ci: Publish ISO images on branch push (harvester#796)

Related issue: harvester/harvester#6296 Signed-off-by: Tim Serong <tserong@suse.com>
tserong · Aug 9, 2024 · 1b3ea7c · 1b3ea7c
1 parent f4a19bf
commit 1b3ea7c
Showing 1 changed file with 102 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -13,7 +13,7 @@ env:
   # so wet just set it to master in this case.
   DRONE_BRANCH: ${{ endsWith(github.ref_name, '/merge') && 'master' || github.ref_name }}
 jobs:
-  build-iso-images:
+  build-iso:
     name: Build ISO Images
     strategy:
       matrix:
@@ -31,3 +31,104 @@ jobs:
     # Build ISO
     - name: Run make ci
       run: make ci
+
+    # Below is essentially duplicated from the main Harvester repo's
+    # .github/workflows/build.yml, except we're only publishing branches,
+    # not tags.
+
+    - name: Declare branch
+      run: |
+        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
+        if [ "${{ matrix.arch }}" == "x64" ]; then
+          echo "arch=amd64" >> "$GITHUB_ENV"
+        else
+          echo "arch=arm64" >> "$GITHUB_ENV"
+        fi
+
+    - name: Read Secrets
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
+          secret/data/github/repo/${{ github.repository }}/google-auth/harvester/credentials token | GOOGLE_AUTH ;
+
+    - name: Login to Docker Hub
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    # rancher/harvester-cluster-repo image
+    - name: docker-publish-harvester-cluster-repo
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      uses: docker/build-push-action@v5
+      with:
+        context: dist/harvester-cluster-repo
+        push: true
+        platforms: linux/${{ env.arch }}
+        tags: rancher/harvester-cluster-repo:${{ env.branch }}-head-${{ env.arch }}
+        file: dist/harvester-cluster-repo/Dockerfile
+
+    - name: Login to Google Cloud
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      uses: 'google-github-actions/auth@v2'
+      with:
+        credentials_json: '${{ env.GOOGLE_AUTH }}'
+
+    - name: upload-iso
+      uses: 'google-github-actions/upload-cloud-storage@v2'
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      with:
+        path: dist/artifacts
+        parent: false
+        destination: releases.rancher.com/harvester/${{ env.branch }}
+        predefinedAcl: publicRead
+        headers: |-
+          cache-control: public,no-cache,proxy-revalidate
+
+  manifest-cluster-repo-image:
+    name: Manifest harvester-cluster-repo image
+    runs-on: runs-on,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
+    needs: build-iso
+    if: ${{ startsWith(github.ref, 'refs/heads/') }}
+    permissions:
+      contents: read
+      id-token: write # for reading credential https://github.com/rancher-eio/read-vault-secrets
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Declare branch
+      run: |
+        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Read Secrets
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+          secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    # rancher/harvester-cluster-repo image
+    - name: docker-pull-harvester-cluster-repo
+      if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      run: |
+        docker pull --platform linux/amd64 rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64
+        docker pull --platform linux/arm64 rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64
+        docker buildx imagetools create -t rancher/harvester-cluster-repo:${{ env.branch }}-head \
+          rancher/harvester-cluster-repo:${{ env.branch }}-head-amd64 \
+          rancher/harvester-cluster-repo:${{ env.branch }}-head-arm64