-
Notifications
You must be signed in to change notification settings - Fork 119
106 lines (101 loc) · 3.27 KB
/
workflow.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Main workflow
on:
push:
branches:
- 'dev-v*'
- 'release-v*'
pull_request:
branches:
- 'dev-v*'
- 'release-v*'
jobs:
validate:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: rancher/dapper:v0.6.0
steps:
- name: Force Install GIT latest
run: |
apk add git --update-cache
git --version
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Checkout code
uses: actions/checkout@v4
- name: Validate
run: dapper ci
mirror-images:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
needs: validate
container:
image: rancher/dapper:v0.6.0
if: github.event_name == 'push' && startsWith(github.ref_name, 'release-v')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Retrieve Registy secrets from vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/registry-endpoint/credentials token | REGISTRY_ENDPOINT ;
secret/data/github/repo/${{ github.repository }}/registry-username/credentials token | REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/registry-password/credentials token | REGISTRY_PASSWORD
- name: Validate
run: dapper mirror-images
upload:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
timeout-minutes: 10
needs: validate
if: github.event_name == 'push'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Retrieve Google auth from vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH ;
- name: Authenticate with Google Cloud
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ env.GOOGLE_AUTH }}'
- name: Upload to Google Cloud Storage
uses: google-github-actions/upload-cloud-storage@v2
with:
path: data/
destination: releases.rancher.com/kontainer-driver-metadata/${{ github.ref_name }}
parent: false
predefinedAcl: publicRead
process_gcloudignore: false
headers: |-
cache-control: public,no-cache,proxy-revalidate
dispatch:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
timeout-minutes: 10
needs: upload
if: github.event_name == 'push' && (github.ref_name == 'release-v2.9' || github.ref_name == 'dev-v2.9')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Retrieve token from vault
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN
- name: Run dispatch
run: |
gh workflow run "Go Generate" --repo rancher/rke --ref release/v1.6 -F source_author=${{ github.actor }}
env:
GH_TOKEN: ${{ env.PAT_TOKEN }}