Skip to content

<v2.8> Add PNI, k3s cloud manager validations and refactor for port t… #56

<v2.8> Add PNI, k3s cloud manager validations and refactor for port t…

<v2.8> Add PNI, k3s cloud manager validations and refactor for port t… #56

Workflow file for this run

name: build-docker-images
on:
push:
branches:
- "master"
- "release/v*"
tags:
- "v*"
env:
COMMIT: ${{ github.sha }}
REPOSITORY_OWNER: ${{ github.repository_owner }}
IMAGE: ${{ github.repository_owner }}/rancher
IMAGE_AGENT: ${{ github.repository_owner }}/rancher-agent
IMAGE_INSTALLER: ${{ github.repository_owner }}/system-agent-installer-rancher
REGISTRY: "stgregistry.suse.com"
DOCKERIO_REGISTRY: "docker.io"
AWS_DEFAULT_REGION: "us-east-1"
jobs:
unit-tests:
uses: ./.github/workflows/unit-test.yml
build-publish-chart:
runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
container: registry.suse.com/bci/bci-base:latest
needs: [push-images]
permissions:
contents: read
id-token: write
concurrency:
# if it is a tag run, use a default group to avoid concurrent runs, if it isn't use a unique group to allow concurrent runs
group: ${{ contains(github.ref, 'tags/') && 'build-chart-tag' || format('build-chart-{0}', github.job) }}
# instead of cancelling other runs, wait until they are finished
cancel-in-progress: false
env:
ARCH: amd64
CHARTS_DISTRIBUTION_ID: EKGBR3PUZ9J56
steps:
- name: install dependencies
shell: bash
run: zypper install -y git jq awk aws-cli
- name: Git safe directory
run: git config --global --add safe.directory "$PWD"
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Tag Env Variables
uses: ./.github/actions/setup-tag-env
- name: install yq
uses: ./.github/actions/install-yq
with:
arch: ${{ env.ARCH }}
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Install Helm dependencies
env:
HELM_URL: https://get.helm.sh/helm-${{ steps.env.outputs.HELM_VERSION }}-linux-amd64.tar.gz
HELM_UNITTEST_VERSION: ${{ steps.env.outputs.HELM_UNITTEST_VERSION }}
run: |
curl ${{ env.HELM_URL }} | tar xvzf - --strip-components=1 -C /tmp/ && \
mv /tmp/helm /usr/bin/helm_v3 && \
chmod +x /usr/bin/helm_v3
helm_v3 plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_UNITTEST_VERSION }}; \
- name: Build
run: ./scripts/chart/build chart
- name: Validate
run: ./scripts/chart/validate
- name: Test
run: ./scripts/chart/test
- name: Package
run: ./scripts/chart/package
- name: Upload chart
uses: actions/upload-artifact@v4
with:
name: chart
path: ./bin/chart/*
if-no-files-found: error
retention-days: 4
overwrite: true
- name: Load Secrets from Vault
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/optimus-charts-access-key/credentials token | OPTIMUS_CHARTS_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/optimus-charts-secret-key/credentials token | OPTIMUS_CHARTS_SECRET_KEY ;
secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials accessKeyId | AWS_ACCESS_KEY_ID_CACHE_INVALIDATION ;
secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials secretAccessKey | AWS_SECRET_ACCESS_KEY_CACHE_INVALIDATION ;
- name: Upload chart to bucket
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
run: |
AWS_ACCESS_KEY_ID=${{ env.OPTIMUS_CHARTS_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.OPTIMUS_CHARTS_SECRET_KEY }} aws s3 cp --recursive ./bin/chart s3://charts.optimus.rancher.io/server-charts
- name: Invalidate Cloudfront cache
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
shell: bash
run: |
AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID_CACHE_INVALIDATION }} AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY_CACHE_INVALIDATION }} aws cloudfront create-invalidation --distribution-id ${{ env.CHARTS_DISTRIBUTION_ID }} --paths "/*"
build-server:
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
permissions:
contents: read
id-token: write
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Arch environment variable
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: install yq
shell: bash
run: sudo snap install yq
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create k3s images file
uses: ./.github/actions/k3s-images
with:
k3s_version: ${{ steps.env.outputs.CATTLE_K3S_VERSION }}
- name: Download data.json
run: curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./data.json
- name: Build and export server
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"COMMIT=${{ env.COMMIT }}"
"RKE_VERSION=${{ steps.env.outputs.RKE_VERSION }}"
"ARCH=${{ env.ARCH }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ steps.env.outputs.CATTLE_RANCHER_WEBHOOK_VERSION }}"
"CATTLE_CSP_ADAPTER_MIN_VERSION=${{ steps.env.outputs.CATTLE_CSP_ADAPTER_MIN_VERSION }}"
"CATTLE_FLEET_VERSION=${{ steps.env.outputs.CATTLE_FLEET_VERSION }}"
tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
build-agent:
needs: [build-server]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
services:
registry:
image: registry.suse.com/suse/registry:2.8
ports:
- 5000:5000
permissions:
contents: read
id-token: write
env:
REGISTRY: "127.0.0.1:5000"
ARCH: ${{ matrix.arch }}
steps:
- name: Arch environment variable
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: install yq
shell: bash
run: sudo snap install yq
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Setup TAG Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Download rancher image
uses: actions/download-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp
- name: Load image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
- name: Build agent
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ env.ARCH }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
"REGISTRY=${{ env.REGISTRY }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ steps.env.outputs.CATTLE_RANCHER_WEBHOOK_VERSION }}"
tags: ${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile.agent
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-agent-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
integration-tests:
needs: [build-agent]
uses: ./.github/workflows/integration-tests.yml
with:
parent_run_id: ${{ github.run_id }}
build-agent-windows:
needs: [integration-tests]
strategy:
matrix:
os: [windows]
version: [2019, 2022]
runs-on: ${{ matrix.os }}-${{ matrix.version }}
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Login to registry
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Build Windows Server Image
run: |
docker build -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }} --build-arg VERSION=${{ env.TAG }} --build-arg SERVERCORE_VERSION=ltsc${{ matrix.version }} -f package/windows/Dockerfile.agent .
docker push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }}
shell: bash
push-images:
needs: [unit-tests, integration-tests]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=2cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Environment variables
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: Download rancher image
uses: actions/download-artifact@v4
with:
pattern: "*-${{ matrix.os }}-${{ env.ARCH }}"
path: /tmp
merge-multiple: true
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Push server image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }}
- name: Push agent image
run: |
image_agent_id=$(docker load --input /tmp/rancher-agent-${{ matrix.os }}-${{ env.ARCH }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_agent_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_agent_id" ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ env.ARCH }}
merge-server-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [push-images]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Login to registry
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
- name: Create head manifest list and push
run: |
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}
merge-agent-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [push-images, build-agent-windows]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Login to registry
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create manifest list and push
run: |
# docker manifest is used with windows images to maintain os.version in the manifest
docker manifest create ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
# docker buildx imagetools create pushes to the registry by default, which is not the same behavior as docker manifest create
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker manifest create ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }}
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
build-installer:
needs: [build-publish-chart, merge-server-manifest]
strategy:
matrix:
os: [linux]
arch: [x64, arm64]
runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write
env:
ARCH: ${{ matrix.arch }}
steps:
- name: Environment variables
shell: bash
run: |
if [[ "$ARCH" == "x64" ]]; then
echo "ARCH=amd64" >> $GITHUB_ENV
fi
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download chart
uses: actions/download-artifact@v4
with:
name: chart
path: ./chart
- name: Build and export agent
id: build
uses: docker/build-push-action@v5
with:
push: true
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ matrix.arch }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-${{ env.ARCH }}
context: .
platforms: "${{ matrix.os }}/${{ env.ARCH }}"
file: ./package/Dockerfile.installer
labels: "${{ steps.meta.outputs.labels }}"
merge-installer-manifest:
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
needs: [build-installer]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_INSTALLER }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
registry: ${{ env.DOCKERIO_REGISTRY }}
- name: Login to registry
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}
create-images-files:
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tags
runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write
env:
REGISTRY: ""
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- uses: actions/setup-go@v5
with:
go-version: '${{ steps.env.outputs.GO_VERSION }}'
- name: Download data.json
run: |
mkdir -p bin
curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./bin/data.json
cp ./bin/data.json ./bin/rancher-data.json
- name: Create k3s images file
uses: ./.github/actions/k3s-images
with:
k3s_version: ${{ steps.env.outputs.CATTLE_K3S_VERSION }}
- name: Create files
run: |
mkdir -p $HOME/bin
touch $HOME/bin/rancher-rke-k8s-versions.txt
mkdir -p bin
mv ./k3s-airgap-images.tar ./bin
- name: Create components and images files
shell: bash
run: ./scripts/create-components-images-files.sh
- name: Move files
run: |
mv $HOME/bin/* ./bin
- name: Create sha256sum.txt file
run: ./scripts/artifacts-hashes.sh
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ;
- name: Upload artifacts to bucket
shell: bash
run: |
set -ex
artifacts=(
"rancher-components.txt"
"rancher-data.json"
"rancher-images-origins.txt"
"rancher-images-sources.txt"
"rancher-images.txt"
"rancher-load-images.ps1"
"rancher-load-images.sh"
"rancher-mirror-to-rancher-org.ps1"
"rancher-mirror-to-rancher-org.sh"
"rancher-rke-k8s-versions.txt"
"rancher-save-images.ps1"
"rancher-save-images.sh"
"rancher-windows-images-sources.txt"
"rancher-windows-images.txt"
"sha256sum.txt"
)
for artifact in "${artifacts[@]}"; do
AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws s3 cp "./bin/$artifact" "s3://prime-artifacts/rancher/${{ env.TAG }}/$artifact"
done