setup test

mgfritch · Dec 4, 2024 · 5709b0f · 5709b0f
1 parent 06b3c2e
commit 5709b0f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 150 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,8 +11,7 @@ permissions:
 name: Build
 jobs:
   build-amd64:
-    runs-on:
-      labels: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    runs-on: ubuntu-latest
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
@@ -43,30 +42,3 @@ jobs:
       if: always()
       with:
         sarif_file: 'trivy-results.sarif'
-
-  build-arm64:
-    runs-on:
-      labels: runs-on,runner=4cpu-linux-arm64,run-id=${{ github.run_id }}
-    steps:
-    - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Set the TAG value
-      id: get-TAG
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-    - name: Build container image
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        push: false
-        tags: rancher/hardened-calico:${{ env.TAG }}-arm64
-        file: Dockerfile
-        outputs: type=docker
-        platforms: linux/arm64
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read
       id-token: write
-    runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    runs-on: ubuntu-latest
     outputs:
       digest: ${{ steps.digest.outputs.digest }}
     steps:
@@ -31,14 +31,11 @@ jobs:
         images: ${{ env.REGISTRY_IMAGE }}
 
     - name: "Read secrets"
-      uses: rancher-eio/read-vault-secrets@main
-      with:
-        secrets: |
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
+      run: |
+        echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> $GITHUB_ENV
+        echo "DOCKER_PASSWORD=${{ secrets.DOCKER_PASSWORD }}" >> $GITHUB_ENV
+        echo "PRIME_REGISTRY_USERNAME=${{ secrets.PRIME_REGISTRY_USERNAME }}" >> $GITHUB_ENV
+        echo "PRIME_REGISTRY_PASSWORD=${{ secrets.PRIME_REGISTRY_PASSWORD }}" >> $GITHUB_ENV
 
     - name: Build and push container image
       id: build-amd64
@@ -50,69 +47,11 @@ jobs:
         tag: ${{ github.event.release.tag_name }}
         platforms: linux/amd64
 
-        public-repo: rancher
-        public-username: ${{ env.DOCKER_USERNAME }}
-        public-password: ${{ env.DOCKER_PASSWORD }}
-
-        prime-repo: rancher
-        prime-registry: ${{ env.PRIME_REGISTRY }}
-        prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
-        prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
-
-    - name: Digest
-      id: digest
-      run: |
-        IMAGE_DIGEST=$(jq -r '.["containerimage.digest"]' /tmp/metadata.json)
-        echo "digest=$IMAGE_DIGEST" >> "$GITHUB_OUTPUT"
-
-  build-arm64-digest:
-    permissions:
-      contents: read
-      id-token: write
-    runs-on: runs-on,runner=4cpu-linux-arm64,run-id=${{ github.run_id }}
-    outputs:
-      digest: ${{ steps.digest.outputs.digest }}
-    steps:
-    - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Set the ENV values
-      id: get-Envs
-      run: |
-        echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
-        echo "$(make -s log | grep ARCH)" >> "$GITHUB_ENV"
-
-    - name: Docker meta
-      id: meta-arm64
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY_IMAGE }}
-
-    - name: "Read secrets"
-      uses: rancher-eio/read-vault-secrets@main
-      with:
-        secrets: |
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-          secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
-
-    - name: Build and push container image
-      id: build-arm64
-      uses: rancher/ecm-distro-tools/actions/publish-image@master
-      env: 
-        META_LABELS: ${{ steps.meta-arm64.outputs.labels }}
-      with:
-        image: hardened-calico
-        tag: ${{ github.event.release.tag_name }}
-        platforms: linux/arm64
-
-        public-repo: rancher
+        public-repo: mgfritch
         public-username: ${{ env.DOCKER_USERNAME }}
         public-password: ${{ env.DOCKER_PASSWORD }}
 
-        prime-repo: rancher
+        prime-repo: mgfritch
         prime-registry: ${{ env.PRIME_REGISTRY }}
         prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
         prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
@@ -122,55 +61,3 @@ jobs:
       run: |
         IMAGE_DIGEST=$(jq -r '.["containerimage.digest"]' /tmp/metadata.json)
         echo "digest=$IMAGE_DIGEST" >> "$GITHUB_OUTPUT"
-
-  merge:
-    permissions:
-      contents: read
-      id-token: write
-    runs-on: ubuntu-latest
-    needs:
-      - build-amd64-digest
-      - build-arm64-digest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-
-      - name: "Read secrets"
-        uses: rancher-eio/read-vault-secrets@main
-        with:
-          secrets: |
-            secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
-            secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
-            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
-
-      - name: Create manifest list and push
-        id: push-manifest
-        uses: rancher/ecm-distro-tools/actions/publish-image@master
-        env: 
-          DOCKER_METADATA_OUTPUT_JSON: ${{ steps.meta.outputs.json }}
-          REGISTRY_IMAGE: ${{ env.REGISTRY_IMAGE }}
-          IMAGE_DIGESTS: ${{ needs.build-amd64-digest.outputs.digest }} ${{ needs.build-arm64-digest.outputs.digest }}
-        with:
-          make-target: manifest-push
-          image: hardened-calico
-          tag: ${{ github.event.release.tag_name }}
-
-          public-repo: rancher
-          public-username: ${{ env.DOCKER_USERNAME }}
-          public-password: ${{ env.DOCKER_PASSWORD }}
-
-          prime-repo: rancher
-          prime-registry: ${{ env.PRIME_REGISTRY }}
-          prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
-          prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
-
-      - name: Inspect image
-        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}