diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 406e12589..000000000 --- a/.drone.yml +++ /dev/null @@ -1,207 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -steps: -- name: skipfiles - image: plugins/git - commands: - - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH} || echo ${DRONE_COMMIT_SHA}~) - - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - - if [ -z "$DIFF" ]; then - echo "All files in PR are on ignore list"; - exit 78; - else - echo "Some files in PR are not ignored, $DIFF"; - fi; - when: - ref: - include: - - refs/heads/master - - refs/heads/release/v* - - refs/pull/** - -- name: ci - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - - ls -lR build/bin - environment: - CROSS: 1 - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: integration-ci - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration-ci - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: github_binary_prerelease - pull: default - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - files: - - "build/bin/rke*" - prerelease: true - title: "Pre-release ${DRONE_TAG}" - note: ./build/bin/rke-k8sversions.txt - overwrite: true - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: github_binary_release - pull: default - image: plugins/github-release - settings: - checksum: - - sha256 - files: - - "build/bin/rke*" - api_key: - from_secret: github_token - title: "Release ${DRONE_TAG}" - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: dispatch - image: curlimages/curl:7.81.0 - user: root - environment: - PAT_USERNAME: - from_secret: pat_username - PAT_TOKEN: - from_secret: github_token - commands: - - apk -U --no-cache add bash - - scripts/dispatch - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: test-cni - -platform: - os: linux - arch: amd64 - -steps: -- name: build - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper build - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-flannel - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration flannel - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-calico - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration calico - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -- name: integration-weave - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper integration weave - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: fossa - -steps: -- name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io diff --git a/.droneignore b/.droneignore deleted file mode 100644 index 5e8e806f4..000000000 --- a/.droneignore +++ /dev/null @@ -1,6 +0,0 @@ -^.*\.md$ -^\.droneignore$ -^\.github\/.*$ -^CODEOWNERS$ -^LICENSE$ -^docs/.*$ diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml new file mode 100644 index 000000000..75e3e63c1 --- /dev/null +++ b/.github/workflows/fossa.yaml @@ -0,0 +1,29 @@ +name: Fossa scan + +on: + push: + branches: + - '**' + tags: + - '*' + +jobs: + fossa: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + timeout-minutes: 20 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Read FOSSA token + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY + - name: FOSSA scan + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} + run-tests: false \ No newline at end of file diff --git a/.github/workflows/test-cni.yaml b/.github/workflows/test-cni.yaml new file mode 100644 index 000000000..b3d54fb0d --- /dev/null +++ b/.github/workflows/test-cni.yaml @@ -0,0 +1,27 @@ +name: Test CNI + +on: + pull_request: + branches: + - '**' + +jobs: + integration-cni-tests: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 60 + strategy: + matrix: + cni: [flannel, calico, weave] + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run ${{ matrix.cni }} check + run: | + ./scripts/build + ./scripts/integration ${{ matrix.cni }} \ No newline at end of file diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml new file mode 100644 index 000000000..10e237b80 --- /dev/null +++ b/.github/workflows/workflow.yaml @@ -0,0 +1,144 @@ +name: CI workflow + +on: + push: + branches: + - 'release/v*' + tags: + - '*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + pull_request: + branches: + - 'release/v*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + +jobs: + ci: + permissions: + contents: read + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.58 + - name: Run CI + run: | + ./scripts/ci + ls -lR build/bin + env: + CROSS: 1 + - name: Upload rke bin artifacts + if: github.event_name == 'push' && github.ref_type == 'tag' + uses: actions/upload-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin/rke* + if-no-files-found: error + retention-days: 1 + + integration-ci: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 30 + if: github.event_name == 'pull_request' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run CI + run: | + ./scripts/integration-ci + + github-pre-release: + permissions: + contents: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' && (contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create pre-release + run: | + gh release create ${{ github.ref_name }} -p --verify-tag --title "Pre-release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke* + + github-release: + permissions: + contents: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' && !(contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create release + run: | + gh release create ${{ github.ref_name }} --verify-tag --title "Release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke* + + dispatch: + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: [ci, integration-ci] + if: github.event_name == 'push' && github.ref_type == 'tag' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Retrieve token from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; + - name: Run dispatch + run: | + case ${{ github.ref_name }} in + "v1.4"*) + ACTION_TARGET_BRANCH="release/v2.7" + ;; + "v1.5"*) + ACTION_TARGET_BRANCH="release/v2.8" + ;; + "v1.6"*) + ACTION_TARGET_BRANCH="release/v2.9" + ;; + *) + echo "Not a valid tag, not dispatching event" + exit 0 + esac + echo "Running on $ACTION_TARGET_BRANCH" + echo ${{ env.PAT_TOKEN }} | gh auth login --with-token + gh workflow run "Go get" --repo rancher/rancher --ref $ACTION_TARGET_BRANCH -F goget_module=github.com/rancher/rke -F goget_version=${{ github.ref_name }} -F source_author=${{ github.actor }} \ No newline at end of file diff --git a/dind/dind.go b/dind/dind.go index c3eb74293..a82817408 100644 --- a/dind/dind.go +++ b/dind/dind.go @@ -3,6 +3,7 @@ package dind import ( "context" "fmt" + "time" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" @@ -13,7 +14,7 @@ import ( ) const ( - DINDImage = "docker:20.10.23-dind" + DINDImage = "docker:24.0.9-dind" DINDContainerPrefix = "rke-dind" DINDPlane = "dind" DINDNetwork = "dind-network" @@ -120,6 +121,15 @@ func RmoveDindContainer(ctx context.Context, dindAddress string) error { return nil } } + + timeout := 2 * time.Minute + if err := cli.ContainerStop(ctx, containerName, &timeout); err != nil { + return fmt.Errorf("Failed to stop dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err) + } + + logrus.Infof("waiting 1 minute before removing container [%s] on host [%s]", containerName, cli.DaemonHost()) + time.Sleep(1 * time.Minute) + if err := cli.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{ Force: true, RemoveVolumes: true}); err != nil { diff --git a/scripts/dispatch b/scripts/dispatch deleted file mode 100755 index 0324edc06..000000000 --- a/scripts/dispatch +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -set -e -set -x - -REPO="https://github.com/repos/rancher/rancher/actions/workflows/go-get.yml/dispatches" - -case $DRONE_TAG in - "v1.4"*) - ACTION_TARGET_BRANCH="release/v2.7" - ;; - "v1.5"*) - ACTION_TARGET_BRANCH="release/v2.8" - ;; - *) - echo "Not a valid tag, not dispatching event" - exit 0 -esac - -echo "DRONE_TAG: $DRONE_TAG" -echo "DRONE_COMMIT_AUTHOR: $DRONE_COMMIT_AUTHOR" - -echo "Dispatching to branch ${ACTION_TARGET_BRANCH}" - -# send dispatch event to workflow -curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Content-Type: application/json" $REPO \ - --data '{"ref": "'"$ACTION_TARGET_BRANCH"'","inputs":{"goget_module":"github.com/rancher/rke","goget_version":"'"$DRONE_TAG"'","source_author":"'"$DRONE_COMMIT_AUTHOR"'"}}' diff --git a/scripts/integration b/scripts/integration index cb6b158e9..90904dd54 100755 --- a/scripts/integration +++ b/scripts/integration @@ -18,7 +18,7 @@ function cleanup { echo "" echo_with_time "---- Clean Up RKE ----" for i in ./bin/cluster-*.yml; do - ./bin/rke remove --dind --force --config $i 2>&1 >/dev/null + ./bin/rke remove --dind --force --config $i done rm -f ./bin/*.rkestate ./bin/*.yml }