diff --git a/.github/actions/build-custom-image-with-apko/action.yml b/.github/actions/build-custom-image-with-apko/action.yml new file mode 100644 index 0000000000..63551e52a4 --- /dev/null +++ b/.github/actions/build-custom-image-with-apko/action.yml @@ -0,0 +1,53 @@ +name: 'Build and push a custom image with apko' +description: 'Composite action for building and pushing a custom image with apko' +inputs: + context: + description: 'Path to the context directory' + required: true + + component: + description: 'Name of the component (e.g. kotsadm, kurl-proxy, etc...)' + required: true + + image-name: + description: 'Full destination image name' + required: true + + registry-username: + description: 'Username to login to registry' + default: '' + required: false + + registry-password: + description: 'Password to login to registry' + default: '' + required: false + +runs: + using: "composite" + steps: + - uses: actions/download-artifact@v4 + with: + pattern: ${{ inputs.component }}-melange-packages-* + path: ./packages/ + merge-multiple: true + + - uses: actions/download-artifact@v4 + with: + pattern: ${{ inputs.component }}-melange-rsa-pub-* + merge-multiple: true + + - name: template apko config + shell: bash + run: | + export GIT_TAG=${{ inputs.git-tag }} + envsubst '${GIT_TAG}' < ${{ inputs.context }}/apko.yaml.tmpl > ${{ inputs.context }}/apko.yaml + + - uses: chainguard-images/actions/apko-publish@main + with: + config: ${{ inputs.context }}/apko.yaml + archs: amd64,arm64 + tag: ${{ inputs.image-name }} + vcs-url: true + generic-user: ${{ inputs.registry-username }} + generic-pass: ${{ inputs.registry-password }} diff --git a/.github/actions/build-custom-melange-package/action.yml b/.github/actions/build-custom-melange-package/action.yml new file mode 100644 index 0000000000..4828c2cda4 --- /dev/null +++ b/.github/actions/build-custom-melange-package/action.yml @@ -0,0 +1,61 @@ +name: 'Build a custom melange package' +description: 'Composite action for building a custom melange package' +inputs: + context: + description: 'Path to the context directory' + required: true + + component: + description: 'Name of the component (e.g. kotsadm, kurl-proxy, etc...)' + required: true + + git-tag: + description: 'Git tag' + required: true + + arch: + description: 'Architecture to build for' + required: true + +runs: + using: "composite" + steps: + - id: cache-dir + shell: bash + run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" + + - name: configure packages for arm64 + if: inputs.arch == 'arm64' + shell: bash + run: | + sudo apt-get update -y + sudo apt-get install -y curl gettext-base pkg-config + + - name: template melange config + shell: bash + run: | + export GIT_TAG=${{ inputs.git-tag }} + envsubst '${GIT_TAG}' < ${{ inputs.context }}/melange.yaml.tmpl > ${{ inputs.context }}/melange.yaml + + - uses: chainguard-dev/actions/melange-build@main + with: + config: ${{ inputs.context }}/melange.yaml + archs: ${{ inputs.arch }} + sign-with-temporary-key: true + cache-dir: ${{ steps.cache-dir.outputs.cache_dir }} + + # these artifacts are generated by melange-build + + - name: rename melange.rsa.pub + shell: bash + run: mv melange.rsa.pub melange-${{ inputs.arch }}.rsa.pub + + - uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.component }}-melange-packages-${{ inputs.arch }} + path: ./packages + + - uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.component }}-melange-rsa-pub-${{ inputs.arch }} + path: ./melange-${{ inputs.arch }}.rsa.pub diff --git a/.github/actions/build-push-image-with-apko/action.yml b/.github/actions/build-dep-image-with-apko/action.yml similarity index 91% rename from .github/actions/build-push-image-with-apko/action.yml rename to .github/actions/build-dep-image-with-apko/action.yml index 55b54073f1..7f234ca742 100644 --- a/.github/actions/build-push-image-with-apko/action.yml +++ b/.github/actions/build-dep-image-with-apko/action.yml @@ -1,5 +1,5 @@ -name: 'Build and push an image with apko' -description: 'Composite action for building and pushing an image with apko' +name: 'Build and push a dep image with apko' +description: 'Composite action for building and pushing a dep image with apko' inputs: apko-config: description: 'Path to apko config' diff --git a/.github/actions/build-push-kotsadm-image/action.yml b/.github/actions/build-push-kotsadm-image/action.yml deleted file mode 100644 index bec83c14dc..0000000000 --- a/.github/actions/build-push-kotsadm-image/action.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: 'Build and push kotsadm image' -description: 'Composite action for building and pushing kotsadm image' -inputs: - chainguard-gcp-wif-pool: - description: 'GCP workload identity pool for Chainguard' - required: true - - chainguard-gcp-sa: - description: 'GCP service account for Chainguard' - required: true - - chainguard-gcp-project-id: - description: 'GCP project ID for Chainguard' - required: true - - image-name: - description: 'Full destination kotsadm image name' - required: true - - git-tag: - description: 'Git tag' - required: true - - registry-username: - description: 'Username to login to registry' - default: '' - required: false - - registry-password: - description: 'Password to login to registry' - default: '' - required: false - -runs: - using: "composite" - steps: - - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1 - with: - workload_identity_provider: ${{ inputs.chainguard-gcp-wif-pool }} - service_account: ${{ inputs.chainguard-gcp-sa }} - - - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 - with: - project_id: ${{ inputs.chainguard-gcp-project-id }} - - - name: setup packages - env: - BUCKET: replicated-apk-registry - shell: bash - run: | - mkdir ./packages/ - gsutil -m cp -R gs://$BUCKET/os/* ./packages/ - ls -lR ./packages/ - - - name: template melange and apko configs - shell: bash - run: | - export GIT_TAG=${{ inputs.git-tag }} - envsubst '${GIT_TAG}' < deploy/melange.yaml.tmpl > deploy/melange.yaml - envsubst '${GIT_TAG}' < deploy/apko.yaml.tmpl > deploy/apko.yaml - - - id: cache-dir - shell: bash - run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - - - uses: chainguard-dev/actions/melange-build@main - with: - config: deploy/melange.yaml - archs: x86_64 - sign-with-temporary-key: true - cache-dir: ${{ steps.cache-dir.outputs.cache_dir }} - - - uses: chainguard-images/actions/apko-publish@main - with: - config: deploy/apko.yaml - archs: x86_64 - tag: ${{ inputs.image-name }} - vcs-url: true - generic-user: ${{ inputs.registry-username }} - generic-pass: ${{ inputs.registry-password }} diff --git a/.github/workflows/arm64-arc-runner-set.yaml b/.github/workflows/arm64-arc-runner-set.yaml index 0617a40e7b..912325c2a5 100644 --- a/.github/workflows/arm64-arc-runner-set.yaml +++ b/.github/workflows/arm64-arc-runner-set.yaml @@ -4,6 +4,7 @@ on: schedule: - cron: "0 17 * * 0" # 5pm UTC on Sundays workflow_dispatch: {} + pull_request: jobs: create-controller: @@ -56,7 +57,7 @@ jobs: --namespace=arc-runners \ --from-literal=github_token="${{ secrets.GH_PAT }}" - helm install arc-runner-set \ + helm install arm64-runner-set \ --namespace arc-runners \ --set githubConfigUrl="https://github.com/replicatedhq/kots" \ --set githubConfigSecret="github-config-secret" \ diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 76445da7f9..8c86069420 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -259,58 +259,28 @@ jobs: matrix: runner: [ {name: ubuntu-20.04, arch: amd64}, - {name: arc-runner-set, arch: arm64} # TODO NOW: rename to arm64-runner-set + {name: arm64-runner-set, arch: arm64} ] runs-on: ${{ matrix.runner.name }} steps: - - uses: actions/checkout@v4 - with: - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: actions/setup-go@v5 with: go-version: '^1.20.0' cache: true - - name: setup env run: | echo "GOPATH=$(go env GOPATH)" >> "$GITHUB_ENV" echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH" - - - id: cache-dir - run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - - - name: configure packages for arm64 - if: matrix.runner.arch == 'arm64' - run: | - sudo apt-get update -y - sudo apt-get install -y curl gettext-base pkg-config - - - name: template melange config - env: - GIT_TAG: ${{ needs.generate-tag.outputs.tag }} - run: envsubst '${GIT_TAG}' < deploy/melange.yaml.tmpl > deploy/melange.yaml - - - uses: chainguard-dev/actions/melange-build@main - with: - config: deploy/melange.yaml - archs: ${{ matrix.runner.arch }} - sign-with-temporary-key: true - cache-dir: ${{ steps.cache-dir.outputs.cache_dir }} - - - uses: actions/upload-artifact@v4 + - uses: actions/checkout@v4 with: - name: kotsadm-melange-packages-${{ matrix.runner.arch }} - path: ./packages - - - name: rename melange.rsa.pub # generated by the melange-build action - run: mv melange.rsa.pub melange-${{ matrix.runner.arch }}.rsa.pub - - - uses: actions/upload-artifact@v4 + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + - uses: ./.github/actions/build-custom-melange-package with: - name: kotsadm-melange-rsa-pub-${{ matrix.runner.arch }} - path: ./melange-${{ matrix.runner.arch }}.rsa.pub + context: deploy + component: kotsadm + git-tag: ${{ needs.generate-tag.outputs.tag }} + arch: ${{ matrix.runner.arch }} build-kotsadm: @@ -322,33 +292,12 @@ jobs: ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - - uses: actions/download-artifact@v4 - with: - pattern: kotsadm-melange-packages-* - path: ./packages/ - merge-multiple: true - - - uses: actions/download-artifact@v4 - with: - pattern: kotsadm-melange-rsa-pub-* - merge-multiple: true - - - name: list downloaded artifacts - run: | - ls -lah - ls -lah packages - - - name: template apko config - env: - GIT_TAG: ${{ needs.generate-tag.outputs.tag }} - run: envsubst '${GIT_TAG}' < deploy/apko.yaml.tmpl > deploy/apko.yaml - - name: Build and push kotsadm image - uses: ./.github/actions/build-push-image-with-apko + uses: ./.github/actions/build-custom-image-with-apko with: - apko-config: deploy/apko.yaml + context: deploy + component: kotsadm image-name: ttl.sh/automated-${{ github.run_id }}/kotsadm:24h - overwrite: true # build-kots-helm: diff --git a/.github/workflows/image-deps-updater.yaml b/.github/workflows/image-deps-updater.yaml index 8e0d07431c..cd736e810b 100644 --- a/.github/workflows/image-deps-updater.yaml +++ b/.github/workflows/image-deps-updater.yaml @@ -39,7 +39,7 @@ jobs: } >> "$GITHUB_OUTPUT" - name: Build and push minio image - uses: ./.github/actions/build-push-image-with-apko + uses: ./.github/actions/build-dep-image-with-apko with: apko-config: deploy/minio/apko.yaml image-name: index.docker.io/kotsadm/minio:${{ steps.get-tags.outputs.minio-tag }} @@ -48,7 +48,7 @@ jobs: overwrite: ${{ github.event.inputs.overwrite }} - name: Build and push rqlite image - uses: ./.github/actions/build-push-image-with-apko + uses: ./.github/actions/build-dep-image-with-apko with: apko-config: deploy/rqlite/apko.yaml image-name: index.docker.io/kotsadm/rqlite:${{ steps.get-tags.outputs.rqlite-tag }} @@ -57,7 +57,7 @@ jobs: overwrite: ${{ github.event.inputs.overwrite }} - name: Build and push dex image - uses: ./.github/actions/build-push-image-with-apko + uses: ./.github/actions/build-dep-image-with-apko with: apko-config: deploy/dex/apko.yaml image-name: index.docker.io/kotsadm/dex:${{ steps.get-tags.outputs.dex-tag }}