Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2.10] ci: Split image publishing from creating GH release #775

Merged
merged 2 commits into from
Dec 20, 2024
Merged

[2.10] ci: Split image publishing from creating GH release #775

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
685ba2e
ci: Split image publishing from creating GH release
yiannistri Dec 20, 2024
a9eedc7
fix: Bump golang.org/x/net to fix CVE-2024-45338
yiannistri Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ on:
# - PUBLIC_REGISTRY_PASSWORD

jobs:
release:
publish-images:
permissions:
contents: write # required for creating GH release
id-token: write # required for reading vault secrets
contents: read
id-token: write # required for reading vault secrets and for cosign's use in ecm-distro-tools/publish-image
strategy:
matrix:
include:
Expand Down Expand Up @@ -48,7 +48,7 @@ jobs:
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | PUBLIC_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD
- name: Publish images
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
Expand All @@ -64,6 +64,19 @@ jobs:
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
make-target: image-push
push-to-prime: false

release:
permissions:
contents: write # required for creating GH release
runs-on: ubuntu-latest
needs: publish-images
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name}}
- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for creating GH release
Expand Down
10 changes: 5 additions & 5 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ TAG?=${GIT_TAG}-${GIT_COMMIT_SHORT}
OPERATOR_CHART?=$(shell find $(ROOT_DIR) -type f -name "rancher-aks-operator-[0-9]*.tgz" -print)
CRD_CHART?=$(shell find $(ROOT_DIR) -type f -name "rancher-aks-operator-crd*.tgz" -print)
CHART_VERSION?=900 # Only used in e2e to avoid downgrades from rancher
REPO?=docker.io/rancher/aks-operator
IMAGE = $(REPO):$(TAG)
REPO?=docker.io/rancher
IMAGE = $(REPO)/aks-operator:$(TAG)
MACHINE := rancher
# Define the target platforms that can be used across the ecosystem.
# Note that what would actually be used for a given project will be
Expand Down Expand Up @@ -116,7 +116,7 @@ operator-chart:
mkdir -p $(BIN_DIR)
cp -rf $(ROOT_DIR)/charts/aks-operator $(BIN_DIR)/chart
sed -i -e 's/tag:.*/tag: '${TAG}'/' $(BIN_DIR)/chart/values.yaml
sed -i -e 's|repository:.*|repository: '${REPO}'|' $(BIN_DIR)/chart/values.yaml
sed -i -e 's|repository:.*|repository: '${REPO}/aks-operator'|' $(BIN_DIR)/chart/values.yaml
helm package --version ${CHART_VERSION} --app-version ${GIT_TAG} -d $(BIN_DIR)/ $(BIN_DIR)/chart
rm -Rf $(BIN_DIR)/chart

Expand Down Expand Up @@ -165,7 +165,7 @@ e2e-tests: $(GINKGO) charts

.PHONY: kind-e2e-tests
kind-e2e-tests: docker-build-e2e setup-kind
kind load docker-image --name $(CLUSTER_NAME) ${REPO}:${TAG}
kind load docker-image --name $(CLUSTER_NAME) ${IMAGE}
$(MAKE) e2e-tests

kind-deploy-operator:
Expand All @@ -178,7 +178,7 @@ docker-build-e2e:
--build-arg "TAG=${GIT_TAG}" \
--build-arg "COMMIT=${GIT_COMMIT}" \
--build-arg "COMMITDATE=${COMMITDATE}" \
-t ${REPO}:${TAG} .
-t ${IMAGE} .

.PHOHY: delete-local-kind-cluster
delete-local-kind-cluster: ## Delete the local kind cluster
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ require (
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.10.0
go.uber.org/mock v0.5.0
golang.org/x/net v0.32.0
golang.org/x/net v0.33.0
k8s.io/api v0.31.1
k8s.io/apiextensions-apiserver v0.31.1
k8s.io/apimachinery v0.31.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -660,8 +660,8 @@ golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
Expand Down
Loading