ci: move from drone ci to github actions

Besides the CI migration, the golangci-lint version is bumped and added a timeout flag for execution. Signed-off-by: Zespre Chang <zespre.chang@suse.com>
harvester · Apr 25, 2024 · 2af633e · 2af633e
1 parent 5d790ef
commit 2af633e
Show file tree

Hide file tree

Showing 15 changed files with 176 additions and 185 deletions.
diff --git a/.drone.yml b/.drone.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,14 @@
+name: Main Build and Publish
+
+on:
+  push:
+    branches:
+    - main
+
+jobs:
+  build-main:
+    uses: ./.github/workflows/template-build.yml
+    with:
+      release-tag-name: ${{ github.ref_name }}-head
+      push: true
+    secrets: inherit
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,12 @@
+name: Pull Request Build
+
+on:
+  pull_request:
+
+jobs:
+  build-pr:
+    uses: ./.github/workflows/template-build.yml
+    with:
+      release-tag-name: pull-${{ github.event.number }}
+      push: false
+    secrets: inherit
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Run Trivy vulnerability scanner in repo mode
       uses: aquasecurity/trivy-action@master
@@ -23,6 +23,6 @@ jobs:
         severity: 'CRITICAL'
 
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -0,0 +1,14 @@
+name: Tag Build and Publish
+
+on:
+  push:
+    tags:
+    - v**
+
+jobs:
+  build-tag:
+    uses: ./.github/workflows/template-build.yml
+    with:
+      release-tag-name: ${{ github.ref_name }}
+      push: true
+    secrets: inherit
diff --git a/.github/workflows/template-build.yml b/.github/workflows/template-build.yml
@@ -0,0 +1,79 @@
+on:
+  workflow_call:
+    inputs:
+      release-tag-name:
+        required: true
+        type: string
+      push:
+        required: true
+        type: boolean
+
+env:
+  repo: "rancher"
+  controllerImageName: "harvester-vm-dhcp-controller"
+  agentImageName: "harvester-vm-dhcp-agent"
+  webhookImageName: "harvester-vm-dhcp-webhook"
+
+jobs:
+  dapper-build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Run dapper
+      run: make ci
+
+    - name: Read some Secrets
+      uses: rancher-eio/read-vault-secrets@main
+      if: ${{ inputs.push == true }}
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      if: ${{ inputs.push == true }}
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    - name: Docker Build (Controller)
+      uses: docker/build-push-action@v5
+      with:
+        provenance: false
+        context: .
+        platforms: linux/amd64,linux/arm64
+        file: package/Dockerfile
+        push: ${{ inputs.push }}
+        tags: ${{ env.repo }}/${{ env.controllerImageName }}:${{ inputs.release-tag-name }}
+
+    - name: Docker Build (Agent)
+      uses: docker/build-push-action@v5
+      with:
+        provenance: false
+        context: .
+        platforms: linux/amd64,linux/arm64
+        file: package/Dockerfile.agent
+        push: ${{ inputs.push }}
+        tags: ${{ env.repo }}/${{ env.agentImageName }}:${{ inputs.release-tag-name }}
+
+    - name: Docker Build (Webhook)
+      uses: docker/build-push-action@v5
+      with:
+        provenance: false
+        context: .
+        platforms: linux/amd64,linux/arm64
+        file: package/Dockerfile.webhook
+        push: ${{ inputs.push }}
+        tags: ${{ env.repo }}/${{ env.webhookImageName }}:${{ inputs.release-tag-name }}
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -5,9 +5,12 @@ ENV ARCH $DAPPER_HOST_ARCH
 
 RUN zypper -n install tar gzip bash git docker less file curl wget
 
-RUN if [ "${ARCH}" = "amd64" ]; then \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2; \
-    fi
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.57.1
+
+# The docker version in dapper is too old to have buildx. Install it manually.
+RUN curl -sSfL https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} -o buildx-v0.13.1.linux-${ARCH} && \
+    chmod +x buildx-v0.13.1.linux-${ARCH} && \
+    mv buildx-v0.13.1.linux-${ARCH} /usr/local/bin/buildx
 
 ## install controller-gen
 RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0

diff --git a/package/Dockerfile b/package/Dockerfile
@@ -1,8 +1,19 @@
+# syntax=docker/dockerfile:1.7.0
+
 FROM registry.suse.com/bci/bci-base:15.5
 
 RUN zypper -n rm container-suseconnect && \
     zypper -n in curl dhcp-tools jq
 
-COPY bin/vm-dhcp-controller /usr/bin/vm-dhcp-controller
+ARG TARGETPLATFORM
+
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
+    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
+    exit 1; \
+    fi
+
+ENV ARCH=${TARGETPLATFORM#linux/}
+
+COPY bin/vm-dhcp-controller-${ARCH} /usr/bin/vm-dhcp-controller
 
 ENTRYPOINT [ "vm-dhcp-controller" ]
diff --git a/package/Dockerfile.agent b/package/Dockerfile.agent
@@ -1,8 +1,19 @@
+# syntax=docker/dockerfile:1.7.0
+
 FROM registry.suse.com/bci/bci-base:15.5
 
 RUN zypper -n rm container-suseconnect && \
     zypper -n in curl dhcp-tools jq
 
-COPY bin/vm-dhcp-agent /usr/bin/vm-dhcp-agent
+ARG TARGETPLATFORM
+
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
+    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
+    exit 1; \
+    fi
+
+ENV ARCH=${TARGETPLATFORM#linux/}
+
+COPY bin/vm-dhcp-agent-${ARCH} /usr/bin/vm-dhcp-agent
 
 ENTRYPOINT [ "vm-dhcp-agent" ]
diff --git a/package/Dockerfile.webhook b/package/Dockerfile.webhook
@@ -1,8 +1,19 @@
+# syntax=docker/dockerfile:1.7.0
+
 FROM registry.suse.com/bci/bci-base:15.5
 
 RUN zypper -n rm container-suseconnect && \
     zypper -n in curl
 
-COPY bin/vm-dhcp-webhook /usr/bin/vm-dhcp-webhook
+ARG TARGETPLATFORM
+
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
+    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
+    exit 1; \
+    fi
+
+ENV ARCH=${TARGETPLATFORM#linux/}
+
+COPY bin/vm-dhcp-webhook-${ARCH} /usr/bin/vm-dhcp-webhook
 
 ENTRYPOINT [ "vm-dhcp-webhook" ]
diff --git a/scripts/build b/scripts/build
@@ -12,6 +12,8 @@ mkdir -p bin
 LINKFLAGS="-X main.AppVersion=$VERSION
            -X main.GitCommit=$COMMIT"
 
-CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-controller ./cmd/controller
-CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-agent ./cmd/agent
-CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-webhook ./cmd/webhook
+for arch in "amd64" "arm64"; do
+    GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-controller-"$arch" ./cmd/controller
+    GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-agent-"$arch" ./cmd/agent
+    GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-webhook-"$arch" ./cmd/webhook
+done