Migrate v0.3 to GHA

- backport changes to v0.5
- use k8s 1.27
- include setting capi.port -- this stopped happening with v 0.4

.github/workflows/ci.yaml

@@ -0,0 +1,89 @@
+name: Webhook CI
+
+on:
+  workflow_call:
+  push:
+    branches:
+      - release/v*
+    paths-ignore:
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+  pull_request:
+    paths-ignore:
+    - '.gitignore'
+    - 'CODEOWNERS'
+    - 'LICENSE'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: CI
+    strategy:
+      matrix:
+        archBox:
+        - { arch: amd64, vmArch: x64 }
+        - { arch: arm64, vmArch: arm64 }
+    runs-on: runs-on,runner=1cpu-linux-${{ matrix.archBox.vmArch }},run-id=${{ github.run_id }}
+    steps:
+      - name : Checkout repository
+        # https://github.com/actions/checkout/releases/tag/v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Go
+        # https://github.com/actions/setup-go/releases/tag/v5.0.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: 'go.mod'
+
+      - name: install K3d
+        run: ./.github/workflows/scripts/install-k3d.sh
+        env:
+          K3D_VERSION: latest
+
+      - name: ci
+        run: make ci
+
+      - name: setup cluster
+        run: ./.github/workflows/scripts/setup-cluster.sh
+        env:
+          CLUSTER_NAME: webhook
+          K3S_VERSION: v1.27.14-k3s1
+          ARCH: "${{ matrix.archBox.arch }}"
+
+# Build the image this way because using the docker/build-push-action
+# results in an image without an entrypoint
+
+      - name: import image
+        run: k3d image import dist/rancher-webhook-image.tar -c webhook
+
+      - name: start rancher
+        run: ./.github/workflows/scripts/start-rancher.sh
+        env:
+          VERSION: "2.7"
+
+      - name: get vars
+        run: cat dist/image_tag >> $GITHUB_ENV
+
+      - name: Run integration tests
+        id: integrationTests
+        run: ./.github/workflows/scripts/integration-test-ci
+        # See https://docs.github.com/en/actions/learn-github-actions/contexts#steps-context
+        # for explanation of steps.continue-on-error and steps.ID.outcome
+        continue-on-error: true
+        env:
+          ARCH: "${{ matrix.archBox.arch }}"
+          CLUSTER_NAME: webhook
+          IMAGE_REPO: rancher/webhook
+          IMAGE_TAG: "${{ env.IMAGE_TAG }}"
+
+      - name: Rerun integration tests one more time if they failed the first time
+        if: steps.integrationTests.outcome == 'failure'
+        run: ./.github/workflows/scripts/integration-test-ci
+        env:
+          ARCH: "${{ matrix.archBox.arch }}"
+          CLUSTER_NAME: webhook
+          IMAGE_REPO: rancher/webhook
+          IMAGE_TAG: "${{ env.IMAGE_TAG }}"

.github/workflows/publish.yaml

@@ -0,0 +1,55 @@
+name: Publish Webhook Images
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  REPO: rancher
+
+permissions:
+  contents: read
+
+jobs:
+  push:
+    permissions:
+      contents: read
+      id-token: write
+    name: Build and push Webhook images
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Read vault secrets"
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+      - name: Checkout repository
+        # https://github.com/actions/checkout/releases/tag/v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Docker Buildx
+        # https://github.com/docker/setup-buildx-action/commit/d70bba72b1f3fd22344832f00baa16ece964efeb
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+      - name: Log in to the Container registry
+        # https://github.com/docker/login-action/commit/0d4c9c5ea7693da7b068278f7b52bda2a190a446
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ env.DOCKER_PASSWORD }}
+        # setup tag name
+      - if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        run: |
+          echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
+      - name: Build and push the webhook image
+        # https://github.com/docker/build-push-action/commit/ca052bb54ab0790a636c9b5f226502c73d547a25
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+        with:
+          context: .
+          file: ./package/Dockerfile
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO }}/webhook:${{ env.TAG_NAME }}
+          platforms: linux/amd64,linux/arm64

.github/workflows/release.yaml

@@ -0,0 +1,37 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: write
+
+jobs:
+  ci:
+    uses: rancher/webhook/.github/workflows/ci.yaml@release/v0.3
+    permissions:
+      contents: read
+  goreleaser:
+    needs: [
+      ci
+    ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22
+      - name: Package release helm charts
+        run: make package-helm
+      - run: mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/scripts/install-k3d.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -eu
+
+REPO_URL=https://github.com/rancher/k3d
+K3D_URL=https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh
+
+install_k3d(){
+  if [ -z "${K3D_VERSION:-}" -o "${K3D_VERSION:-}" = "latest" ] ; then
+    K3D_VERSION=$(curl -Ls -o /dev/null -w %{url_effective} "${REPO_URL}/releases/latest" | grep -oE "[^/]+$")
+  fi
+  echo -e "Downloading k3d@${K3D_VERSION} from ${K3D_URL}"
+  curl --silent --fail ${K3D_URL} | TAG=${K3D_VERSION} bash
+}
+
+install_k3d
+
+k3d version