Sync with Kubernetes releases and cherry-pick Rancher-specific changes #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync with Kubernetes releases and cherry-pick Rancher-specific changes | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" # Runs daily at midnight | |
| workflow_dispatch: | |
| jobs: | |
| create-branches: | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| outputs: | |
| new-release-branches: ${{ steps.create-release-branches.outputs.NEW_RELEASE_BRANCHES }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: 'rancher-k8s' | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Configure git user | |
| run: | | |
| echo "[INFO] Setting up git user in git repository." | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| - name: Read App Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ; | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY | |
| - name: Create App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.APP_ID }} | |
| private-key: ${{ env.PRIVATE_KEY }} | |
| - name: Fetch the new tags from kubernetes/kubernetes repository | |
| run: $GITHUB_WORKSPACE/rancher-k8s/scripts/check-for-new-tag.sh | |
| - name: Create new release branches in rancher/kubernetes | |
| id: create-release-branches | |
| run: | | |
| cd rancher-k8s | |
| $GITHUB_WORKSPACE/rancher-k8s/scripts/create-release-branch.sh | |
| env: | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| # - name: 'Tar files' | |
| # run: | | |
| # tar -czf rancher-k8s.tar.gz -C rancher-k8s . | |
| # - name: Push git repo to artifacts | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: git-repo | |
| # path: rancher-k8s.tar.gz | |
| build-and-validate: | |
| needs: create-branches | |
| runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }} | |
| container: | |
| image: rancher/dapper:v0.6.0 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| strategy: | |
| matrix: | |
| branches: ${{ fromJSON(needs.create-branches.outputs.new-release-branches) }} | |
| fail-fast: false | |
| steps: | |
| - name: Fix the not-a-git-repository issue | |
| run: | | |
| apk -U add git | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| - name: Checkout repository with branch ${{ matrix.branches }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ matrix.branches }} | |
| # - name: Download git repo from artifact | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: git-repo | |
| # - name: Extract Artifact | |
| # run: | | |
| # tar -zxf rancher-k8s.tar.gz | |
| # rm rancher-k8s.tar.gz | |
| - name: Read App Secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ; | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY | |
| - name: Create App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.APP_ID }} | |
| private-key: ${{ env.PRIVATE_KEY }} | |
| - name: Build with Dapper for ${{ matrix.branches }} | |
| run: dapper ci | |
| - name: List the bin for ${{ matrix.branches }} | |
| run: ls -lR output/bin | |
| - name: Push release tag for ${{ matrix.branches }} | |
| run: | | |
| # To stash any changes created by dapper CI run | |
| git stash --all | |
| # Remove the 'release-' prefix to create the tag name | |
| TAG="${RELEASE_BRANCH#release-}" | |
| echo "[INFO] Creating the tag: $TAG for branch: $RELEASE_BRANCH" | |
| # Create the tag | |
| if ! git tag "$TAG" "$RELEASE_BRANCH"; then | |
| echo "[WARN] Failed while creating the tag $TAG in the repository." | |
| exit 1 | |
| fi | |
| # Push the tag to origin | |
| if ! git push origin "$TAG"; then | |
| echo "[WARN] Failed while pushing the tag $TAG to the repository." | |
| exit 1 | |
| else | |
| echo "[INFO] Successfully pushed tag $TAG: https://github.com/rancher/kubernetes/releases/tag/$TAG" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| RELEASE_BRANCH: ${{ matrix.branches }} |