Move from drone to GHA for rke 1.4 (#3616)

2025-09-04 16:30:02 +00:00 · 2024-07-03 03:51:04 +05:30
parent fae8f4e8f6
commit ae7d518813
11 changed files with 231 additions and 246 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,192 +0,0 @@
---
-kind: pipeline
-name: default
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
- name: ci
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper ci
-  - ls -lR build/bin
-  environment:
-    CROSS: 1
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-  when:
-    event:
-    - pull_request
-    - tag
-
- name: stage-binaries
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - "cp -r ./bin/* ./package/"
-  when:
-    event:
-    - tag
-    ref:
-      include:
-      - "refs/tags/*"
-
- name: github_binary_prerelease
-  pull: default
-  image: plugins/github-release
-  settings:
-    api_key:
-      from_secret: github_token
-    checksum:
-    - sha256
-    files:
-    - "build/bin/rke*"
-    prerelease: true
-    title: "Pre-release ${DRONE_TAG}"
-    note: ./build/bin/rke-k8sversions.txt
-    overwrite: true
-  when:
-    instance:
-      include:
-      - drone-publish.rancher.io
-    event:
-    - tag
-    ref:
-      include:
-      - "refs/tags/*rc*"
-      - "refs/tags/*alpha*"
-
- name: github_binary_release
-  pull: default
-  image: plugins/github-release
-  settings:
-    checksum:
-    - sha256
-    files:
-    - "build/bin/rke*"
-    api_key:
-      from_secret: github_token
-    title: "Release ${DRONE_TAG}"
-  when:
-    instance:
-      include:
-      - drone-publish.rancher.io
-    event:
-    - tag
-    ref:
-      exclude:
-      - "refs/tags/*rc*"
-      - "refs/tags/*alpha*"
-
- name: dispatch
-  image: curlimages/curl:7.81.0
-  user: root
-  environment:
-    PAT_USERNAME:
-      from_secret: pat_username
-    PAT_TOKEN:
-      from_secret: github_token
-  commands:
-  - apk -U --no-cache add bash
-  - scripts/dispatch
-  when:
-    instance:
-      include:
-      - drone-publish.rancher.io
-    event:
-    - tag
-
-volumes:
- name: socket
-  host:
-    path: /var/run/docker.sock
-
---
-kind: pipeline
-name: test-cni
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
- name: build
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper build
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-  when:
-    event:
-    - pull_request
-    - tag
-
- name: integration-flannel
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper integration flannel
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-  when:
-    event:
-    - pull_request
-    - tag
-
- name: integration-calico
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper integration calico
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-  when:
-    event:
-    - pull_request
-    - tag
-
- name: integration-weave
-  pull: default
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper integration weave
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-  when:
-    event:
-    - pull_request
-    - tag
-
-volumes:
- name: socket
-  host:
-    path: /var/run/docker.sock
-
---
-kind: pipeline
-name: fossa
-
-steps:
- name: fossa
-  image: rancher/drone-fossa:latest
-  failure: ignore
-  settings:
-    api_key:
-      from_secret: FOSSA_API_KEY
-    when:
-      instance:
-        - drone-publish.rancher.io
--- a/.github/workflows/fossa.yaml
+++ b/.github/workflows/fossa.yaml
@@ -0,0 +1,29 @@
+name: Fossa scan
+
+on:
+    push: 
+      branches:
+        - '**'
+      tags:
+        - '*'
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    timeout-minutes: 20
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+      - name: Read FOSSA token
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+      - name: FOSSA scan
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+          run-tests: false
--- a/.github/workflows/test-cni.yaml
+++ b/.github/workflows/test-cni.yaml
@@ -0,0 +1,27 @@
+name: Test CNI
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  integration-cni-tests:
+    permissions:
+      contents: read
+    runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    timeout-minutes: 60
+    strategy:
+      matrix:
+        cni: [flannel, calico, weave]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Run ${{ matrix.cni }} check
+        run: |
+          ./scripts/build
+          ./scripts/integration ${{ matrix.cni }}
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -0,0 +1,149 @@
+name: CI workflow
+
+on:
+  push: 
+    branches:
+      - 'release/v*'
+    tags:
+      - '*'
+    paths-ignore:
+      - '**.md'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+      - 'docs/**'
+  pull_request:
+    branches:
+      - 'release/v*'
+    paths-ignore:
+      - '**.md'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+      - 'docs/**'
+
+jobs:
+  ci:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.58
+      - name: Run CI
+        run: |
+          ./scripts/ci
+          ls -lR build/bin
+        env:
+          CROSS: 1
+      - name: Upload rke bin artifacts
+        if: github.event_name == 'push' && github.ref_type == 'tag'
+        uses: actions/upload-artifact@v4
+        with:
+          name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }}
+          path: build/bin/rke*
+          if-no-files-found: error
+          retention-days: 1
+
+  integration-ci:
+    permissions:
+      contents: read
+    runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    timeout-minutes: 30
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Run CI
+        run: |
+          ./scripts/integration-ci
+
+  github-pre-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    needs: ci
+    if: github.event_name == 'push' && github.ref_type == 'tag' && (contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha'))
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Download rke bin artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }}
+          path: build/bin
+      - name: Create pre-release
+        run: |
+          gh release create ${{ github.ref_name }} -p --verify-tag --title "Pre-release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke*
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+  github-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    needs: ci
+    if: github.event_name == 'push' && github.ref_type == 'tag' && !(contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha'))
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Download rke bin artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }}
+          path: build/bin
+      - name: Create release
+        run: |
+          gh release create ${{ github.ref_name }} --verify-tag --title "Release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/rke*
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+  dispatch:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    needs: ci
+    if: github.event_name == 'push' && github.ref_type == 'tag'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Retrieve token from vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ;
+      - name: Run dispatch
+        run: |
+          case ${{ github.ref_name }} in           
+            "v1.4"*)
+              ACTION_TARGET_BRANCH="release/v2.7"
+              ;;
+            "v1.5"*)
+              ACTION_TARGET_BRANCH="release/v2.8"
+              ;;
+            "v1.6"*)
+              ACTION_TARGET_BRANCH="release/v2.9"
+              ;;
+            *)
+              echo "Not a valid tag, not dispatching event"
+              exit 0
+          esac
+          echo "Running on $ACTION_TARGET_BRANCH"
+          gh workflow run "Go get" --repo rancher/rancher --ref $ACTION_TARGET_BRANCH -F goget_module=github.com/rancher/rke -F goget_version=${{ github.ref_name }} -F source_author=${{ github.actor }}
+        env:
+          GH_TOKEN: ${{ env.PAT_TOKEN }}
--- a/dind/dind.go
+++ b/dind/dind.go
@@ -3,6 +3,7 @@ package dind
 import (
 	"context"
 	"fmt"
+	"time"

 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
@@ -13,7 +14,7 @@ import (
 )

 const (
-	DINDImage           = "docker:19.03.12-dind"
+	DINDImage           = "docker:24.0.9-dind"
 	DINDContainerPrefix = "rke-dind"
 	DINDPlane           = "dind"
 	DINDNetwork         = "dind-network"
@@ -66,7 +67,7 @@ func StartUpDindContainer(ctx context.Context, dindAddress, dindNetwork, dindSto
 				"mount --make-shared / && " +
 					"mount --make-shared /sys && " +
 					"mount --make-shared /var/lib/docker && " +
-					"dockerd-entrypoint.sh --storage-driver=" + storageDriver,
+					"dockerd-entrypoint.sh --tls=false --storage-driver=" + storageDriver,
 			},
 			Hostname: dindAddress,
 			Env:      []string{"DOCKER_TLS_CERTDIR="},
@@ -120,6 +121,15 @@ func RmoveDindContainer(ctx context.Context, dindAddress string) error {
 			return nil
 		}
 	}
+
+	timeout := 2 * time.Minute
+	if err := cli.ContainerStop(ctx, containerName, &timeout); err != nil {
+		return fmt.Errorf("Failed to stop dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
+	}
+
+	logrus.Infof("waiting 1 minute before removing container [%s] on host [%s]", containerName, cli.DaemonHost())
+	time.Sleep(1 * time.Minute)
+
 	if err := cli.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{
 		Force:         true,
 		RemoveVolumes: true}); err != nil {
--- a/scripts/ci
+++ b/scripts/ci
@@ -6,5 +6,4 @@ cd $(dirname $0)
 ./validate
 ./build
 ./test
-./integration
 ./package
--- a/scripts/dispatch
+++ b/scripts/dispatch
@@ -1,25 +0,0 @@
-#!/bin/bash
-set -e
-set -x
-
-REPO="https://api.github.com/repos/rancher/rancher/actions/workflows/go-get.yml/dispatches"
-
-case $DRONE_TAG in
-  "v1.4"*)
-    ACTION_TARGET_BRANCH="release/v2.7"
-    ;;
-  *)
-    echo "Not a valid tag, not dispatching event"
-    exit 0
-esac
-
-echo "DRONE_TAG: $DRONE_TAG"
-echo "DRONE_COMMIT_AUTHOR: $DRONE_COMMIT_AUTHOR"
-
-echo "Dispatching to branch ${ACTION_TARGET_BRANCH}"
-
-# send dispatch event to workflow
-curl -XPOST -u "${PAT_USERNAME}:${PAT_TOKEN}" \
-        -H "Accept: application/vnd.github.v3+json"  \
-        -H "Content-Type: application/json" $REPO \
-        --data '{"ref": "'"$ACTION_TARGET_BRANCH"'","inputs":{"goget_module":"github.com/rancher/rke","goget_version":"'"$DRONE_TAG"'","source_author":"'"$DRONE_COMMIT_AUTHOR"'"}}'
--- a/scripts/integration
+++ b/scripts/integration
@@ -18,7 +18,7 @@ function cleanup {
    echo ""
    echo_with_time "---- Clean Up RKE ----"
    for i in ./bin/cluster-*.yml; do
-        ./bin/rke remove --dind --force --config $i 2>&1 >/dev/null
+        ./bin/rke remove --dind --force --config $i
    done
    rm -f ./bin/*.rkestate ./bin/*.yml
 }
--- a/scripts/integration-ci
+++ b/scripts/integration-ci
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+cd $(dirname $0)
+
+./build
+./integration
--- a/scripts/package
+++ b/scripts/package
@@ -10,23 +10,3 @@ SUFFIX=""
 [ "${ARCH}" != "amd64" ] && SUFFIX="_${ARCH}"

 ./scripts/create-releasenote.sh
-
-cd package
-
-TAG=${TAG:-${VERSION}${SUFFIX}}
-REPO=${REPO:-rke}
-
-if echo $TAG | grep -q dirty; then
-    TAG=dev
-fi
-
-if [ -n "$DRONE_TAG" ]; then
-    TAG=$DRONE_TAG
-fi
-
-cp ../bin/rke .
-
-IMAGE=${REPO}/rke:${TAG}
-docker build -t ${IMAGE} .
-echo ${IMAGE} > ../dist/images
-echo Built ${IMAGE}
--- a/util/util.go
+++ b/util/util.go
@@ -134,13 +134,14 @@ func GetTagMajorVersion(tag string) string {
 }

 func IsFileExists(filePath string) (bool, error) {
-	if _, err := os.Stat(filePath); err == nil {
+	var err error
+	if _, err = os.Stat(filePath); err == nil {
 		return true, nil
-	} else if os.IsNotExist(err) {
-		return false, nil
-	} else {
-		return false, err
 	}
+	if os.IsNotExist(err) {
+		return false, nil
+	}
+	return false, err
 }

 func GetDefaultRKETools(image string) (string, error) {