Skip to content

Merge pull request #463 from kinarashah/fix-v2.14 #39

Merge pull request #463 from kinarashah/fix-v2.14

Merge pull request #463 from kinarashah/fix-v2.14 #39

Workflow file for this run

name: Release
on:
push:
tags:
- '*'
jobs:
create-draft:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Create draft release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release create -R "${GITHUB_REPOSITORY}" --draft --generate-notes "${GITHUB_REF_NAME}"
build:
runs-on: ubuntu-latest
needs: [create-draft]
strategy:
fail-fast: true
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Build binary
run: make build ARCH=${{ matrix.arch }}
- name: Package artifacts
run: make package ARCH=${{ matrix.arch }}
- name: Upload artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: "rancher-machine-${{ matrix.arch }}.tar.gz"
path: "dist/artifacts/rancher-machine-${{ matrix.arch }}.tar.gz"
if-no-files-found: error
overwrite: true
publish:
runs-on: ubuntu-latest
needs: [create-draft]
permissions:
contents: read
id-token: write # required for cosign signing
steps:
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | PRIME_STG_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | PRIME_STG_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | PRIME_STG_REGISTRY_PASSWORD
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Build and push image to DockerHub and Prime Staging Registry
uses: rancher/ecm-distro-tools/actions/publish-image@dccc58c2e8e9c059aeab6229b70d2f0b1e977625 # master
with:
image: machine
tag: ${{ github.ref_name }}
platforms: linux/amd64,linux/arm64
public-registry: docker.io
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
push-to-prime: true
prime-registry: ${{ env.PRIME_STG_REGISTRY }}
prime-repo: rancher
prime-make-target: push-prime-image
prime-username: ${{ env.PRIME_STG_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_STG_REGISTRY_PASSWORD }}
- name: Build and push image to Prime Prod Registry
if: ${{ !contains(github.ref_name, '-rc') }}
uses: rancher/ecm-distro-tools/actions/publish-image@dccc58c2e8e9c059aeab6229b70d2f0b1e977625 # master
with:
image: machine
tag: ${{ github.ref_name }}
platforms: linux/amd64,linux/arm64
push-to-public: false
push-to-prime: true
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-repo: rancher
prime-make-target: push-prime-image
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
finalize:
runs-on: ubuntu-latest
needs:
- build
- publish
permissions:
contents: write # Publish the draft release
id-token: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download assets
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
path: /tmp/assets
pattern: rancher-machine-*.tar.gz
merge-multiple: true
- name: Upload binary assets to release
run: gh release upload -R "${GITHUB_REPOSITORY}" "${GITHUB_REF_NAME}" /tmp/assets/rancher-machine-*.tar.gz
- name: Publish the release
run: gh release edit -R "${GITHUB_REPOSITORY}" "${GITHUB_REF_NAME}" --draft=false