Merge pull request #59 from jiaqiluo/update-gha #37
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI on Releasing Tag | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| env: | |
| IMAGE: rancher/system-agent-installer-rke2 | |
| jobs: | |
| build-linux: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # needed for the Vault authentication | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: [ linux ] | |
| arch: [ amd64, arm64 ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Fix the not-a-git-repository issue | |
| run: | | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Set environment variables | |
| run: | | |
| echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV" | |
| echo "OS=${{ matrix.os }}" >> "$GITHUB_ENV" | |
| - name: Download installer | |
| run: scripts/download | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Load secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: package/Dockerfile | |
| push: true | |
| tags: "${{ env.IMAGE }}:${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}" | |
| platforms: "${{ env.OS }}/${{ env.ARCH }}" | |
| build-windows: | |
| strategy: | |
| matrix: | |
| include: | |
| - SERVERCORE_VERSION: 1809 | |
| TAG_SUFFIX: windows-1809-amd64 | |
| RUNNER: windows-2019 | |
| - SERVERCORE_VERSION: ltsc2022 | |
| TAG_SUFFIX: windows-ltsc2022-amd64 | |
| RUNNER: windows-2022 | |
| runs-on: ${{ matrix.RUNNER }} | |
| permissions: | |
| contents: read | |
| id-token: write # needed for the Vault authentication | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Fix the not-a-git-repository issue | |
| run: | | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Set environment variables | |
| run: | | |
| "ARCH=amd64" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| - name: Download installer | |
| run: scripts/windows/download.ps1 | |
| - name: Load secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - name: Build and push Docker image | |
| run: | | |
| docker image build ` | |
| -f package/Dockerfile.windows ` | |
| --build-arg SERVERCORE_VERSION=${{ matrix.SERVERCORE_VERSION }} ` | |
| -t ${{ env.IMAGE }}:${{ env.VERSION }}-${{ matrix.TAG_SUFFIX }} . | |
| docker push ${{ env.IMAGE }}:${{ env.VERSION }}-${{ matrix.TAG_SUFFIX }} | |
| create-docker-manifest: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # needed for the Vault authentication | |
| needs: [ build-linux, build-windows ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set environment variables | |
| run: | | |
| . scripts/version | |
| - name: Load secrets from Vault | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Create Docker manifest | |
| run: | | |
| echo "creating the manifest list that contains only Windows tags to preserve the os.version metadata" | |
| docker manifest create ${{ env.IMAGE }}:${{ env.VERSION }} \ | |
| ${{ env.IMAGE }}:${{ env.VERSION }}-windows-1809-amd64 \ | |
| ${{ env.IMAGE }}:${{ env.VERSION }}-windows-ltsc2022-amd64 | |
| docker manifest push ${{ env.IMAGE }}:${{ env.VERSION }} | |
| echo "updating the manifest list to append Linux tags" | |
| docker buildx imagetools create --tag ${{ env.IMAGE }}:${{ env.VERSION }} \ | |
| --append ${{ env.IMAGE }}:${{ env.VERSION }}-linux-amd64 \ | |
| --append ${{ env.IMAGE }}:${{ env.VERSION }}-linux-arm64 | |
| - name: Inspect image | |
| run: docker buildx imagetools inspect ${{ env.IMAGE }}:${{ env.VERSION }} |