From d669ebf48f55fe891ed8b1cba9cc6ed01010b1d6 Mon Sep 17 00:00:00 2001 From: Gabriel Bueno Date: Wed, 12 Jun 2024 10:40:15 -0300 Subject: [PATCH 1/2] Fix CI We should be doing 'make ci' instead of 'make build' on pull_request. Also, split the release into two separate steps for US and EU registries since we can only authenticate to one at a time. --- .drone.yml | 207 ---------------------------------- .github/workflows/build.yml | 12 ++ .github/workflows/release.yml | 124 ++++++++++++++++++++ 3 files changed, 136 insertions(+), 207 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/release.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index f4e5c2fe..00000000 --- a/.drone.yml +++ /dev/null @@ -1,207 +0,0 @@ ---- -kind: pipeline -name: linux-amd64 - -platform: - os: linux - arch: amd64 - -steps: -- name: ci - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - push - - pull_request - - tag - -- name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - ref: - - refs/tags/* - event: - - tag - -- name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: "rancher/rancher-csp-adapter" - tag: "${DRONE_TAG}-amd64" - when: - event: - - tag - -- name: docker-build - image: plugins/docker - settings: - dockerfile: package/Dockerfile - repo: "rancher/rancher-csp-adapter" - tag: "${DRONE_COMMIT}-amd64" - dry_run: true - when: - event: - - pull_request - -- name: ecr-publish - image: plugins/ecr - settings: - dockerfile: package/Dockerfile - access_key: - from_secret: ecr_access_key - secret_key: - from_secret: ecr_secret_key - registry: - from_secret: aws_registry_id - repo: suse/rancher/rancher-csp-adapter - tag: "${DRONE_TAG}" - when: - event: - - tag - -- name: ecr-publish-eu - image: plugins/ecr - settings: - dockerfile: package/Dockerfile - access_key: - from_secret: ecr_access_key_eu - secret_key: - from_secret: ecr_secret_key_eu - registry: - from_secret: aws_registry_id_eu - repo: suse/rancher/rancher-csp-adapter-eu - tag: "${DRONE_TAG}" - when: - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- - -kind: pipeline -name: linux-arm64 - -platform: - os: linux - arch: arm64 - -steps: -- name: ci - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - push - - pull_request - - tag - -- name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - ref: - - refs/tags/* - event: - - tag - -- name: docker-build - image: plugins/docker - settings: - dockerfile: package/Dockerfile - repo: "rancher/rancher-csp-adapter" - tag: "${DRONE_COMMIT}-arm64" - dry_run: true - when: - event: - - pull_request - -- name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - username: - from_secret: docker_username - password: - from_secret: docker_password - repo: "rancher/rancher-csp-adapter" - tag: "${DRONE_TAG}-arm64" - when: - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- - -kind: pipeline -name: manifest - -platform: - os: linux - arch: amd64 - -steps: -- name: manifest - image: plugins/manifest:1.4.0 - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - platforms: - - linux/amd64 - - linux/arm64 - target: "rancher/rancher-csp-adapter:${DRONE_TAG}" - template: "rancher/rancher-csp-adapter:${DRONE_TAG}-ARCH" - when: - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - -depends_on: -- linux-amd64 -- linux-arm64 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..b9dd11f5 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,12 @@ +name: Build +on: + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Run Dapper CI + run: make ci diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..f4e26200 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,124 @@ +name: Release +on: + push: + tags: 'v*' + +# Needed to create the release +permissions: + contents: write + id-token: write + +# Needed to create the release and use gh cli +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + create-release: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Create a Release + id: create_release + uses: actions/create-release@v1 + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref_name }} + prerelease: true + + build-and-push-amd64: + runs-on: ubuntu-latest + needs: [create-release] + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-flags: --debug + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Run Dapper CI + run: make ci + - name: Generate Checksum + run: | + cd dist/artifacts + sha256sum * > sha256sum-amd64.txt + - name: Upload Assets + run: | + ASSETS_DIR="dist/artifacts" + TAG=${{ github.ref_name }} + for file in $ASSETS_DIR/*; do + gh release upload $TAG $file --repo ${{ github.repository }} + done + - name: Build Manifest + id: metadata + uses: docker/metadata-action@v5 + with: + images: | + docker.io/rancher/rancher-csp-adapter + 709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/rancher/rancher-csp-adapter + flavor: | + latest=false + - name: Read Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; + secret/data/github/repo/${{ github.repository }}/aws/aws-rancher-csp-adapter-ecr/credentials accessKeyId | ECR_ACCESS_KEY ; + secret/data/github/repo/${{ github.repository }}/aws/aws-rancher-csp-adapter-ecr/credentials secretAccessKey | ECR_SECRET_KEY ; + secret/data/github/repo/${{ github.repository }}/aws/aws-rancher-csp-adapter-ecr-eu/credentials accessKeyId | ECR_ACCESS_KEY_EU ; + secret/data/github/repo/${{ github.repository }}/aws/aws-rancher-csp-adapter-ecr-eu/credentials secretAccessKey | ECR_SECRET_KEY_EU ; + - name: Login to Docker Registry + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ env.ECR_ACCESS_KEY }} + aws-secret-access-key: ${{ env.ECR_SECRET_KEY }} + aws-region: us-east-1 + - name: Login to ECR + uses: docker/login-action@v2 + with: + registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com + - name: Push Images to Registries + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + file: package/Dockerfile + platforms: linux/amd64 + - name: Build Manifest for EU Registry Images + id: metadata_eu + uses: docker/metadata-action@v5 + with: + images: | + 709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/rancher/rancher-csp-adapter-eu + flavor: | + latest=false + - name: Configure AWS credentials for EU Registry + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ env.ECR_ACCESS_KEY_EU }} + aws-secret-access-key: ${{ env.ECR_SECRET_KEY_EU }} + aws-region: us-east-1 + - name: Login to ECR for EU Registry + uses: docker/login-action@v2 + with: + registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com + - name: Push Images to EU Registry + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.metadata_eu.outputs.tags }} + labels: ${{ steps.metadata_eu.outputs.labels }} + file: package/Dockerfile + platforms: linux/amd64 From d45e9e8344d6f764a415a1c48ef58a82d0feacab Mon Sep 17 00:00:00 2001 From: Gabriel Bueno Date: Wed, 12 Jun 2024 15:56:19 -0300 Subject: [PATCH 2/2] adds awk package to dapper dockerfile --- Dockerfile.dapper | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 0b50d394..dcb5d162 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -4,7 +4,7 @@ ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH RUN zypper -n up && \ - zypper -n in git docker vim less file curl wget ca-certificates + zypper -n in git docker vim less file curl wget ca-certificates gawk RUN if [ "${ARCH}" == "amd64" ]; then \ curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.51.2; \ fi