build #259
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - release-* | |
| - v* | |
| tags: | |
| - v* | |
| pull_request: | |
| schedule: | |
| - cron: "10 0,12 * * *" | |
| jobs: | |
| build-binaries: | |
| name: Build binaries | |
| runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},hdd=50,run-id=${{ github.run_id }} | |
| strategy: | |
| matrix: | |
| arch: [x64, arm64] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # Build binaries | |
| - name: Run make ci | |
| if: ${{ matrix.arch == 'x64' }} | |
| run: make ci | |
| - name: Run make arm | |
| if: ${{ matrix.arch == 'arm64' }} | |
| run: make arm | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries_${{ matrix.arch }}_artifact | |
| path: ./bin/* | |
| build-push-images: | |
| name: Build and push images | |
| runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},run-id=${{ github.run_id }} | |
| needs: build-binaries | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| strategy: | |
| matrix: | |
| arch: [x64, arm64] | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Declare branch and sha_short | |
| run: | | |
| echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| if [ "${{ matrix.arch }}" == "x64" ]; then | |
| echo "arch=amd64" >> "$GITHUB_ENV" | |
| else | |
| echo "arch=arm64" >> "$GITHUB_ENV" | |
| fi | |
| - name: Download binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binaries_${{ matrix.arch }}_artifact | |
| path: ./bin/ | |
| - name: Add executable permission | |
| run: | | |
| chmod +x ./bin/* | |
| - name: Copy bin folder to package | |
| run: | | |
| cp -r ./bin/harvester ./package/ | |
| cp -r ./bin/harvester-webhook ./package/ | |
| cp -r ./bin/upgrade-helper ./package/upgrade/ | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester image | |
| - name: docker-publish-harvester | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/ | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester:${{ env.branch }}-head-${{ env.arch }} | |
| file: package/Dockerfile | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ env.branch }}-${{ env.sha_short }}-head | |
| - name: docker-publish-harvester-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/ | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester:${{ github.ref_name }}-${{ env.arch }} | |
| file: package/Dockerfile | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ github.ref_name }} | |
| # rancher/harvester-webhook image | |
| - name: docker-publish-harvester-webhook | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/ | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-webhook:${{ env.branch }}-head-${{ env.arch }} | |
| file: package/Dockerfile.webhook | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ env.branch }}-${{ env.sha_short }}-head | |
| - name: docker-publish-harvester-webhook-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/ | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-webhook:${{ github.ref_name }}-${{ env.arch }} | |
| file: package/Dockerfile.webhook | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ github.ref_name }} | |
| # rancher/harvester-upgrade image | |
| - name: docker-publish-harvester-upgrade | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/upgrade | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-upgrade:${{ env.branch }}-head-${{ env.arch }} | |
| file: package/upgrade/Dockerfile | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ env.branch }}-${{ env.sha_short }}-head | |
| - name: docker-publish-harvester-upgrade-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package/upgrade | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-upgrade:${{ github.ref_name }}-${{ env.arch }} | |
| file: package/upgrade/Dockerfile | |
| build-args: | | |
| ARCH=${{ env.arch }} | |
| VERSION=${{ github.ref_name }} | |
| manifest-images: | |
| name: Manifest images | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| needs: build-push-images | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Declare branch and sha_short | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester image | |
| - name: docker-pull-harvester | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester:${{ env.branch }}-head \ | |
| rancher/harvester:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester:${{ env.branch }}-head-arm64 | |
| - name: docker-pull-harvester-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester:${{ github.ref_name }}-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester:${{ github.ref_name }}-arm64 | |
| docker buildx imagetools create -t rancher/harvester:${{ github.ref_name }} \ | |
| rancher/harvester:${{ github.ref_name }}-amd64 \ | |
| rancher/harvester:${{ github.ref_name }}-arm64 | |
| # rancher/harvester-webhook image | |
| - name: docker-pull-harvester-webhook | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-webhook:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-webhook:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester-webhook:${{ env.branch }}-head \ | |
| rancher/harvester-webhook:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester-webhook:${{ env.branch }}-head-arm64 | |
| - name: docker-pull-harvester-webhook-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-webhook:${{ github.ref_name }}-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-webhook:${{ github.ref_name }}-arm64 | |
| docker buildx imagetools create -t rancher/harvester-webhook:${{ github.ref_name }} \ | |
| rancher/harvester-webhook:${{ github.ref_name }}-amd64 \ | |
| rancher/harvester-webhook:${{ github.ref_name }}-arm64 | |
| # rancher/harvester-upgrade image | |
| - name: docker-pull-harvester-upgrade | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-upgrade:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-upgrade:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester-upgrade:${{ env.branch }}-head \ | |
| rancher/harvester-upgrade:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester-upgrade:${{ env.branch }}-head-arm64 | |
| - name: docker-pull-harvester-upgrade-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-upgrade:${{ github.ref_name }}-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-upgrade:${{ github.ref_name }}-arm64 | |
| docker buildx imagetools create -t rancher/harvester-upgrade:${{ github.ref_name }} \ | |
| rancher/harvester-upgrade:${{ github.ref_name }}-amd64 \ | |
| rancher/harvester-upgrade:${{ github.ref_name }}-arm64 | |
| build-iso: | |
| name: Build ISO | |
| runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},hdd=50,run-id=${{ github.run_id }} | |
| needs: manifest-images | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| strategy: | |
| matrix: | |
| arch: [x64, arm64] | |
| permissions: | |
| contents: write # for github prerelease action | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Declare branch | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| if [ "${{ matrix.arch }}" == "x64" ]; then | |
| echo "arch=amd64" >> "$GITHUB_ENV" | |
| else | |
| echo "arch=arm64" >> "$GITHUB_ENV" | |
| fi | |
| - name: build-iso | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| make build-iso | |
| env: | |
| REPO: rancher | |
| DRONE_BRANCH: ${{ env.branch }} | |
| - name: build-tag-iso | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| make build-iso | |
| env: | |
| REPO: rancher | |
| DRONE_BRANCH: ${{ github.ref_name }} | |
| DRONE_TAG: ${{ github.ref_name }} | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
| secret/data/github/repo/${{ github.repository }}/google-auth/harvester/credentials token | GOOGLE_AUTH ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester-cluster-repo image | |
| - name: docker-publish-harvester-cluster-repo | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: dist/harvester-cluster-repo | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ env.arch }} | |
| file: dist/harvester-cluster-repo/Dockerfile | |
| - name: docker-publish-harvester-cluster-repo-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: dist/harvester-cluster-repo | |
| push: true | |
| platforms: linux/${{ env.arch }} | |
| tags: rancher/harvester-cluster-repo:${{ github.ref_name }}-${{ env.arch }} | |
| file: dist/harvester-cluster-repo/Dockerfile | |
| - name: Login to Google Cloud | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ env.GOOGLE_AUTH }}' | |
| - name: upload-iso | |
| uses: 'google-github-actions/upload-cloud-storage@v2' | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| with: | |
| path: dist/artifacts | |
| parent: false | |
| destination: releases.rancher.com/harvester/${{ env.branch }} | |
| predefinedAcl: publicRead | |
| headers: |- | |
| cache-control: public,no-cache,proxy-revalidate | |
| - id: upload-iso-with-tag | |
| uses: 'google-github-actions/upload-cloud-storage@v2' | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| with: | |
| path: dist/artifacts | |
| parent: false | |
| destination: releases.rancher.com/harvester/${{ github.ref_name }} | |
| predefinedAcl: publicRead | |
| headers: |- | |
| cache-control: public,no-cache,proxy-revalidate | |
| - name: upload-kernel-initrd-releases | |
| uses: softprops/action-gh-release@v2 | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| dist/artifacts/harvester*initrd-${{ env.arch }} | |
| dist/artifacts/harvester*vmlinuz-${{ env.arch }} | |
| dist/artifacts/harvester*images-list-${{ env.arch }}.txt | |
| manifest-cluster-repo-image: | |
| name: Manifest harvester-cluster-repo image | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| needs: build-iso | |
| if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} | |
| permissions: | |
| contents: read | |
| id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Declare branch and sha_short | |
| run: | | |
| echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Read Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # rancher/harvester-cluster-repo image | |
| - name: docker-pull-harvester-cluster-repo | |
| if: ${{ startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 | |
| docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \ | |
| rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \ | |
| rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 | |
| - name: docker-pull-harvester-cluster-repo-with-tag | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ github.ref_name }}-amd64 | |
| docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ github.ref_name }}-arm64 | |
| docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ github.ref_name }} \ | |
| rancher/harvester-cluster-repo:${{ github.ref_name }}-amd64 \ | |
| rancher/harvester-cluster-repo:${{ github.ref_name }}-arm64 |