From ce284d33f1de255b25b1e78903b9bec201a69476 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Tue, 16 Apr 2024 16:57:42 +0200 Subject: [PATCH 01/10] enabled gofmt linter, added lint scripts, removed dapper from Makefile --- .github/workflows/ci.yml | 10 +++++++--- .golangci.json | 5 +++++ Makefile | 11 ++--------- cmd/app.go | 18 +++++++++--------- cmd/catalog.go | 8 ++++---- cmd/multiclusterapp.go | 28 ++++++++++++++-------------- scripts/ci | 1 + scripts/lint | 7 +++++++ scripts/validate | 3 --- 9 files changed, 49 insertions(+), 42 deletions(-) create mode 100755 scripts/lint diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15db9053e..ac14f88e8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,7 @@ jobs: build: runs-on: ubuntu-latest + steps: - name: Checkout Repo uses: actions/checkout@v3 @@ -16,18 +17,21 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: '1.22' + go-version-file: go.mod cache: false - name: Lint uses: golangci/golangci-lint-action@v4 - - name: Test - run: go test -v ./... + - name: Validate Go modules + run: ./scripts/validate - name: Build run: make build + - name: Test + run: ./scripts/test + fossa: runs-on: ubuntu-latest permissions: diff --git a/.golangci.json b/.golangci.json index 507068a48..0c2977c83 100644 --- a/.golangci.json +++ b/.golangci.json @@ -1,4 +1,9 @@ { + "linters": { + "enable": [ + "gofmt" + ] + }, "run": { "timeout": "10m" } diff --git a/Makefile b/Makefile index 78839b9be..4eef50901 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,7 @@ TARGETS := $(shell ls scripts) -.dapper: - @echo Downloading dapper - @curl -sL https://releases.rancher.com/dapper/latest/dapper-`uname -s`-`uname -m` > .dapper.tmp - @@chmod +x .dapper.tmp - @./.dapper.tmp -v - @mv .dapper.tmp .dapper - -$(TARGETS): .dapper - ./.dapper $@ +$(TARGETS): + @./scripts/$@ .DEFAULT_GOAL := ci diff --git a/cmd/app.go b/cmd/app.go index c060a52e1..42430e7ee 100644 --- a/cmd/app.go +++ b/cmd/app.go @@ -133,7 +133,7 @@ func AppCommand() cli.Command { Action: defaultAction(appLs), Flags: appLsFlags, Subcommands: []cli.Command{ - cli.Command{ + { Name: "ls", Usage: "List apps", Description: "\nList all apps in the current Rancher server", @@ -141,13 +141,13 @@ func AppCommand() cli.Command { Action: appLs, Flags: appLsFlags, }, - cli.Command{ + { Name: "delete", Usage: "Delete an app", Action: appDelete, ArgsUsage: "[APP_NAME/APP_ID]", }, - cli.Command{ + { Name: "install", Usage: "Install an app template", Description: installAppDescription, @@ -193,7 +193,7 @@ func AppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "rollback", Usage: "Rollback an app to a previous version", Action: appRollback, @@ -209,7 +209,7 @@ func AppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "upgrade", Usage: "Upgrade an existing app to a newer version", Description: upgradeAppDescription, @@ -246,7 +246,7 @@ func AppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "list-templates", Aliases: []string{"lt"}, Usage: "List templates available for installation", @@ -261,7 +261,7 @@ func AppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "show-template", Aliases: []string{"st"}, Usage: "Show versions available to install for an app template", @@ -269,7 +269,7 @@ func AppCommand() cli.Command { ArgsUsage: "[TEMPLATE_ID]", Action: templateShow, }, - cli.Command{ + { Name: "show-app", Aliases: []string{"sa"}, Usage: "Show an app's available versions and revisions", @@ -279,7 +279,7 @@ func AppCommand() cli.Command { formatFlag, }, }, - cli.Command{ + { Name: "show-notes", Usage: "Show contents of apps notes.txt", Action: appNotes, diff --git a/cmd/catalog.go b/cmd/catalog.go index 9b435b220..1633f1529 100644 --- a/cmd/catalog.go +++ b/cmd/catalog.go @@ -67,7 +67,7 @@ func CatalogCommand() cli.Command { Action: defaultAction(catalogLs), Flags: catalogLsFlags, Subcommands: []cli.Command{ - cli.Command{ + { Name: "ls", Usage: "List catalogs", Description: "\nList all catalogs in the current Rancher server", @@ -75,7 +75,7 @@ func CatalogCommand() cli.Command { Action: catalogLs, Flags: catalogLsFlags, }, - cli.Command{ + { Name: "add", Usage: "Add a catalog", Description: addCatalogDescription, @@ -94,14 +94,14 @@ func CatalogCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "delete", Usage: "Delete a catalog", Description: "\nDelete a catalog from the Rancher server", ArgsUsage: "[CATALOG_NAME/CATALOG_ID]", Action: catalogDelete, }, - cli.Command{ + { Name: "refresh", Usage: "Refresh catalog templates", Description: refreshCatalogDescription, diff --git a/cmd/multiclusterapp.go b/cmd/multiclusterapp.go index 5ef82c5c2..c88296202 100644 --- a/cmd/multiclusterapp.go +++ b/cmd/multiclusterapp.go @@ -76,7 +76,7 @@ func MultiClusterAppCommand() cli.Command { Action: defaultAction(multiClusterAppLs), Flags: appLsFlags, Subcommands: []cli.Command{ - cli.Command{ + { Name: "ls", Usage: "List multi-cluster apps", Description: "\nList all multi-cluster apps in the current Rancher server", @@ -84,13 +84,13 @@ func MultiClusterAppCommand() cli.Command { Action: multiClusterAppLs, Flags: appLsFlags, }, - cli.Command{ + { Name: "delete", Usage: "Delete a multi-cluster app", Action: multiClusterAppDelete, ArgsUsage: "[APP_NAME]", }, - cli.Command{ + { Name: "install", Usage: "Install a multi-cluster app", Description: installMultiClusterAppDescription, @@ -168,7 +168,7 @@ func MultiClusterAppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "rollback", Usage: "Rollback a multi-cluster app to a previous version", Action: multiClusterAppRollback, @@ -180,7 +180,7 @@ func MultiClusterAppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "upgrade", Usage: "Upgrade an app to a newer version", Action: multiClusterAppUpgrade, @@ -231,7 +231,7 @@ func MultiClusterAppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "add-project", Usage: "Add target projects to a multi-cluster app", Action: addMcappTargetProject, @@ -256,28 +256,28 @@ func MultiClusterAppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "delete-project", Usage: "Delete target projects from a multi-cluster app", Action: deleteMcappTargetProject, Description: "Examples:\n #Delete 'p1' project in cluster 'mycluster' from target projects of a multi-cluster app named 'myapp'\n rancher multiclusterapp delete-project myapp mycluster:p1\n", ArgsUsage: "[APP_NAME/APP_ID, CLUSTER_NAME:PROJECT_NAME/PROJECT_ID...]", }, - cli.Command{ + { Name: "add-member", Usage: "Add members to a multi-cluster app", Action: addMcappMember, Description: "Examples:\n #Add 'user1' and 'user2' as the owners of a multi-cluster app named 'myapp'\n rancher multiclusterapp add-member myapp owner user1 user2\n", ArgsUsage: "[APP_NAME/APP_ID, ACCESS_TYPE, USER_NAME/USER_ID...]", }, - cli.Command{ + { Name: "delete-member", Usage: "Delete members from a multi-cluster app", Action: deleteMcappMember, Description: "Examples:\n #Delete the membership of a user named 'user1' from a multi-cluster app named 'myapp'\n rancher multiclusterapp delete-member myapp user1\n", ArgsUsage: "[APP_NAME/APP_ID, USER_NAME/USER_ID...]", }, - cli.Command{ + { Name: "list-members", Aliases: []string{"lm"}, Usage: "List current members of a multi-cluster app", @@ -287,7 +287,7 @@ func MultiClusterAppCommand() cli.Command { formatFlag, }, }, - cli.Command{ + { Name: "list-answers", Aliases: []string{"la"}, Usage: "List current answers of a multi-cluster app", @@ -297,7 +297,7 @@ func MultiClusterAppCommand() cli.Command { formatFlag, }, }, - cli.Command{ + { Name: "list-templates", Aliases: []string{"lt"}, Usage: "List templates available for installation", @@ -312,7 +312,7 @@ func MultiClusterAppCommand() cli.Command { }, }, }, - cli.Command{ + { Name: "show-template", Aliases: []string{"st"}, Usage: "Show versions available to install for an app template", @@ -320,7 +320,7 @@ func MultiClusterAppCommand() cli.Command { ArgsUsage: "[TEMPLATE_ID]", Action: templateShow, }, - cli.Command{ + { Name: "show-app", Aliases: []string{"sa"}, Usage: "Show an app's available versions and revisions", diff --git a/scripts/ci b/scripts/ci index e6fae796b..608fddf15 100755 --- a/scripts/ci +++ b/scripts/ci @@ -5,5 +5,6 @@ cd $(dirname $0) ./build ./test +./lint ./validate ./package diff --git a/scripts/lint b/scripts/lint new file mode 100755 index 000000000..e47502bb9 --- /dev/null +++ b/scripts/lint @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running: golangci-lint +golangci-lint run diff --git a/scripts/validate b/scripts/validate index a4c2bc112..a71e74d8a 100755 --- a/scripts/validate +++ b/scripts/validate @@ -3,9 +3,6 @@ set -e cd $(dirname $0)/.. -echo Running: golangci-lint -golangci-lint run - echo Tidying up modules go mod tidy From c8bb8649cb7b8937481a727e1f1280d5d5e02bf2 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Fri, 19 Apr 2024 11:56:09 +0200 Subject: [PATCH 02/10] added build (with arm64 support), package steps, and fossa job --- .github/workflows/ci.yml | 19 ++++++++++++++++++- scripts/build | 2 +- scripts/package | 4 ++-- scripts/version | 2 +- 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac14f88e8..fc760cb48 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,11 +27,27 @@ jobs: run: ./scripts/validate - name: Build - run: make build + env: + CROSS: 1 + run: ./scripts/build - name: Test run: ./scripts/test + - name: Package + run: | + ./scripts/package + ls -lR dist/artifacts + # Stage binary for packaging step + cp -r ./bin/* ./package/ + + - name: Docker Build + uses: docker/build-push-action@v5 + with: + push: false + context: package + tags: rancher/cli2:$GITHUB_REF_NAME + fossa: runs-on: ubuntu-latest permissions: @@ -52,3 +68,4 @@ jobs: uses: fossas/fossa-action@main with: api-key: ${{ env.FOSSA }} + diff --git a/scripts/build b/scripts/build index 543e0b47a..4320282e0 100755 --- a/scripts/build +++ b/scripts/build @@ -9,7 +9,7 @@ declare -A OS_ARCH_ARG OS_PLATFORM_ARG=(linux windows darwin) OS_ARCH_ARG[linux]="amd64 arm s390x" OS_ARCH_ARG[windows]="386 amd64" -OS_ARCH_ARG[darwin]="amd64" +OS_ARCH_ARG[darwin]="amd64 arm64" CGO_ENABLED=0 go build -ldflags="-w -s -X main.VERSION=$VERSION -extldflags -static" -o bin/rancher diff --git a/scripts/package b/scripts/package index 56076134f..35c93a501 100755 --- a/scripts/package +++ b/scripts/package @@ -71,8 +71,8 @@ if echo $TAG | grep -q dirty; then TAG=dev fi -if [ -n "$DRONE_TAG" ]; then - TAG=$DRONE_TAG +if [ -n "$GITHUB_REF_NAME" ]; then + TAG=$GITHUB_REF_NAME fi cp ../bin/rancher . diff --git a/scripts/version b/scripts/version index a05b035fc..837070f61 100755 --- a/scripts/version +++ b/scripts/version @@ -5,7 +5,7 @@ if [ -n "$(git status --porcelain --untracked-files=no)" ]; then fi COMMIT=$(git rev-parse --short HEAD) -GIT_TAG=${DRONE_TAG:-$(git tag -l --contains HEAD | head -n 1)} +GIT_TAG=${GITHUB_REF_NAME:-$(git tag -l --contains HEAD | head -n 1)} if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then VERSION=$GIT_TAG From 8649d2dea13058c42522e5f211a5ec16b729248c Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Fri, 19 Apr 2024 14:52:08 +0200 Subject: [PATCH 03/10] github tag, and envs --- .github/workflows/ci.yml | 14 +++++++++++++- scripts/package | 4 ++-- scripts/version | 2 +- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc760cb48..3ebe8e3da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,6 +26,13 @@ jobs: - name: Validate Go modules run: ./scripts/validate + - name: Test + run: ./scripts/test + + - name: Get Tag + if: startsWith(github.ref, 'refs/tags/v') + run: echo "GITHUB_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV + - name: Build env: CROSS: 1 @@ -40,13 +47,18 @@ jobs: ls -lR dist/artifacts # Stage binary for packaging step cp -r ./bin/* ./package/ + + # Export the tag for the next step + source ./scripts/version + echo "VERSION=$VERSION" + echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Docker Build uses: docker/build-push-action@v5 with: push: false context: package - tags: rancher/cli2:$GITHUB_REF_NAME + tags: rancher/cli2:${{ env.VERSION }} fossa: runs-on: ubuntu-latest diff --git a/scripts/package b/scripts/package index 35c93a501..6d1b05fc2 100755 --- a/scripts/package +++ b/scripts/package @@ -71,8 +71,8 @@ if echo $TAG | grep -q dirty; then TAG=dev fi -if [ -n "$GITHUB_REF_NAME" ]; then - TAG=$GITHUB_REF_NAME +if [ -n "$GITHUB_TAG" ]; then + TAG=$GITHUB_TAG fi cp ../bin/rancher . diff --git a/scripts/version b/scripts/version index 837070f61..7ca732f87 100755 --- a/scripts/version +++ b/scripts/version @@ -5,7 +5,7 @@ if [ -n "$(git status --porcelain --untracked-files=no)" ]; then fi COMMIT=$(git rev-parse --short HEAD) -GIT_TAG=${GITHUB_REF_NAME:-$(git tag -l --contains HEAD | head -n 1)} +GIT_TAG=${GITHUB_TAG:-$(git tag -l --contains HEAD | head -n 1)} if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then VERSION=$GIT_TAG From 32a99ce6b66808ebcefedf358d187d40dd5030bc Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Fri, 19 Apr 2024 15:51:05 +0200 Subject: [PATCH 04/10] upload assets --- .github/workflows/release.yml | 57 +++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ab1084127..e7e8ebb29 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,3 +29,60 @@ jobs: with: username: ${{ env.DOCKER_USERNAME }} password: ${{ env.DOCKER_PASSWORD }} + + # Fail for non-tagged commits + - name: Tag Check + run: git describe --exact-match --tags + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: false + + - name: Lint + uses: golangci/golangci-lint-action@v4 + + - name: Validate Go modules + run: ./scripts/validate + + - name: Test + run: ./scripts/test + + - name: Get Tag + if: startsWith(github.ref, 'refs/tags/v') + run: echo "GITHUB_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV + + - name: Build + env: + CROSS: 1 + run: ./scripts/build + + - name: Package + run: | + ./scripts/package + ls -lR dist/artifacts + # Stage binary for packaging step + cp -r ./bin/* ./package/ + + # Export the tag for the next step + source ./scripts/version + echo "VERSION=$VERSION" + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Upload Release assets + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + cd dist/artifacts/$VERSION + ls -lR + # generate sha256sum file + find . -type f -printf '%P\0' | xargs -0 sha256sum > sha256sum.txt + gh release upload $VERSION *.txt *.xz *.gz *.zip + + - name: Docker Build + uses: docker/build-push-action@v5 + with: + push: true + context: package + tags: enrichman/cli2:${{ env.VERSION }} From c5661040ebe0eadc734faf97415f9e8ece8d8240 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Mon, 22 Apr 2024 11:25:14 +0200 Subject: [PATCH 05/10] removed dapper and google cloud storage --- Dockerfile.dapper | 15 --------------- scripts/copy-latest.sh | 2 -- scripts/copy-release.sh | 2 -- scripts/entry | 11 ----------- 4 files changed, 30 deletions(-) delete mode 100644 Dockerfile.dapper delete mode 100755 scripts/copy-latest.sh delete mode 100755 scripts/copy-release.sh delete mode 100755 scripts/entry diff --git a/Dockerfile.dapper b/Dockerfile.dapper deleted file mode 100644 index 6e550415d..000000000 --- a/Dockerfile.dapper +++ /dev/null @@ -1,15 +0,0 @@ -FROM registry.suse.com/bci/golang:1.22 - -RUN zypper -n install docker rsync xz zip - -ENV GOLANGCI_LINT v1.57.1 -RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin "$GOLANGCI_LINT" - -ENV DAPPER_SOURCE /go/src/github.com/rancher/cli -ENV DAPPER_OUTPUT bin build/bin dist -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_ENV TAG REPO GOOS CROSS DRONE_TAG - -WORKDIR ${DAPPER_SOURCE} -ENTRYPOINT ["./scripts/entry"] -CMD ["ci"] diff --git a/scripts/copy-latest.sh b/scripts/copy-latest.sh deleted file mode 100755 index 2d114de43..000000000 --- a/scripts/copy-latest.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -gsutil -m rsync -r dist/artifacts/latest/ gs://releases.rancher.com/cli/latest diff --git a/scripts/copy-release.sh b/scripts/copy-release.sh deleted file mode 100755 index 6e8e27205..000000000 --- a/scripts/copy-release.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -gsutil -m cp -r dist/artifacts/v* gs://releases.rancher.com/cli diff --git a/scripts/entry b/scripts/entry deleted file mode 100755 index 62e4e1405..000000000 --- a/scripts/entry +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -e - -trap "chown -R $DAPPER_UID:$DAPPER_GID ." exit - -mkdir -p bin build/bin dist -if [ -e ./scripts/$1 ]; then - ./scripts/"$@" -else - "$@" -fi From 2bdca672f5c866439fc62949492f31ccb73587bb Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Wed, 24 Apr 2024 12:49:51 +0200 Subject: [PATCH 06/10] moved checkout steps --- .github/workflows/ci.yml | 9 ++++----- .github/workflows/release.yml | 10 +++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3ebe8e3da..35e80e514 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,7 +52,7 @@ jobs: source ./scripts/version echo "VERSION=$VERSION" echo "VERSION=$VERSION" >> $GITHUB_ENV - + - name: Docker Build uses: docker/build-push-action@v5 with: @@ -67,17 +67,16 @@ jobs: id-token: write # needed for the Vault authentication steps: + - name: Checkout Repo + uses: actions/checkout@v3 + - name: Load Secrets from Vault uses: rancher-eio/read-vault-secrets@main with: secrets: | secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA - - name: Checkout Repo - uses: actions/checkout@v3 - - name: Check FOSSA compliance uses: fossas/fossa-action@main with: api-key: ${{ env.FOSSA }} - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e7e8ebb29..d7d32371c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout Repo + uses: actions/checkout@v3 + - name: Load Secrets from Vault uses: rancher-eio/read-vault-secrets@main with: @@ -21,9 +24,6 @@ jobs: secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; - - name: Checkout Repo - uses: actions/checkout@v3 - - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -79,10 +79,10 @@ jobs: # generate sha256sum file find . -type f -printf '%P\0' | xargs -0 sha256sum > sha256sum.txt gh release upload $VERSION *.txt *.xz *.gz *.zip - + - name: Docker Build uses: docker/build-push-action@v5 with: push: true context: package - tags: enrichman/cli2:${{ env.VERSION }} + tags: rancher/cli2:${{ env.VERSION }} From cebc5e98c1b4f9fa098f0efb20a3ab0575c67431 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Mon, 29 Apr 2024 15:56:59 +0200 Subject: [PATCH 07/10] removed drone.yml --- .drone.yml | 299 ----------------------------------------------------- 1 file changed, 299 deletions(-) delete mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 36546fbbe..000000000 --- a/.drone.yml +++ /dev/null @@ -1,299 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -steps: -- name: build - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - -- name: build-all-binaries - pull: default - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - - ls -lR dist/artifacts - environment: - CROSS: 1 - privileged: true - volumes: - - name: socket - path: /var/run/docker.sock - when: - event: - - tag - ref: - include: - - "refs/heads/master" - - "refs/heads/v1.6" - - "refs/tags/v*" - -- name: stage-binaries - pull: default - image: rancher/dapper:v0.6.0 - commands: - - "cp -r ./bin/* ./package/" - when: - event: - - push - - tag - ref: - include: - - "refs/heads/master" - - "refs/heads/v1.6" - - "refs/tags/v*" - -- name: docker-publish-20-release - pull: default - image: plugins/docker - settings: - password: - from_secret: docker_password - username: - from_secret: docker_username - build_args: - - "VERSION=${DRONE_TAG}" - context: package/ - dockerfile: package/Dockerfile - repo: rancher/cli2 - tag: - - latest - when: - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - include: - - "refs/heads/master" - - "refs/tags/v*" - -- name: docker-publish-20-rc - pull: default - image: plugins/docker - settings: - password: - from_secret: docker_password - username: - from_secret: docker_username - build_args: - - "VERSION=${DRONE_TAG}" - context: package/ - dockerfile: package/Dockerfile - repo: rancher/cli2 - tag: "${DRONE_TAG}" - when: - event: - - tag - ref: - include: - - "refs/heads/master" - - "refs/tags/v*" - -- name: docker-publish-16-release - pull: default - image: plugins/docker - settings: - password: - from_secret: docker_password - username: - from_secret: docker_username - build_args: - - "VERSION=${DRONE_TAG}" - context: package/ - dockerfile: package/Dockerfile - repo: rancher/cli - tag: - - latest - when: - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - include: - - "refs/heads/v1.6" - - "refs/tags/v1.6*" - -- name: docker-publish-16-rc - pull: default - image: plugins/docker - settings: - password: - from_secret: docker_password - username: - from_secret: docker_username - build_args: - - "VERSION=${DRONE_TAG}" - context: package/ - dockerfile: package/Dockerfile - repo: rancher/cli - tag: - - "${DRONE_TAG}" - when: - event: - - tag - ref: - include: - - "refs/heads/v1.6" - - "refs/tags/v1.6*" - -- name: binary-publish-release-2 - pull: default - image: plugins/gcs - settings: - token: - from_secret: google_auth_key - acl: - - allUsers:READER - cache_control: "public,max-age=3600" - source: "dist/artifacts/${DRONE_TAG}" - target: "releases.rancher.com/cli2/${DRONE_TAG}" - when: - event: - - tag - ref: - include: - - "refs/heads/master" - - "refs/tags/v*" - -- name: binary-publish-latest-2 - pull: default - image: plugins/gcs - settings: - token: - from_secret: google_auth_key - acl: - - allUsers:READER - cache_control: "public,max-age=3600" - source: dist/artifacts/latest - target: releases.rancher.com/cli2/latest - when: - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - include: - - "refs/heads/master" - - "refs/tags/v*" - -- name: binary-publish-release-16 - pull: default - image: plugins/gcs - settings: - token: - from_secret: google_auth_key - acl: - - allUsers:READER - cache_control: "public,max-age=3600" - source: "dist/artifacts/${DRONE_TAG}" - target: "releases.rancher.com/cli/${DRONE_TAG}" - when: - event: - - tag - ref: - include: - - "refs/heads/v1.6" - - "refs/tags/v1.6*" - -- name: binary-publish-latest-16 - pull: default - image: plugins/gcs - settings: - token: - from_secret: google_auth_key - acl: - - allUsers:READER - cache_control: "public,max-age=3600" - source: dist/artifacts/latest - target: releases.rancher.com/cli/latest - when: - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - include: - - "refs/heads/v1.6" - - "refs/tags/v1.6*" - -- name: github-binary-publish-release - pull: default - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_flatten: true - files: - - "dist/artifacts/${DRONE_TAG}/rancher*" - when: - event: - - tag - ref: - exclude: - - "refs/tags/*rc*" - include: - - "refs/heads/master" - - "refs/heads/v1.6" - - "refs/tags/v*" - -- name: github-binary-publish-prerelease - pull: default - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - checksum_flatten: true - files: - - "dist/artifacts/${DRONE_TAG}/rancher*" - prerelease: true - when: - event: - - tag - ref: - - "refs/tags/*rc*" - -volumes: -- name: socket - host: - path: /var/run/docker.sock - ---- - -kind: pipeline -name: fossa - -steps: -- name: fossa - image: rancher/drone-fossa:latest - failure: ignore - settings: - api_key: - from_secret: FOSSA_API_KEY - when: - instance: - - drone-publish.rancher.io - ref: - include: - - "refs/heads/*" - - "refs/tags/v*" - - "refs/pull/*" - event: - - push - - tag - From 8aa9052b7d1ce48c422414fc24a376f79fac9a45 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Tue, 30 Apr 2024 11:58:21 +0200 Subject: [PATCH 08/10] requested changes - removed extra Test step - added check for run on PRs - added FOSSA check on release --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release.yml | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35e80e514..332d1e467 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,9 +38,6 @@ jobs: CROSS: 1 run: ./scripts/build - - name: Test - run: ./scripts/test - - name: Package run: | ./scripts/package @@ -61,7 +58,10 @@ jobs: tags: rancher/cli2:${{ env.VERSION }} fossa: + # do not run on pull_request + if: github.event_name != 'pull_request' runs-on: ubuntu-latest + permissions: contents: read id-token: write # needed for the Vault authentication diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7d32371c..0bfd46708 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,7 @@ jobs: secrets: | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; + secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA ; - name: Login to Docker Hub uses: docker/login-action@v3 @@ -49,6 +50,11 @@ jobs: - name: Test run: ./scripts/test + - name: Check FOSSA compliance + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA }} + - name: Get Tag if: startsWith(github.ref, 'refs/tags/v') run: echo "GITHUB_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV From 3672f7c9b1f729a187697a5439eda6d5c4917907 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Tue, 30 Apr 2024 16:01:24 +0200 Subject: [PATCH 09/10] moved fossa in its own workflow --- .github/workflows/ci.yml | 24 ------------------------ .github/workflows/fossa.yml | 32 ++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 6 ------ 3 files changed, 32 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/fossa.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 332d1e467..ec6941431 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,27 +56,3 @@ jobs: push: false context: package tags: rancher/cli2:${{ env.VERSION }} - - fossa: - # do not run on pull_request - if: github.event_name != 'pull_request' - runs-on: ubuntu-latest - - permissions: - contents: read - id-token: write # needed for the Vault authentication - - steps: - - name: Checkout Repo - uses: actions/checkout@v3 - - - name: Load Secrets from Vault - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA - - - name: Check FOSSA compliance - uses: fossas/fossa-action@main - with: - api-key: ${{ env.FOSSA }} diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 000000000..ebaed1538 --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,32 @@ +name: FOSSA + +on: + workflow_dispatch: + push: + tags: + - v* + branches: + - v* + +jobs: + fossa: + runs-on: ubuntu-latest + + permissions: + contents: read + id-token: write # needed for the Vault authentication + + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA + + - name: Check FOSSA compliance + uses: fossas/fossa-action@main + with: + api-key: ${{ env.FOSSA }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0bfd46708..d7d32371c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,6 @@ jobs: secrets: | secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; - secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA ; - name: Login to Docker Hub uses: docker/login-action@v3 @@ -50,11 +49,6 @@ jobs: - name: Test run: ./scripts/test - - name: Check FOSSA compliance - uses: fossas/fossa-action@main - with: - api-key: ${{ env.FOSSA }} - - name: Get Tag if: startsWith(github.ref, 'refs/tags/v') run: echo "GITHUB_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV From eb27b8576ec2407a89d00e4222268334ebff4281 Mon Sep 17 00:00:00 2001 From: Enrico Candino Date: Tue, 30 Apr 2024 16:19:48 +0200 Subject: [PATCH 10/10] remove manual trigger and tag check on release --- .github/workflows/release.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7d32371c..46d188089 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,7 +1,6 @@ name: Release on: - workflow_dispatch: push: tags: - v* @@ -30,10 +29,6 @@ jobs: username: ${{ env.DOCKER_USERNAME }} password: ${{ env.DOCKER_PASSWORD }} - # Fail for non-tagged commits - - name: Tag Check - run: git describe --exact-match --tags - - name: Set up Go uses: actions/setup-go@v5 with: