From 4dcfeeedd360f7b50a48c7175003df09b1bf2c9e Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 31 Jan 2024 19:24:38 +0000 Subject: [PATCH 1/3] build: Refactor build and test logic Signed-off-by: Paulo Gomes --- .dockerignore | 3 -- .github/workflows/tests.yml | 32 ++++++++++++ Dockerfile.dapper | 16 ------ Makefile | 51 +++++++++++++++---- hack/make/build.mk | 53 ++++++++++++++++++++ hack/make/deps.mk | 27 ++++++++++ package/Dockerfile | 74 ++++++++++++++++++++-------- kustomize.sh => package/kustomize.sh | 0 scripts/ci | 7 --- scripts/entry | 11 ----- scripts/package | 14 ------ scripts/release | 3 -- scripts/validate-ci | 13 ----- scripts/version | 27 ---------- 14 files changed, 206 insertions(+), 125 deletions(-) delete mode 100644 .dockerignore create mode 100644 .github/workflows/tests.yml delete mode 100644 Dockerfile.dapper create mode 100644 hack/make/build.mk create mode 100644 hack/make/deps.mk rename kustomize.sh => package/kustomize.sh (100%) delete mode 100755 scripts/ci delete mode 100755 scripts/entry delete mode 100755 scripts/package delete mode 100755 scripts/release delete mode 100755 scripts/validate-ci delete mode 100755 scripts/version diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index bec10c1..0000000 --- a/.dockerignore +++ /dev/null @@ -1,3 +0,0 @@ -./.dapper -./.cache -./dist diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..9721079 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,32 @@ +name: Tests + +on: + push: + pull_request: + +permissions: + contents: read + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - run: make validate + + test: + + runs-on: ubuntu-latest + needs: [ validate ] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - run: make test diff --git a/Dockerfile.dapper b/Dockerfile.dapper deleted file mode 100644 index 948b924..0000000 --- a/Dockerfile.dapper +++ /dev/null @@ -1,16 +0,0 @@ -FROM registry.suse.com/bci/bci-base:15.5 - -ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH - -RUN zypper -n install docker git - -ENV DAPPER_ENV REPO TAG DRONE_TAG CROSS -ENV DAPPER_SOURCE /shell -ENV DAPPER_OUTPUT ./bin ./dist -ENV DAPPER_DOCKER_SOCKET true -ENV HOME ${DAPPER_SOURCE} -WORKDIR ${DAPPER_SOURCE} - -ENTRYPOINT ["./scripts/entry"] -CMD ["ci"] diff --git a/Makefile b/Makefile index acae2f0..7b48ad3 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,46 @@ -TARGETS := $(shell ls scripts) +# To avoid poluting the Makefile, versions and checksums for tooling and +# dependencies are defined at hack/make/deps.mk. +include hack/make/deps.mk -.dapper: - @echo Downloading dapper - @curl -sL https://releases.rancher.com/dapper/latest/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp - @@chmod +x .dapper.tmp - @./.dapper.tmp -v - @mv .dapper.tmp .dapper +# Include logic that can be reused across projects. +include hack/make/build.mk -$(TARGETS): .dapper - ./.dapper $@ +# Define target platforms, image builder and the fully qualified image name. +TARGET_PLATFORMS ?= linux/amd64,linux/arm64,linux/s390x + +REPO ?= rancher +IMAGE = $(REPO)/shell:$(TAG) +BUILD_ACTION = --load .DEFAULT_GOAL := ci +ci: test validate e2e ## run the targets needed to validate a PR in CI. + +clean: ## clean up project. + rm -rf build + +test: ## test the build against all target platforms. + # Instead of loading image, target all platforms, effectivelly testing + # the build for the target architectures. + $(MAKE) image-build BUILD_ACTION="--platform=$(TARGET_PLATFORMS)" + +image-build: buildx-machine ## build (and load) the container image targeting the current platform. + $(IMAGE_BUILDER) build -f package/Dockerfile \ + --builder $(MACHINE) $(IMAGE_ARGS) \ + --build-arg VERSION=$(VERSION) -t "$(IMAGE)" $(BUILD_ACTION) . + @echo "Built $(IMAGE)" + +image-push: buildx-machine ## build the container image targeting all platforms defined by TARGET_PLATFORMS and push to a registry. + $(IMAGE_BUILDER) build -f package/Dockerfile \ + --builder $(MACHINE) $(IMAGE_ARGS) $(IID_FILE_FLAG) $(BUILDX_ARGS) \ + --build-arg VERSION=$(VERSION) --platform=$(TARGET_PLATFORMS) -t "$(IMAGE)" --push . + @echo "Pushed $(IMAGE)" + +validate: validate-dirty ## Run validation checks. -.PHONY: $(TARGETS) +validate-dirty: +ifdef DIRTY + @echo Git is dirty + @git --no-pager status + @git --no-pager diff + @exit 1 +endif diff --git a/hack/make/build.mk b/hack/make/build.mk new file mode 100644 index 0000000..4bd61d4 --- /dev/null +++ b/hack/make/build.mk @@ -0,0 +1,53 @@ +ifeq ($(VERSION),) + # Define VERSION, which is used for image tags or to bake it into the + # compiled binary to enable the printing of the application version, + # via the --version flag. + CHANGES = $(shell git status --porcelain --untracked-files=no) + ifneq ($(CHANGES),) + DIRTY = -dirty + endif + + # Prioritise DRONE_TAG for backwards compatibility. However, the git tag + # command should be able to gather the current tag, except when the git + # clone operation was done with "--no-tags". + ifneq ($(DRONE_TAG),) + GIT_TAG = $(DRONE_TAG) + else + GIT_TAG = $(shell git tag -l --contains HEAD | head -n 1) + endif + + COMMIT = $(shell git rev-parse --short HEAD) + VERSION = $(COMMIT)$(DIRTY) + + # Override VERSION with the Git tag if the current HEAD has a tag pointing to + # it AND the worktree isn't dirty. + ifneq ($(GIT_TAG),) + ifeq ($(DIRTY),) + VERSION = $(GIT_TAG) + endif + endif +endif + +RUNNER := docker +IMAGE_BUILDER := $(RUNNER) buildx +MACHINE := rancher + +ifeq ($(TAG),) + TAG = $(VERSION) + ifneq ($(DIRTY),) + TAG = dev + endif +endif + +# Define the target platforms that can be used across the ecosystem. +# Note that what would actually be used for a given project will be +# defined in TARGET_PLATFORMS, and must be a subset of the below: +DEFAULT_PLATFORMS := linux/amd64,linux/arm64,linux/x390s,linux/riscv64 + +.PHONY: help +help: ## display Makefile's help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +buildx-machine: ## create rancher dockerbuildx machine targeting platform defined by DEFAULT_PLATFORMS. + @docker buildx ls | grep $(MACHINE) || \ + docker buildx create --name=$(MACHINE) --platform=$(DEFAULT_PLATFORMS) diff --git a/hack/make/deps.mk b/hack/make/deps.mk new file mode 100644 index 0000000..97eb3e9 --- /dev/null +++ b/hack/make/deps.mk @@ -0,0 +1,27 @@ +HELM_VERSION := release-v3.12.3 + +KUBECTL_VERSION := v1.26.9 +# curl -L "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/arm64/kubectl.sha256" +KUBECTL_SUM_arm64 := f945c63220b393ddf8df67d87e67ff74b7f56219a670dee38bc597a078588e90 +# curl -L "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl.sha256" +KUBECTL_SUM_amd64 := 98ea4a13895e54ba24f57e0d369ff6be0d3906895305d5390197069b1da12ae2 +# curl -L "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/s390x/kubectl.sha256" +KUBECTL_SUM_s390x := 6c3f1cac8d70286eb4a661d783558101b9e4891e7997f744183506466a03625f + +KUSTOMIZE_VERSION := v5.3.0 +# curl -L "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F$KUSTOMIZE_VERSION/checksums.txt" +KUSTOMIZE_SUM_arm64 := a1ec622d4adeb483e3cdabd70f0d66058b1e4bcec013c4f74f370666e1e045d8 +KUSTOMIZE_SUM_amd64 := 3ab32f92360d752a2a53e56be073b649abc1e7351b912c0fb32b960d1def854c +KUSTOMIZE_SUM_s390x := 0b1a00f0e33efa2ecaa6cda9eeb63141ddccf97a912425974d6b65e66cf96cd4 + +K9S_VERSION := v0.31.7 +# curl -L "https://github.com/derailed/k9s/releases/download/$K9S_VERSION/checksums.sha256" +K9S_SUM_arm64 := 7310ca3d6d8f359457baeda2b0bc62571b7a0e068fe07275a774e7b2a9b54243 +K9S_SUM_amd64 := 10a01834fca8a1c6613ae3ed17ce22575e1d2f4ffb1dd344866df533ed2d2539 +K9S_SUM_s390x := 9c6b7537777b428346e72c8f9666bbdb320a71d981052b8750af60e740db98d8 + +# Reduces the code duplication on Makefile by keeping all args into a single variable. +IMAGE_ARGS := --build-arg HELM_VERSION=$(HELM_VERSION) \ + --build-arg KUBECTL_VERSION=$(KUBECTL_VERSION) --build-arg KUBECTL_SUM_arm64=$(KUBECTL_SUM_arm64) --build-arg KUBECTL_SUM_amd64=$(KUBECTL_SUM_amd64) --build-arg KUBECTL_SUM_s390x=$(KUBECTL_SUM_s390x) \ + --build-arg KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) --build-arg KUSTOMIZE_SUM_arm64=$(KUSTOMIZE_SUM_arm64) --build-arg KUSTOMIZE_SUM_amd64=$(KUSTOMIZE_SUM_amd64) --build-arg KUSTOMIZE_SUM_s390x=$(KUSTOMIZE_SUM_s390x) \ + --build-arg K9S_VERSION=$(K9S_VERSION) --build-arg K9S_SUM_arm64=$(K9S_SUM_arm64) --build-arg K9S_SUM_amd64=$(K9S_SUM_amd64) --build-arg K9S_SUM_s390x=$(K9S_SUM_s390x) diff --git a/package/Dockerfile b/package/Dockerfile index 174b313..50fb26c 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,23 +1,52 @@ -FROM registry.suse.com/bci/golang:1.21 AS helm -RUN zypper -n install git -RUN git -C / clone --branch release-v3.12.3 --depth=1 https://github.com/rancher/helm +# Image that provides cross compilation tooling. +FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 as xx + +FROM --platform=$BUILDPLATFORM registry.suse.com/bci/golang:1.21 as helm + +# Clone repository once, and reuse it for target archs. +ARG HELM_VERSION +ADD --keep-git-dir=true https://github.com/rancher/helm.git#${HELM_VERSION} /helm +RUN cd /helm && go mod download + +COPY --from=xx / / + +# Cross-compile instead of emulating the compilation on the target arch. +ARG TARGETPLATFORM +RUN xx-go --wrap && mkdir -p /run/lock RUN make -C /helm -FROM registry.suse.com/bci/bci-base:15.5 AS build -ARG ARCH=amd64 +RUN xx-verify --static /helm/bin/helm + +FROM --platform=$BUILDPLATFORM registry.suse.com/bci/bci-base:15.5 AS build RUN zypper -n install curl gzip tar -ENV KUBECTL_VERSION v1.26.9 -ENV K9S_VERSION=v0.31.7 -ENV KUSTOMIZE_VERSION=v5.3.0 -ENV KUSTOMIZE_URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz -RUN curl -LO https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl && \ - chmod +x kubectl -RUN curl -sfL https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${ARCH}.tar.gz | tar xvzf - -RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \ - curl -sLf ${KUSTOMIZE_URL} | tar -xzf - && chmod +x kustomize; \ - fi - -FROM registry.suse.com/bci/bci-base:15.5 + +# Define build arguments +ARG KUBECTL_VERSION KUBECTL_SUM_arm64 KUBECTL_SUM_amd64 KUBECTL_SUM_s390x \ + KUSTOMIZE_VERSION KUSTOMIZE_SUM_arm64 KUSTOMIZE_SUM_amd64 KUSTOMIZE_SUM_s390x \ + K9S_VERSION K9S_SUM_arm64 K9S_SUM_amd64 K9S_SUM_s390x + +ARG TARGETARCH +# Stage kubectl into build +ADD --chown=root:root --chmod=0755 \ + "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" \ + /kubectl + +ENV KUBECTL_SUM="KUBECTL_SUM_${TARGETARCH}" +RUN echo "${!KUBECTL_SUM} /kubectl" | sha256sum -c - + +# Stage kubectl into build +ENV KUSTOMIZE_SUM="KUSTOMIZE_SUM_${TARGETARCH}" +RUN curl --output /tmp/kustomize.tar.gz -sLf "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz" && \ + echo "${!KUSTOMIZE_SUM} /tmp/kustomize.tar.gz" | sha256sum -c - && \ + tar -xvzf /tmp/kustomize.tar.gz -C / kustomize + +# Stage k9s into build +ENV K9S_SUM="K9S_SUM_${TARGETARCH}" +RUN curl --output /tmp/k9s.tar.gz -sLf "https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${TARGETARCH}.tar.gz" && \ + echo "${!K9S_SUM} /tmp/k9s.tar.gz" | sha256sum -c - && \ + tar -xvzf /tmp/k9s.tar.gz -C / k9s + +FROM registry.suse.com/bci/bci-base:15.5 as final RUN zypper -n update && \ zypper -n install bash-completion gzip jq tar unzip vim wget && \ zypper clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* /usr/share/doc/manual/* /var/log/* @@ -33,10 +62,13 @@ RUN echo 'shell:x:1000:1000:shell,,,:/home/shell:/bin/bash' > /etc/passwd && \ mkdir /home/shell/.kube && \ chown -R shell /home/shell && \ chmod 700 /run -COPY --from=helm ./helm/bin/helm /usr/local/bin/ -COPY --from=build /kubectl /k9s ./kustomize* /usr/local/bin/ -COPY package/helm-cmd package/welcome /usr/local/bin/ -COPY kustomize.sh /home/shell/ + +COPY --chown=root:root --chmod=0755 --from=helm /helm/bin/helm /usr/local/bin/ +COPY --chown=root:root --chmod=0755 --from=build /kubectl /k9s /kustomize* /usr/local/bin/ +COPY --chown=root:root --chmod=0755 package/helm-cmd package/welcome /usr/local/bin/ +COPY --chown=1000:1000 --chmod=0755 package/kustomize.sh /home/shell/ + USER 1000 + WORKDIR /home/shell CMD ["welcome"] diff --git a/kustomize.sh b/package/kustomize.sh similarity index 100% rename from kustomize.sh rename to package/kustomize.sh diff --git a/scripts/ci b/scripts/ci deleted file mode 100755 index b0c677b..0000000 --- a/scripts/ci +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -cd $(dirname $0) - -./validate-ci -./package diff --git a/scripts/entry b/scripts/entry deleted file mode 100755 index 78fb567..0000000 --- a/scripts/entry +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -e - -mkdir -p bin dist -if [ -e ./scripts/$1 ]; then - ./scripts/"$@" -else - exec "$@" -fi - -chown -R $DAPPER_UID:$DAPPER_GID . diff --git a/scripts/package b/scripts/package deleted file mode 100755 index 7a17601..0000000 --- a/scripts/package +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -e - -source $(dirname $0)/version - -cd $(dirname $0)/.. - -mkdir -p dist/artifacts - -IMAGE=${REPO}/shell:${TAG} -DOCKERFILE=package/Dockerfile - -docker build -f ${DOCKERFILE} -t ${IMAGE} --build-arg ARCH=${ARCH} . -echo Built ${IMAGE} diff --git a/scripts/release b/scripts/release deleted file mode 100755 index 7af0df3..0000000 --- a/scripts/release +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -exec $(dirname $0)/ci diff --git a/scripts/validate-ci b/scripts/validate-ci deleted file mode 100755 index 5a6c52a..0000000 --- a/scripts/validate-ci +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -e - -cd $(dirname $0)/.. - -source ./scripts/version - -if [ -n "$DIRTY" ]; then - echo Git is dirty - git status - git diff - exit 1 -fi diff --git a/scripts/version b/scripts/version deleted file mode 100755 index 1646092..0000000 --- a/scripts/version +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -if [ -n "$(git status --porcelain --untracked-files=no)" ]; then - DIRTY="-dirty" -fi - -COMMIT=$(git rev-parse --short HEAD) -GIT_TAG=${DRONE_TAG:-$(git tag -l --contains HEAD | head -n 1)} - -if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then - VERSION=$GIT_TAG -else - VERSION="${COMMIT}${DIRTY}" -fi - -if [ -z "$ARCH" ]; then - ARCH=$(go env GOHOSTARCH) -fi - -SUFFIX="-${ARCH}" - -TAG=${TAG:-${VERSION}${SUFFIX}} -REPO=${REPO:-rancher} - -if echo $TAG | grep -q dirty; then - TAG=dev -fi From da9093ee2363039d0f9aedabcbd8a7e3de4121d9 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 31 Jan 2024 20:14:11 +0000 Subject: [PATCH 2/3] build: Add tests to confirm files, perms and versions Signed-off-by: Paulo Gomes --- Makefile | 9 ++++++- hack/test | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100755 hack/test diff --git a/Makefile b/Makefile index 7b48ad3..caa0ea9 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,14 @@ ci: test validate e2e ## run the targets needed to validate a PR in CI. clean: ## clean up project. rm -rf build -test: ## test the build against all target platforms. +test: test-build ## test the build against all target platforms. + $(MAKE) image-build + IMAGE=$(IMAGE) \ + KUBECTL_VERSION=$(KUBECTL_VERSION) HELM_VERSION=$(HELM_VERSION) \ + KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) K9S_VERSION=$(K9S_VERSION) \ + ./hack/test + +test-build: # Instead of loading image, target all platforms, effectivelly testing # the build for the target architectures. $(MAKE) image-build BUILD_ACTION="--platform=$(TARGET_PLATFORMS)" diff --git a/hack/test b/hack/test new file mode 100755 index 0000000..fc40c58 --- /dev/null +++ b/hack/test @@ -0,0 +1,77 @@ +#!/bin/bash + +set -eo pipefail + +RUNNER="${RUNNER:-docker}" +IMAGE="${IMAGE:-rancher/shell:dev}" + +function run(){ + "${RUNNER}" run --rm "${IMAGE}" $1 +} + +function stat(){ + run "stat -c $1 $2" +} + +function expected_file(){ + file="$1" + owner="$2" + perms="$3" + + actualPerms=$(stat '%a' "${file}") + actualOwner=$(stat '%u:%g' "${file}") + if [[ "${actualPerms}" != "${perms}" ]] || \ + [[ "${actualOwner}" != "${owner}" ]]; then + echo "${file}: expected (${owner} ${perms}) got (${actualOwner} ${actualPerms})" + exit 1 + else + echo "${file}: OK" + fi +} + +function check_files(){ + echo "checking expected binaries:" + expected_file "/usr/local/bin/helm" "0:0" "755" + expected_file "/usr/local/bin/helm-cmd" "0:0" "755" + expected_file "/usr/local/bin/k9s" "0:0" "755" + expected_file "/usr/local/bin/kubectl" "0:0" "755" + expected_file "/usr/local/bin/kustomize" "0:0" "755" + expected_file "/usr/local/bin/welcome" "0:0" "755" + expected_file "/home/shell/kustomize.sh" "1000:1000" "755" +} + + +function expected_version(){ + cmd="$1" + version="$2" + + if [[ -z "${version}" ]]; then + echo "expected version for ${cmd} not set" + exit 1 + fi + + output=$(run "${cmd} version" 2> /dev/null) + if echo "${output}" | grep -q "${version}"; then + echo "${cmd} ${version}: OK" + else + echo "${cmd} expected ${version}: ${output}" + exit 1 + fi +} + +function check_versions(){ + echo "checking command versions:" + expected_version "helm" "${HELM_VERSION}" + expected_version "kustomize" "${KUSTOMIZE_VERSION}" + expected_version "k9s" "${K9S_VERSION}" + # --client=true is used so that it does not fail trying to + # identify the server version. + expected_version "kubectl --client=true" "${KUBECTL_VERSION}" +} + +function main(){ + check_files + check_versions +} + +main From e1c72f3b32a0b63451ee0686ffa73c5ce5b8ba95 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 31 Jan 2024 20:14:29 +0000 Subject: [PATCH 3/3] build: Replace drone release with GHA Signed-off-by: Paulo Gomes --- .drone.yml | 119 ---------------------------------- .github/workflows/release.yml | 48 ++++++++++++++ 2 files changed, 48 insertions(+), 119 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/release.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index fadf0fc..0000000 --- a/.drone.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -kind: pipeline -name: amd64 - -platform: - os: linux - arch: amd64 - -steps: -- name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: docker-publish - image: plugins/docker - settings: - build_args: - - ARCH=amd64 - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/shell" - tag: "${DRONE_TAG}-amd64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: arm64 - -platform: - os: linux - arch: arm64 - -steps: -- name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: docker-publish - image: plugins/docker - settings: - build_args: - - ARCH=arm64 - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/shell" - tag: "${DRONE_TAG}-arm64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: manifest - -platform: - os: linux - arch: amd64 - -steps: -- name: manifest - image: plugins/manifest:1.4.0 - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - platforms: - - linux/amd64 - - linux/arm64 - target: "rancher/shell:${DRONE_TAG}" - template: "rancher/shell:${DRONE_TAG}-ARCH" - when: - instance: - - drone-publish.rancher.io - event: - - tag - -depends_on: -- amd64 -- arm64 - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..9329c6c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,48 @@ +name: Release + +on: + push: + tags: + - 'v*' + +# GitHub settings / example values: +# +# org level vars: +# - PUBLIC_REGISTRY: docker.io +# repo level vars: +# - PUBLIC_REGISTRY_REPO: rancher +# repo level secrets: +# - PUBLIC_REGISTRY_USERNAME +# - PUBLIC_REGISTRY_PASSWORD + +permissions: + contents: write # Upload artefacts to release. + +jobs: + + publish-public: + runs-on: ubuntu-latest + + steps: + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + registry: ${{ vars.PUBLIC_REGISTRY }} + username: ${{ secrets.PUBLIC_REGISTRY_USERNAME }} + password: ${{ secrets.PUBLIC_REGISTRY_PASSWORD }} + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Checkout code + uses: actions/checkout@v4 + + - name: Build and push all image variations + run: | + make image-push + TAG="${TAG}-amd64" TARGET_PLATFORMS=linux/amd64 make image-push + TAG="${TAG}-arm64" TARGET_PLATFORMS=linux/arm64 make image-push + TAG="${TAG}-s390x" TARGET_PLATFORMS=linux/s390x make image-push + env: + TAG: ${{ github.ref_name }} + REPO: ${{ vars.PUBLIC_REGISTRY }}/${{ vars.PUBLIC_REGISTRY_REPO }}