diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..666d9d5f95c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,152 @@ +on: + push: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "!.github/workflows/test-suite.yaml" + tags: + - "v*" + +env: + GITHUB_TAG: ${{ github.ref_name }} + +name: Release +permissions: + contents: write + id-token: write +jobs: + release-amd64: + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: Validate Release + run: | + dapper -f Dockerfile --target dapper make validate-release + + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + + - name: Package Images + run: | + dapper -f Dockerfile --target dapper make package-images + + - name: Scan Images + run: | + dapper -f Dockerfile --target dapper make scan-images + + - name: Test + run: | + dapper -f Dockerfile --target dapper make test + + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Publish Image Runtime + run: | + GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime + + - name: Checksum Artifacts + run: | + dapper -f Dockerfile --target dapper make checksum + + - name: Publish Artifacts + uses: softprops/action-gh-release@v2 + with: + files: | + dist/artifacts/* + release-arm64: + runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: Validate Release + run: | + dapper -f Dockerfile --target dapper make validate-release + + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + + - name: Package Images + run: | + dapper -f Dockerfile --target dapper make package-images + + - name: Scan Images + run: | + dapper -f Dockerfile --target dapper make scan-images + + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Publish Image Runtime + run: | + GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime + + - name: Checksum Artifacts + run: | + dapper -f Dockerfile --target dapper make checksum + + - name: Publish Artifacts + uses: softprops/action-gh-release@v2 + with: + files: | + dist/artifacts/* + dispatch: + needs: [release-amd64, release-arm64] + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ; + + - name: Dispatch + run: | + dapper -f Dockerfile --target dapper make dispatch + env: + PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PATH_USERNAME: ${{ env.PAT_USERNAME }} diff --git a/Makefile b/Makefile index 24dc8396f66..699d52cd248 100644 --- a/Makefile +++ b/Makefile @@ -151,6 +151,10 @@ unit-tests: integration-tests: ./scripts/test +.PHONY: checksum +checksum: + ./scripts/checksum + ./.dapper: @echo Downloading dapper @curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp diff --git a/scripts/checksum b/scripts/checksum new file mode 100755 index 00000000000..a46df8e064e --- /dev/null +++ b/scripts/checksum @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -ex + +cd $(dirname $0)/.. + +source ./scripts/version.sh + +CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/artifacts} + +function checksum(){ + + sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" + echo -n "" > "${sumfile}" + + files=$(ls ${CHECKSUM_DIR}) + for file in ${files}; do + sha256sum "${file}" | sed "s;$(dirname ${file})/;;g" >> "${sumfile}" + done + + cat "${sumfile}" +} + + +checksum \ No newline at end of file diff --git a/scripts/validate-release b/scripts/validate-release index 7c1f4f331c7..b4021c246af 100755 --- a/scripts/validate-release +++ b/scripts/validate-release @@ -59,6 +59,6 @@ function check_kubernetes_version() { . ./scripts/version.sh git fetch origin -f --tags -parse_tag $DRONE_TAG +parse_tag $GITHUB_TAG check_release_branch check_kubernetes_version diff --git a/scripts/version.sh b/scripts/version.sh index 519879adabe..b13b9d23c2e 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -8,6 +8,7 @@ K3S_PKG=github.com/k3s-io/k3s RKE2_PKG=github.com/rancher/rke2 GO=${GO-go} GOARCH=${GOARCH:-$("${GO}" env GOARCH)} +ARCH=${ARCH:-$("${GO}" env GOARCH)} GOOS=${GOOS:-$("${GO}" env GOOS)} if [ -z "$GOOS" ]; then if [ "${OS}" == "Windows_NT" ]; then @@ -24,7 +25,7 @@ if [ -z "$GOOS" ]; then fi fi -GIT_TAG=$DRONE_TAG +GIT_TAG=$GITHUB_TAG TREE_STATE=clean COMMIT=$DRONE_COMMIT REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)