Skip to content

build-docker-images #14

build-docker-images

build-docker-images #14

Workflow file for this run

name: build-docker-images
on:
push:
branches:
- "master"
- "release/v*"
tags:
- "v*"
env:
COMMIT: ${{ github.sha }}
REPOSITORY_OWNER: ${{ github.repository_owner }}
IMAGE: ${{ github.repository_owner }}/rancher
IMAGE_AGENT: ${{ github.repository_owner }}/rancher-agent
IMAGE_INSTALLER: ${{ github.repository_owner }}/system-agent-installer-rancher
REGISTRY: "stgregistry.suse.com"
AWS_DEFAULT_REGION: "us-east-1"
jobs:
unit-tests:
uses: ./.github/workflows/unit-test.yml
build-chart:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Tag Env Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Install dependencies
env:
HELM_URL: https://get.helm.sh/helm-${{ steps.env.outputs.HELM_VERSION }}-linux-amd64.tar.gz
HELM_UNITTEST_VERSION: ${{ steps.env.outputs.HELM_UNITTEST_VERSION }}
run: |
sudo snap install yq
curl ${{ env.HELM_URL }} | tar xvzf - --strip-components=1 -C /tmp/ && \
sudo mv /tmp/helm /usr/bin/helm_v3 && \
sudo chmod +x /usr/bin/helm_v3
helm_v3 plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_UNITTEST_VERSION }}; \
- name: Build
run: ./scripts/chart/build chart
- name: Validate
run: ./scripts/chart/validate
- name: Test
run: ./scripts/chart/test
- name: Package
run: ./scripts/chart/package
- name: Upload chart
uses: actions/upload-artifact@v4
with:
name: chart
path: ./bin/chart/*
if-no-files-found: error
retention-days: 4
overwrite: true
publish-chart:
runs-on: ubuntu-latest
needs: [build-chart, push-images]
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on push
permissions:
contents: read
id-token: write
steps:
- name: Download chart
uses: actions/download-artifact@v4
with:
name: chart
path: ${{ runner.temp }}/charts
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/optimus-charts-access-key/credentials token | OPTIMUS_CHARTS_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/optimus-charts-secret-key/credentials token | OPTIMUS_CHARTS_SECRET_KEY ;
- name: Upload chart to bucket
run: |
AWS_ACCESS_KEY_ID=${{ env.OPTIMUS_CHARTS_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.OPTIMUS_CHARTS_SECRET_KEY }} aws s3 cp --recursive ${{ runner.temp }}/charts s3://charts.optimus.rancher.io/server-charts
build-server:
runs-on: ubuntu-latest
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
# Cleaning the runner is important to free enough space to build rancher, otherwise the build will fail
- name: Clean runner
run: |
# removes dotnet
sudo rm -rf /usr/share/dotnet
# removes haskell
sudo rm -rf /opt/ghc
# removes android sdk
sudo rm -rf /usr/local/lib/android
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create k3s images file
uses: ./.github/actions/k3s-images
with:
k3s_version: ${{ steps.env.outputs.CATTLE_K3S_VERSION }}
- name: Download data.json
run: curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./data.json
- name: Build and export server
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"COMMIT=${{ env.COMMIT }}"
"RKE_VERSION=${{ steps.env.outputs.RKE_VERSION }}"
"ARCH=${{ matrix.arch }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ steps.env.outputs.CATTLE_RANCHER_WEBHOOK_VERSION }}"
"CATTLE_CSP_ADAPTER_MIN_VERSION=${{ steps.env.outputs.CATTLE_CSP_ADAPTER_MIN_VERSION }}"
"CATTLE_FLEET_VERSION=${{ steps.env.outputs.CATTLE_FLEET_VERSION }}"
tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }}
context: .
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
file: ./package/Dockerfile
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
build-agent:
needs: [build-server]
runs-on: ubuntu-latest
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
services:
registry:
image: registry:2
ports:
- 5000:5000
env:
REGISTRY: "127.0.0.1:5000"
steps:
# Cleaning the runner is important to free enough space to build rancher, otherwise the build will fail
- name: Clean runner
run: |
# removes dotnet
sudo rm -rf /usr/share/dotnet
# removes haskell
sudo rm -rf /opt/ghc
# removes android sdk
sudo rm -rf /usr/local/lib/android
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
run: |
echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV"
source scripts/export-config
echo "CATTLE_RANCHER_WEBHOOK_VERSION=$CATTLE_RANCHER_WEBHOOK_VERSION" >> "$GITHUB_ENV"
- name: Setup TAG Variables
uses: ./.github/actions/setup-tag-env
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Download rancher image
uses: actions/download-artifact@v4
with:
name: "rancher-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp
- name: Load image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}
- name: Build agent
id: build
uses: docker/build-push-action@v5
with:
push: false
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ matrix.arch }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
"REGISTRY=${{ env.REGISTRY }}"
"CATTLE_RANCHER_WEBHOOK_VERSION=${{ env.CATTLE_RANCHER_WEBHOOK_VERSION }}"
tags: ${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }}
context: .
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
file: ./package/Dockerfile.agent
labels: "${{ steps.meta.outputs.labels }}"
outputs: type=docker,dest=/tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar
- name: Upload image
uses: actions/upload-artifact@v4
with:
name: "rancher-agent-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar
if-no-files-found: error
retention-days: 4
overwrite: false
integration-tests:
needs: [build-agent]
uses: ./.github/workflows/integration-tests.yml
with:
parent_run_id: ${{ github.run_id }}
build-agent-windows:
needs: [integration-tests]
strategy:
matrix:
os: [windows]
version: [2019, 2022]
runs-on: ${{ matrix.os }}-${{ matrix.version }}
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Build Windows Server Image
run: |
docker build -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }} --build-arg VERSION=${{ env.TAG }} --build-arg SERVERCORE_VERSION=ltsc${{ matrix.version }} -f package/windows/Dockerfile.agent .
docker push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-${{ matrix.version }}
shell: bash
push-images:
runs-on: ubuntu-latest
needs: [unit-tests, integration-tests]
permissions:
contents: read
id-token: write
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download rancher image
uses: actions/download-artifact@v4
with:
pattern: "*-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp
merge-multiple: true
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Push server image
run: |
image_id=$(docker load --input /tmp/rancher-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_id" ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }}-${{ matrix.arch }}
- name: Push agent image
run: |
image_agent_id=$(docker load --input /tmp/rancher-agent-${{ matrix.os }}-${{ matrix.arch }}.tar 2>&1 | grep "Loaded image" | awk '{print $NF}')
if [ -z "$image_agent_id" ]; then
echo "Error: Failed to load image from tarball!"
exit 1
fi
docker tag "$image_agent_id" ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-${{ matrix.arch }}
merge-server-manifest:
runs-on: ubuntu-latest
needs: [push-images]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
- name: Create head manifest list and push
run: |
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE }}:${{ env.TAG }}
merge-agent-manifest:
runs-on: ubuntu-latest
needs: [push-images, build-agent-windows]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Create manifest list and push
run: |
# docker manifest is used with windows images to maintain os.version in the manifest
docker manifest create ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
# docker buildx imagetools create pushes to the registry by default, which is not the same behavior as docker manifest create
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }} \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker manifest create ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2019 \
${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-windows-2022
docker manifest push ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }}
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.HEAD_TAG }} \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-amd64 \
--append ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_AGENT }}:${{ env.TAG }}
build-installer:
needs:
- merge-server-manifest
- build-chart
runs-on: ubuntu-latest
strategy:
matrix:
os: [linux]
arch: [amd64, arm64]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Setup New Environment Variables
run: |
echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download chart
uses: actions/download-artifact@v4
with:
name: chart
path: ./chart
- name: Build and export agent
id: build
uses: docker/build-push-action@v5
with:
push: true
build-args: |
"VERSION=${{ env.TAG }}"
"ARCH=${{ matrix.arch }}"
"RANCHER_TAG=${{ env.TAG }}"
"RANCHER_REPO=${{ env.REPOSITORY_OWNER }}"
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-${{ matrix.arch }}
context: .
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
file: ./package/Dockerfile.installer
labels: "${{ steps.meta.outputs.labels }}"
merge-installer-manifest:
runs-on: ubuntu-latest
needs: [build-installer]
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_INSTALLER }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/stage-registry-username/credentials token | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/stage-registry-password/credentials token | STAGE_REGISTRY_PASSWORD ;
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.STAGE_REGISTRY_USERNAME }}
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}
- name: Create manifest list and push
run: |
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
if [[ "${{ github.ref_name }}" == release/v* ]]; then
docker buildx imagetools create -t ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.HEAD_TAG }} ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-amd64 ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}-arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY}}/${{ env.IMAGE_INSTALLER }}:${{ env.TAG }}
create-images-files:
if: github.event_name == 'push' && contains(github.ref, 'tags/') # Only run on push
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
REGISTRY: ""
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Environment Variables
uses: ./.github/actions/setup-tag-env
- id: env
name: Setup Dependencies Env Variables
uses: ./.github/actions/setup-build-env
- name: Download data.json
run: |
mkdir -p bin
curl -sLf https://releases.rancher.com/kontainer-driver-metadata/${{ steps.env.outputs.CATTLE_KDM_BRANCH }}/data.json > ./bin/data.json
- name: Create files
run: |
mkdir -p $HOME/bin
touch $HOME/bin/rancher-rke-k8s-versions.txt
- name: Create components and images files
shell: bash
run: ./scripts/create-components-images-files.sh
- name: Move files
run: |
mv $HOME/bin/* ./dist
mv ./bin/*.txt ./dist
mv ./bin/*.sh ./dist
mv ./bin/*.ps1 ./dist
- name: Create sha256sum.txt file
run: ./scripts/artifacts-hashes.sh
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-access/credentials token | PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/prime-artifacts-uploader-secret/credentials token | PRIME_ARTIFACTS_UPLOADER_SECRET_KEY ;
- name: Upload artifacts to bucket
run: |
AWS_ACCESS_KEY_ID=${{ env.PRIME_ARTIFACTS_UPLOADER_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY=${{ env.PRIME_ARTIFACTS_UPLOADER_SECRET_KEY }} aws s3 cp --recursive ./dist s3://prime-artifacts/rancher/${{ env.TAG }}