add promote chart and rename promote workflow (rancher#46898)

* add promote chart and rename workflow * add promote to and update the upload path
snasovich · Aug 30, 2024 · facbf1f · facbf1f
1 parent 214216b
commit facbf1f
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 40 deletions.
diff --git a/.github/workflows/promote-docker-image.yml b/.github/workflows/promote-docker-image.yml
diff --git a/.github/workflows/promote-to-stable.yml b/.github/workflows/promote-to-stable.yml
@@ -0,0 +1,80 @@
+name: Promote version to stable
+on: 
+  workflow_dispatch:
+    inputs:
+      tag:
+        type: string
+        description: "e.g: v2.8.4"
+        required: true
+      promote-to:
+        type: choice
+        description: "Promote to latest or stable"
+        options:
+          - "latest"
+          - "stable"
+        required: true
+env:
+  REGISTRY: "docker.io"
+  IMAGE: ${{ github.repository }}
+  TAG: ${{ github.event.inputs.tag }}
+  GIT_TAG: ${{ github.event.inputs.tag }}
+  NEW_TAG: ${{ github.event.inputs.promote-to }}
+jobs:
+  promote-docker-image:
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/skopeo/stable:v1.15
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Load Secrets from Vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
+            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
+      - name: Skopeo login
+        run: echo ${{ env.DOCKER_PASSWORD }} | skopeo login ${{ env.REGISTRY }} --username ${{ env.DOCKER_USERNAME }} --password-stdin
+      - name: Copy image to new tag
+        run: skopeo copy docker://${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} docker://${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.NEW_TAG }} --all
+  promote-chart:
+    if: ${{ github.event.inputs.promote-to }} == "stable" # Only promote the chart if it's being promoted to stable
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: env 
+        name: Setup Dependencies Env Variables
+        uses: ./.github/actions/setup-build-env
+      - name: Install dependencies
+        env:
+          HELM_URL: https://get.helm.sh/helm-${{ steps.env.outputs.HELM_VERSION }}-linux-amd64.tar.gz
+        run: |
+          curl ${{ env.HELM_URL }} | tar xvzf - --strip-components=1 -C /tmp/ && \
+          sudo mv /tmp/helm /usr/bin/helm_v3 && \
+          sudo chmod +x /usr/bin/helm_v3
+      - name: Copy chart and build index
+        run: ./scripts/chart/copy
+      - name: Load Secrets from Vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH ;
+      - name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ env.GOOGLE_AUTH }}
+      - name: Upload
+        uses: google-github-actions/upload-cloud-storage@v2
+        with:
+          destination: releases.rancher.com/server-charts
+          path: ./bin/chart
+          parent: false
+          process_gcloudignore: false
+          predefinedAcl: publicRead
+          headers: |-
+            cache-control: public,no-cache,proxy-revalidate
diff --git a/scripts/chart/copy b/scripts/chart/copy
@@ -8,7 +8,7 @@ cd $(dirname $0)/..
 . ./version
 
 # A Promotion is from Latest to Stable.
-if [[ -z "${DRONE_TAG}" ]]; then
+if [[ -z "${GIT_TAG}" ]]; then
     echo "We can only promote Tags from the 'latest' chart repo to 'stable'"
     exit 1
 fi