diff --git a/.dockerignore b/.dockerignore index bec10c10c9..29afd46c18 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,2 @@ ./.dapper -./.cache -./dist +./.cache \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 666d9d5f95..8c525dab6a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ on: - "v*" env: - GITHUB_TAG: ${{ github.ref_name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} name: Release permissions: @@ -17,56 +17,54 @@ permissions: id-token: write jobs: release-amd64: - runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + runs-on: self-hosted-amd64 steps: - name: Checkout code uses: actions/checkout@v4 - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper - chmod +x /usr/local/bin/dapper + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /tmp/dapper + chmod +x /tmp/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + /tmp/dapper -f Dockerfile --target dapper make validate-release - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + /tmp/dapper -f Dockerfile --target dapper make dapper-ci - - name: "Read secrets" - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; - secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + # - name: "Read secrets" + # uses: rancher-eio/read-vault-secrets@main + # with: + # secrets: | + # secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + # secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + /tmp/dapper -f Dockerfile --target dapper make package-images - name: Scan Images + continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + /tmp/dapper -f Dockerfile --target dapper make scan-images - name: Test run: | - dapper -f Dockerfile --target dapper make test - - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} + /tmp/dapper -f Dockerfile --target dapper make test - name: Publish Image Runtime run: | - GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - - name: Checksum Artifacts + - name: Checksum run: | - dapper -f Dockerfile --target dapper make checksum + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make checksum - name: Publish Artifacts uses: softprops/action-gh-release@v2 @@ -74,52 +72,50 @@ jobs: files: | dist/artifacts/* release-arm64: - runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 + runs-on: self-hosted-arm64 steps: - name: Checkout code uses: actions/checkout@v4 - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper - chmod +x /usr/local/bin/dapper + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /tmp/dapper + chmod +x /tmp/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + /tmp/dapper -f Dockerfile --target dapper make validate-release - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + /tmp/dapper -f Dockerfile --target dapper make dapper-ci - - name: "Read secrets" - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; - secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; + # - name: "Read secrets" + # uses: rancher-eio/read-vault-secrets@main + # with: + # secrets: | + # secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ; + # secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ; - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + /tmp/dapper -f Dockerfile --target dapper make package-images - name: Scan Images + continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images - - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} + /tmp/dapper -f Dockerfile --target dapper make scan-images - name: Publish Image Runtime run: | - GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime - - - name: Checksum Artifacts + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + + - name: Checksum run: | - dapper -f Dockerfile --target dapper make checksum + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make checksum - name: Publish Artifacts uses: softprops/action-gh-release@v2 @@ -138,15 +134,16 @@ jobs: curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - - name: "Read secrets" - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ; + # - name: "Read secrets" + # uses: rancher-eio/read-vault-secrets@main + # with: + # secrets: | + # secret/data/github/repo/${{ github.repository }}/pat_username/credentials token | PAT_USERNAME ; - name: Dispatch run: | dapper -f Dockerfile --target dapper make dispatch env: PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PATH_USERNAME: ${{ env.PAT_USERNAME }} + PATH_USERNAME: ${{ secrets.PAT_USERNAME }} + GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} diff --git a/Dockerfile b/Dockerfile index 17856abc03..c27c073d65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build diff --git a/Dockerfile.windows b/Dockerfile.windows index 63fd52e294..1aee19713c 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,7 +6,7 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.21.5b2 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build diff --git a/scripts/build-image-runtime b/scripts/build-image-runtime index c11896735e..4d8400b0a4 100755 --- a/scripts/build-image-runtime +++ b/scripts/build-image-runtime @@ -12,8 +12,8 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ --build-arg MINOR=${VERSION_MINOR} \ --build-arg DAPPER_HOST_ARCH=${GOARCH} \ --build-arg CACHEBUST="$(date +%s%N)" \ - --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} \ - --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} \ + --tag husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION} \ + --tag husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} \ --target runtime \ --file Dockerfile \ . @@ -25,7 +25,7 @@ if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then --build-arg MAJOR=${VERSION_MAJOR} \ --build-arg MINOR=${VERSION_MINOR} \ --build-arg CACHEBUST="$(date +%s%N)" \ - --tag ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 \ + --tag husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 \ --target windows-runtime \ --file Dockerfile.windows \ . @@ -38,4 +38,4 @@ fi mkdir -p build/images docker image save \ --output build/images/${PROG}-runtime.tar \ - ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} + husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} diff --git a/scripts/build-image-test b/scripts/build-image-test index a3b7ca670a..e987f36c10 100755 --- a/scripts/build-image-test +++ b/scripts/build-image-test @@ -13,7 +13,7 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg CACHEBUST="$(date +%s%N)" \ - --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION} \ - --tag ${REPO}/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} \ + --tag husseingalal/${PROG}-test:${DOCKERIZED_VERSION} \ + --tag husseingalal/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} \ --target test \ . diff --git a/scripts/build-images b/scripts/build-images index 25a30aeba4..84ad8fe781 100755 --- a/scripts/build-images +++ b/scripts/build-images @@ -8,7 +8,7 @@ source ./scripts/version.sh ./scripts/build-image-runtime awk '{print $1}' << EOF > build/images-core.txt - ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION} + ${REGISTRY}/husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION} EOF xargs -n1 -t docker image pull --quiet << EOF >> build/images-core.txt diff --git a/scripts/checksum b/scripts/checksum index a46df8e064..943b99ab50 100755 --- a/scripts/checksum +++ b/scripts/checksum @@ -5,20 +5,15 @@ cd $(dirname $0)/.. source ./scripts/version.sh -CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/artifacts} +CHECKSUM_DIR=${CHECKSUM_DIR:-dist/artifacts} -function checksum(){ +mkdir -p ${CHECKSUM_DIR} +sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" +echo -n "" > "${sumfile}" - sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" - echo -n "" > "${sumfile}" +files=$(ls ${CHECKSUM_DIR} | grep "${ARCH}" | grep -v "sha256sum-${ARCH}.txt") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done - files=$(ls ${CHECKSUM_DIR}) - for file in ${files}; do - sha256sum "${file}" | sed "s;$(dirname ${file})/;;g" >> "${sumfile}" - done - - cat "${sumfile}" -} - - -checksum \ No newline at end of file +cat "${sumfile}" \ No newline at end of file diff --git a/scripts/dispatch b/scripts/dispatch index 73d6bfa7bf..18c3e54d3b 100755 --- a/scripts/dispatch +++ b/scripts/dispatch @@ -1,18 +1,18 @@ #!/usr/bin/env bash set -ex -REPO="https://api.github.com/repos/rancher/rke2-upgrade/dispatches" +REPO="https://api.github.com/repos/galal-hussein/rke2-upgrade/dispatches" # send dispatch event to REPO curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \ -H "Accept: application/vnd.github.everest-preview+json" \ -H "Content-Type: application/json" $REPO \ - --data '{"event_type": "create_tag", "client_payload": {"tag":"'"$DRONE_TAG"'"}}' + --data '{"event_type": "create_tag", "client_payload": {"tag":"'"$GITHUB_ACTION_TAG"'"}}' -SYSTEM_AGENT_INSTALLER_RKE2_REPO="https://api.github.com/repos/rancher/system-agent-installer-rke2/dispatches" +SYSTEM_AGENT_INSTALLER_RKE2_REPO="https://api.github.com/repos/galal-hussein/system-agent-installer-rke2/dispatches" # send dispatch event to SYSTEM_AGENT_INSTALLER_RKE2_REPO curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \ -H "Accept: application/vnd.github.everest-preview+json" \ -H "Content-Type: application/json" $SYSTEM_AGENT_INSTALLER_RKE2_REPO \ - --data '{"event_type": "create_tag", "client_payload": {"tag":"'"$DRONE_TAG"'"}}' + --data '{"event_type": "create_tag", "client_payload": {"tag":"'"$GITHUB_ACTION_TAG"'"}}' diff --git a/scripts/package b/scripts/package index 1dd78f989a..de647b7b12 100755 --- a/scripts/package +++ b/scripts/package @@ -10,4 +10,4 @@ mkdir -p dist/{artifacts,bundle} ./scripts/package-binary ./scripts/package-windows-binary ./scripts/package-bundle -./scripts/package-windows-bundle +./scripts/package-windows-bundle \ No newline at end of file diff --git a/scripts/package-binary b/scripts/package-binary index b823b1d9f5..7f17c73792 100755 --- a/scripts/package-binary +++ b/scripts/package-binary @@ -7,4 +7,4 @@ source ./scripts/version.sh mkdir -p dist/artifacts -install -s bin/${PROG} dist/artifacts/${RELEASE} +install -s bin/${PROG} dist/artifacts/${RELEASE} \ No newline at end of file diff --git a/scripts/package-dev-rpm b/scripts/package-dev-rpm index 003eeb6347..a4b326ddb1 100755 --- a/scripts/package-dev-rpm +++ b/scripts/package-dev-rpm @@ -67,7 +67,7 @@ while IFS= read -r script; do "${script}" # Build rpm - bash "${script}" + TAG=${RPM_VERSION} bash "${script}" done <"${SCRIPT_LIST}" if [ "${DAPPER_UID:--1}" -ne "-1" ]; then diff --git a/scripts/package-windows-images b/scripts/package-windows-images index c21dfe6acd..d567d2dda0 100755 --- a/scripts/package-windows-images +++ b/scripts/package-windows-images @@ -10,13 +10,13 @@ mkdir -p dist/artifacts # 1809/LTSC crane --platform windows/amd64 pull \ ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 \ - rancher/pause:${PAUSE_VERSION}-windows-1809-amd64 \ + husseingalal/pause:${PAUSE_VERSION}-windows-1809-amd64 \ rke2-windows-1809-amd64-images.tar # 2022/LTSC crane --platform windows/amd64 pull \ ${REGISTRY}/${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 \ - rancher/pause:${PAUSE_VERSION}-windows-ltsc2022-amd64 \ + husseingalal/pause:${PAUSE_VERSION}-windows-ltsc2022-amd64 \ rke2-windows-ltsc2022-amd64-images.tar WINDOWS_TARFILES=(rke2-windows-1809-amd64-images.tar rke2-windows-ltsc2022-amd64-images.tar) diff --git a/scripts/publish-image-runtime b/scripts/publish-image-runtime index b3a9b14d7d..018e8b38be 100755 --- a/scripts/publish-image-runtime +++ b/scripts/publish-image-runtime @@ -5,7 +5,11 @@ cd $(dirname $0)/.. source ./scripts/version.sh -docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} +set +x +docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD +set -x + +docker image push husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then - docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 + docker image push husseingalal/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 fi diff --git a/scripts/test-helpers b/scripts/test-helpers index 7f1d86d02f..97d1d6fc18 100755 --- a/scripts/test-helpers +++ b/scripts/test-helpers @@ -298,7 +298,7 @@ test-setup() { #TAG=${TAG:-${VERSION_TAG}${SUFFIX}} #REPO=${REPO:-rancher} #IMAGE_NAME=${IMAGE_NAME:-rke2} - export RKE2_IMAGE=${REPO}/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} + export RKE2_IMAGE=husseingalal/${PROG}-test:${DOCKERIZED_VERSION}-${GOARCH} #export RKE2_IMAGE=${REPO}/${IMAGE_NAME}:${TAG} fi diff --git a/scripts/validate-release b/scripts/validate-release index b4021c246a..2d49673b81 100755 --- a/scripts/validate-release +++ b/scripts/validate-release @@ -59,6 +59,6 @@ function check_kubernetes_version() { . ./scripts/version.sh git fetch origin -f --tags -parse_tag $GITHUB_TAG +parse_tag $GITHUB_ACTION_TAG check_release_branch check_kubernetes_version