-
Notifications
You must be signed in to change notification settings - Fork 79
137 lines (123 loc) · 5.07 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: build
on:
push:
branches:
- master
- v*
pull_request:
env:
# Fake up DRONE_BRANCH so it's picked up when dapper gets to
# scripts/version. For branches, github.ref_name will be
# "master" or "v1.x", which is fine, but for PRs it will be
# something like "697/merge", which doesn't work as a version,
# so wet just set it to master in this case.
DRONE_BRANCH: ${{ endsWith(github.ref_name, '/merge') && 'master' || github.ref_name }}
jobs:
build-iso:
name: Build ISO Images
strategy:
matrix:
arch:
- amd64
- arm64
# hdd=50 is somewhat arbitrary here, but seems to give a
# 77G disk, which is sufficient for ISO builds.
# The VM runners are named "x64", not "amd64" like other docker things.
runs-on: runs-on,runner=4cpu-linux-${{ matrix.arch == 'amd64' && 'x64' || matrix.arch }},hdd=50,run-id=${{ github.run_id }}
permissions:
contents: read
id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
steps:
- name: Checkout code
uses: actions/checkout@v4
# Build ISO
- name: Run make ci
run: make ci
# Below is essentially duplicated from the main Harvester repo's
# .github/workflows/build.yml, except we're only publishing branches,
# not tags.
- name: Declare branch
run: |
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
if [ "${{ matrix.arch }}" == "x64" ]; then
echo "arch=amd64" >> "$GITHUB_ENV"
else
echo "arch=arm64" >> "$GITHUB_ENV"
fi
- name: Read Secrets
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/google-auth/harvester/credentials token | GOOGLE_AUTH ;
- name: Login to Docker Hub
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
# rancher/harvester-cluster-repo image
- name: docker-publish-harvester-cluster-repo
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: docker/build-push-action@v5
with:
context: dist/harvester-cluster-repo
push: true
platforms: linux/${{ env.arch }}
tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ env.arch }}
file: dist/harvester-cluster-repo/Dockerfile
- name: Login to Google Cloud
if: ${{ startsWith(github.ref, 'refs/heads/') }}
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ env.GOOGLE_AUTH }}'
- name: upload-iso
uses: 'google-github-actions/upload-cloud-storage@v2'
if: ${{ startsWith(github.ref, 'refs/heads/') }}
with:
path: dist/artifacts
parent: false
destination: releases.rancher.com/harvester/${{ env.branch }}
predefinedAcl: publicRead
headers: |-
cache-control: public,no-cache,proxy-revalidate
manifest-cluster-repo-image:
name: Manifest harvester-cluster-repo image
runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
needs: build-iso
if: ${{ startsWith(github.ref, 'refs/heads/') }}
permissions:
contents: read
id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Declare branch
run: |
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Read Secrets
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
# rancher/harvester-cluster-repo image
- name: docker-pull-harvester-cluster-repo
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64
docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64
docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \
rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \
rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64