diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..e193ca7851 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,434 @@ +name: build +on: + push: + branches: + - master + - release-* + - v* + tags: + - v* + pull_request: +jobs: + build-binaries: + name: Build binaries + runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},hdd=50,run-id=${{ github.run_id }} + strategy: + matrix: + arch: [x64, arm64] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + # Build binaries + - name: Run make ci + if: ${{ matrix.arch == 'x64' }} + run: make ci + - name: Run make arm + if: ${{ matrix.arch == 'arm64' }} + run: make arm + + - name: Upload binaries + uses: actions/upload-artifact@v4 + with: + name: binaries_${{ matrix.arch }}_artifact + path: ./bin/* + + build-push-images: + name: Build and push images + runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},run-id=${{ github.run_id }} + needs: build-binaries + if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} + strategy: + matrix: + arch: [x64, arm64] + permissions: + contents: read + id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Declare branch and sha_short + run: | + echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" + echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" + if [ "${{ matrix.arch }}" == "x64" ]; then + echo "arch=amd64" >> "$GITHUB_ENV" + else + echo "arch=arm64" >> "$GITHUB_ENV" + fi + + - name: Download binaries + uses: actions/download-artifact@v4 + with: + name: binaries_${{ matrix.arch }}_artifact + path: ./bin/ + + - name: Add executable permission + run: | + chmod +x ./bin/* + + - name: Copy bin folder to package + run: | + cp -r ./bin/harvester ./package/ + cp -r ./bin/harvester-webhook ./package/ + cp -r ./bin/upgrade-helper ./package/upgrade/ + + - name: Read Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + # rancher/harvester image + - name: docker-publish-harvester + if: ${{ startsWith(github.ref, 'refs/heads/') }} + uses: docker/build-push-action@v5 + with: + context: package/ + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester:${{ env.branch }}-head-${{ env.arch }} + file: package/Dockerfile + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ env.branch }}-${{ env.sha_short }}-head + + - name: docker-publish-harvester-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + uses: docker/build-push-action@v5 + with: + context: package/ + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester:${{ github.ref_name }}-${{ env.arch }} + file: package/Dockerfile + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ github.ref_name }} + + # rancher/harvester-webhook image + - name: docker-publish-harvester-webhook + if: ${{ startsWith(github.ref, 'refs/heads/') }} + uses: docker/build-push-action@v5 + with: + context: package/ + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-webhook:${{ env.branch }}-head-${{ env.arch }} + file: package/Dockerfile.webhook + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ env.branch }}-${{ env.sha_short }}-head + + - name: docker-publish-harvester-webhook-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + uses: docker/build-push-action@v5 + with: + context: package/ + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-webhook:${{ github.ref_name }}-${{ env.arch }} + file: package/Dockerfile.webhook + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ github.ref_name }} + + # rancher/harvester-upgrade image + - name: docker-publish-harvester-upgrade + if: ${{ startsWith(github.ref, 'refs/heads/') }} + uses: docker/build-push-action@v5 + with: + context: package/upgrade + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-upgrade:${{ env.branch }}-head-${{ env.arch }} + file: package/upgrade/Dockerfile + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ env.branch }}-${{ env.sha_short }}-head + + - name: docker-publish-harvester-upgrade-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + uses: docker/build-push-action@v5 + with: + context: package/upgrade + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-upgrade:${{ github.ref_name }}-${{ env.arch }} + file: package/upgrade/Dockerfile + build-args: | + ARCH=${{ env.arch }} + VERSION=${{ github.ref_name }} + + manifest-images: + name: Manifest images + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + needs: build-push-images + if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} + permissions: + contents: read + id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Declare branch and sha_short + run: | + echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Read Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + # rancher/harvester image + - name: docker-pull-harvester + if: ${{ startsWith(github.ref, 'refs/heads/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester:${{ env.branch }}-head-amd64 + docker pull --platform linux/arm64 rancher/harvester:${{ env.branch }}-head-arm64 + docker buildx imagetools create -t rancher/harvester:${{ env.branch }}-head \ + rancher/harvester:${{ env.branch }}-head-amd64 \ + rancher/harvester:${{ env.branch }}-head-arm64 + + - name: docker-pull-harvester-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester:${{ github.ref_name }}-amd64 + docker pull --platform linux/arm64 rancher/harvester:${{ github.ref_name }}-arm64 + docker buildx imagetools create -t rancher/harvester:${{ github.ref_name }} \ + rancher/harvester:${{ github.ref_name }}-amd64 \ + rancher/harvester:${{ github.ref_name }}-arm64 + + # rancher/harvester-webhook image + - name: docker-pull-harvester-webhook + if: ${{ startsWith(github.ref, 'refs/heads/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-webhook:${{ env.branch }}-head-amd64 + docker pull --platform linux/arm64 rancher/harvester-webhook:${{ env.branch }}-head-arm64 + docker buildx imagetools create -t rancher/harvester-webhook:${{ env.branch }}-head \ + rancher/harvester-webhook:${{ env.branch }}-head-amd64 \ + rancher/harvester-webhook:${{ env.branch }}-head-arm64 + + - name: docker-pull-harvester-webhook-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-webhook:${{ github.ref_name }}-amd64 + docker pull --platform linux/arm64 rancher/harvester-webhook:${{ github.ref_name }}-arm64 + docker buildx imagetools create -t rancher/harvester-webhook:${{ github.ref_name }} \ + rancher/harvester-webhook:${{ github.ref_name }}-amd64 \ + rancher/harvester-webhook:${{ github.ref_name }}-arm64 + + # rancher/harvester-upgrade image + - name: docker-pull-harvester-upgrade + if: ${{ startsWith(github.ref, 'refs/heads/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-upgrade:${{ env.branch }}-head-amd64 + docker pull --platform linux/arm64 rancher/harvester-upgrade:${{ env.branch }}-head-arm64 + docker buildx imagetools create -t rancher/harvester-upgrade:${{ env.branch }}-head \ + rancher/harvester-upgrade:${{ env.branch }}-head-amd64 \ + rancher/harvester-upgrade:${{ env.branch }}-head-arm64 + + - name: docker-pull-harvester-upgrade-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-upgrade:${{ github.ref_name }}-amd64 + docker pull --platform linux/arm64 rancher/harvester-upgrade:${{ github.ref_name }}-arm64 + docker buildx imagetools create -t rancher/harvester-upgrade:${{ github.ref_name }} \ + rancher/harvester-upgrade:${{ github.ref_name }}-amd64 \ + rancher/harvester-upgrade:${{ github.ref_name }}-arm64 + + build-iso: + name: Build ISO + runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch }},hdd=50,run-id=${{ github.run_id }} + needs: manifest-images + if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} + strategy: + matrix: + arch: [x64, arm64] + permissions: + contents: read + id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: build-iso + if: ${{ startsWith(github.ref, 'refs/heads/') }} + run: | + make build-iso + env: + REPO: rancher + DRONE_BRANCH: ${{ env.branch }} + + - name: build-tag-iso + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + make build-iso + env: + REPO: rancher + DRONE_BRANCH: ${{ github.ref_name }} + + - name: Read Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; + secret/data/github/repo/${{ github.repository }}/google-auth/harvester/credentials token | GOOGLE_AUTH ; + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Declare branch + run: | + echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" + if [ "${{ matrix.arch }}" == "x64" ]; then + echo "arch=amd64" >> "$GITHUB_ENV" + else + echo "arch=arm64" >> "$GITHUB_ENV" + fi + + # rancher/harvester-cluster-repo image + - name: docker-publish-harvester-cluster-repo + if: ${{ startsWith(github.ref, 'refs/heads/') }} + uses: docker/build-push-action@v5 + with: + context: dist/harvester-cluster-repo + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ env.arch }} + file: dist/harvester-cluster-repo/Dockerfile + + - name: docker-publish-harvester-cluster-repo-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + uses: docker/build-push-action@v5 + with: + context: dist/harvester-cluster-repo + push: true + platforms: linux/${{ env.arch }} + tags: rancher/harvester-cluster-repo:${{ github.ref_name }}-${{ env.arch }} + file: dist/harvester-cluster-repo/Dockerfile + + - name: Login to Google Cloud + uses: 'google-github-actions/auth@v2' + with: + credentials_json: '${{ env.GOOGLE_AUTH }}' + + - name: upload-iso + uses: 'google-github-actions/upload-cloud-storage@v2' + if: ${{ startsWith(github.ref, 'refs/heads/') }} + with: + path: dist/artifacts + destination: releases.rancher.com/harvester/${{ env.branch }} + predefinedAcl: publicRead + headers: |- + cache-control: public,no-cache,proxy-revalidate + + - id: upload-iso-with-tag + uses: 'google-github-actions/upload-cloud-storage@v2' + if: ${{ startsWith(github.ref, 'refs/tags/') }} + with: + path: dist/artifacts + destination: releases.rancher.com/harvester/${{ github.ref_name }} + predefinedAcl: publicRead + headers: |- + cache-control: public,no-cache,proxy-revalidate + + - name: upload-kernel-initrd-releases + uses: softprops/action-gh-release@v2 + if: ${{ startsWith(github.ref, 'refs/tags/') }} + with: + draft: true + prerelease: true + files: | + dist/artifacts/harvester*initrd-${{ env.arch }} + dist/artifacts/harvester*vmlinuz-${{ env.arch }} + dist/artifacts/harvester*images-list-${{ env.arch }}.txt + + manifest-cluster-repo-image: + name: Manifest harvester-cluster-repo image + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + needs: build-iso + if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }} + permissions: + contents: read + id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Declare branch and sha_short + run: | + echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Read Secrets + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/harvester/credentials password | DOCKER_PASSWORD ; + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + # rancher/harvester-cluster-repo image + - name: docker-pull-harvester-cluster-repo + if: ${{ startsWith(github.ref, 'refs/heads/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 + docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 + docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \ + rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \ + rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64 + + - name: docker-pull-harvester-cluster-repo-with-tag + if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ github.ref_name }}-amd64 + docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ github.ref_name }}-arm64 + docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ github.ref_name }} \ + rancher/harvester-cluster-repo:${{ github.ref_name }}-amd64 \ + rancher/harvester-cluster-repo:${{ github.ref_name }}-arm64