prep test

mgfritch · Dec 6, 2024 · 2103ada · 2103ada
1 parent 0d353ac
commit 2103ada
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 116 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,8 +11,7 @@ permissions:
 name: Build
 jobs:
   build-amd64:
-    runs-on:
-      labels: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    runs-on: ubuntu-latest
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
@@ -43,30 +42,3 @@ jobs:
       if: always()
       with:
         sarif_file: 'trivy-results.sarif'
-
-  build-arm64:
-    runs-on:
-      labels: runs-on,runner=4cpu-linux-arm64,run-id=${{ github.run_id }}
-    steps:
-    - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Set the TAG value
-      id: get-TAG
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-    - name: Build container image
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        push: false
-        tags: rancher/hardened-calico:${{ env.TAG }}-arm64
-        file: Dockerfile
-        outputs: type=docker
-        platforms: linux/arm64
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ jobs:
     permissions:
       contents: read
       id-token: write
-    runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    runs-on: ubuntu-latest
     outputs:
       digest: ${{ steps.digest.outputs.digest }}
     steps:
@@ -24,21 +24,25 @@ jobs:
         echo "$(make -s log | grep ARCH)" >> "$GITHUB_ENV"
         echo "$(make -s log | grep REGISTRY_IMAGE)" >> "$GITHUB_ENV"
 
+    - name: Print ENV values
+      id: print_Envs
+      run: |
+        echo "$GITHUB_ENV"
+
     - name: Docker meta
       id: meta-amd64
       uses: docker/metadata-action@v5
       with:
         images: ${{ env.REGISTRY_IMAGE }}
 
     - name: "Read secrets"
-      uses: rancher-eio/read-vault-secrets@main
-      with:
-        secrets: |
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
+      run: |
+        echo "DOCKER_USERNAME=mgfritch" >> $GITHUB_ENV
+        echo "DOCKER_PASSWORD=${{ secrets.DOCKER_PASSWORD }}" >> $GITHUB_ENV
+        echo "PRIME_REGISTRY_USERNAME=mgfritch" >> $GITHUB_ENV
+        echo "PRIME_REGISTRY_PASSWORD=${{ secrets.PRIME_REGISTRY_PASSWORD }}" >> $GITHUB_ENV
+        echo "PUBLIC_REGISTRY=ghcr.io" >> $GITHUB_ENV
+        echo "PRIME_REGISTRY=ghcr.io" >> $GITHUB_ENV
 
     - name: Build and push container image
       id: build-amd64
@@ -50,73 +54,15 @@ jobs:
         tag: ${{ github.event.release.tag_name }}
         platforms: linux/amd64
 
-        public-repo: rancher
+        public-repo: mgfritch
+        public-registry: ${{ env.PUBLIC_REGISTRY }}
         public-username: ${{ env.DOCKER_USERNAME }}
-        public-password: ${{ env.DOCKER_PASSWORD }}
+        public-password: ${{ secrets.DOCKER_PASSWORD }}
 
-        prime-repo: rancher
+        prime-repo: mgfritch
         prime-registry: ${{ env.PRIME_REGISTRY }}
         prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
-        prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
-
-    - name: Digest
-      id: digest
-      run: |
-        IMAGE_DIGEST=$(jq -r '.["containerimage.digest"]' /tmp/metadata.json)
-        echo "digest=$IMAGE_DIGEST" >> "$GITHUB_OUTPUT"
-
-  build-arm64-digest:
-    permissions:
-      contents: read
-      id-token: write
-    runs-on: runs-on,runner=4cpu-linux-arm64,run-id=${{ github.run_id }}
-    outputs:
-      digest: ${{ steps.digest.outputs.digest }}
-    steps:
-    - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Set the ENV values
-      id: get-Envs
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-        echo "$(make -s log | grep ARCH)" >> "$GITHUB_ENV"
-        echo "$(make -s log | grep REGISTRY_IMAGE)" >> "$GITHUB_ENV"
-
-    - name: Docker meta
-      id: meta-arm64
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY_IMAGE }}
-
-    - name: "Read secrets"
-      uses: rancher-eio/read-vault-secrets@main
-      with:
-        secrets: |
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
-
-    - name: Build and push container image
-      id: build-arm64
-      uses: rancher/ecm-distro-tools/actions/publish-image@master
-      env: 
-        META_LABELS: ${{ steps.meta-arm64.outputs.labels }}
-      with:
-        image: hardened-calico
-        tag: ${{ github.event.release.tag_name }}
-        platforms: linux/arm64
-
-        public-repo: rancher
-        public-username: ${{ env.DOCKER_USERNAME }}
-        public-password: ${{ env.DOCKER_PASSWORD }}
-
-        prime-repo: rancher
-        prime-registry: ${{ env.PRIME_REGISTRY }}
-        prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
-        prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
+        prime-password: ${{ secrets.PRIME_REGISTRY_PASSWORD }}
 
     - name: Digest
       id: digest
@@ -131,7 +77,6 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - build-amd64-digest
-      - build-arm64-digest
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -141,42 +86,47 @@ jobs:
         run: |
           echo "$(make -s log | grep REGISTRY_IMAGE)" >> "$GITHUB_ENV"
 
+      - name: Print ENV values
+        id: print_Envs
+        run: |
+          echo "$GITHUB_ENV"
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.REGISTRY_IMAGE }}
+            images: ${{ env.REGISTRY_IMAGE }}
 
       - name: "Read secrets"
-        uses: rancher-eio/read-vault-secrets@main
-        with:
-          secrets: |
-            secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-            secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
+        run: |
+          echo "DOCKER_USERNAME=mgfritch" >> $GITHUB_ENV
+          echo "DOCKER_PASSWORD=${{ secrets.DOCKER_PASSWORD }}" >> $GITHUB_ENV
+          echo "PRIME_REGISTRY_USERNAME=mgfritch" >> $GITHUB_ENV
+          echo "PRIME_REGISTRY_PASSWORD=${{ secrets.PRIME_REGISTRY_PASSWORD }}" >> $GITHUB_ENV
+          echo "PUBLIC_REGISTRY=ghcr.io" >> $GITHUB_ENV
+          echo "PRIME_REGISTRY=ghcr.io" >> $GITHUB_ENV
 
       - name: Create manifest list and push
         id: push-manifest
         uses: rancher/ecm-distro-tools/actions/publish-image@master
         env: 
           DOCKER_METADATA_OUTPUT_JSON: ${{ steps.meta.outputs.json }}
           REGISTRY_IMAGE: ${{ env.REGISTRY_IMAGE }}
-          IMAGE_DIGESTS: ${{ needs.build-amd64-digest.outputs.digest }} ${{ needs.build-arm64-digest.outputs.digest }}
+          IMAGE_DIGESTS: ${{ needs.build-amd64-digest.outputs.digest }}
         with:
           make-target: manifest-push
           image: hardened-calico
           tag: ${{ github.event.release.tag_name }}
 
-          public-repo: rancher
+          public-repo: mgfritch
+          public-registry: ${{ env.PUBLIC_REGISTRY }}
           public-username: ${{ env.DOCKER_USERNAME }}
-          public-password: ${{ env.DOCKER_PASSWORD }}
+          public-password: ${{ secrets.DOCKER_PASSWORD }}
 
-          prime-repo: rancher
+          prime-repo: mgfritch
           prime-registry: ${{ env.PRIME_REGISTRY }}
           prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
-          prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
+          prime-password: ${{ secrets.PRIME_REGISTRY_PASSWORD }}
 
       - name: Inspect image
         run: |