From 9a8465a3d556df4705d3eccbc069c43461884802 Mon Sep 17 00:00:00 2001 From: Eric Promislow Date: Tue, 14 May 2024 15:36:15 -0700 Subject: [PATCH] [WIP] [release/0.3] Migrate drone to GHA --- .drone.yml | 189 --------------------------------- .github/workflows/ci.yaml | 69 ++++++++++++ .github/workflows/fossa.yaml | 34 ++++++ .github/workflows/publish.yaml | 53 +++++++++ .github/workflows/release.yaml | 37 +++++++ .goreleaser.yaml | 41 +++++++ 6 files changed, 234 insertions(+), 189 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/fossa.yaml create mode 100644 .github/workflows/publish.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .goreleaser.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 719466143..000000000 --- a/.drone.yml +++ /dev/null @@ -1,189 +0,0 @@ ---- -kind: pipeline -name: amd64 -type: docker - -platform: - os: linux - arch: amd64 - -steps: - - name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - - - name: integration-test - image: rancher/rancher:v2.7-head - privileged: true - commands: - - zypper -n install helm - - scripts/integration-test - - - name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/rancher-webhook" - tag: "${DRONE_TAG}-amd64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: arm64 -type: docker - -platform: - os: linux - arch: arm64 - -steps: - - name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - - - name: integration-test - image: rancher/rancher:v2.7-head - privileged: true - commands: - - zypper -n install helm - - scripts/integration-test - - - name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - - - name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/rancher-webhook" - tag: "${DRONE_TAG}-arm64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: manifest -type: docker - -platform: - os: linux - arch: amd64 - -steps: - - name: manifest - image: plugins/manifest:1.4.0 - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - platforms: - - linux/amd64 - - linux/arm64 - target: "rancher/rancher-webhook:${DRONE_TAG}" - template: "rancher/rancher-webhook:${DRONE_TAG}-ARCH" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -depends_on: - - amd64 - - arm64 - ---- -kind: pipeline -name: fossa -type: docker - -steps: - - name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..890f570d2 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,69 @@ +name: Webhook CI + +permissions: + contents : read + +on: + workflow_call: + push: + branches: + - release/v* + paths-ignore: + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' + pull_request: + paths-ignore: + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' +jobs: + build: + strategy: + matrix: + os : [ + ubuntu-latest + # org-rancher-arm64-containers + ] + name : CI + runs-on : ${{ matrix.os }} + steps: + - name : Checkout repository + uses : actions/checkout@v4 + with : + fetch-depth : 0 + - name : CI + run : make ci + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: webhook-build-artifacts-${{ matrix.os }} + path: ./dist/artifacts + + test: + name : integration-test + needs : [ + build + ] + runs-on : ${{ matrix.os }} + container: + image: rancher/rancher:v2.7-head + strategy: + matrix: + os : [ + ubuntu-latest + # org-rancher-arm64-containers, + ] + steps: + - name : Checkout repository + uses : actions/checkout@v4 + - name : Fetch build artifacts + uses: actions/download-artifact@v4 + - name : Debug + run : ls -R ./dist/artifacts + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name : Run integration tests + run : ./scripts/integration-test diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml new file mode 100644 index 000000000..78378a5f3 --- /dev/null +++ b/.github/workflows/fossa.yaml @@ -0,0 +1,34 @@ +name: Run Webhook Fossa Scan + +on: + push: + branches: + - master + tags: + - '*' + pull_request: + +jobs: + fossa: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # needed for the Vault authentication + continue-on-error: true # we know that fossa test will report errors + steps: + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Run FOSSA Analyze + uses: fossas/fossa-action@v1.3.3 + with: + api-key: ${{ env.FOSSA }} + - name: Run FOSSA test + uses: fossas/fossa-action@v1.3.3 + with: + api-key: ${{ env.FOSSA }} + run-tests: true diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 000000000..4e71de69e --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,53 @@ +name : Publish Webhook Images + +on: + push: + pull_request: + +env: + REGISTRY: docker.io + REPO : rancher + +jobs: + ci : + uses: ./.github/workflows/ci.yaml + permissions: + contents: read + push: + needs : [ + ci + ] + permissions: + contents : read + id-token: write + name : Build and push webhook images + runs-on : ubuntu-latest + steps: + - name : "Read vault secrets" + uses : rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + - name : Checkout repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + # setup tag name + - if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV + - name: Build and push the webhook image + uses: docker/build-push-action@v5 + with: + context: . + file: ./package/Dockerfile + push: true + tags: ${{ env.REGISTRY }}/${{ env.REPO }}/webhook:${{ env.TAG_NAME }} + platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..3956066eb --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,37 @@ +name: goreleaser + +on: + push: + pull_request: + +permissions: + contents: write + +jobs: + ci: + uses: ./.github/workflows/ci.yaml + permissions: + contents: read + goreleaser: + needs: [ + ci + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - run: git fetch --force --tags + - uses: actions/setup-go@v5 + with: + go-version: 1.22 + - name : Package release helm charts + run : make package-helm + - run : mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/ + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 000000000..8e292eba7 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,41 @@ +# Make sure to check the documentation at https://goreleaser.com +before: + hooks: + - go mod tidy +builds: + - id: webhook + main: ./main.go + goos: + - linux + goarch: + - amd64 + - arm64 + binary: webhook + ldflags: + - -extldflags + - -static + - -s + - -X main.Version={{.Version}} -X main.GitCommit={{.Commit}} + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: webhook + builds: + - webhook + name_template: '{{ .Binary }}-linux-{{ .Arch }}' +release: + prerelease: auto + extra_files: + - glob : ./build/artifacts/*.tgz +checksum: + name_template: 'sha256sum-{{ .Arch }}.txt' +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:'