diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..51cd73a2 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,14 @@ +name: Main Build and Publish + +on: + push: + branches: + - master + +jobs: + build-main: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: ${{ github.ref_name }}-head + push: true + secrets: inherit diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 00000000..7d600209 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,12 @@ +name: Pull Request Build + +on: + pull_request: + +jobs: + build-pr: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: pull-${{ github.event.number }} + push: false + secrets: inherit diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 00000000..286a8e81 --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,14 @@ +name: Tag Build and Publish + +on: + push: + tags: + - v** + +jobs: + build-tag: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: ${{ github.ref_name }} + push: true + secrets: inherit diff --git a/.github/workflows/template-build.yml b/.github/workflows/template-build.yml new file mode 100644 index 00000000..23266ec2 --- /dev/null +++ b/.github/workflows/template-build.yml @@ -0,0 +1,79 @@ +on: + workflow_call: + inputs: + release-tag-name: + required: true + type: string + push: + required: true + type: boolean + +env: + repo: "rancher" + controllerImageName: "harvester-network-controller" + helperImageName: "harvester-network-helper" + webhookImageName: "harvester-network-webhook" + +jobs: + dapper-build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Run dapper + run: make ci + + - name: Read some Secrets + uses: rancher-eio/read-vault-secrets@main + if: ${{ inputs.push == true }} + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + + - name: Login to Docker Hub + uses: docker/login-action@v3 + if: ${{ inputs.push == true }} + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Docker Build (Controller) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.controllerImageName }}:${{ inputs.release-tag-name }} + + - name: Docker Build (Helper) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile.helper + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.helperImageName }}:${{ inputs.release-tag-name }} + + - name: Docker Build (Webhook) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile.webhook + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.webhookImageName }}:${{ inputs.release-tag-name }} diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 6aa23040..4f57d981 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -1,13 +1,17 @@ FROM registry.suse.com/bci/golang:1.21 ARG DAPPER_HOST_ARCH -ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH} +ENV ARCH=${DAPPER_HOST_ARCH} RUN zypper -n rm container-suseconnect && \ zypper -n install git curl docker gzip tar wget awk RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.57.1 +# The docker version in dapper is too old to have buildx. Install it manually. +RUN curl -sSfL https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} -o buildx-v0.13.1.linux-${ARCH} && \ + chmod +x buildx-v0.13.1.linux-${ARCH} && \ + mv buildx-v0.13.1.linux-${ARCH} /usr/local/bin/buildx ENV DAPPER_ENV REPO TAG DRONE_TAG ENV DAPPER_SOURCE /go/src/github.com/harvester/harvester-network-controller/ diff --git a/package/Dockerfile b/package/Dockerfile index a65ac638..7f9cb7c4 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,6 +1,18 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-base:15.5 RUN zypper -n rm container-suseconnect && \ zypper install -y iptables=1.8.7 && \ zypper -n clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* -COPY bin/harvester-network-controller /usr/bin/ + +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/harvester-network-controller-${ARCH} /usr/bin/harvester-network-controller CMD ["harvester-network-controller"] diff --git a/package/Dockerfile.helper b/package/Dockerfile.helper index dda37bc2..8efc2382 100644 --- a/package/Dockerfile.helper +++ b/package/Dockerfile.helper @@ -1,3 +1,15 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-minimal:15.5 -COPY bin/harvester-network-helper /usr/bin/ + +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/harvester-network-helper-${ARCH} /usr/bin/harvester-network-helper CMD ["harvester-network-helper"] diff --git a/package/Dockerfile.webhook b/package/Dockerfile.webhook index 46ded950..69b64296 100644 --- a/package/Dockerfile.webhook +++ b/package/Dockerfile.webhook @@ -1,3 +1,15 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-minimal:15.5 -COPY bin/harvester-network-webhook /usr/bin/ + +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/harvester-network-webhook-${ARCH} /usr/bin/harvester-network-webhook CMD ["harvester-network-webhook"] diff --git a/scripts/build b/scripts/build index 3a7f8061..123a9376 100755 --- a/scripts/build +++ b/scripts/build @@ -6,7 +6,9 @@ source $(dirname $0)/version cd $(dirname $0)/.. mkdir -p bin -[ "$(uname)" != "Darwin" ] && LINKFLAGS="-extldflags -static -s" -CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-controller cmd/network-controller/main.go -CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-helper cmd/network-helper/main.go -CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-webhook cmd/webhook/main.go + +for arch in "amd64" "arm64"; do + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-controller-"$arch" cmd/network-controller/main.go + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-helper-"$arch" cmd/network-helper/main.go + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-X main.VERSION=$VERSION $LINKFLAGS" -o bin/harvester-network-webhook-"$arch" cmd/webhook/main.go +done diff --git a/scripts/package b/scripts/package index 44cd1ccd..ead54a52 100755 --- a/scripts/package +++ b/scripts/package @@ -3,7 +3,6 @@ set -e source $(dirname $0)/version -ARCH=${ARCH:-"amd64"} SUFFIX="-${ARCH}" cd $(dirname $0)/.. @@ -16,9 +15,9 @@ if echo $TAG | grep -q dirty; then fi mkdir -p dist/artifacts -cp bin/harvester-network-controller dist/artifacts/harvester-network-controller${SUFFIX} -cp bin/harvester-network-helper dist/artifacts/harvester-network-helper${SUFFIX} -cp bin/harvester-network-webhook dist/artifacts/harvester-network-webhook${SUFFIX} +cp bin/harvester-network-controller${SUFFIX} dist/artifacts/harvester-network-controller${SUFFIX} +cp bin/harvester-network-helper${SUFFIX} dist/artifacts/harvester-network-helper${SUFFIX} +cp bin/harvester-network-webhook${SUFFIX} dist/artifacts/harvester-network-webhook${SUFFIX} CONTROLLER_IMAGE=${REPO}/harvester-network-controller:${TAG} HELPER_IMAGE=${REPO}/harvester-network-helper:${TAG} @@ -30,11 +29,11 @@ if [ -e ${DOCKERFILE}.${ARCH} ]; then DOCKERFILE=${DOCKERFILE}.${ARCH} fi -docker build -f ${DOCKERFILE_CONTROLLER} -t ${CONTROLLER_IMAGE} . +buildx build --load -f ${DOCKERFILE_CONTROLLER} -t ${CONTROLLER_IMAGE} . echo Built ${CONTROLLER_IMAGE} -docker build -f ${DOCKERFILE_HELPER} -t ${HELPER_IMAGE} . +buildx build --load -f ${DOCKERFILE_HELPER} -t ${HELPER_IMAGE} . echo Built ${HELPER_IMAGE} -docker build -f ${DOCKERFILE_WEBHOOK} -t ${WEBHOOK_IMAGE} . +buildx build --load -f ${DOCKERFILE_WEBHOOK} -t ${WEBHOOK_IMAGE} . echo Built ${WEBHOOK_IMAGE} diff --git a/scripts/version b/scripts/version index 9e7a5b83..a05b035f 100755 --- a/scripts/version +++ b/scripts/version @@ -12,7 +12,3 @@ if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then else VERSION="${COMMIT}${DIRTY}" fi - -if [ -z "$ARCH" ]; then - ARCH=$(go env GOHOSTARCH) -fi