Bump golang.org/x/net from 0.17.0 to 0.23.0 in /pkg/apis #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI on Release Tag | |
# The jobs below will execute any time a tag is pushed to any branch in the repo. | |
on: | |
push: | |
tags: | |
- '*' | |
env: | |
IMAGE: rancher/system-upgrade-controller | |
TAG: ${{ github.ref_name }} | |
jobs: | |
# Runs e2e tests and uploads the artifact files that Dapper generates to | |
# GitHub Actions so we can reference them when we create the GitHub release. | |
build-test: | |
runs-on: ubuntu-latest | |
container: rancher/dapper:v0.6.0 | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
os: [linux] | |
arch: [amd64, arm64] | |
steps: | |
- name: Add Git | |
run: apk add -U git | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set environment variables | |
run: echo "DAPPER_HOST_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
- name: Run CI | |
run: dapper ci | |
- name: Run e2e | |
if: ${{ matrix.arch == 'amd64' }} | |
run: | | |
dapper e2e-sonobuoy | |
dapper e2e-verify | |
- name: Generate artifact checksums | |
run: find dist/artifacts -type f -exec sha256sum {} \; > "dist/artifacts/sha256sum-${{ matrix.arch }}.txt" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "artifacts-${{ matrix.os }}-${{ matrix.arch }}" | |
path: dist/artifacts/* | |
if-no-files-found: error | |
overwrite: true | |
# Creates a GitHub release using artifacts from the `build-test` job. | |
create-gh-release: | |
runs-on: ubuntu-latest | |
needs: | |
- build-test | |
permissions: | |
contents: write # needed for creating the GH release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: dist/artifacts | |
pattern: artifacts-* | |
merge-multiple: true | |
- name: Create GitHub release | |
run: gh release create "${{ env.TAG }}" --prerelease --title "${{ env.TAG }}" dist/artifacts/* | |
# Builds Docker images using artifacts from the `build-test` job and pushes | |
# them to DockerHub. | |
build-push-images: | |
runs-on: ubuntu-latest | |
needs: | |
- build-test | |
permissions: | |
contents: read | |
id-token: write # needed for the Vault authentication | |
strategy: | |
matrix: | |
os: [linux] | |
arch: [amd64, arm64] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE }} | |
flavor: latest=false | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=raw,value={{ tag }}-${{ matrix.arch }} | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Load Secrets from Vault | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: dist/artifacts | |
pattern: artifacts-* | |
merge-multiple: true | |
- name: Build and push controller image to DockerHub | |
uses: docker/build-push-action@v5 | |
id: build | |
with: | |
context: . | |
file: package/Dockerfile | |
target: controller | |
build-args: | | |
ARCH=${{ matrix.arch }} | |
push: true | |
tags: "${{ steps.meta.outputs.tags }}" | |
platforms: "${{ matrix.os }}/${{ matrix.arch }}" | |
labels: "${{ steps.meta.outputs.labels }}" | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "digests-${{ matrix.os }}-${{ matrix.arch }}" | |
path: /tmp/digests/* | |
if-no-files-found: error | |
overwrite: true | |
# Creates a manifest for the images built in the `build-push-images` job | |
# and pushes it to DockerHub. | |
build-push-manifest: | |
runs-on: ubuntu-latest | |
needs: | |
- build-push-images | |
permissions: | |
id-token: write # needed for the Vault authentication | |
steps: | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE }} | |
flavor: latest=false | |
- name: Load Secrets from Vault | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Create manifest list and push | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.IMAGE }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }} |