Skip to content

Validate single branch for tag #100

Validate single branch for tag

Validate single branch for tag #100

Workflow file for this run

on:
push:
paths-ignore:
- "**.md"
- "channel.yaml"
- "install.sh"
- "!.github/workflows/test-suite.yaml"
tags:
- "v*"
env:
GITHUB_ACTION_TAG: ${{ github.ref_name }}
GH_TOKEN: ${{ github.token }}
name: Release
permissions:
contents: write
id-token: write
jobs:
release-amd64:
runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=256
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
- name: Scan Images
continue-on-error: true
# This is a temporary workaround until the base image is updated
# in the Dockerfile to include the new trivy version that supports VEX
run: |
docker run --rm -v "$(pwd)/build:/build" -v "$(pwd):/workspace" \
-w /workspace rancher/hardened-build-base:v1.23.3b1 \
make scan-images
- name: Upload Scan Results
uses: actions/upload-artifact@v4
with:
name: release-trivy-scan
path: trivy_scan_report.txt
- name: Test
run: |
dapper -f Dockerfile --target dapper make test
- name: Publish Image Runtime
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
GOARCH: amd64
GOOS: linux
with:
image: "rke2-runtime"
tag: ${{ github.ref_name }}
make-target: publish-image-runtime
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Publish Image Runtime (Windows)
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
GOARCH: amd64
GOOS: linux
with:
image: "rke2-runtime"
tag: ${{ github.ref_name }}
make-target: publish-image-runtime-windows
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Package windows images
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make package-windows-images
- name: Checksum Artifacts
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
- name: Publish Artifacts
run: |
dapper -f Dockerfile --target dapper make publish-binary
env:
GH_TOKEN: ${{ github.token }}
release-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=256
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
- name: Scan Images
continue-on-error: true
run: |
dapper -f Dockerfile --target dapper make scan-images
- name: Publish Image Runtime
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
GOARCH: arm64
GOOS: linux
with:
image: "rke2-runtime"
tag: ${{ github.ref_name }}
make-target: publish-image-runtime
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Checksum
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
- name: Publish Artifacts
run: |
dapper -f Dockerfile --target dapper make publish-binary
env:
GH_TOKEN: ${{ github.token }}
manifest:
needs: [release-amd64, release-arm64]
runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
- name: Manifest
uses: rancher/ecm-distro-tools/actions/publish-image@master
env:
GOARCH: amd64
GOOS: linux
with:
image: "rke2-runtime"
tag: ${{ github.ref_name }}
make-target: publish-manifest-runtime
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
prime-repo: rancher
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
dispatch:
needs: [release-amd64, release-arm64]
runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/pat-username/credentials token | PAT_USERNAME ;
- name: Dispatch
run: |
dapper -f Dockerfile --target dapper make dispatch
env:
PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PAT_USERNAME: ${{ env.PAT_USERNAME }}
GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }}