fix registry (#46397) #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-docker-images | |
| on: | |
| push: | |
| branches: | |
| - "master" | |
| - "release/v*" | |
| tags: | |
| - "v*" | |
| env: | |
| COMMIT: ${{ github.sha }} | |
| REPOSITORY_OWNER: ${{ github.repository_owner }} | |
| IMAGE: ${{ github.repository_owner }}/rancher | |
| IMAGE_AGENT: ${{ github.repository_owner }}/rancher-agent | |
| IMAGE_INSTALLER: ${{ github.repository_owner }}/system-agent-installer-rancher | |
| CATTLE_KDM_BRANCH: dev-v2.8 | |
| CATTLE_K3S_VERSION: v1.28.6+k3s2 | |
| HELM_VERSION_V3: v3.13.3 | |
| REGISTRY: "stgregistry.suse.com" | |
| AWS_DEFAULT_REGION: "us-east-1" | |
| jobs: | |
| unit-tests: | |
| uses: ./.github/workflows/unit-test.yml | |
| build-chart: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Install dependencies | |
| env: | |
| HELM_URL_V3: https://get.helm.sh/helm-${{ env.HELM_VERSION_V3 }}-linux-amd64.tar.gz | |
| HELM_UNITTEST_VERSION: 0.3.2 | |
| run: | | |
| sudo snap install yq | |
| curl ${{ env.HELM_URL_V3 }} | tar xvzf - --strip-components=1 -C /tmp/ && \ | |
| sudo mv /tmp/helm /usr/bin/helm_v3 && \ | |
| sudo chmod +x /usr/bin/helm_v3 | |
| helm_v3 plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_UNITTEST_VERSION }}; \ | |
| - name: Build | |
| run: ./scripts/chart/build chart | |
| - name: Validate | |
| run: ./scripts/chart/validate | |
| - name: Test | |
| run: ./scripts/chart/test | |
| - name: Package | |
| run: ./scripts/chart/package | |
| - name: Upload chart | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chart | |
| path: ./bin/chart/* | |
| if-no-files-found: error | |
| retention-days: 4 | |
| overwrite: true | |
| publish-chart: | |
| runs-on: ubuntu-latest | |
| needs: [build-chart, push-images] | |
| if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on push | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Download chart | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: chart | |
| path: ${{ runner.temp }}/charts | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/optimus-charts-access-key/credentials token | OPTIMUS_CHARTS_ACCESS_KEY ; | |
| secret/data/github/repo/${{ github.repository }}/optimus-charts-secret-key/credentials token | OPTIMUS_CHARTS_SECRET_KEY ; | |
| - name: Upload chart to bucket | |
| run: | | |
| AWS_ACCESS_KEY_ID=${{ env.OPTIMUS_CHARTS_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.OPTIMUS_CHARTS_SECRET_KEY }} aws s3 cp --recursive ${{ runner.temp }}/charts s3://charts.optimus.rancher.io/server-charts | |
| build-server: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| os: [linux] | |
| arch: [amd64, arm64] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Clean runner | |
| run: | | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf "/usr/local/share/boost" | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Set up build-time environment variables | |
| run: | | |
| echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV" | |
| echo "RKE_VERSION=$(grep -m1 'github.com/rancher/rke' go.mod | awk '{print $2}')" >> "$GITHUB_ENV" | |
| source scripts/export-config | |
| echo "CATTLE_RANCHER_WEBHOOK_VERSION=$CATTLE_RANCHER_WEBHOOK_VERSION" >> "$GITHUB_ENV" | |
| echo "CATTLE_CSP_ADAPTER_MIN_VERSION=$CATTLE_CSP_ADAPTER_MIN_VERSION" >> "$GITHUB_ENV" | |
| echo "CATTLE_FLEET_VERSION=$CATTLE_FLEET_VERSION" >> "$GITHUB_ENV" | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE }} | |
| flavor: | | |
| latest=false | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Create k3s images file | |
| uses: ./.github/actions/k3s-images | |
| with: | |
| k3s_version: ${{ env.CATTLE_K3S_VERSION }} | |
| - name: Download data.json | |
| run: curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ env.CATTLE_KDM_BRANCH }}/data.json > ./data.json | |
| - name: Build and export server | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: false | |
| build-args: | | |
| "VERSION=${{ env.TAG }}" | |
| "COMMIT=${{ env.COMMIT }}" | |
| "RKE_VERSION=${{ env.RKE_VERSION }}" | |
| "ARCH=${{ matrix.arch }}" | |
| "CATTLE_RANCHER_WEBHOOK_VERSION=${{ env.CATTLE_RANCHER_WEBHOOK_VERSION }}" | |
| "CATTLE_CSP_ADAPTER_MIN_VERSION=${{ env.CATTLE_CSP_ADAPTER_MIN_VERSION }}" | |
| "CATTLE_FLEET_VERSION=${{ env.CATTLE_FLEET_VERSION }}" | |
| tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }} | |
| context: . | |
| platforms: "${{ matrix.os }}/${{ matrix.arch }}" | |
| file: ./package/Dockerfile | |
| labels: "${{ steps.meta.outputs.labels }}" | |
| outputs: type=docker,dest=/tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar | |
| - name: Upload image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: "rancher-${{ matrix.os }}-${{ matrix.arch }}" | |
| path: /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar | |
| if-no-files-found: error | |
| retention-days: 4 | |
| overwrite: false | |
| build-agent: | |
| needs: [build-server] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| os: [linux] | |
| arch: [amd64, arm64] | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| env: | |
| REGISTRY: "127.0.0.1:5000" | |
| steps: | |
| - name: Clean runner | |
| run: | | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf "/usr/local/share/boost" | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| run: | | |
| echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV" | |
| source scripts/export-config | |
| echo "CATTLE_RANCHER_WEBHOOK_VERSION=$CATTLE_RANCHER_WEBHOOK_VERSION" >> "$GITHUB_ENV" | |
| - name: Setup TAG Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE }} | |
| flavor: | | |
| latest=false | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Download rancher image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: "rancher-${{ matrix.os }}-${{ matrix.arch }}" | |
| path: /tmp | |
| - name: Load image | |
| run: | | |
| image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}') | |
| if [ -z "$image_id" ]; then | |
| echo "Error: Failed to load image from tarball!" | |
| exit 1 | |
| fi | |
| docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} | |
| - name: Build agent | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: false | |
| build-args: | | |
| "VERSION=${{ env.TAG }}" | |
| "ARCH=${{ matrix.arch }}" | |
| "RANCHER_TAG=${{ env.TAG }}" | |
| "RANCHER_REPO=${{ env.REPOSITORY_OWNER }}" | |
| "REGISTRY=${{ env.REGISTRY }}" | |
| "CATTLE_RANCHER_WEBHOOK_VERSION=${{ env.CATTLE_RANCHER_WEBHOOK_VERSION }}" | |
| tags: ${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }} | |
| context: . | |
| platforms: "${{ matrix.os }}/${{ matrix.arch }}" | |
| file: ./package/Dockerfile.agent | |
| labels: "${{ steps.meta.outputs.labels }}" | |
| outputs: type=docker,dest=/tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar | |
| - name: Upload image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: "rancher-agent-${{ matrix.os }}-${{ matrix.arch }}" | |
| path: /tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar | |
| if-no-files-found: error | |
| retention-days: 4 | |
| overwrite: false | |
| integration-tests: | |
| needs: [build-agent] | |
| uses: ./.github/workflows/integration-tests.yml | |
| with: | |
| parent_run_id: ${{ github.run_id }} | |
| build-agent-windows: | |
| needs: [integration-tests] | |
| strategy: | |
| matrix: | |
| os: [windows] | |
| version: [2019, 2022] | |
| runs-on: ${{ matrix.os }}-${{ matrix.version }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Build Windows Server Image | |
| run: | | |
| docker build -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }} --build-arg VERSION=${{ env.TAG }} --build-arg SERVERCORE_VERSION=ltsc${{ matrix.version }} -f package/windows/Dockerfile.agent . | |
| docker push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }} | |
| shell: bash | |
| push-images: | |
| runs-on: ubuntu-latest | |
| needs: [unit-tests, integration-tests] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| strategy: | |
| matrix: | |
| os: [linux] | |
| arch: [amd64, arm64] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download rancher image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: "*-${{ matrix.os }}-${{ matrix.arch }}" | |
| path: /tmp | |
| merge-multiple: true | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Docker Registry Login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Push server image | |
| run: | | |
| image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}') | |
| if [ -z "$image_id" ]; then | |
| echo "Error: Failed to load image from tarball!" | |
| exit 1 | |
| fi | |
| docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }} | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }} | |
| - name: Push agent image | |
| run: | | |
| image_agent_id=$(docker load --input /tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}') | |
| if [ -z "$image_agent_id" ]; then | |
| echo "Error: Failed to load image from tarball!" | |
| exit 1 | |
| fi | |
| docker tag "$image_agent_id" ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }} | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }} | |
| merge-server-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [push-images] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Create manifest list and push | |
| run: | | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64 | |
| - name: Create head manifest list and push | |
| run: | | |
| if [[ "${{ github.ref_name }}" == release/v* ]]; then | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64 | |
| fi | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }} | |
| merge-agent-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [push-images, build-agent-windows] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Create manifest list and push | |
| run: | | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022 | |
| if [[ "${{ github.ref_name }}" == release/v* ]]; then | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \ | |
| ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022 | |
| fi | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} | |
| build-installer: | |
| needs: | |
| - merge-server-manifest | |
| - build-chart | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| os: [linux] | |
| arch: [amd64, arm64] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Setup New Environment Variables | |
| run: | | |
| echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV" | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE }} | |
| flavor: | | |
| latest=false | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Docker Registry Login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download chart | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: chart | |
| path: ./chart | |
| - name: Build and export agent | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| build-args: | | |
| "VERSION=${{ env.TAG }}" | |
| "ARCH=${{ matrix.arch }}" | |
| "RANCHER_TAG=${{ env.TAG }}" | |
| "RANCHER_REPO=${{ env.REPOSITORY_OWNER }}" | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-${{ matrix.arch }} | |
| context: . | |
| platforms: "${{ matrix.os }}/${{ matrix.arch }}" | |
| file: ./package/Dockerfile.installer | |
| labels: "${{ steps.meta.outputs.labels }}" | |
| merge-installer-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [build-installer] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_INSTALLER }} | |
| flavor: | | |
| latest=false | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ; | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.STAGE_REGISTRY_USERNAME }} | |
| password: ${{ env.STAGE_REGISTRY_PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Create manifest list and push | |
| run: | | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64 | |
| if [[ "${{ github.ref_name }}" == release/v* ]]; then | |
| docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64 | |
| fi | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }} | |
| create-images-files: | |
| if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on push | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| REGISTRY: "" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Download data.json | |
| run: | | |
| mkdir -p bin | |
| curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ env.CATTLE_KDM_BRANCH }}/data.json > ./bin/data.json | |
| - name: Create files | |
| run: | | |
| mkdir -p $HOME/bin | |
| touch $HOME/bin/rancher-rke-k8s-versions.txt | |
| - name: Create components and images files | |
| shell: bash | |
| run: ./scripts/create-components-images-files.sh | |
| - name: Move files | |
| run: | | |
| mv $HOME/bin/* ./dist | |
| mv ./bin/*.txt ./dist | |
| mv ./bin/*.sh ./dist | |
| mv ./bin/*.ps1 ./dist | |
| - name: Create sha256sum.txt file | |
| run: ./scripts/artifacts-hashes.sh | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ; | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ; | |
| - name: Upload artifacts to bucket | |
| run: | | |
| AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws s3 cp --recursive ./dist s3://prime-artifacts/rancher/${{ env.TAG }} | |
| docker-image-digests: | |
| if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tag | |
| runs-on: ubuntu-latest | |
| needs: [create-images-files, push-images] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Environment Variables | |
| uses: ./.github/actions/setup-tag-env | |
| - name: Create dist folder | |
| run: mkdir -p dist | |
| - name: Setup ecm-distro-tools | |
| uses: rancher/[email protected] | |
| with: | |
| version: v0.38.1 | |
| - name: Create ECM Config | |
| run: | | |
| mkdir -p ~/.ecm-distro-tools | |
| release config gen | |
| mkdir -p /tmp/digests | |
| - name: Generate Linux Digests | |
| run: | | |
| export LINUX_IMAGES_URL=https://prime.ribs.rancher.io/rancher/${{ env.TAG}}/rancher-images.txt | |
| release generate rancher docker-images-digests \ | |
| --images-url "$LINUX_IMAGES_URL" \ | |
| --output-file /tmp/digests/rancher-images-digests-linux-amd64.txt \ | |
| --registry ${{ env.REGISTRY }} | |
| cp /tmp/digests/rancher-images-digests-linux-amd64.txt /tmp/digests/rancher-images-digests-linux-arm64.txt | |
| - name: Generate Windows Digests | |
| run: | | |
| export WINDOWS_IMAGES_URL=https://prime.ribs.rancher.io/rancher/${{ env.TAG}}/rancher-windows-images.txt | |
| release generate rancher docker-images-digests \ | |
| --images-url "$WINDOWS_IMAGES_URL" \ | |
| --output-file /tmp/digests/rancher-images-digests-windows-ltsc2019.txt \ | |
| --registry ${{ env.REGISTRY }} | |
| cp /tmp/digests/rancher-images-digests-windows-ltsc2019.txt /tmp/digests/rancher-images-digests-windows-ltsc2022.txt | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ; | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ; | |
| - name: Upload docker image digests to bucket | |
| run: | | |
| AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws s3 --recursive cp /tmp/digests s3://prime-artifacts/rancher/${{ env.TAG }} | |
| build-artifacts-index: | |
| if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on tag | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| needs: [publish-chart, create-images-files, docker-image-digests] | |
| env: | |
| CHARTS_DISTRIBUTION_ID: EKGBR3PUZ9J56 | |
| ARTIFACTS_DISTRIBUTION_ID: EUK3RJTBZG1QG | |
| steps: | |
| - name: Setup ecm-distro-tools | |
| uses: rancher/[email protected] | |
| with: | |
| version: v0.38.8 | |
| - name: Create ECM Config | |
| run: | | |
| mkdir -p "$HOME/.ecm-distro-tools" | |
| release config gen | |
| mkdir -p ${{ runner.temp }}/artifacts | |
| - name: Generate artifacts index | |
| run: release generate rancher artifacts-index --write-path /tmp/artifacts | |
| - name: Load Secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ; | |
| secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ; | |
| - name: Upload artifacts index to bucket | |
| run: AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws s3 --recursive cp /tmp/artifacts s3://prime-artifacts/ | |
| - name: Invalidate caches | |
| run: | | |
| AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws cloudfront create-invalidation --distribution-id ${{ env.ARTIFACTS_DISTRIBUTION_ID }} --paths "/*" | |
| AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws cloudfront create-invalidation --distribution-id ${{ env.CHARTS_DISTRIBUTION_ID }} --paths "/*" |