name: CI workflow on: push: branches: - 'release/v*' tags: - '*' paths-ignore: - '**.md' - 'CODEOWNERS' - 'LICENSE' - 'docs/**' pull_request: branches: - 'release/v*' paths-ignore: - '**.md' - 'CODEOWNERS' - 'LICENSE' - 'docs/**' jobs: ci: permissions: contents: read runs-on: ubuntu-latest timeout-minutes: 30 steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version-file: 'go.mod' - name: Run golangci-lint uses: golangci/golangci-lint-action@v6 with: version: v1.58 - name: Run CI run: | ./scripts/ci ls -lR build/bin env: CROSS: 1 TAG: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || '' }} - name: Generate sha256 file for release if: github.event_name == 'push' && github.ref_type == 'tag' run: | upload_folder="./build/bin" for filename in $upload_folder/*; do sum_file=$(sha256sum $filename) sum=$(echo $sum_file | awk '{print $1}') file_path=$(echo $sum_file | awk '{print $2}') file=${file_path#"$upload_folder/"} echo "$sum $file" >> ./build/bin/sha256sum.txt done - name: Upload rke bin artifacts if: github.event_name == 'push' && github.ref_type == 'tag' uses: actions/upload-artifact@v4 with: name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} path: build/bin/* if-no-files-found: error retention-days: 1 integration-ci: permissions: contents: read runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} timeout-minutes: 30 if: github.event_name == 'pull_request' steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version-file: 'go.mod' - name: Run CI run: | ./scripts/integration-ci github-pre-release: permissions: contents: write runs-on: ubuntu-latest timeout-minutes: 10 needs: ci if: github.event_name == 'push' && github.ref_type == 'tag' && (contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) steps: - name: Checkout code uses: actions/checkout@v4 - name: Download rke bin artifacts uses: actions/download-artifact@v4 with: name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} path: build/bin - name: Create pre-release run: | gh release create ${{ github.ref_name }} -p --verify-tag --title "Pre-release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/* env: GH_TOKEN: ${{ github.token }} github-release: permissions: contents: write runs-on: ubuntu-latest timeout-minutes: 10 needs: ci if: github.event_name == 'push' && github.ref_type == 'tag' && !(contains(github.ref_name, 'rc') || contains(github.ref_name, 'alpha')) steps: - name: Checkout code uses: actions/checkout@v4 - name: Download rke bin artifacts uses: actions/download-artifact@v4 with: name: rke-binaries-${{ github.run_number }}-${{ github.run_attempt }} path: build/bin - name: Create release run: | gh release create ${{ github.ref_name }} --verify-tag --title "Release ${{ github.ref_name }}" --notes-file build/bin/rke-k8sversions.txt build/bin/* env: GH_TOKEN: ${{ github.token }} dispatch: permissions: contents: read id-token: write runs-on: ubuntu-latest timeout-minutes: 10 needs: ci if: github.event_name == 'push' && github.ref_type == 'tag' steps: - name: Checkout code uses: actions/checkout@v4 - name: Retrieve token from vault uses: rancher-eio/read-vault-secrets@main with: secrets: | secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; - name: Run dispatch run: | case ${{ github.ref_name }} in "v1.4"*) ACTION_TARGET_BRANCH="release/v2.7" ;; "v1.5"*) ACTION_TARGET_BRANCH="release/v2.8" ;; "v1.6"*) ACTION_TARGET_BRANCH="release/v2.9" ;; "v1.7"*) ACTION_TARGET_BRANCH="release/v2.10" ;; *) echo "Not a valid tag, not dispatching event" exit 0 esac echo "Running on $ACTION_TARGET_BRANCH" gh workflow run "Go get" --repo rancher/rancher --ref $ACTION_TARGET_BRANCH -F goget_module=github.com/rancher/rke -F goget_version=${{ github.ref_name }} -F source_author=${{ github.actor }} env: GH_TOKEN: ${{ env.PAT_TOKEN }}