forked from docker-archive-public/docker.machine
-
Notifications
You must be signed in to change notification settings - Fork 138
122 lines (113 loc) · 4.89 KB
/
Copy pathrelease.yaml
File metadata and controls
122 lines (113 loc) · 4.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Release
on:
push:
tags:
- '*'
jobs:
create-draft:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Create draft release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release create -R "${GITHUB_REPOSITORY}" --draft --generate-notes "${GITHUB_REF_NAME}"
build:
runs-on: ubuntu-latest
needs: [create-draft]
strategy:
fail-fast: true
matrix:
os: [linux]
arch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Set up QEMU
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- name: Build binary
run: make build ARCH=${{ matrix.arch }}
- name: Package artifacts
run: make package ARCH=${{ matrix.arch }}
- name: Upload artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: "rancher-machine-${{ matrix.arch }}.tar.gz"
path: "dist/artifacts/rancher-machine-${{ matrix.arch }}.tar.gz"
if-no-files-found: error
overwrite: true
publish:
runs-on: ubuntu-latest
needs: [create-draft]
permissions:
contents: read
id-token: write # required for cosign signing
steps:
- name: Load Secrets from Vault
uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89 # main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | PRIME_STG_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | PRIME_STG_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | PRIME_STG_REGISTRY_PASSWORD
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Build and push image to DockerHub and Prime Staging Registry
uses: rancher/ecm-distro-tools/actions/publish-image@ba6da4535406f3fd814a169a325b8100cd4dbf44 # master
with:
image: machine
tag: ${{ github.ref_name }}
platforms: linux/amd64,linux/arm64
public-registry: docker.io
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
push-to-prime: true
prime-registry: ${{ env.PRIME_STG_REGISTRY }}
prime-repo: rancher
prime-make-target: push-prime-image
prime-username: ${{ env.PRIME_STG_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_STG_REGISTRY_PASSWORD }}
- name: Build and push image to Prime Prod Registry
if: ${{ !contains(github.ref_name, '-rc') }}
uses: rancher/ecm-distro-tools/actions/publish-image@ba6da4535406f3fd814a169a325b8100cd4dbf44 # master
with:
image: machine
tag: ${{ github.ref_name }}
platforms: linux/amd64,linux/arm64
push-to-public: false
push-to-prime: true
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-repo: rancher
prime-make-target: push-prime-image
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
finalize:
runs-on: ubuntu-latest
needs:
- build
- publish
permissions:
contents: write # Publish the draft release
id-token: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download assets
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
path: /tmp/assets
pattern: rancher-machine-*.tar.gz
merge-multiple: true
- name: Upload binary assets to release
run: gh release upload -R "${GITHUB_REPOSITORY}" "${GITHUB_REF_NAME}" /tmp/assets/rancher-machine-*.tar.gz
- name: Publish the release
run: gh release edit -R "${GITHUB_REPOSITORY}" "${GITHUB_REF_NAME}" --draft=false