Skip to content

Commit

Permalink
add GHA workflows to replace Drone
Browse files Browse the repository at this point in the history
  • Loading branch information
@jiaqiluo
jiaqiluo committed May 31, 2024
1 parent ec7a628 commit ff44492
Show file tree
Hide file tree
Showing 9 changed files with 241 additions and 168 deletions.
156 changes: 0 additions & 156 deletions .drone.yml
View file

This file was deleted.

51 changes: 51 additions & 0 deletions .github/workflows/ci-on-pr.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: CI on Push and Pull Request

on:
pull_request:
branches:
- master
push:
branches:
- master

env:
IMAGE: rancher/hyperkube-base

jobs:
test-prepare-binaries:
permissions:
contents: read
strategy:
matrix:
os: [linux]
arch: [ amd64, arm64 ]
runs-on: org-${{ github.repository_owner_id }}-${{ matrix.arch }}-k8s
container: ubuntu:22.04
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Prepare binaries
run: |
sudo apt-get update
sudo apt-get install -y make
make ARCH=${{ matrix.arch }} scripts/iptables-wrapper-installer.sh
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Test build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: "${{ steps.meta.outputs.tags }}"
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
labels: "${{ steps.meta.outputs.labels }}"
build-args: |
ARCH="${{ matrix.arch }}"
30 changes: 30 additions & 0 deletions .github/workflows/fossa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Run Fossa Scan

on:
push:
branches:
- "master"
# For manual scans.
workflow_dispatch:

jobs:
fossa:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # needed for the Vault authentication
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Read FOSSA token
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
- name: FOSSA scan
uses: fossas/fossa-action@main
with:
api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
run-tests: false
132 changes: 132 additions & 0 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
name: Release

on:
push:
tags:
- '*'

env:
IMAGE: rancher/hyperkube-base

jobs:
build-push-images:
permissions:
contents: read
id-token: write # needed for the Vault authentication
strategy:
fail-fast: true
matrix:
os: [linux]
arch: [amd64, arm64]
runs-on: org-${{ github.repository_owner_id }}-${{ matrix.arch }}-k8s
container: ubuntu:22.04
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Prepare binaries
run: |
make ARCH=${{ matrix.arch }} scripts/iptables-wrapper-installer.sh
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}

- name: Build and push Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: "${{ steps.meta.outputs.tags }}"
platforms: "${{ matrix.os }}/${{ matrix.arch }}"
labels: "${{ steps.meta.outputs.labels }}"
build-args: |
ARCH="${{ matrix.arch }}"
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: "digests-${{ matrix.os }}-${{ matrix.arch }}"
path: /tmp/digests/*
if-no-files-found: error
retention-days: 7
overwrite: true

merge:
runs-on: ubuntu-latest
needs:
- build-push-images
permissions:
contents: read
id-token: write # needed for the Vault authentication
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE }}
flavor: |
latest=false
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}

- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}
5 changes: 5 additions & 0 deletions .idea/.gitignore
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions .idea/hyperkube-base.iml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/modules.xml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ff44492

Please sign in to comment.