Skip to content

Commit

Permalink
Get the publish and release workflows working.
Browse files Browse the repository at this point in the history
Misc. changes to CI caught during further testing:
  - Use different names for shell vars TAG and IMAGE_TAG
    - `TAG` and `IMAGE_TAG` are two different things.
  - Stop using make/dapper: env vars get lost

  - Need to hardwire the artifacts name
  - Push max k8s version back to 1.28

  - Need to create a the temp dir before jumping into it.

  - Try running on a self-hosted VM
  • Loading branch information
ericpromislow committed Jun 12, 2024
1 parent 6346acf commit 1f1ba5b
Show file tree
Hide file tree
Showing 17 changed files with 228 additions and 192 deletions.
89 changes: 53 additions & 36 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,11 @@ on:
branches:
- release/v*
paths-ignore:
- '*.md'
- '.gitignore'
- 'CODEOWNERS'
- 'LICENSE'
pull_request:
paths-ignore:
- '*.md'
- '.gitignore'
- 'CODEOWNERS'
- 'LICENSE'
Expand All @@ -25,69 +23,88 @@ permissions:
jobs:
build:
name: CI
runs-on : ubuntu-latest
# This matrix syntax courtesy of stackoverflow.com/questions/66025220
strategy:
matrix:
arch:
- amd64
# TODO: See wrangler for an example of how to run tests on arm64, not ready here
# - arm64
archBox:
- { arch: amd64, vmArch: x64 }
- { arch: arm64, vmArch: arm64 }
runs-on: runs-on,runner=1cpu-linux-${{ matrix.archBox.vmArch }},run-id=${{ github.run_id }}
# org-${{ github.repository_owner_id }}-${{ matrix.archBox.arch }}-k8s
# container:
# image: registry.suse.com/bci/nodejs:20
steps:
- name : Checkout repository
uses : actions/checkout@v4
# https://github.com/actions/checkout/releases/tag/v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Go
# https://github.com/actions/setup-go/releases/tag/v5.0.0
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: 'go.mod'

# TODO: Pull this next one out once there's a helm-release for rancher 2.9
- name : Checkout rancher/rancher and build the chart
- name: Checkout rancher/rancher and build the chart
run: |
mkdir -p "${{ runner.temp}}"
pushd "${{ runner.temp}}"
git clone --depth 1 -b release/v2.9 https://github.com/rancher/rancher.git rancherDir
cd rancherDir
./scripts/chart/build chart
sed -i -e 's/kubeVersion: < 1.29.0-0/kubeVersion: < 1.30.0-0/' build/chart/rancher/Chart.yaml
tar cfz "${{ runner.temp }}/rancher.tgz" -C build/chart/rancher .
popd
- run : make ci
name: ci
# # Install yq
# F=yq_linux_${{ matrix.archBox.arch }}
# curl --output yq.tgz -L --silent https://github.com/mikefarah/yq/releases/download/v4.44.1/${F}.tar.gz && tar xfz yq.tgz && chmod +x $F && mv $F /usr/bin/yq
# - name: zypper-install non rancher/rancher prerecs
# run: zypper install -y make docker

# - name: Start the Docker Daemon
# run: 'nohup dockerd > "${{ runner.temp }}/docker.out" &

- name: install K3d
run: ./.github/workflows/scripts/install-k3d.sh
env:
K3D_VERSION: latest

- name: Setup Helm
# https://github.com/Azure/setup-helm/commit/fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814

# - name: Build an image for integration testing
# run: ./scripts/package-for-ci
# env:
# ARCH: "${{ matrix.arch }}"
# SHA: "${{ github.sha }}"
- name: Setup Kubectl
# https://github.com/Azure/setup-kubectl/commit/3e0aec4d80787158d308d7b364cb1b702e7feb7f
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f

- name : install K3d
run : ./.github/workflows/scripts/install-k3d.sh
- run: make ci
name: make ci

- name : setup cluster
run : ./.github/workflows/scripts/setup-cluster.sh
- name: setup cluster
run: ./.github/workflows/scripts/setup-cluster.sh
env:
CLUSTER_NAME: webhook
K3S_VERSION: v1.28.9-k3s1
ARCH: "${{ matrix.arch }}"
ARCH: "${{ matrix.archBox.arch }}"

- name : import image
run : k3d image import dist/rancher-webhook-image.tar -c webhook
- name: import image
run: k3d image import dist/rancher-webhook-image.tar -c webhook

- name : start rancher
run : ./.github/workflows/scripts/start-rancher.sh
- name: start rancher
run: ./.github/workflows/scripts/start-rancher.sh
env:
ARCH: "${{ matrix.arch }}"
CHART_PATH: "${{ runner.temp }}/rancher.tgz"
RANCHER_IMAGE_TAG: "v2.9-head"
VERSION: "2.9"

- name : debug show image_tag file
run : cat dist/image_tag

- name : get vars
run : cat dist/image_tag >> $GITHUB_ENV
- name: get vars
run: cat dist/image_tag >> $GITHUB_ENV

- name : Run integration tests
run : ./.github/workflows/scripts/integration-test-ci
- name: Run integration tests
run: ./.github/workflows/scripts/integration-test-ci
env:
ARCH: "${{ matrix.arch }}"
ARCH: "${{ matrix.archBox.arch }}"
CLUSTER_NAME: webhook
IMAGE_REPO: rancher/webhook
IMAGE_TAG: "${{ env.TAG }}"
IMAGE_TAG: "${{ env.IMAGE_TAG }}"

38 changes: 19 additions & 19 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
@@ -1,41 +1,40 @@
name : Publish Webhook Images
name: Publish Webhook Images

on:
push:
tags:
- "*"
- v*

env:
REGISTRY: docker.io
REPO : rancher
REPO: rancher

permissions:
contents: read

jobs:
ci :
uses: rancher/webhook/.github/workflows/ci.yaml@release/v0.5
permissions:
contents: read
push:
needs : [
ci
]
permissions:
contents : read
contents: read
id-token: write
name : Build and push Webhook images
runs-on : ubuntu-latest
name: Build and push Webhook images
runs-on: ubuntu-latest
steps:
- name : "Read vault secrets"
uses : rancher-eio/read-vault-secrets@main
- name: "Read vault secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
- name : Checkout repository
uses: actions/checkout@v4
# https://github.com/actions/checkout/releases/tag/v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# https://github.com/docker/setup-buildx-action/commit/d70bba72b1f3fd22344832f00baa16ece964efeb
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
- name: Log in to the Container registry
uses: docker/login-action@v3
# https://github.com/docker/login-action/commit/0d4c9c5ea7693da7b068278f7b52bda2a190a446
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.DOCKER_USERNAME }}
Expand All @@ -45,7 +44,8 @@ jobs:
run: |
echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
- name: Build and push the webhook image
uses: docker/build-push-action@v5
# https://github.com/docker/build-push-action/commit/ca052bb54ab0790a636c9b5f226502c73d547a25
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
with:
context: .
file: ./package/Dockerfile
Expand Down
96 changes: 70 additions & 26 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -1,37 +1,81 @@
name: goreleaser
name: release

on:
push:
tags:
- '*'
- v*

permissions:
contents: write

jobs:
ci:
uses: rancher/webhook/.github/workflows/ci.yaml@release/v0.5
permissions:
contents: read
goreleaser:
needs: [
ci
]
build:
name: build and package
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- amd64
- arm64
steps:
- uses: actions/checkout@v4
with:
fetch-tags: true
- uses: actions/setup-go@v5
with:
go-version: 1.22
- name: Package release helm charts
run: make package-helm
- run: mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/
- uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name : Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# https://github.com/actions/checkout/releases/tag/v4.1.1

- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
# https://github.com/actions/setup-go/releases/tag/v5.0.0
with:
go-version-file: 'go.mod'

- name: Build and package
run: ./scripts/build && ./scripts/package && ./scripts/package-helm
env:
ARCH: "${{ matrix.arch}}"

- name: Get the version
run: |
source ./scripts/version
echo "VERSION=$VERSION"
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Generate checksum files
run: |
ls -lR dist
cd dist/artifacts
sha256sum webhook-linux-${{ matrix.arch}} > sha256sum-${{ matrix.arch}}.txt
- name: Upload artifacts
# https://github.com/actions/upload-artifact/commit/65462800fd760344b1a7b4382951275a0abb4808
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: webhook-artifacts-${{ matrix.arch}}
path: |
dist/artifacts/webhook-linux-${{ matrix.arch}}
dist/artifacts/sha256sum-${{ matrix.arch}}.txt
dist/artifacts/rancher-webhook-*.tgz
release:
needs: build
runs-on: ubuntu-latest
steps:
- name: Download the amd64 artifacts
# https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: webhook-artifacts-amd64
path: dist/artifacts
- name: Download the arm64 artifacts
# https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: webhook-artifacts-arm64
path: dist/artifacts
- name: Upload the files
run: |
ls -lR dist
cd dist/artifacts
gh release upload $VERSION webhook-linux-* sha256sum-*.txt rancher-webhook*.tgz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
15 changes: 8 additions & 7 deletions .github/workflows/scripts/install-k3d.sh
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
#!/bin/bash

set -e
set -x
set -eu

REPO_URL=https://github.com/rancher/k3d
K3D_URL=https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh
DEFAULT_K3D_VERSION=v5.4.6

install_k3d(){
local k3dVersion=${K3D_VERSION:-${DEFAULT_K3D_VERSION}}
echo -e "Downloading k3d@${k3dVersion} see: ${K3D_URL}"
curl --silent --fail ${K3D_URL} | TAG=${k3dVersion} bash
if [ -z "${K3D_VERSION:-}" -o "${K3D_VERSION:-}" = "latest" ] ; then
K3D_VERSION=$(curl -Ls -o /dev/null -w %{url_effective} "${REPO_URL}/releases/latest" | grep -oE "[^/]+$")
fi
echo -e "Downloading k3d@${K3D_VERSION} from ${K3D_URL}"
curl --silent --fail ${K3D_URL} | TAG=${K3D_VERSION} bash
}

install_k3d

k3d version
k3d version
7 changes: 3 additions & 4 deletions .github/workflows/scripts/integration-test-ci
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
set -eux
set -eu

cd $(dirname $0)/../../..
DIST_DIR="$PWD"/dist
Expand Down Expand Up @@ -45,7 +45,7 @@ echo "Uploading new webhook image"

# Install the webhook chart we just built.
upgrade_rancher_webhook() {
helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \
helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_CHART_VERSION}.tgz -n cattle-system \
--wait --timeout=120s --set image.repository="${IMAGE_REPO}" --set image.tag="${IMAGE_TAG}" --reuse-values --debug
}

Expand All @@ -68,7 +68,7 @@ set -e
./bin/rancher-webhook-integration.test -test.v -test.run IntegrationTest

# Install the webhook chart with new ports.
helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tgz -n cattle-system \
helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_CHART_VERSION}.tgz -n cattle-system \
--wait --reuse-values --set port=443

# Test that the ports are set as expected and run a single integration test to verify the webhook is still accessible.
Expand All @@ -78,5 +78,4 @@ helm upgrade rancher-webhook ./dist/artifacts/rancher-webhook-${HELM_VERSION}.tg
# Scale down rancher-webhook so that we can run tests on the FailurePolicy.
kubectl scale deploy rancher-webhook -n cattle-system --replicas=0
kubectl wait pods -l app=rancher-webhook --for=delete -n cattle-system
kubectl wait pods -l app=rancher-webhook --for=delete -n cattle-system
./bin/rancher-webhook-integration.test -test.v -test.run FailurePolicyTest
4 changes: 1 addition & 3 deletions .github/workflows/scripts/setup-cluster.sh
Original file line number Diff line number Diff line change
Expand Up @@ -57,12 +57,10 @@ wait_for_nodes(){
done
}

k3d registry list --no-headers -o json | jq -r '.[].name' | xargs --no-run-if-empty k3d registry delete
k3d cluster delete $CLUSTER_NAME || true
k3d registry create gha -p 42765
k3d cluster create $CLUSTER_NAME --servers 1 --agents 1 \
--registry-use gha:42765 \
--image "docker.io/rancher/k3s:${K3S_VERSION}" --api-port 6550
--image "rancher/k3s:${K3S_VERSION}" --api-port 6550

wait_for_nodes

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scripts/start-rancher.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ set -e

helm repo update

helm upgrade --install cert-manager --namespace cert-manager cert-manager/cert-manager --set installCRDs=true --set "extraArgs[0]=--enable-certificate-owner-ref=true" --create-namespace --wait --timeout=10m
helm upgrade --install cert-manager --namespace cert-manager cert-manager/cert-manager --set installCRDs=true --create-namespace --wait --timeout=10m

# kubectl get pods --namespace cert-manager
kubectl rollout status --namespace cert-manager deploy/cert-manager --timeout 1m
Expand Down
Loading

0 comments on commit 1f1ba5b

Please sign in to comment.