker digests
shell: bash
run: |
export LINUX_IMAGES_URL=https://github.com/${{ github.repository }}/releases/download/${{ env.TAG }}/rancher-images.txt
release generate rancher docker-images-digests --config "{}" --registry "${{ env.REGISTRY }}" --images-url "${LINUX_IMAGES_URL}" --output-file "$ARTIFACTS_BASE_DIR/$LINUX_AMD64_FILE"
cp "$ARTIFACTS_BASE_DIR/$LINUX_AMD64_FILE" "$ARTIFACTS_BASE_DIR/$LINUX_ARM64_FILE"
- name: Generate windows docker digests
shell: bash
run: |
export WINDOWS_IMAGES_URL=https://github.com/${{ github.repository }}/releases/download/${{ env.TAG }}/rancher-windows-images.txt
release generate rancher docker-images-digests --config "{}" --registry "${{ env.REGISTRY }}" --images-url "${WINDOWS_IMAGES_URL}" --output-file "$ARTIFACTS_BASE_DIR/$WINDOWS_2019_FILE"
cp "$ARTIFACTS_BASE_DIR/$WINDOWS_2019_FILE" "$ARTIFACTS_BASE_DIR/$WINDOWS_2022_FILE"
- name: Generate sha256sum file
shell: bash
env:
ARTIFACTS_TYPE: "digests"
run: scripts/artifacts-hashes.sh
- name: Read App Secrets
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
- name: Create App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ env.APP_ID }}
private-key: ${{ env.PRIVATE_KEY }}
- name: Upload digests
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$LINUX_AMD64_FILE" --clobber
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$LINUX_ARM64_FILE" --clobber
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$WINDOWS_2019_FILE" --clobber
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$WINDOWS_2022_FILE" --clobber
gh release upload -R ${{ env.REPOSITORY_OWNER }}/rancher ${{ env.TAG }} "$ARTIFACTS_BASE_DIR/$CHECKSUM_FILE" --clobber