Skip to content

v1.29.7-rc4+rke2r1.testing.0 #14

v1.29.7-rc4+rke2r1.testing.0

v1.29.7-rc4+rke2r1.testing.0 #14

Workflow file for this run

name: Publish
on:
release:
types:
- published
permissions:
contents: write
id-token: write
jobs:
publish:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os:
- "centos7"
- "centos8"
- "centos9"
- "microos"
- "slemicro"
arch:
- "amd64"
- "srcrpm"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
env:
GH_TOKEN: ${{ github.token }}
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private-key/credentials privateKey | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private-key-pass-phrase/credentials token | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing-private-key/credentials privateKey | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing-private-key-pass-phrase/credentials token | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws-s3-bucket/credentials token | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws-access-key-id/credentials token | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws-secret-access-key/credentials token | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing-aws-s3-bucket/credentials token | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing-aws-access-key-id/credentials token | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing-aws-secret-access-key/credentials token | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: Install Dapper
run: |
mkdir -p .local/bin
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > .local/bin/dapper
chmod +x .local/bin/dapper
echo ".local/bin" >> $GITHUB_PATH
- name: Build
env:
TAG: ${{ github.ref_name }}
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}
run: |
dapper -f Dockerfile.${{ matrix.os }}.dapper rpm/${{ matrix.os }}/scripts/build
- name: Sign
env:
TAG: ${{ github.ref_name }}
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}
run: |
docker run --rm \
-v "$(pwd):/workspace" \
-w /workspace \
-e TAG="$TAG" \
-e PRIVATE_KEY="$PRIVATE_KEY" \
-e PRIVATE_KEY_PASS_PHRASE="$PRIVATE_KEY_PASS_PHRASE" \
-e TESTING_PRIVATE_KEY="$TESTING_PRIVATE_KEY" \
-e TESTING_PRIVATE_KEY_PASS_PHRASE="$TESTING_PRIVATE_KEY_PASS_PHRASE" \
centos:7 \
rpm/${{ matrix.os }}/scripts/sign
- name: Upload to S3
env:
TAG: ${{ github.ref_name }}
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}
run: |
docker run --rm \
-v "$(pwd):/workspace" \
-w /workspace \
-e TAG="$TAG" \
-e COMBARCH="$COMBARCH" \
-e AWS_S3_BUCKET="$AWS_S3_BUCKET" \
-e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
-e TESTING_AWS_S3_BUCKET="$TESTING_AWS_S3_BUCKET" \
-e TESTING_AWS_ACCESS_KEY_ID="$TESTING_AWS_ACCESS_KEY_ID" \
-e TESTING_AWS_SECRET_ACCESS_KEY="$TESTING_AWS_SECRET_ACCESS_KEY" \
centos:7 \
rpm/${{ matrix.os }}/scripts/upload-repo
- name: Checksum
run: |
if [ "${{ matrix.arch }}" = "srcrpm" ]; then
cd dist/${{ matrix.os }}/source
else
cd dist/${{ matrix.os }}/x86_64
fi
find *.rpm -type f | while read -r file; do
sha256sum "$file" | awk '{print $1 " " $2}' >> "sha256sum-${{ matrix.os }}-${{ matrix.arch }}.txt"
done
- name: Upload to GitHub
env:
GH_TOKEN: ${{ github.token }}
OS: ${{ matrix.os }}
run: |
if [ "${{ matrix.arch }}" = "srcrpm" ]; then
cd dist/${{ matrix.os }}/source
else
cd dist/${{ matrix.os }}/x86_64
fi
gh release upload ${{ github.ref_name }} *