From ae7d518813651428851be4eb10a64a35e10b9ea7 Mon Sep 17 00:00:00 2001 From: mitulshah-suse Date: Wed, 3 Jul 2024 03:51:04 +0530 Subject: [PATCH] Move from drone to GHA for rke 1.4 (#3616) --- .drone.yml | 192 -------------------------------- .github/workflows/fossa.yaml | 29 +++++ .github/workflows/test-cni.yaml | 27 +++++ .github/workflows/workflow.yaml | 149 +++++++++++++++++++++++++ dind/dind.go | 14 ++- scripts/ci | 1 - scripts/dispatch | 25 ----- scripts/integration | 2 +- scripts/integration-ci | 7 ++ scripts/package | 20 ---- util/util.go | 9 +- 11 files changed, 230 insertions(+), 245 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/fossa.yaml create mode 100644 .github/workflows/test-cni.yaml create mode 100644 .github/workflows/workflow.yaml delete mode 100755 scripts/dispatch create mode 100755 scripts/integration-ci diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 9c68f0c19..000000000 --- a/.drone.yml +++ /dev/null @@ -1,192 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -steps: -- name: ci - pull: default - image: rancher/dapper:1.11.2 - commands: - - dapper ci - - ls -lR build/bin - environment: - CROSS: 1 - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: stage-binaries - pull: default - image: rancher/dapper:1.11.2 - commands: - - "cp -r ./bin/* ./package/" - when: - event: - - tag - ref: - include: - - "refs/tags/*" - -- name: github_binary_prerelease - pull: default - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - files: - - "build/bin/rke*" - prerelease: true - title: "Pre-release ${DRONE_TAG}" - note: ./build/bin/rke-k8sversions.txt - overwrite: true - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: github_binary_release - pull: default - image: plugins/github-release - settings: - checksum: - - sha256 - files: - - "build/bin/rke*" - api_key: - from_secret: github_token - title: "Release ${DRONE_TAG}" - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - -- name: dispatch - image: curlimages/curl:7.81.0 - user: root - environment: - PAT_USERNAME: - from_secret: pat_username - PAT_TOKEN: - from_secret: github_token - commands: - - apk -U --no-cache add bash - - scripts/dispatch - when: - instance: - include: - - drone-publish.rancher.io - event: - - tag - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: test-cni - -platform: - os: linux - arch: amd64 - -steps: -- name: build - pull: default - image: rancher/dapper:1.11.2 - commands: - - dapper build - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: integration-flannel - pull: default - image: rancher/dapper:1.11.2 - commands: - - dapper integration flannel - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: integration-calico - pull: default - image: rancher/dapper:1.11.2 - commands: - - dapper integration calico - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -- name: integration-weave - pull: default - image: rancher/dapper:1.11.2 - commands: - - dapper integration weave - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - pull_request - - tag - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: fossa - -steps: -- name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml new file mode 100644 index 000000000..75e3e63c1 --- /dev/null +++ b/.github/workflows/fossa.yaml @@ -0,0 +1,29 @@ +name: Fossa scan + +on: + push: + branches: + - '**' + tags: + - '*' + +jobs: + fossa: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + timeout-minutes: 20 + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Read FOSSA token + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY + - name: FOSSA scan + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} + run-tests: false \ No newline at end of file diff --git a/.github/workflows/test-cni.yaml b/.github/workflows/test-cni.yaml new file mode 100644 index 000000000..b3d54fb0d --- /dev/null +++ b/.github/workflows/test-cni.yaml @@ -0,0 +1,27 @@ +name: Test CNI + +on: + pull_request: + branches: + - '**' + +jobs: + integration-cni-tests: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 60 + strategy: + matrix: + cni: [flannel, calico, weave] + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run ${{ matrix.cni }} check + run: | + ./scripts/build + ./scripts/integration ${{ matrix.cni }} \ No newline at end of file diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml new file mode 100644 index 000000000..27e790b01 --- /dev/null +++ b/.github/workflows/workflow.yaml @@ -0,0 +1,149 @@ +name: CI workflow + +on: + push: + branches: + - 'release/v*' + tags: + - '*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + pull_request: + branches: + - 'release/v*' + paths-ignore: + - '**.md' + - 'CODEOWNERS' + - 'LICENSE' + - 'docs/**' + +jobs: + ci: + permissions: + contents: read + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.58 + - name: Run CI + run: | + ./scripts/ci + ls -lR build/bin + env: + CROSS: 1 + - name: Upload rke bin artifacts + if: github.event_name == 'push' && github.ref_type == 'tag' + uses: actions/upload-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin/rke* + if-no-files-found: error + retention-days: 1 + + integration-ci: + permissions: + contents: read + runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} + timeout-minutes: 30 + if: github.event_name == 'pull_request' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run CI + run: | + ./scripts/integration-ci + + github-pre-release: + permissions: + contents: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: ci + if: github.event_name == 'push' && github.ref_type == 'tag' && (contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create pre-release + run: | + gh release create ${{ github.ref_name }} -p --verify-tag --title "Pre-release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke* + env: + GH_TOKEN: ${{ github.token }} + + github-release: + permissions: + contents: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: ci + if: github.event_name == 'push' && github.ref_type == 'tag' && !(contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Download rke bin artifacts + uses: actions/download-artifact@v4 + with: + name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} + path: build/bin + - name: Create release + run: | + gh release create ${{ github.ref_name }} --verify-tag --title "Release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke* + env: + GH_TOKEN: ${{ github.token }} + + dispatch: + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: ci + if: github.event_name == 'push' && github.ref_type == 'tag' + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Retrieve token from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; + - name: Run dispatch + run: | + case ${{ github.ref_name }} in + "v1.4"*) + ACTION_TARGET_BRANCH="release/v2.7" + ;; + "v1.5"*) + ACTION_TARGET_BRANCH="release/v2.8" + ;; + "v1.6"*) + ACTION_TARGET_BRANCH="release/v2.9" + ;; + *) + echo "Not a valid tag, not dispatching event" + exit 0 + esac + echo "Running on $ACTION_TARGET_BRANCH" + gh workflow run "Go get" --repo rancher/rancher --ref $ACTION_TARGET_BRANCH -F goget_module=github.com/rancher/rke -F goget_version=${{ github.ref_name }} -F source_author=${{ github.actor }} + env: + GH_TOKEN: ${{ env.PAT_TOKEN }} \ No newline at end of file diff --git a/dind/dind.go b/dind/dind.go index 5a0fd50b3..a82817408 100644 --- a/dind/dind.go +++ b/dind/dind.go @@ -3,6 +3,7 @@ package dind import ( "context" "fmt" + "time" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" @@ -13,7 +14,7 @@ import ( ) const ( - DINDImage = "docker:19.03.12-dind" + DINDImage = "docker:24.0.9-dind" DINDContainerPrefix = "rke-dind" DINDPlane = "dind" DINDNetwork = "dind-network" @@ -66,7 +67,7 @@ func StartUpDindContainer(ctx context.Context, dindAddress, dindNetwork, dindSto "mount --make-shared / && " + "mount --make-shared /sys && " + "mount --make-shared /var/lib/docker && " + - "dockerd-entrypoint.sh --storage-driver=" + storageDriver, + "dockerd-entrypoint.sh --tls=false --storage-driver=" + storageDriver, }, Hostname: dindAddress, Env: []string{"DOCKER_TLS_CERTDIR="}, @@ -120,6 +121,15 @@ func RmoveDindContainer(ctx context.Context, dindAddress string) error { return nil } } + + timeout := 2 * time.Minute + if err := cli.ContainerStop(ctx, containerName, &timeout); err != nil { + return fmt.Errorf("Failed to stop dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err) + } + + logrus.Infof("waiting 1 minute before removing container [%s] on host [%s]", containerName, cli.DaemonHost()) + time.Sleep(1 * time.Minute) + if err := cli.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{ Force: true, RemoveVolumes: true}); err != nil { diff --git a/scripts/ci b/scripts/ci index 8f2fc1845..b35955a73 100755 --- a/scripts/ci +++ b/scripts/ci @@ -6,5 +6,4 @@ cd $(dirname $0) ./validate ./build ./test -./integration ./package diff --git a/scripts/dispatch b/scripts/dispatch deleted file mode 100755 index b7e3a0b3e..000000000 --- a/scripts/dispatch +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -set -e -set -x - -REPO="https://api.github.com/repos/rancher/rancher/actions/workflows/go-get.yml/dispatches" - -case $DRONE_TAG in - "v1.4"*) - ACTION_TARGET_BRANCH="release/v2.7" - ;; - *) - echo "Not a valid tag, not dispatching event" - exit 0 -esac - -echo "DRONE_TAG: $DRONE_TAG" -echo "DRONE_COMMIT_AUTHOR: $DRONE_COMMIT_AUTHOR" - -echo "Dispatching to branch ${ACTION_TARGET_BRANCH}" - -# send dispatch event to workflow -curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Content-Type: application/json" $REPO \ - --data '{"ref": "'"$ACTION_TARGET_BRANCH"'","inputs":{"goget_module":"github.com/rancher/rke","goget_version":"'"$DRONE_TAG"'","source_author":"'"$DRONE_COMMIT_AUTHOR"'"}}' diff --git a/scripts/integration b/scripts/integration index cb6b158e9..2ba5eca92 100755 --- a/scripts/integration +++ b/scripts/integration @@ -18,7 +18,7 @@ function cleanup { echo "" echo_with_time "---- Clean Up RKE ----" for i in ./bin/cluster-*.yml; do - ./bin/rke remove --dind --force --config $i 2>&1 >/dev/null + ./bin/rke remove --dind --force --config $i done rm -f ./bin/*.rkestate ./bin/*.yml } diff --git a/scripts/integration-ci b/scripts/integration-ci new file mode 100755 index 000000000..42255c2ef --- /dev/null +++ b/scripts/integration-ci @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +cd $(dirname $0) + +./build +./integration diff --git a/scripts/package b/scripts/package index 072aba9f3..50d1d3bfe 100755 --- a/scripts/package +++ b/scripts/package @@ -10,23 +10,3 @@ SUFFIX="" [ "${ARCH}" != "amd64" ] && SUFFIX="_${ARCH}" ./scripts/create-releasenote.sh - -cd package - -TAG=${TAG:-${VERSION}${SUFFIX}} -REPO=${REPO:-rke} - -if echo $TAG | grep -q dirty; then - TAG=dev -fi - -if [ -n "$DRONE_TAG" ]; then - TAG=$DRONE_TAG -fi - -cp ../bin/rke . - -IMAGE=${REPO}/rke:${TAG} -docker build -t ${IMAGE} . -echo ${IMAGE} > ../dist/images -echo Built ${IMAGE} diff --git a/util/util.go b/util/util.go index 882e1e584..946f0f664 100644 --- a/util/util.go +++ b/util/util.go @@ -134,13 +134,14 @@ func GetTagMajorVersion(tag string) string { } func IsFileExists(filePath string) (bool, error) { - if _, err := os.Stat(filePath); err == nil { + var err error + if _, err = os.Stat(filePath); err == nil { return true, nil - } else if os.IsNotExist(err) { + } + if os.IsNotExist(err) { return false, nil - } else { - return false, err } + return false, err } func GetDefaultRKETools(image string) (string, error) {