From df25ceaadb7471edfcb814ebf80176b7430a64e5 Mon Sep 17 00:00:00 2001 From: Hussein Galal Date: Fri, 5 Jul 2024 23:14:25 +0300 Subject: [PATCH] GHA Migration (#6062) * GHA for build PRs Signed-off-by: galal-hussein * Fix storage on runners Signed-off-by: galal-hussein * Remove test from arm64 from builds Signed-off-by: galal-hussein * Add release GHA Signed-off-by: galal-hussein * Add FOSSA Workflow Signed-off-by: galal-hussein * Add checksum and use gh cli for publishing artifacts Signed-off-by: galal-hussein * Use /usr/local/bin/dapper instead of /tmp/dapper Signed-off-by: galal-hussein --------- Signed-off-by: galal-hussein --- .dockerignore | 3 +- .drone.yml | 472 ---------------------------------- .droneignore | 9 - .github/workflows/build.yml | 49 ++++ .github/workflows/fossa.yml | 29 +++ .github/workflows/release.yml | 146 +++++++++++ Dockerfile | 2 +- Dockerfile.windows | 4 +- Makefile | 4 + scripts/checksum | 19 ++ scripts/package-dev-rpm | 2 +- scripts/publish-image-runtime | 4 + scripts/validate-release | 2 +- scripts/version.sh | 3 +- 14 files changed, 259 insertions(+), 489 deletions(-) delete mode 100644 .drone.yml delete mode 100644 .droneignore create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/fossa.yml create mode 100644 .github/workflows/release.yml create mode 100755 scripts/checksum diff --git a/.dockerignore b/.dockerignore index bec10c10c9..29afd46c18 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,2 @@ ./.dapper -./.cache -./dist +./.cache \ No newline at end of file diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 8429412dbe..0000000000 --- a/.drone.yml +++ /dev/null @@ -1,472 +0,0 @@ ---- -kind: pipeline -type: docker -name: build-amd64 - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: validate-release - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make validate-release - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: build - image: rancher/dapper:v0.5.5 - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - docker pull --quiet alpine:3.17 - - dapper -f Dockerfile --target dapper make dapper-ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/master" - - "refs/heads/release-*" - - "refs/tags/v*" - - "refs/pull/*" - event: - - push - - tag - - - name: package-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: scan - image: rancher/dapper:v0.5.5 - failure: ignore - commands: - - dapper -f Dockerfile --target dapper make scan-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - instance: - - drone-publish.rancher.io - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/tags/* - - - name: test - image: rancher/dapper:v0.5.5 - secrets: [ AWS_ACCESS_KEY_ID-rke2-ci-uploader, AWS_SECRET_ACCESS_KEY-rke2-ci-uploader ] - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - dapper -f Dockerfile --target dapper make test - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: publish-image-runtime - image: rancher/hardened-build-base:v1.21.11b3 - commands: - - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - - DRONE_TAG=${DRONE_TAG} make publish-image-runtime - environment: - DOCKER_PASSWORD: - from_secret: docker_password - DOCKER_USERNAME: - from_secret: docker_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - - - name: package-windows-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-windows-images - when: - event: - - tag - instance: - - drone-publish.rancher.io - volumes: - - name: docker - path: /var/run/docker.sock - - - name: publish-dist-artifacts - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - dist/artifacts/* - prerelease: true - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -type: docker -name: build-arm64 - -platform: - os: linux - arch: arm64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: validate-release - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make validate-release - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: build - image: rancher/dapper:v0.5.5 - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - docker pull --quiet alpine:3.17 - - dapper -f Dockerfile --target dapper make dapper-ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/master" - - "refs/heads/release-*" - - "refs/tags/v*" - - "refs/pull/*" - event: - - push - - tag - - - name: package-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: scan - image: rancher/dapper:v0.5.5 - failure: ignore - commands: - - dapper -f Dockerfile --target dapper make scan-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - instance: - - drone-publish.rancher.io - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/tags/* - - - name: publish-image-runtime - image: rancher/hardened-build-base:v1.21.11b3 - commands: - - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - - DRONE_TAG=${DRONE_TAG} make publish-image-runtime - environment: - DOCKER_PASSWORD: - from_secret: docker_password - DOCKER_USERNAME: - from_secret: docker_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - - - name: publish-dist-artifacts - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - dist/artifacts/* - prerelease: true - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -type: docker -name: dispatch - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: dispatch - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make dispatch - environment: - PAT_TOKEN: - from_secret: github_token - PAT_USERNAME: - from_secret: pat_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - -depends_on: - - build-amd64 - - build-arm64 ---- -kind: pipeline -type: docker -name: manifest - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: push-runtime-manifest - image: plugins/manifest - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - spec: manifest-runtime.tmpl - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* -depends_on: - - build-amd64 - - build-arm64 -... diff --git a/.droneignore b/.droneignore deleted file mode 100644 index c581c05361..0000000000 --- a/.droneignore +++ /dev/null @@ -1,9 +0,0 @@ -^.*\.md$ -^install\.sh$ -^\.droneignore$ -^\.github\/.*$ -^MAINTAINERS$ -^CODEOWNERS$ -^LICENSE$ -^DCO$ -^channels\.yaml$ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..78acfd6bed --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,49 @@ +on: + push: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "!.github/workflows/test-suite.yaml" + branches: + - master + - release-** + pull_request: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "!.github/workflows/test-suite.yaml" + +name: Build +permissions: + contents: read +jobs: + build-amd64: + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + - name: Test + run: | + dapper -f Dockerfile --target dapper make test + build-arm64: + runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + \ No newline at end of file diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 0000000000..d5f447d691 --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,29 @@ +name: FOSSA Scanning + +on: + push: + branches: ["main", "master", "release-**"] + workflow_dispatch: + +permissions: + contents: read + id-token: write + +jobs: + fossa-scanning: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Read FOSSA token + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY + + - name: FOSSA scan + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} + run-tests: false \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..abbf3ee746 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,146 @@ +on: + push: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "!.github/workflows/test-suite.yaml" + tags: + - "v*" + +env: + GITHUB_ACTION_TAG: ${{ github.ref_name }} + GH_TOKEN: ${{ github.token }} + +name: Release +permissions: + contents: write + id-token: write +jobs: + release-amd64: + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=256 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: Validate Release + run: | + dapper -f Dockerfile --target dapper make validate-release + + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + + - name: Package Images + run: | + dapper -f Dockerfile --target dapper make package-images + + - name: Scan Images + continue-on-error: true + run: | + dapper -f Dockerfile --target dapper make scan-images + + - name: Test + run: | + dapper -f Dockerfile --target dapper make test + + - name: Publish Image Runtime + run: | + GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + + - name: Checksum Artifacts + run: | + GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + + - name: Publish Artifacts + run: | + gh release upload ${{ github.ref_name }} dist/artifacts/* + release-arm64: + runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=256 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: Validate Release + run: | + dapper -f Dockerfile --target dapper make validate-release + + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + + - name: Package Images + run: | + dapper -f Dockerfile --target dapper make package-images + + - name: Scan Images + continue-on-error: true + run: | + dapper -f Dockerfile --target dapper make scan-images + + - name: Publish Image Runtime + run: | + GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + + - name: Checksum + run: | + GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + + - name: Publish Artifacts + run: | + gh release upload ${{ github.ref_name }} dist/artifacts/* + dispatch: + needs: [release-amd64, release-arm64] + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ; + + - name: Dispatch + run: | + dapper -f Dockerfile --target dapper make dispatch + env: + PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PATH_USERNAME: ${{ env.PAT_USERNAME }} + GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} diff --git a/Dockerfile b/Dockerfile index 815007c402..f2ed8f8f9c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build diff --git a/Dockerfile.windows b/Dockerfile.windows index a8625a8af7..fd066f3a2f 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,7 +6,7 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.20.4b11 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build @@ -100,7 +100,7 @@ RUN tar xzvf cni-plugins-windows-amd64-${CNI_PLUGIN_VERSION}.tgz ./win-overlay.e RUN unzip calico-windows-${CALICO_VERSION}.zip RUN mv CalicoWindows/calico-node.exe rancher/ -RUN mv CalicoWindows/cni/calico.exe rancher/ +RUN mv CalicoWindows/cni/calico.DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRYexe rancher/ RUN mv CalicoWindows/cni/calico-ipam.exe rancher/ RUN mv CalicoWindows/confd confd/ diff --git a/Makefile b/Makefile index 24dc8396f6..699d52cd24 100644 --- a/Makefile +++ b/Makefile @@ -151,6 +151,10 @@ unit-tests: integration-tests: ./scripts/test +.PHONY: checksum +checksum: + ./scripts/checksum + ./.dapper: @echo Downloading dapper @curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp diff --git a/scripts/checksum b/scripts/checksum new file mode 100755 index 0000000000..943b99ab50 --- /dev/null +++ b/scripts/checksum @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +set -ex + +cd $(dirname $0)/.. + +source ./scripts/version.sh + +CHECKSUM_DIR=${CHECKSUM_DIR:-dist/artifacts} + +mkdir -p ${CHECKSUM_DIR} +sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" +echo -n "" > "${sumfile}" + +files=$(ls ${CHECKSUM_DIR} | grep "${ARCH}" | grep -v "sha256sum-${ARCH}.txt") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done + +cat "${sumfile}" \ No newline at end of file diff --git a/scripts/package-dev-rpm b/scripts/package-dev-rpm index 003eeb6347..a4b326ddb1 100755 --- a/scripts/package-dev-rpm +++ b/scripts/package-dev-rpm @@ -67,7 +67,7 @@ while IFS= read -r script; do "${script}" # Build rpm - bash "${script}" + TAG=${RPM_VERSION} bash "${script}" done <"${SCRIPT_LIST}" if [ "${DAPPER_UID:--1}" -ne "-1" ]; then diff --git a/scripts/publish-image-runtime b/scripts/publish-image-runtime index b3a9b14d7d..16ef2821c8 100755 --- a/scripts/publish-image-runtime +++ b/scripts/publish-image-runtime @@ -5,6 +5,10 @@ cd $(dirname $0)/.. source ./scripts/version.sh +set +x +docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD +set -x + docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 diff --git a/scripts/validate-release b/scripts/validate-release index 7c1f4f331c..2d49673b81 100755 --- a/scripts/validate-release +++ b/scripts/validate-release @@ -59,6 +59,6 @@ function check_kubernetes_version() { . ./scripts/version.sh git fetch origin -f --tags -parse_tag $DRONE_TAG +parse_tag $GITHUB_ACTION_TAG check_release_branch check_kubernetes_version diff --git a/scripts/version.sh b/scripts/version.sh index 8047c8fd2c..c1bc8022c7 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -8,6 +8,7 @@ K3S_PKG=github.com/k3s-io/k3s RKE2_PKG=github.com/rancher/rke2 GO=${GO-go} GOARCH=${GOARCH:-$("${GO}" env GOARCH)} +ARCH=${ARCH:-$("${GO}" env GOARCH)} GOOS=${GOOS:-$("${GO}" env GOOS)} if [ -z "$GOOS" ]; then if [ "${OS}" == "Windows_NT" ]; then @@ -24,7 +25,7 @@ if [ -z "$GOOS" ]; then fi fi -GIT_TAG=$DRONE_TAG +GIT_TAG=$GITHUB_ACTION_TAG TREE_STATE=clean COMMIT=$DRONE_COMMIT REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)