diff --git a/.github/workflows/publish-arc.yaml b/.github/workflows/publish-arc.yaml index bbc1f74e..5c60d5b6 100644 --- a/.github/workflows/publish-arc.yaml +++ b/.github/workflows/publish-arc.yaml @@ -1,21 +1,34 @@ name: Publish ARC +# Revert to https://github.com/actions-runner-controller/releases#releases +# for details on why we use this approach on: release: types: - published + workflow_dispatch: + inputs: + release_tag_name: + description: 'Tag name of the release to publish' + required: true + push_to_registries: + description: 'Push images to registries' + required: true + type: boolean + default: false -# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: contents: write packages: write +env: + TARGET_ORG: actions-runner-controller + TARGET_REPO: actions-runner-controller + jobs: release-controller: name: Release runs-on: ubuntu-latest - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} steps: - name: Checkout uses: actions/checkout@v3 @@ -35,36 +48,45 @@ jobs: tar zxvf ghr_v0.13.0_linux_amd64.tar.gz sudo mv ghr_v0.13.0_linux_amd64/ghr /usr/local/bin - - name: Set version - run: echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV - - name: Upload artifacts env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | make github-release - - name: Setup Docker Environment - uses: ./.github/actions/setup-docker-environment + - name: Get Token + id: get_workflow_token + uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db with: - username: ${{ env.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - ghcr_username: ${{ github.actor }} - ghcr_password: ${{ secrets.GITHUB_TOKEN }} + application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} + application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} + organization: ${{ env.TARGET_ORG }} - - name: Build and Push - uses: docker/build-push-action@v3 - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: VERSION=${{ env.VERSION }} - push: true - tags: | - ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:latest - ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }} - ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}-${{ env.sha_short }} - ghcr.io/actions-runner-controller/actions-runner-controller:latest - ghcr.io/actions-runner-controller/actions-runner-controller:${{ env.VERSION }} - ghcr.io/actions-runner-controller/actions-runner-controller:${{ env.VERSION }}-${{ env.sha_short }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Set release tag name + run: | + # Define the release tag name based on the event type + if [[ "${{ github.event_name }}" == "release" ]]; then + echo "RELEASE_TAG_NAME=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV + elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "RELEASE_TAG_NAME=${{ github.event.inputs.release_tag_name }}" >> $GITHUB_ENV + fi + + - name: Trigger Build And Push Images To Registries + run: | + # Authenticate + gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} + + # Trigger the workflow run + jq -n '{"event_type": "arc", "client_payload": {"release_tag_name": "${{ env.RELEASE_TAG_NAME }}", "push_to_registries": ${{ inputs.push_to_registries }}}}' \ + | gh api -X POST /repos/actions-runner-controller/releases/dispatches --input - + + - name: Job summary + run: | + echo "The [publish-arc](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-arc.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY + echo "- Release tag: ${{ env.RELEASE_TAG_NAME }}" >> $GITHUB_STEP_SUMMARY + echo "- Push to registries: ${{ inputs.push_to_registries }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Status:**" >> $GITHUB_STEP_SUMMARY + echo "[https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/publish-canary.yaml b/.github/workflows/publish-canary.yaml index 6d2a25d1..39390307 100644 --- a/.github/workflows/publish-canary.yaml +++ b/.github/workflows/publish-canary.yaml @@ -1,5 +1,7 @@ name: Publish Canary Image +# Revert to https://github.com/actions-runner-controller/releases#releases +# for details on why we use this approach on: push: branches: @@ -19,41 +21,50 @@ on: - 'LICENSE' - 'Makefile' +env: + # Safeguard to prevent pushing images to registeries after build + PUSH_TO_REGISTRIES: true + TARGET_ORG: actions-runner-controller + TARGET_REPO: actions-runner-controller + # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: contents: read - packages: write jobs: canary-build: name: Build and Publish Canary Image runs-on: ubuntu-latest env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} steps: - name: Checkout uses: actions/checkout@v3 - - name: Setup Docker Environment - id: vars - uses: ./.github/actions/setup-docker-environment + - name: Get Token + id: get_workflow_token + uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db with: - username: ${{ env.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - ghcr_username: ${{ github.actor }} - ghcr_password: ${{ secrets.GITHUB_TOKEN }} + application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} + application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} + organization: ${{ env.TARGET_ORG }} - # Considered unstable builds - # See Issue #285, PR #286, and PR #323 for more information - - name: Build and Push - uses: docker/build-push-action@v3 - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: VERSION=canary-${{ github.sha }} - push: true - tags: | - ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary - ghcr.io/${{ github.repository }}:canary - cache-from: type=gha,scope=arc-canary - cache-to: type=gha,mode=max,scope=arc-canary + - name: Trigger Build And Push Images To Registries + run: | + # Authenticate + gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} + + # Trigger the workflow run + jq -n '{"event_type": "canary", "client_payload": {"sha": "${{ github.sha }}", "push_to_registries": ${{ env.PUSH_TO_REGISTRIES }}}}' \ + | gh api -X POST /repos/actions-runner-controller/releases/dispatches --input - + + - name: Job summary + run: | + echo "The [publish-canary](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-canary.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY + echo "- sha: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY + echo "- Push to registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Status:**" >> $GITHUB_STEP_SUMMARY + echo "[https://github.com/actions-runner-controller/releases/actions/workflows/publish-canary.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/publish-canary.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml index 2d8b587d..b2953943 100644 --- a/.github/workflows/publish-chart.yaml +++ b/.github/workflows/publish-chart.yaml @@ -1,5 +1,7 @@ name: Publish Helm Chart +# Revert to https://github.com/actions-runner-controller/releases#releases +# for details on why we use this approach on: push: branches: @@ -86,20 +88,31 @@ jobs: if: steps.list-changed.outputs.changed == 'true' run: ct install --config charts/.ci/ct-config.yaml - # WARNING: This relies on the latest release being inat the top of the JSON from GitHub and a clean chart.yaml + # WARNING: This relies on the latest release being at the top of the JSON from GitHub and a clean chart.yaml - name: Check if Chart Publish is Needed id: publish-chart-step run: | - CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/actions/actions-runner-controller/master/charts/actions-runner-controller/Chart.yaml) + CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/${{ github.repository }}/master/charts/actions-runner-controller/Chart.yaml) NEW_CHART_VERSION=$(echo "$CHART_TEXT" | grep version: | cut -d ' ' -f 2) - RELEASE_LIST=$(curl -fs https://api.github.com/repos/actions/actions-runner-controller/releases | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4) + RELEASE_LIST=$(curl -fs https://api.github.com/repos/${{ github.repository }}/releases | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4) LATEST_RELEASED_CHART_VERSION=$(echo $RELEASE_LIST | cut -d ' ' -f 1) - echo "Chart version in master : $NEW_CHART_VERSION" - echo "Latest release chart version : $LATEST_RELEASED_CHART_VERSION" + echo "CHART_VERSION_IN_MASTER=$NEW_CHART_VERSION" >> $GITHUB_ENV + echo "LATEST_CHART_VERSION=$LATEST_RELEASED_CHART_VERSION" >> $GITHUB_ENV if [[ $NEW_CHART_VERSION != $LATEST_RELEASED_CHART_VERSION ]]; then - echo "::set-output name=publish::true" + echo "publish=true" >> $GITHUB_OUTPUT + else + echo "publish=false" >> $GITHUB_OUTPUT fi + - name: Job summary + run: | + echo "Chart linting has been completed." >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Status:**" >> $GITHUB_STEP_SUMMARY + echo "- chart version in master: ${{ env.CHART_VERSION_IN_MASTER }}" >> $GITHUB_STEP_SUMMARY + echo "- latest chart version: ${{ env.LATEST_CHART_VERSION }}" >> $GITHUB_STEP_SUMMARY + echo "- publish new chart: ${{ steps.publish-chart-step.outputs.publish }}" >> $GITHUB_STEP_SUMMARY + publish-chart: if: needs.lint-chart.outputs.publish-chart == 'true' needs: lint-chart @@ -107,8 +120,11 @@ jobs: runs-on: ubuntu-latest permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release + env: + CHART_TARGET_ORG: actions-runner-controller + CHART_TARGET_REPO: actions-runner-controller.github.io + CHART_TARGET_BRANCH: main - steps: - name: Checkout uses: actions/checkout@v3 @@ -120,8 +136,68 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Get Token + id: get_workflow_token + uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db + with: + application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} + application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} + organization: ${{ env.CHART_TARGET_ORG }} + - name: Install chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + with: + install_only: true + install_dir: ${{ github.workspace }}/bin + + - name: Package and upload release assets + run: | + cr package \ + ${{ github.workspace }}/charts/actions-runner-controller/ \ + --package-path .cr-release-packages + + cr upload \ + --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ + --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ + --package-path .cr-release-packages \ + --token ${{ secrets.GITHUB_TOKEN }} + + - name: Generate updated index.yaml + run: | + cr index \ + --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ + --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ + --index-path ${{ github.workspace }}/index.yaml \ + --pages-branch 'gh-pages' \ + --pages-index-path 'index.yaml' + + # Chart Release was never intended to publish to a different repo + # this workaround is intended to move the index.yaml to the target repo + # where the github pages are hosted + - name: Checkout pages repository + uses: actions/checkout@v3 + with: + repository: ${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }} + path: ${{ env.CHART_TARGET_REPO }} + ref: ${{ env.CHART_TARGET_BRANCH }} + token: ${{ steps.get_workflow_token.outputs.token }} + + - name: Copy index.yaml + run: | + cp ${{ github.workspace }}/index.yaml ${{ env.CHART_TARGET_REPO }}/actions-runner-controller/index.yaml + + - name: Commit and push + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git add . + git commit -m "Update index.yaml" + git push + working-directory: ${{ github.workspace }}/${{ env.CHART_TARGET_REPO }} + + - name: Job summary + run: | + echo "New helm chart has been published" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Status:**" >> $GITHUB_STEP_SUMMARY + echo "- New [index.yaml](https://github.com/${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }}/tree/main/actions-runner-controller) pushed" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/runners.yaml b/.github/workflows/runners.yaml index a213cef0..4780953c 100644 --- a/.github/workflows/runners.yaml +++ b/.github/workflows/runners.yaml @@ -1,5 +1,7 @@ name: Runners +# Revert to https://github.com/actions-runner-controller/releases#releases +# for details on why we use this approach on: pull_request: types: @@ -25,97 +27,36 @@ on: - '!**.md' env: + # Safeguard to prevent pushing images to registeries after build + PUSH_TO_REGISTRIES: true + TARGET_ORG: actions-runner-controller + TARGET_WORKFLOW: release-runners.yaml RUNNER_VERSION: 2.299.1 DOCKER_VERSION: 20.10.21 RUNNER_CONTAINER_HOOKS_VERSION: 0.1.3 - DOCKERHUB_USERNAME: summerwind jobs: build-runners: - name: Build ${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} + name: Trigger Build and Push of Runner Images runs-on: ubuntu-latest - permissions: - packages: write - contents: read - strategy: - fail-fast: false - matrix: - include: - - name: actions-runner - os-name: ubuntu - os-version: 20.04 - latest: "true" - - name: actions-runner - os-name: ubuntu - os-version: 22.04 - latest: "false" - - name: actions-runner-dind - os-name: ubuntu - os-version: 20.04 - latest: "true" - - name: actions-runner-dind - os-name: ubuntu - os-version: 22.04 - latest: "false" - - name: actions-runner-dind-rootless - os-name: ubuntu - os-version: 20.04 - latest: "true" - - name: actions-runner-dind-rootless - os-name: ubuntu - os-version: 22.04 - latest: "false" - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Docker Environment - uses: ./.github/actions/setup-docker-environment + - name: Get Token + id: get_workflow_token + uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db with: - username: ${{ env.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - ghcr_username: ${{ github.actor }} - ghcr_password: ${{ secrets.GITHUB_TOKEN }} + application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} + application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} + organization: ${{ env.TARGET_ORG }} - - name: Build and Push Versioned Tags - uses: docker/build-push-action@v3 - with: - context: ./runner - file: ./runner/${{ matrix.name }}.${{ matrix.os-name }}-${{ matrix.os-version }}.dockerfile - platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - build-args: | - RUNNER_VERSION=${{ env.RUNNER_VERSION }} - DOCKER_VERSION=${{ env.DOCKER_VERSION }} - RUNNER_CONTAINER_HOOKS_VERSION=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }} - tags: | - ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }} - ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }}-${{ env.sha_short }} - ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:${{ matrix.os-name }}-${{ matrix.os-version }} - ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }} - ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }}-${{ env.sha_short }} - ghcr.io/${{ github.repository }}/${{ matrix.name }}:${{ matrix.os-name }}-${{ matrix.os-version }} - cache-from: type=gha,scope=build-${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} - cache-to: type=gha,mode=max,scope=build-${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} + - name: Trigger Build And Push Runner Images To Registries + run: | + # Authenticate + gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - # NOTE : Only to be used on the 20.04 image until we remove the latest tag entirely - # at which point this step needs to be deleted - # https://github.com/actions/actions-runner-controller/issues/2056 - - name: Build and Push Latest Tags - if: ${{ matrix.latest == 'true' }} - uses: docker/build-push-action@v3 - with: - context: ./runner - file: ./runner/${{ matrix.name }}.${{ matrix.os-name }}-${{ matrix.os-version }}.dockerfile - platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - build-args: | - RUNNER_VERSION=${{ env.RUNNER_VERSION }} - DOCKER_VERSION=${{ env.DOCKER_VERSION }} - RUNNER_CONTAINER_HOOKS_VERSION=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }} - tags: | - ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:latest - ghcr.io/${{ github.repository }}/${{ matrix.name }}:latest - cache-from: type=gha,scope=build-${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} - cache-to: type=gha,mode=max,scope=build-${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} + # Trigger the workflow run + gh workflow run ${{ env.TARGET_WORKFLOW }} -R ${{ env.TARGET_ORG }}/releases \ + -f runner_version=${{ env.RUNNER_VERSION }} \ + -f docker_version=${{ env.DOCKER_VERSION }} \ + -f runner_container_hooks_version=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }} \ + -f sha='${{ github.sha }}' \ + -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e65039ab..d236d779 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -210,4 +210,10 @@ The process would look like the below: - Run `NAME=$DOCKER_USER/actions-runner-controller VERSION=canary make docker-build docker-push` for a custom container image build - Update your actions-runner-controller's controller-manager deployment to use the new image, `$DOCKER_USER/actions-runner-controller:canary` -Please also note that you need to replace `$DOCKER_USER` with your own DockerHub account name. \ No newline at end of file +Please also note that you need to replace `$DOCKER_USER` with your own DockerHub account name. + +## Release process + +Only the maintainers can release a new version of actions-runner-controller, publish a new version of the helm charts, and runner images. + +All release workflows have been moved to [actions-runner-controller/releases](https://github.com/actions-runner-controller/releases) since the packages are owned by the former organization.