Skip to content

Commit

Permalink
GHA Migration (#71)
Browse files Browse the repository at this point in the history 
* Remove drone

Signed-off-by: galal-hussein <[email protected]>

* Add GHA for centos7

Signed-off-by: galal-hussein <[email protected]>

* Add the rest of distros

Signed-off-by: galal-hussein <[email protected]>

* More fixes

Signed-off-by: galal-hussein <[email protected]>

* Use vault's secrets

Signed-off-by: galal-hussein <[email protected]>

---------

Signed-off-by: galal-hussein <[email protected]>
  • Loading branch information
@galal-hussein
galal-hussein authored Jul 8, 2024
1 parent ccc4d04 commit d19fb7b
Show file tree
Hide file tree
Showing 24 changed files with 518 additions and 488 deletions.
450 changes: 0 additions & 450 deletions .drone.yml
View file

This file was deleted.

55 changes: 55 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
on:
push:
branches:
- master
pull_request:

name: Build
permissions:
contents: read
jobs:
build-rpm-el7:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: build-rpm
run: |
make build-centos7
build-rpm-el8:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: build-rpm
run: |
make build-centos8
build-rpm-el9:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: build-rpm
run: |
make build-centos9
build-rpm-slemicro:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: build-rpm
run: |
make build-slemicro
build-rpm-microos:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: build-rpm
run: |
make build-microos
262 changes: 262 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
on:
push:
tags:
- "v*"

env:
GH_TOKEN: ${{ github.token }}

name: Release RPMs
permissions:
contents: write
id-token: write
jobs:
release-rpm-el7:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: build-rpm-el7
run: |
make build-centos7
- name: sign-rpm-el7
run: |
make sign-centos7
env:
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}

- name: upload-repo-el7
run: |
make upload-centos7
env:
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}

- name: github-rpm-release-el7
run: |
gh release upload ${{ github.ref_name }} dist/centos7/noarch/* dist/centos7/source/*
release-rpm-el8:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: build-rpm-el8
run: |
make build-centos8
- name: sign-rpm-el8
run: |
make sign-centos8
env:
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}

- name: upload-repo-el8
run: |
make upload-centos8
env:
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}

- name: github-rpm-release-el8
run: |
gh release upload ${{ github.ref_name }} dist/centos8/noarch/* dist/centos8/source/*
release-rpm-el9:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: build-rpm-el9
run: |
make build-centos9
- name: sign-rpm-el9
run: |
make sign-centos9
env:
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}

- name: upload-repo-el9
run: |
make upload-centos9
env:
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}

- name: github-rpm-release-el9
run: |
gh release upload ${{ github.ref_name }} dist/centos9/noarch/* dist/centos9/source/*
release-rpm-microos:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: build-rpm-microos
run: |
make build-microos
- name: sign-rpm-microos
run: |
make sign-microos
env:
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}

- name: upload-repo-microos
run: |
make upload-microos
env:
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}

- name: github-rpm-release-microos
run: |
gh release upload ${{ github.ref_name }} dist/microos/noarch/* dist/microos/source/*
release-rpm-slemicro:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/private_key | PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/private_key_passphrase | PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/testing_private_key | TESTING_PRIVATE_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_private_key_passphrase | TESTING_PRIVATE_KEY_PASS_PHRASE ;
secret/data/github/repo/${{ github.repository }}/aws_s3_bucket | AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/aws_access_key_id | AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws_secret_access_key | AWS_SECRET_ACCESS_KEY ;
secret/data/github/repo/${{ github.repository }}/testing_aws_s3_bucket | TESTING_AWS_S3_BUCKET ;
secret/data/github/repo/${{ github.repository }}/testing_aws_access_key_id | TESTING_AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/testing_aws_secret_access_key | TESTING_AWS_SECRET_ACCESS_KEY ;
- name: build-rpm-slemicro
run: |
make build-slemicro
- name: sign-rpm-slemicro
run: |
make sign-slemicro
env:
PRIVATE_KEY: ${{ env.PRIVATE_KEY }}
PRIVATE_KEY_PASS_PHRASE: ${{ env.PRIVATE_KEY_PASS_PHRASE }}
TESTING_PRIVATE_KEY: ${{ env.TESTING_PRIVATE_KEY }}
TESTING_PRIVATE_KEY_PASS_PHRASE: ${{ env.TESTING_PRIVATE_KEY_PASS_PHRASE }}

- name: upload-repo-slemicro
run: |
make upload-slemicro
env:
COMBARCH: x86_64-amd64
AWS_S3_BUCKET: ${{ env.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
TESTING_AWS_S3_BUCKET: ${{ env.TESTING_AWS_S3_BUCKET }}
TESTING_AWS_ACCESS_KEY_ID: ${{ env.TESTING_AWS_ACCESS_KEY_ID }}
TESTING_AWS_SECRET_ACCESS_KEY: ${{ env.TESTING_AWS_SECRET_ACCESS_KEY }}

- name: github-rpm-release-slemicro
run: |
gh release upload ${{ github.ref_name }} dist/slemicro/noarch/* dist/slemicro/source/*
5 changes: 4 additions & 1 deletion Dockerfile.centos7.dapper
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
FROM centos:7

RUN sed -i -e "s/mirrorlist.*//g" /etc/yum.repos.d/*
RUN sed -i -e "s/#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/linuxsoft.cern.ch\/centos-vault\//g" /etc/yum.repos.d/*

RUN yum install -y epel-release \
&& yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils

ENV DAPPER_SOURCE /source
ENV DAPPER_OUTPUT ./dist
ENV DAPPER_ENV COMBARCH DRONE_TAG TAG
ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY
ENV HOME ${DAPPER_SOURCE}
WORKDIR ${DAPPER_SOURCE}

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.centos8.dapper
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM rockylinux:8

RUN yum install -y epel-release \
&& yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils
&& yum install -y container-selinux git rpm-build selinux-policy-devel yum-utils pinentry python2-pip ca-certificates

ENV DAPPER_SOURCE /source
ENV DAPPER_OUTPUT ./dist
ENV DAPPER_ENV COMBARCH DRONE_TAG TAG
ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY
ENV HOME ${DAPPER_SOURCE}
WORKDIR ${DAPPER_SOURCE}

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.centos9.dapper
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM quay.io/centos/centos:stream9

RUN yum install -y epel-release \
&& yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils
&& yum -y install container-selinux git rpm-build selinux-policy-devel yum-utils pinentry python-pip ca-certificates

ENV DAPPER_SOURCE /source
ENV DAPPER_OUTPUT ./dist
ENV DAPPER_ENV COMBARCH DRONE_TAG TAG
ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY
ENV HOME ${DAPPER_SOURCE}
WORKDIR ${DAPPER_SOURCE}

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.microos.dapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ RUN zypper install -y container-selinux git rpm-build selinux-policy-devel

ENV DAPPER_SOURCE /source
ENV DAPPER_OUTPUT ./dist
ENV DAPPER_ENV COMBARCH DRONE_TAG TAG
ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY
ENV HOME ${DAPPER_SOURCE}
WORKDIR ${DAPPER_SOURCE}

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.slemicro.dapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ RUN zypper in -y -n --force-resolution container-selinux git rpm-build selinux-p

ENV DAPPER_SOURCE /source
ENV DAPPER_OUTPUT ./dist
ENV DAPPER_ENV COMBARCH DRONE_TAG TAG
ENV DAPPER_ENV COMBARCH CHECKSUM_DIR CHECKSUM_FILE TAG PRIVATE_KEY PRIVATE_KEY_PASS_PHRASE TESTING_PRIVATE_KEY TESTING_PRIVATE_KEY_PASS_PHRASE AWS_S3_BUCKET AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY TESTING_AWS_S3_BUCKET TESTING_AWS_ACCESS_KEY_ID TESTING_AWS_SECRET_ACCESS_KEY
ENV HOME ${DAPPER_SOURCE}
WORKDIR ${DAPPER_SOURCE}

Expand Down
Loading

0 comments on commit d19fb7b

Please sign in to comment.