From 409d1b9c7a9146a6f0a5cddc4e5de253afc92ccf Mon Sep 17 00:00:00 2001 From: Alexandre Lamarre Date: Mon, 13 May 2024 10:36:04 -0400 Subject: [PATCH 1/3] backport GHA to default CI Signed-off-by: Alexandre Lamarre --- .github/workflows/ci.yaml | 88 +++++++++++++++++++ .github/workflows/label-all-new-issues.yml | 24 +++-- .github/workflows/publish.yaml | 55 ++++++++++++ .github/workflows/release.yaml | 35 ++++++++ .github/workflows/renovate.yml | 25 ++++++ .github/workflows/scripts/install-k3d.sh | 17 ++++ .github/workflows/scripts/install-mc.sh | 25 ++++++ .github/workflows/scripts/setup-cluster.sh | 70 +++++++++++++++ .../workflows/scripts/supported-versions.sh | 23 +++++ .github/workflows/stale.yml | 2 +- 10 files changed, 350 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/publish.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/renovate.yml create mode 100755 .github/workflows/scripts/install-k3d.sh create mode 100755 .github/workflows/scripts/install-mc.sh create mode 100755 .github/workflows/scripts/setup-cluster.sh create mode 100755 .github/workflows/scripts/supported-versions.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..45384157 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,88 @@ +name: Backup Restore CI + +permissions: + contents : read + +on: + workflow_call: + push: + branches: + - release/v5.0 + - release/v4.0 + - release/v3.0 + paths-ignore: + - 'docs/**' + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' + pull_request: + paths-ignore: + - 'docs/**' + - '*.md' + - '.gitignore' + - 'CODEOWNERS' + - 'LICENSE' +jobs: + build: + strategy: + matrix: + os : [ + ubuntu-latest + # org-rancher-arm64-containers + ] + name : CI + runs-on : ${{ matrix.os }} + outputs: + k3sversions: ${{ steps.support.outputs.k3sversions }} + steps: + - name : Checkout repository + uses : actions/checkout@v4 + with : + fetch-depth : 0 + - name: Set K3s support output + id : support + run: ./.github/workflows/scripts/supported-versions.sh | awk '{print "k3sversions="$0}' >> $GITHUB_OUTPUT + - name : CI + run : make ci + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: bro-build-artifacts-${{ matrix.os }} + path: ./dist/artifacts + + test: + name : integration-test + needs : [ + build + ] + runs-on : ${{ matrix.os }} + strategy: + matrix: + os : [ + ubuntu-latest + # org-rancher-arm64-containers, + ] + K3S_VERSION : ${{ fromJSON(needs.build.outputs.k3sversions) }} + steps: + - name : Checkout repository + uses : actions/checkout@v4 + - name : Fetch build artifacts + uses: actions/download-artifact@v4 + with: + name: bro-build-artifacts-${{ matrix.os }} + path: ./dist/artifacts/ + - name : Debug + run : ls -R ./dist/artifacts + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name : Load backup-restore-operator image + run : docker image load -i ./dist/artifacts/backup-restore-operator.img + - name : Setup up K3d + run : ./.github/workflows/scripts/install-k3d.sh + - name : Setup up mc + run : ./.github/workflows/scripts/install-mc.sh + - name : Setup k3d cluster + run : CLUSTER_NAME=backup-restore K3S_VERSION=${{ matrix.K3S_VERSION }} ./.github/workflows/scripts/setup-cluster.sh + - name : Run integration tests + run : ./scripts/integration \ No newline at end of file diff --git a/.github/workflows/label-all-new-issues.yml b/.github/workflows/label-all-new-issues.yml index 3028a1a6..e36df509 100644 --- a/.github/workflows/label-all-new-issues.yml +++ b/.github/workflows/label-all-new-issues.yml @@ -1,22 +1,20 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Label issues +name: Label issue on: issues: types: - opened - reopened + +permissions: + issues: write + jobs: label_issues: runs-on: ubuntu-latest - permissions: - issues: write steps: - - name: Label issues - uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 - with: - add-labels: "team/area3" - repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Label issue + id: run + run: gh issue edit -R ${GITHUB_REPOSITORY} --add-label ${LABEL} ${{ github.event.issue.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + LABEL: "team/area3" diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..ea4f8a93 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,55 @@ +name : Publish Images + +on: + push: + tags: + - "*" + +env: + REGISTRY: docker.io + REPO : rancher + + +jobs: + ci : + uses: rancher/backup-restore-operator/.github/workflows/ci.yaml@release/v5.0 + permissions: + contents: read + push: + needs : [ + ci + ] + permissions: + contents : read + id-token: write + name : Build and push BRO images + runs-on : ubuntu-latest + steps: + - name : "Read vault secrets" + uses : rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + - name : Checkout repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + # setup tag name + - if: ${{ startsWith(github.ref, 'refs/tags/') }} + run: | + echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV + - name: Build and push BRO image + uses: docker/build-push-action@v5 + with: + context: . + file: ./package/Dockerfile + push: true + tags: ${{ env.REGISTRY }}/${{ env.REPO }}/backup-restore-operator:${{ env.TAG_NAME }} + platforms: linux/amd64,linux/arm64 \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..d0dd4f43 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,35 @@ +name: goreleaser + +on: + push: + tags: + - '*' + +permissions: + contents: write + +jobs: + ci: + uses: rancher/backup-restore-operator/.github/workflows/ci.yaml@release/v5.0 + permissions: + contents: read + goreleaser: + needs: [ + ci + ] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - run: git fetch --force --tags + - uses: actions/setup-go@v5 + with: + go-version: 1.22 + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 00000000..8c0cd59d --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,25 @@ +name: Renovate +on: + workflow_dispatch: + inputs: + logLevel: + description: "Override default log level" + required: false + default: "info" + type: string + overrideSchedule: + description: "Override all schedules" + required: false + default: "false" + type: string + # Run twice in the early morning (UTC) for initial and follow up steps (create pull request and merge) + # schedule: + # - cron: '30 4,6 * * *' + +jobs: + call-workflow: + uses: rancher/renovate-config/.github/workflows/renovate.yml@release + with: + logLevel: ${{ inputs.logLevel || 'info' }} + overrideSchedule: ${{ github.event.inputs.overrideSchedule == 'true' && '{''schedule'':null}' || '' }} + secrets: inherit diff --git a/.github/workflows/scripts/install-k3d.sh b/.github/workflows/scripts/install-k3d.sh new file mode 100755 index 00000000..51ed39f9 --- /dev/null +++ b/.github/workflows/scripts/install-k3d.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e +set -x + +K3D_URL=https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh +DEFAULT_K3D_VERSION=v5.4.6 + +install_k3d(){ + local k3dVersion=${K3D_VERSION:-${DEFAULT_K3D_VERSION}} + echo -e "Downloading k3d@${k3dVersion} see: ${K3D_URL}" + curl --silent --fail ${K3D_URL} | TAG=${k3dVersion} bash +} + +install_k3d + +k3d version \ No newline at end of file diff --git a/.github/workflows/scripts/install-mc.sh b/.github/workflows/scripts/install-mc.sh new file mode 100755 index 00000000..40653507 --- /dev/null +++ b/.github/workflows/scripts/install-mc.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e +set -x + + +# initArch discovers the architecture for this system. +initArch() { + ARCH=$(uname -m) + case $ARCH in + armv7*) ARCH="arm";; + aarch64) ARCH="arm64";; + x86_64) ARCH="amd64";; + esac +} + + +initArch + +curl -sL --fail https://dl.min.io/client/mc/release/linux-${ARCH}/mc > mc; +chmod +x mc; + +cp mc /usr/local/bin/mc + +mc --version \ No newline at end of file diff --git a/.github/workflows/scripts/setup-cluster.sh b/.github/workflows/scripts/setup-cluster.sh new file mode 100755 index 00000000..31c0a0fd --- /dev/null +++ b/.github/workflows/scripts/setup-cluster.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +set -e + +source ./scripts/version + +if [ -z "$CLUSTER_NAME" ]; then + echo "CLUSTER_NAME must be specified when setting up a cluster" + exit 1 +fi + +if [ -z "$K3S_VERSION" ]; then + echo "K3S_VERSION must be specified when setting up a cluster, use $(k3d version list k3s) to find valid versions" + exit 1 +fi + +# waits until all nodes are ready +wait_for_nodes(){ + timeout=120 + start_time=$(date +%s) + echo "wait until all agents are ready" + while : + do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -ge $timeout ]; then + echo "Timeout reached, exiting..." + exit 1 + fi + + readyNodes=1 + statusList=$(kubectl get nodes --no-headers | awk '{ print $2}') + # shellcheck disable=SC2162 + while read status + do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -ge $timeout ]; then + echo "Timeout reached, exiting..." + exit 1 + fi + if [ "$status" == "NotReady" ] || [ "$status" == "" ] + then + readyNodes=0 + break + fi + done <<< "$(echo -e "$statusList")" + # all nodes are ready; exit + if [[ $readyNodes == 1 ]] + then + break + fi + sleep 1 + done +} + +k3d cluster delete $CLUSTER_NAME || true +k3d cluster create $CLUSTER_NAME --image "docker.io/rancher/k3s:${K3S_VERSION}" + +wait_for_nodes + +echo "$CLUSTER_NAME ready" + +kubectl cluster-info --context k3d-${CLUSTER_NAME} +kubectl config use-context k3d-${CLUSTER_NAME} +kubectl get nodes -o wide + +IMAGE=${REPO}/backup-restore-operator:${TAG} + +k3d image import ${IMAGE} -c $CLUSTER_NAME diff --git a/.github/workflows/scripts/supported-versions.sh b/.github/workflows/scripts/supported-versions.sh new file mode 100755 index 00000000..650953a9 --- /dev/null +++ b/.github/workflows/scripts/supported-versions.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Prints supported versions based on the current release branch targeted +# Version output is in JSON + +set -e +set -x + +if git merge-base --is-ancestor origin/release/v5.0 HEAD +then + echo -n "[\"v1.23.9-k3s1\", \"v1.29.3-k3s1\"]" + exit 0 +elif git merge-base --is-ancestor origin/release/v4.0 HEAD +then + echo -n "[\"v1.23.9-k3s1\", \"v1.28.8-k3s1\"]" + exit 0 +elif git merge-base --is-ancestor origin/release/v3.0 HEAD +then + echo -n "[\"v1.16.9-k3s1\", \"v1.27.9-k3s1\"]" + exit 0 +fi + + +exit 1 \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index edf713a6..823c68b3 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,7 +11,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 + - uses: actions/stale@v9 with: stale-issue-message: 'This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.' stale-pr-message: 'This repository uses an automated workflow to automatically label pull requests which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community pull requests better. If the pull request is still relevant, please add a comment to the pull request so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the pull request in 14 days. Thank you for your contributions.' From 3758bd4f3859ff6736ed6ab93010423baf0f37c5 Mon Sep 17 00:00:00 2001 From: Alexandre Lamarre Date: Mon, 13 May 2024 10:36:31 -0400 Subject: [PATCH 2/3] remove drone CI from default CI Signed-off-by: Alexandre Lamarre --- .drone.yml | 321 ----------------------------------------------------- 1 file changed, 321 deletions(-) delete mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 255cf3bb..00000000 --- a/.drone.yml +++ /dev/null @@ -1,321 +0,0 @@ ---- -kind: pipeline -name: amd64 - -platform: - os: linux - arch: amd64 - -steps: -- name: build - image: rancher/dapper:v0.4.1 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - -- name: fossa - image: registry.suse.com/suse/sle15:15.3 - failure: ignore - environment: - FOSSA_API_KEY: - from_secret: FOSSA_API_KEY - commands: - - zypper -n install curl unzip - - "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/spectrometer/master/install.sh | sh" - - fossa analyze - - fossa test - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/master" - event: - - push - - tag - -- name: github_binary_prerelease - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - title: "Pre-release ${DRONE_TAG}" - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - -- name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - title: "Release ${DRONE_TAG}" - checksum: - - sha256 - checksum_file: CHECKSUMsum-amd64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - -- name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/backup-restore-operator" - tag: "${DRONE_TAG}-amd64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: arm64 - -platform: - os: linux - arch: arm64 - -steps: -- name: build - image: rancher/dapper:v0.4.1 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - -- name: github_binary_prerelease - image: plugins/github-release - settings: - api_key: - from_secret: github_token - prerelease: true - title: "Pre-release ${DRONE_TAG}" - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - -- name: github_binary_release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - title: "Release ${DRONE_TAG}" - checksum: - - sha256 - checksum_file: CHECKSUMsum-arm64.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - -- name: docker-publish - image: plugins/docker - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/backup-restore-operator" - tag: "${DRONE_TAG}-arm64" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock - ---- -kind: pipeline -name: s390x - -platform: - os: linux - arch: amd64 - -node: - arch: s390x - -steps: - - name: build - image: rancher/dapper:v0.5.8 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - - - name: github_binary_prerelease - image: rancher/drone-images:github-release-s390x - settings: - api_key: - from_secret: github_token - prerelease: true - title: "Pre-release ${DRONE_TAG}" - checksum: - - sha256 - checksum_file: CHECKSUMsum-s390x.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - - - name: github_binary_release - image: rancher/drone-images:github-release-s390x - settings: - title: "Release ${DRONE_TAG}" - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_file: CHECKSUMsum-s390x.txt - checksum_flatten: true - files: - - "dist/artifacts/*" - when: - instance: - - drone-publish.rancher.io - ref: - exclude: - - "refs/tags/*rc*" - - "refs/tags/*alpha*" - event: - - tag - - - name: docker-publish - image: rancher/drone-images:docker-s390x - volumes: - - name: docker - path: /var/run/docker.sock - settings: - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: "rancher/backup-restore-operator" - tag: "${DRONE_TAG}-s390x" - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -volumes: - - name: docker - host: - path: /var/run/docker.sock - ---- - -kind: pipeline -name: manifest - -platform: - os: linux - arch: amd64 - -steps: -- name: manifest - image: plugins/manifest:1.0.2 - settings: - username: - from_secret: docker_username - password: - from_secret: docker_password - platforms: - - linux/amd64 - - linux/arm64 - - linux/s390x - target: "rancher/backup-restore-operator:${DRONE_TAG}" - template: "rancher/backup-restore-operator:${DRONE_TAG}-ARCH" - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/master - - refs/tags/* - event: - - tag - -depends_on: -- amd64 -- arm64 -- s390x From 754a986708cb49e0922a0672062906a7265b278f Mon Sep 17 00:00:00 2001 From: Alexandre Lamarre Date: Mon, 13 May 2024 14:39:49 -0400 Subject: [PATCH 3/3] update k8s version support, based on rancher support matrix Signed-off-by: Alexandre Lamarre --- .github/workflows/scripts/supported-versions.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scripts/supported-versions.sh b/.github/workflows/scripts/supported-versions.sh index 650953a9..2286533b 100755 --- a/.github/workflows/scripts/supported-versions.sh +++ b/.github/workflows/scripts/supported-versions.sh @@ -7,15 +7,15 @@ set -x if git merge-base --is-ancestor origin/release/v5.0 HEAD then - echo -n "[\"v1.23.9-k3s1\", \"v1.29.3-k3s1\"]" + echo -n "[\"v1.23.9-k3s1\", \"v1.29.4-k3s1\"]" exit 0 elif git merge-base --is-ancestor origin/release/v4.0 HEAD then - echo -n "[\"v1.23.9-k3s1\", \"v1.28.8-k3s1\"]" + echo -n "[\"v1.25.9-k3s1\", \"v1.28.8-k3s1\"]" exit 0 elif git merge-base --is-ancestor origin/release/v3.0 HEAD then - echo -n "[\"v1.16.9-k3s1\", \"v1.27.9-k3s1\"]" + echo -n "[\"v1.23.9-k3s1\", \"v1.27.9-k3s1\"]" exit 0 fi