Merge pull request #334 from jiaqiluo/bump-k8s #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI on Release Tag | |
# The jobs below will execute any time a tag is pushed to any branch in the repo. | |
on: | |
push: | |
tags: | |
- '*' | |
env: | |
IMAGE: rancher/system-upgrade-controller | |
TAG: ${{ github.ref_name }} | |
jobs: | |
# Runs e2e tests and uploads the artifact files that Dapper generates to | |
# GitHub Actions so we can reference them when we create the GitHub release. | |
build-test: | |
runs-on: ubuntu-latest | |
container: rancher/dapper:v0.6.0 | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
os: [linux] | |
arch: [amd64, arm64, arm] | |
steps: | |
- name: Add Git | |
run: apk add -U git | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set environment variables | |
run: echo "DAPPER_HOST_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
- name: Run CI | |
run: dapper ci | |
- name: Run e2e | |
if: ${{ matrix.arch == 'amd64' }} | |
run: | | |
dapper e2e-sonobuoy | |
dapper e2e-verify | |
- name: Generate artifact checksums | |
run: find dist/artifacts -type f -exec sha256sum {} \; > "dist/artifacts/sha256sum-${{ matrix.arch }}.txt" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "artifacts-${{ matrix.os }}-${{ matrix.arch }}" | |
path: dist/artifacts/* | |
if-no-files-found: error | |
overwrite: true | |
# Creates a GitHub release using artifacts from the `build-test` job. | |
create-gh-release: | |
runs-on: ubuntu-latest | |
needs: | |
- build-test | |
permissions: | |
contents: write # needed for creating the GH release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: dist/artifacts | |
pattern: artifacts-* | |
merge-multiple: true | |
- name: Create GitHub release | |
run: gh release create "${{ env.TAG }}" --prerelease --title "${{ env.TAG }}" dist/artifacts/* || | |
gh release upload "${{ env.TAG }}" --clobber dist/artifacts/* | |
# Builds Docker images using artifacts from the `build-test` job and pushes | |
# them to DockerHub. | |
build-push-images: | |
runs-on: ubuntu-latest | |
needs: | |
- build-test | |
permissions: | |
contents: read | |
id-token: write # needed for the Vault authentication | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Fix the not-a-git-repository issue | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Read secrets | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Container Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: dist/artifacts | |
pattern: artifacts-* | |
merge-multiple: true | |
- name: Fix artifact permissions | |
run: chmod 0755 dist/artifacts/system-upgrade-controller-* | |
- name: Build container image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: rancher/system-upgrade-controller:${{ env.TAG }} | |
file: package/Dockerfile | |
target: controller | |
platforms: linux/amd64, linux/arm64, linux/arm |