[WIP] [release/0.3] Migrate drone to GHA

.github/workflows/ci.yaml

@@ -0,0 +1,69 @@
+name: Webhook CI
+
+permissions:
+  contents : read
+
+on:
+  workflow_call:
+  push:
+    branches:
+      - release/v*
+    paths-ignore:
+      - '*.md'
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+  pull_request:
+    paths-ignore:
+    - '*.md'
+    - '.gitignore'
+    - 'CODEOWNERS'
+    - 'LICENSE'
+jobs:
+  build:
+    strategy:
+      matrix:
+        os : [
+          ubuntu-latest
+          # org-rancher-arm64-containers
+          ]
+    name : CI
+    runs-on : ${{ matrix.os }}
+    steps:
+      - name : Checkout repository
+        uses : actions/checkout@v4
+        with :
+          fetch-depth : 0
+      - name : CI
+        run : make ci
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: webhook-build-artifacts-${{ matrix.os }}
+          path: ./dist/artifacts
+
+  test:
+    name : integration-test
+    needs : [
+      build
+    ]
+    runs-on : ${{ matrix.os }}
+    container:
+      image: rancher/rancher:v2.7-head
+    strategy:
+      matrix:
+        os : [
+          ubuntu-latest
+          # org-rancher-arm64-containers,
+         ]
+    steps:
+      - name : Checkout repository
+        uses : actions/checkout@v4
+      - name : Fetch build artifacts
+        uses: actions/download-artifact@v4
+      - name : Debug
+        run : ls -R ./dist/artifacts
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name : Run integration tests
+        run : ./scripts/integration-test

.github/workflows/fossa.yaml

@@ -0,0 +1,34 @@
+name: Run Webhook Fossa Scan
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+  pull_request:
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # needed for the Vault authentication
+    continue-on-error: true # we know that fossa test will report errors
+    steps:
+      - name: Load Secrets from Vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+      - name: Run FOSSA Analyze
+        uses: fossas/[email protected]
+        with:
+          api-key: ${{ env.FOSSA }}
+      - name: Run FOSSA test
+        uses: fossas/[email protected]
+        with:
+          api-key: ${{ env.FOSSA }}
+          run-tests: true

.github/workflows/publish.yaml

@@ -0,0 +1,53 @@
+name : Publish Webhook Images
+
+on:
+  push:
+  pull_request:
+
+env:
+  REGISTRY: docker.io
+  REPO : rancher
+
+jobs:
+  ci :
+    uses: ./.github/workflows/ci.yaml
+    permissions:
+      contents: read
+  push:
+    needs : [
+      ci
+    ]
+    permissions:
+      contents : read
+      id-token: write
+    name : Build and push webhook images
+    runs-on : ubuntu-latest
+    steps:
+      - name : "Read vault secrets"
+        uses : rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+      - name : Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ env.DOCKER_PASSWORD }}
+        # setup tag name
+      - if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        run: |
+          echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
+      - name: Build and push the webhook image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./package/Dockerfile
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO }}/webhook:${{ env.TAG_NAME }}
+          platforms: linux/amd64,linux/arm64

.github/workflows/release.yaml

@@ -0,0 +1,37 @@
+name: goreleaser
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: write
+
+jobs:
+  ci:
+    uses: ./.github/workflows/ci.yaml
+    permissions:
+      contents: read
+  goreleaser:
+    needs: [
+      ci
+    ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: git fetch --force --tags
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22
+      - name : Package release helm charts
+        run : make package-helm
+      - run : mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}