From 142dc217360301ae252642a80fcdd82e91f6ddc0 Mon Sep 17 00:00:00 2001 From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com> Date: Tue, 18 Jun 2024 15:35:14 -0700 Subject: [PATCH] [Backport] [release/v3] Github Action Migration (#1358) Co-authored-by: Harrison --- .drone.yml | 75 ----------------------------- .github/workflows/pre-release.yaml | 50 +++++++++++++++++++ .github/workflows/pull_request.yaml | 16 ++++++ .github/workflows/release.yaml | 50 +++++++++++++++++++ GNUmakefile | 12 +---- 5 files changed, 117 insertions(+), 86 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/pre-release.yaml create mode 100644 .github/workflows/pull_request.yaml create mode 100644 .github/workflows/release.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 55842de2..00000000 --- a/.drone.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -kind: pipeline -name: default - -steps: -- name: build - image: docker:20.10.17-dind - environment: - GOPATH: /go - PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/go/bin - commands: - - /usr/local/bin/dockerd-entrypoint.sh & - - apk add -U bash make gcc musl-dev git wget go curl - - mkdir -p /go/src/github.com/rancher - - ln -s /drone/src /go/src/github.com/rancher/terraform-provider-rancher2 - - cd /go/src/github.com/rancher/terraform-provider-rancher2 - - make docker-build - - make docker-testacc - - kill %1 - privileged: true - -- name: build-all-binaries - image: golang:1.19.4 - environment: - CROSS: 1 - VERSION: ${DRONE_TAG} - commands: - - apt-get update - - apt-get install -y xz-utils zip rsync jq curl ca-certificates - - mkdir -p /go/src/github.com/rancher - - ln -s /drone/src /go/src/github.com/rancher/terraform-provider-rancher2 - - cd /go/src/github.com/rancher/terraform-provider-rancher2 - - make build-rancher - - make package-rancher - when: - event: tag - -- name: gpg_sign_release - image: plugins/gpgsign - settings: - key: - from_secret: gpg_key - passphrase: - from_secret: gpg_passphrase - files: - - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_*_SHA256SUMS - detach_sign: true - armor: false - when: - event: tag - -- name: github_binary_prerelease - image: plugins/github-release - settings: - prerelease: true - files: - - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_* - api_key: - from_secret: github_token - when: - event: tag - ref: - include: [ refs/tags/*rc* ] - -- name: github_binary_release - image: plugins/github-release - settings: - files: - - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_* - api_key: - from_secret: github_token - when: - event: tag - ref: - exclude: [ refs/tags/*rc* ] \ No newline at end of file diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml new file mode 100644 index 00000000..ed569aae --- /dev/null +++ b/.github/workflows/pre-release.yaml @@ -0,0 +1,50 @@ +name: Prerelease + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+' + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - uses: actions/checkout@v4 + - name: build binaries + env: + CROSS: 1 + VERSION: ${{ github.ref_name }} + run: | + make build-rancher + + - name: package + run: | + make package-rancher + + - name: retrieve GPG Credentials + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ; + secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY + + - name: sign shasum + env: + GPG_KEY: ${{ env.GPG_KEY }} + GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + run: | + echo "Importing gpg key" + echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch > /dev/null + echo "signing SHASUM file" + VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//") + SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_"$VERSION_NO_V"_SHA256SUMS + echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE" + + - name: GH release + env: + GH_TOKEN: ${{ github.token }} + run: | + gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/* diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml new file mode 100644 index 00000000..ca5a9d2d --- /dev/null +++ b/.github/workflows/pull_request.yaml @@ -0,0 +1,16 @@ +name: Pull Request + +on: + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: build binaries + env: + CROSS: 1 + VERSION: ${{ github.ref_name }} + run: | + make build-rancher diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..19e35f7f --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,50 @@ +name: Release + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - uses: actions/checkout@v4 + - name: build binaries + env: + CROSS: 1 + VERSION: ${{ github.ref_name }} + run: | + make build-rancher + + - name: package + run: | + make package-rancher + + - name: retrieve GPG Credentials + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ; + secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY + + - name: sign shasum + env: + GPG_KEY: ${{ env.GPG_KEY }} + GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + run: | + echo "Importing gpg key" + echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch > /dev/null + echo "signing SHASUM file" + VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//") + SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_"$VERSION_NO_V"_SHA256SUMS + echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE" + + - name: GH release + env: + GH_TOKEN: ${{ github.token }} + run: | + gh release create ${{ github.ref_name }} --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/* diff --git a/GNUmakefile b/GNUmakefile index ce30c814..39e256c0 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -16,7 +16,7 @@ build-rancher: validate-rancher validate-rancher: validate test -validate: fmtcheck lint vet +validate: fmtcheck vet package-rancher: @sh -c "'$(CURDIR)/scripts/gopackage.sh'" @@ -47,16 +47,6 @@ vet: echo "fix them if necessary, before submitting the code for review."; \ fi -lint: - @echo "==> Checking that code complies with golint requirements..." - @GO111MODULE=off go get -u golang.org/x/lint/golint - @if [ -n "$$(golint $$(go list ./...) | grep -v 'should have comment.*or be unexported' | tee /dev/stderr)" ]; then \ - echo ""; \ - echo "golint found style issues. Please check the reported issues"; \ - echo "and fix them if necessary before submitting the code for review."; \ - exit 1; \ - fi - bin: go build -o $(PROVIDER_NAME)