Add release GHA

Signed-off-by: galal-hussein <[email protected]>
rancher · May 30, 2024 · 1cdbfff · 1cdbfff
1 parent 96deda3
commit 1cdbfff
Show file tree

Hide file tree

Showing 5 changed files with 183 additions and 2 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,152 @@
+on:
+  push:
+    paths-ignore:
+      - "**.md"
+      - "channel.yaml"
+      - "install.sh"
+      - "!.github/workflows/test-suite.yaml"
+    tags:
+    - "v*"
+
+env:
+  GITHUB_TAG: ${{ github.ref_name }}
+
+name: Release
+permissions:
+    contents: write
+    id-token: write
+jobs:
+  release-amd64:
+    runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+
+    - name: Validate Release
+      run: |
+       dapper -f Dockerfile --target dapper make validate-release
+
+    - name: Build
+      run: |
+        dapper -f Dockerfile --target dapper make dapper-ci
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
+
+    - name: Package Images
+      run: |
+        dapper -f Dockerfile --target dapper make package-images
+    
+    - name: Scan Images
+      run: |
+        dapper -f Dockerfile --target dapper make scan-images
+    
+    - name: Test
+      run: |
+        dapper -f Dockerfile --target dapper make test
+    
+    - name: Login to Container Registry
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    - name: Publish Image Runtime
+      run: |
+        GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime
+    
+    - name: Checksum Artifacts
+      run: |
+        dapper -f Dockerfile --target dapper make checksum
+
+    - name: Publish Artifacts
+      uses: softprops/action-gh-release@v2
+      with:
+        files: |
+          dist/artifacts/*
+  release-arm64:
+    runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+
+    - name: Validate Release
+      run: |
+       dapper -f Dockerfile --target dapper make validate-release
+
+    - name: Build
+      run: |
+        dapper -f Dockerfile --target dapper make dapper-ci
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
+
+    - name: Package Images
+      run: |
+        dapper -f Dockerfile --target dapper make package-images
+    
+    - name: Scan Images
+      run: |
+        dapper -f Dockerfile --target dapper make scan-images
+    
+    - name: Login to Container Registry
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    - name: Publish Image Runtime
+      run: |
+        GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime
+    
+    - name: Checksum Artifacts
+      run: |
+        dapper -f Dockerfile --target dapper make checksum
+
+    - name: Publish Artifacts
+      uses: softprops/action-gh-release@v2
+      with:
+        files: |
+          dist/artifacts/*    
+  dispatch:
+    needs: [release-amd64, release-arm64]
+    runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ;
+
+    - name: Dispatch
+      run: |
+        dapper -f Dockerfile --target dapper make dispatch
+      env:
+        PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        PATH_USERNAME: ${{ env.PAT_USERNAME }}
diff --git a/Makefile b/Makefile
@@ -151,6 +151,10 @@ unit-tests:
 integration-tests:
 	./scripts/test
 
+.PHONY: checksum
+checksum:
+	./scripts/checksum
+
 ./.dapper:
 	@echo Downloading dapper
 	@curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp

diff --git a/scripts/checksum b/scripts/checksum
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/artifacts}
+
+function checksum(){
+
+    sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt"
+    echo -n "" > "${sumfile}"
+
+    files=$(ls ${CHECKSUM_DIR})
+    for file in ${files}; do
+      sha256sum "${file}" | sed "s;$(dirname ${file})/;;g" >> "${sumfile}"
+    done
+
+    cat "${sumfile}"
+}
+
+
+checksum
diff --git a/scripts/validate-release b/scripts/validate-release
@@ -59,6 +59,6 @@ function check_kubernetes_version() {
 . ./scripts/version.sh
 
 git fetch origin -f --tags
-parse_tag $DRONE_TAG
+parse_tag $GITHUB_TAG
 check_release_branch
 check_kubernetes_version
diff --git a/scripts/version.sh b/scripts/version.sh
@@ -8,6 +8,7 @@ K3S_PKG=github.com/k3s-io/k3s
 RKE2_PKG=github.com/rancher/rke2
 GO=${GO-go}
 GOARCH=${GOARCH:-$("${GO}" env GOARCH)}
+ARCH=${ARCH:-$("${GO}" env GOARCH)}
 GOOS=${GOOS:-$("${GO}" env GOOS)}
 if [ -z "$GOOS" ]; then
     if [ "${OS}" == "Windows_NT" ]; then
@@ -24,7 +25,7 @@ if [ -z "$GOOS" ]; then
     fi
 fi
 
-GIT_TAG=$DRONE_TAG
+GIT_TAG=$GITHUB_TAG
 TREE_STATE=clean
 COMMIT=$DRONE_COMMIT
 REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)