From 06d8e73cdd22884b66f5b5c429d761eb5f16e1d4 Mon Sep 17 00:00:00 2001 From: mitulshah-suse Date: Thu, 9 May 2024 16:25:40 +0530 Subject: [PATCH] Move from drone to Github Actions for 1.6 --- .drone.yml | 207 -------------------------------- .droneignore | 6 - .github/workflows/fossa.yaml | 31 +++++ .github/workflows/test-cni.yaml | 27 +++++ .github/workflows/workflow.yaml | 145 ++++++++++++++++++++++ dind/dind.go | 2 +- scripts/dispatch | 28 ----- scripts/integration | 3 +- scripts/validate | 6 +- 9 files changed, 209 insertions(+), 246 deletions(-) delete mode 100644 .drone.yml delete mode 100644 .droneignore create mode 100644 .github/workflows/fossa.yaml create mode 100644 .github/workflows/test-cni.yaml create mode 100644 .github/workflows/workflow.yaml delete mode 100755 scripts/dispatch diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 406e12589..000000000 --- a/.drone.yml +++ /dev/null @@ -1,207 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -steps: -- name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release/v* - - refs/pull/** - -- name: ci - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - - ls -lR build/bin - environment: - CROSS: 1 - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: integration-ci - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration-ci - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: github_binary_prerelease - pull: default - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - files: - - "build/bin/rke*" - prerelease: true - title: "Pre-release ${DRONE_TAG}" - note: ./build/bin/rke-k8sversions.txt - overwrite: true - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: github_binary_release - pull: default - image: plugins/github-release - settings: - checksum: - - sha256 - files: - - "build/bin/rke*" - api_key: - from_secret: github_token - title: "Release ${DRONE_TAG}" - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: dispatch - image: curlimages/curl:7.81.0 - user: root - environment: - PAT_USERNAME: - from_secret: pat_username - PAT_TOKEN: - from_secret: github_token - commands: - - apk -U --no-cache add bash - - scripts/dispatch - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: test-cni - -platform: - os: linux - arch: amd64 - -steps: -- name: build - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper build - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-flannel - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration flannel - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-calico - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration calico - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-weave - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration weave - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: fossa - -steps: -- name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io diff --git a/.droneignore b/.droneignore deleted file mode 100644 index 5e8e806f4..000000000 --- a/.droneignore +++ /dev/null @@ -1,6 +0,0 @@ -^.*\.md$ -^\.droneignore$ -^\.github\/.*$ -^CODEOWNERS$ -^LICENSE$ -^docs/.*$ diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml new file mode 100644 index 000000000..13da74e02 --- /dev/null +++ b/.github/workflows/fossa.yaml @@ -0,0 +1,31 @@ +name: Fossa scan + +on: + push: + branches: + - '*' + tags: + - '*' + pull_request: + branches: + - '*' + +jobs: + fossa: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + continue-on-error: true # we know that fossa test will report errors + steps: + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Run FOSSA scan + uses: fossas/fossa-action@v1.3.3 + with: + api-key: ${{ env.FOSSA }} \ No newline at end of file diff --git a/.github/workflows/test-cni.yaml b/.github/workflows/test-cni.yaml new file mode 100644 index 000000000..b3d54fb0d --- /dev/null +++ b/.github/workflows/test-cni.yaml @@ -0,0 +1,27 @@ +name: Test CNI + +on: + pull_request: + branches: + - '**' + +jobs: + integration-cni-tests: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 60 + strategy: + matrix: + cni: [flannel, calico, weave] + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run ${{ matrix.cni }} check + run: | + ./scripts/build + ./scripts/integration ${{ matrix.cni }} \ No newline at end of file diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml new file mode 100644 index 000000000..04dbc38b8 --- /dev/null +++ b/.github/workflows/workflow.yaml @@ -0,0 +1,145 @@ +name: CI workflow + +on: + push: + branches: + - 'release/v*' + tags: + - '*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + pull_request: + branches: + - 'release/v*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + +jobs: + ci: + permissions: + contents: read + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.58 + - name: Run CI + run: | + ./scripts/ci + ls -lR build/bin + env: + CROSS: 1 + - name: Upload rke bin artifacts + if: github.event_name == 'push' && github.ref_type == 'tag' + uses: actions/upload-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin/rke* + if-no-files-found: error + retention-days: 1 + + integration-ci: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 30 + if: github.event_name == 'pull_request' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run CI + run: | + ./scripts/integration-ci + + github-pre-release: + permissions: + contents: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' && (contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create pre-release + run: | + gh release create ${{ github.ref_name }} -p --verify-tag --title "Pre-release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt + + github-release: + permissions: + contents: write + id-token: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' && !(contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create release + run: | + gh release create ${{ github.ref_name }} --verify-tag --title "Release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt + + dispatch: + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Retrieve token from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; + - name: Run dispatch + run: | + case ${{ github.ref_name }} in + "v1.4"*) + ACTION_TARGET_BRANCH="release/v2.7" + ;; + "v1.5"*) + ACTION_TARGET_BRANCH="release/v2.8" + ;; + "v1.6"*) + ACTION_TARGET_BRANCH="release/v2.9" + ;; + *) + echo "Not a valid tag, not dispatching event" + exit 0 + esac + echo "Running on $ACTION_TARGET_BRANCH" + echo ${{ env.PAT_TOKEN }} | gh auth login --with-token + gh workflow run "Go get" --repo rancher/rancher --ref $ACTION_TARGET_BRANCH -F goget_module=github.com/rancher/rke -F goget_version=${{ github.ref_name }} -F source_author=${{ github.actor }} \ No newline at end of file diff --git a/dind/dind.go b/dind/dind.go index c3eb74293..7fb2d6fec 100644 --- a/dind/dind.go +++ b/dind/dind.go @@ -13,7 +13,7 @@ import ( ) const ( - DINDImage = "docker:20.10.23-dind" + DINDImage = "docker:24.0.9-dind" DINDContainerPrefix = "rke-dind" DINDPlane = "dind" DINDNetwork = "dind-network" diff --git a/scripts/dispatch b/scripts/dispatch deleted file mode 100755 index 0324edc06..000000000 --- a/scripts/dispatch +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -set -e -set -x - -REPO="https://api.github.com/repos/rancher/rancher/actions/workflows/go-get.yml/dispatches" - -case $DRONE_TAG in - "v1.4"*) - ACTION_TARGET_BRANCH="release/v2.7" - ;; - "v1.5"*) - ACTION_TARGET_BRANCH="release/v2.8" - ;; - *) - echo "Not a valid tag, not dispatching event" - exit 0 -esac - -echo "DRONE_TAG: $DRONE_TAG" -echo "DRONE_COMMIT_AUTHOR: $DRONE_COMMIT_AUTHOR" - -echo "Dispatching to branch ${ACTION_TARGET_BRANCH}" - -# send dispatch event to workflow -curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Content-Type: application/json" $REPO \ - --data '{"ref": "'"$ACTION_TARGET_BRANCH"'","inputs":{"goget_module":"github.com/rancher/rke","goget_version":"'"$DRONE_TAG"'","source_author":"'"$DRONE_COMMIT_AUTHOR"'"}}' diff --git a/scripts/integration b/scripts/integration index cb6b158e9..4005b215b 100755 --- a/scripts/integration +++ b/scripts/integration @@ -18,7 +18,8 @@ function cleanup { echo "" echo_with_time "---- Clean Up RKE ----" for i in ./bin/cluster-*.yml; do - ./bin/rke remove --dind --force --config $i 2>&1 >/dev/null + # ./bin/rke remove --dind --force --config $i 2>&1 >/dev/null + ./bin/rke remove --dind --force --config $i done rm -f ./bin/*.rkestate ./bin/*.yml } diff --git a/scripts/validate b/scripts/validate index 265c35828..d4a116ed6 100755 --- a/scripts/validate +++ b/scripts/validate @@ -5,9 +5,9 @@ cd $(dirname $0)/.. echo Running validation -echo Running: golangci-lint -export "GOROOT=$(go env GOROOT)" -golangci-lint run +#echo Running: golangci-lint +#export "GOROOT=$(go env GOROOT)" +#golangci-lint run echo Tidying up modules go mod tidy