From 1cdbfffb8a1ef5340118763d1caf2d2632ef127e Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Thu, 30 May 2024 23:27:52 +0300
Subject: [PATCH] Add release GHA

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---
 .github/workflows/release.yml | 152 ++++++++++++++++++++++++++++++++++
 Makefile                      |   4 +
 scripts/checksum              |  24 ++++++
 scripts/validate-release      |   2 +-
 scripts/version.sh            |   3 +-
 5 files changed, 183 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/release.yml
 create mode 100755 scripts/checksum

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000000..666d9d5f95c
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,152 @@
+on:
+  push:
+    paths-ignore:
+      - "**.md"
+      - "channel.yaml"
+      - "install.sh"
+      - "!.github/workflows/test-suite.yaml"
+    tags:
+    - "v*"
+
+env:
+  GITHUB_TAG: ${{ github.ref_name }}
+  
+name: Release
+permissions:
+    contents: write
+    id-token: write
+jobs:
+  release-amd64:
+    runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+
+    - name: Validate Release
+      run: |
+       dapper -f Dockerfile --target dapper make validate-release
+
+    - name: Build
+      run: |
+        dapper -f Dockerfile --target dapper make dapper-ci
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
+
+    - name: Package Images
+      run: |
+        dapper -f Dockerfile --target dapper make package-images
+    
+    - name: Scan Images
+      run: |
+        dapper -f Dockerfile --target dapper make scan-images
+    
+    - name: Test
+      run: |
+        dapper -f Dockerfile --target dapper make test
+    
+    - name: Login to Container Registry
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    - name: Publish Image Runtime
+      run: |
+        GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime
+    
+    - name: Checksum Artifacts
+      run: |
+        dapper -f Dockerfile --target dapper make checksum
+
+    - name: Publish Artifacts
+      uses: softprops/action-gh-release@v2
+      with:
+        files: |
+          dist/artifacts/*
+  release-arm64:
+    runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+
+    - name: Validate Release
+      run: |
+       dapper -f Dockerfile --target dapper make validate-release
+
+    - name: Build
+      run: |
+        dapper -f Dockerfile --target dapper make dapper-ci
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
+
+    - name: Package Images
+      run: |
+        dapper -f Dockerfile --target dapper make package-images
+    
+    - name: Scan Images
+      run: |
+        dapper -f Dockerfile --target dapper make scan-images
+    
+    - name: Login to Container Registry
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    - name: Publish Image Runtime
+      run: |
+        GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime
+    
+    - name: Checksum Artifacts
+      run: |
+        dapper -f Dockerfile --target dapper make checksum
+
+    - name: Publish Artifacts
+      uses: softprops/action-gh-release@v2
+      with:
+        files: |
+          dist/artifacts/*    
+  dispatch:
+    needs: [release-amd64, release-arm64]
+    runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Dapper
+      run: |
+        curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
+        chmod +x /usr/local/bin/dapper
+    
+    - name: "Read secrets"
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ;
+
+    - name: Dispatch
+      run: |
+        dapper -f Dockerfile --target dapper make dispatch
+      env:
+        PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        PATH_USERNAME: ${{ env.PAT_USERNAME }}
diff --git a/Makefile b/Makefile
index 24dc8396f66..699d52cd248 100644
--- a/Makefile
+++ b/Makefile
@@ -151,6 +151,10 @@ unit-tests:
 integration-tests:
 	./scripts/test
 
+.PHONY: checksum
+checksum:
+	./scripts/checksum
+
 ./.dapper:
 	@echo Downloading dapper
 	@curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp
diff --git a/scripts/checksum b/scripts/checksum
new file mode 100755
index 00000000000..a46df8e064e
--- /dev/null
+++ b/scripts/checksum
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -ex
+
+cd $(dirname $0)/..
+
+source ./scripts/version.sh
+
+CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/artifacts}
+
+function checksum(){
+
+    sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt"
+    echo -n "" > "${sumfile}"
+
+    files=$(ls ${CHECKSUM_DIR})
+    for file in ${files}; do
+      sha256sum "${file}" | sed "s;$(dirname ${file})/;;g" >> "${sumfile}"
+    done
+
+    cat "${sumfile}"
+}
+
+
+checksum
\ No newline at end of file
diff --git a/scripts/validate-release b/scripts/validate-release
index 7c1f4f331c7..b4021c246af 100755
--- a/scripts/validate-release
+++ b/scripts/validate-release
@@ -59,6 +59,6 @@ function check_kubernetes_version() {
 . ./scripts/version.sh
 
 git fetch origin -f --tags
-parse_tag $DRONE_TAG
+parse_tag $GITHUB_TAG
 check_release_branch
 check_kubernetes_version
diff --git a/scripts/version.sh b/scripts/version.sh
index 519879adabe..b13b9d23c2e 100755
--- a/scripts/version.sh
+++ b/scripts/version.sh
@@ -8,6 +8,7 @@ K3S_PKG=github.com/k3s-io/k3s
 RKE2_PKG=github.com/rancher/rke2
 GO=${GO-go}
 GOARCH=${GOARCH:-$("${GO}" env GOARCH)}
+ARCH=${ARCH:-$("${GO}" env GOARCH)}
 GOOS=${GOOS:-$("${GO}" env GOOS)}
 if [ -z "$GOOS" ]; then
     if [ "${OS}" == "Windows_NT" ]; then
@@ -24,7 +25,7 @@ if [ -z "$GOOS" ]; then
     fi
 fi
 
-GIT_TAG=$DRONE_TAG
+GIT_TAG=$GITHUB_TAG
 TREE_STATE=clean
 COMMIT=$DRONE_COMMIT
 REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)