diff --git a/.dockerignore b/.dockerignore index bec10c10c9..29afd46c18 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,2 @@ ./.dapper -./.cache -./dist +./.cache \ No newline at end of file diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 5aed2c2dcc..0000000000 --- a/.drone.yml +++ /dev/null @@ -1,472 +0,0 @@ ---- -kind: pipeline -type: docker -name: build-amd64 - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: validate-release - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make validate-release - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: build - image: rancher/dapper:v0.5.5 - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - docker pull --quiet alpine:3.18 - - dapper -f Dockerfile --target dapper make dapper-ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/master" - - "refs/heads/release-*" - - "refs/tags/v*" - - "refs/pull/*" - event: - - push - - tag - - - name: package-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: scan - image: rancher/dapper:v0.5.5 - failure: ignore - commands: - - dapper -f Dockerfile --target dapper make scan-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - instance: - - drone-publish.rancher.io - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/tags/* - - - name: test - image: rancher/dapper:v0.5.5 - secrets: [ AWS_ACCESS_KEY_ID-rke2-ci-uploader, AWS_SECRET_ACCESS_KEY-rke2-ci-uploader ] - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - dapper -f Dockerfile --target dapper make test - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: publish-image-runtime - image: rancher/hardened-build-base:v1.22.4b2 - commands: - - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - - DRONE_TAG=${DRONE_TAG} make publish-image-runtime - environment: - DOCKER_PASSWORD: - from_secret: docker_password - DOCKER_USERNAME: - from_secret: docker_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - - - name: package-windows-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-windows-images - when: - event: - - tag - instance: - - drone-publish.rancher.io - volumes: - - name: docker - path: /var/run/docker.sock - - - name: publish-dist-artifacts - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - dist/artifacts/* - prerelease: true - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -type: docker -name: build-arm64 - -platform: - os: linux - arch: arm64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: validate-release - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make validate-release - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: build - image: rancher/dapper:v0.5.5 - environment: - ENABLE_REGISTRY: 'true' - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID-rke2-ci-uploader - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader - commands: - - docker pull --quiet alpine:3.18 - - dapper -f Dockerfile --target dapper make dapper-ci - volumes: - - name: docker - path: /var/run/docker.sock - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - refs/tags/* - - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/master" - - "refs/heads/release-*" - - "refs/tags/v*" - - "refs/pull/*" - event: - - push - - tag - - - name: package-images - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make package-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - - - name: scan - image: rancher/dapper:v0.5.5 - failure: ignore - commands: - - dapper -f Dockerfile --target dapper make scan-images - volumes: - - name: docker - path: /var/run/docker.sock - when: - instance: - - drone-publish.rancher.io - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/tags/* - - - name: publish-image-runtime - image: rancher/hardened-build-base:v1.22.4b2 - commands: - - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - - DRONE_TAG=${DRONE_TAG} make publish-image-runtime - environment: - DOCKER_PASSWORD: - from_secret: docker_password - DOCKER_USERNAME: - from_secret: docker_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - - - name: publish-dist-artifacts - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - dist/artifacts/* - prerelease: true - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -type: docker -name: dispatch - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: dispatch - image: rancher/dapper:v0.5.5 - commands: - - dapper -f Dockerfile --target dapper make dispatch - environment: - PAT_TOKEN: - from_secret: github_token - PAT_USERNAME: - from_secret: pat_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - -volumes: - - name: docker - host: - path: /var/run/docker.sock - -depends_on: - - build-amd64 - - build-arm64 ---- -kind: pipeline -type: docker -name: manifest - -platform: - os: linux - arch: amd64 - -clone: - retries: 3 - -steps: - - name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release-* - - refs/pull/** - - - name: push-runtime-manifest - image: plugins/manifest - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - spec: manifest-runtime.tmpl - when: - event: - - tag - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* -depends_on: - - build-amd64 - - build-arm64 -... diff --git a/.droneignore b/.droneignore deleted file mode 100644 index c581c05361..0000000000 --- a/.droneignore +++ /dev/null @@ -1,9 +0,0 @@ -^.*\.md$ -^install\.sh$ -^\.droneignore$ -^\.github\/.*$ -^MAINTAINERS$ -^CODEOWNERS$ -^LICENSE$ -^DCO$ -^channels\.yaml$ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 666d9d5f95..22a4f3a03c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,8 @@ on: - "v*" env: - GITHUB_TAG: ${{ github.ref_name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} + GH_TOKEN: ${{ github.token }} name: Release permissions: @@ -17,23 +18,23 @@ permissions: id-token: write jobs: release-amd64: - runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=256 steps: - name: Checkout code uses: actions/checkout@v4 - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper - chmod +x /usr/local/bin/dapper + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /tmp/dapper + chmod +x /tmp/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + /tmp/dapper -f Dockerfile --target dapper make validate-release - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + /tmp/dapper -f Dockerfile --target dapper make dapper-ci - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -44,53 +45,49 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + /tmp/dapper -f Dockerfile --target dapper make package-images - name: Scan Images + continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images + /tmp/dapper -f Dockerfile --target dapper make scan-images - name: Test run: | - dapper -f Dockerfile --target dapper make test - - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} + /tmp/dapper -f Dockerfile --target dapper make test - name: Publish Image Runtime run: | - GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} - name: Checksum Artifacts run: | - dapper -f Dockerfile --target dapper make checksum + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make checksum - name: Publish Artifacts - uses: softprops/action-gh-release@v2 - with: - files: | - dist/artifacts/* + run: | + gh release upload ${{ github.ref_name }} dist/artifacts/* release-arm64: - runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 + runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=256 steps: - name: Checkout code uses: actions/checkout@v4 - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper - chmod +x /usr/local/bin/dapper + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /tmp/dapper + chmod +x /tmp/dapper - name: Validate Release run: | - dapper -f Dockerfile --target dapper make validate-release + /tmp/dapper -f Dockerfile --target dapper make validate-release - name: Build run: | - dapper -f Dockerfile --target dapper make dapper-ci + /tmp/dapper -f Dockerfile --target dapper make dapper-ci - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -101,31 +98,27 @@ jobs: - name: Package Images run: | - dapper -f Dockerfile --target dapper make package-images + /tmp/dapper -f Dockerfile --target dapper make package-images - name: Scan Images + continue-on-error: true run: | - dapper -f Dockerfile --target dapper make scan-images - - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} + /tmp/dapper -f Dockerfile --target dapper make scan-images - name: Publish Image Runtime run: | - GITHUB_TAG=${{ github.ref_name }} make publish-image-runtime - - - name: Checksum Artifacts + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make publish-image-runtime + env: + DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + + - name: Checksum run: | - dapper -f Dockerfile --target dapper make checksum + GITHUB_ACTION_TAG=${{ github.ref_name }} /tmp/dapper -f Dockerfile --target dapper make checksum - name: Publish Artifacts - uses: softprops/action-gh-release@v2 - with: - files: | - dist/artifacts/* + run: | + gh release upload ${{ github.ref_name }} dist/artifacts/* dispatch: needs: [release-amd64, release-arm64] runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 @@ -150,3 +143,4 @@ jobs: env: PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} PATH_USERNAME: ${{ env.PAT_USERNAME }} + GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} diff --git a/Dockerfile b/Dockerfile index b42ce2c414..c27c073d65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build diff --git a/Dockerfile.windows b/Dockerfile.windows index ec37632e53..1aee19713c 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,7 +6,7 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.21.5b2 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG DRONE_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY +ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH ENV ARCH $DAPPER_HOST_ARCH ENV DAPPER_OUTPUT ./dist ./bin ./build diff --git a/scripts/checksum b/scripts/checksum index a46df8e064..943b99ab50 100755 --- a/scripts/checksum +++ b/scripts/checksum @@ -5,20 +5,15 @@ cd $(dirname $0)/.. source ./scripts/version.sh -CHECKSUM_DIR=${CHECKSUM_DIR:-./dist/artifacts} +CHECKSUM_DIR=${CHECKSUM_DIR:-dist/artifacts} -function checksum(){ +mkdir -p ${CHECKSUM_DIR} +sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" +echo -n "" > "${sumfile}" - sumfile="${CHECKSUM_DIR}/sha256sum-${ARCH}.txt" - echo -n "" > "${sumfile}" +files=$(ls ${CHECKSUM_DIR} | grep "${ARCH}" | grep -v "sha256sum-${ARCH}.txt") +for file in ${files}; do + sha256sum "${CHECKSUM_DIR}/${file}" | sed "s;$(dirname ${CHECKSUM_DIR}/${file})/;;g" >> "${sumfile}" +done - files=$(ls ${CHECKSUM_DIR}) - for file in ${files}; do - sha256sum "${file}" | sed "s;$(dirname ${file})/;;g" >> "${sumfile}" - done - - cat "${sumfile}" -} - - -checksum \ No newline at end of file +cat "${sumfile}" \ No newline at end of file diff --git a/scripts/package-dev-rpm b/scripts/package-dev-rpm index 003eeb6347..a4b326ddb1 100755 --- a/scripts/package-dev-rpm +++ b/scripts/package-dev-rpm @@ -67,7 +67,7 @@ while IFS= read -r script; do "${script}" # Build rpm - bash "${script}" + TAG=${RPM_VERSION} bash "${script}" done <"${SCRIPT_LIST}" if [ "${DAPPER_UID:--1}" -ne "-1" ]; then diff --git a/scripts/publish-image-runtime b/scripts/publish-image-runtime index b3a9b14d7d..16ef2821c8 100755 --- a/scripts/publish-image-runtime +++ b/scripts/publish-image-runtime @@ -5,6 +5,10 @@ cd $(dirname $0)/.. source ./scripts/version.sh +set +x +docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD +set -x + docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-${GOOS}-${GOARCH} if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then docker image push ${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}-windows-amd64 diff --git a/scripts/validate-release b/scripts/validate-release index b4021c246a..2d49673b81 100755 --- a/scripts/validate-release +++ b/scripts/validate-release @@ -59,6 +59,6 @@ function check_kubernetes_version() { . ./scripts/version.sh git fetch origin -f --tags -parse_tag $GITHUB_TAG +parse_tag $GITHUB_ACTION_TAG check_release_branch check_kubernetes_version diff --git a/scripts/version.sh b/scripts/version.sh index 22fba72e77..a72eb2efd5 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -25,7 +25,7 @@ if [ -z "$GOOS" ]; then fi fi -GIT_TAG=$GITHUB_TAG +GIT_TAG=$GITHUB_ACTION_TAG TREE_STATE=clean COMMIT=$DRONE_COMMIT REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .dirty; fi)