k3s/.drone.yml
Derek Nola a99376663b
Drone Pipelines enhancement (#7169)
* Dont run most pipelines on nightly cron

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't run skipfiles on push to master for arch pipelines

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-31 09:06:16 -07:00

769 lines
18 KiB
YAML

---
kind: pipeline
name: amd64
platform:
os: linux
arch: amd64
trigger:
event:
exclude:
- cron
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- pull_request
- name: build
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader, unprivileged_github_token ]
environment:
GITHUB_TOKEN:
from_secret: unprivileged_github_token
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- dapper ci
- echo "${DRONE_TAG}-amd64" | sed -e 's/+/-/g' >.tags
volumes:
- name: docker
path: /var/run/docker.sock
- name: validate-cross-compilation
image: rancher/dapper:v0.5.0
commands:
- dapper validate-cross-compilation
volumes:
- name: docker
path: /var/run/docker.sock
- name: fossa
image: rancher/drone-fossa:latest
failure: ignore
settings:
api_key:
from_secret: FOSSA_API_KEY
when:
instance:
- drone-publish.k3s.io
ref:
include:
- "refs/heads/master"
- "refs/heads/release-*"
event:
- push
- tag
- name: github_binary_release
image: ibuildthecloud/github-release:v0.0.1
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-amd64.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: docker-publish
image: plugins/docker
settings:
dockerfile: package/Dockerfile
password:
from_secret: docker_password
repo: "rancher/k3s"
username:
from_secret: docker_username
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: test
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
ENABLE_REGISTRY: 'true'
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test .
- >
docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY
-v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT}
volumes:
- name: docker
path: /var/run/docker.sock
- name: github_e2e_logs_release
image: ibuildthecloud/github-release:v0.0.1
settings:
api_key:
from_secret: github_token
prerelease: true
files:
- "dist/artifacts/e2e-*.log"
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: conformance
platform:
os: linux
arch: amd64
trigger:
event:
- cron
cron:
- nightly
steps:
- name: build
image: rancher/dapper:v0.5.0
commands:
- dapper ci
- echo "${DRONE_TAG}-amd64" | sed -e 's/+/-/g' >.tags
volumes:
- name: docker
path: /var/run/docker.sock
- name: test
image: rancher/dapper:v0.5.0
environment:
ENABLE_REGISTRY: 'true'
commands:
- docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test .
- >
docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e SONOBUOY_VERSION -e ENABLE_REGISTRY
-v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT}
volumes:
- name: docker
path: /var/run/docker.sock
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: arm64
platform:
os: linux
arch: arm64
trigger:
event:
exclude:
- cron
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- pull_request
- name: build
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- dapper ci
- echo "${DRONE_TAG}-arm64" | sed -e 's/+/-/g' >.tags
volumes:
- name: docker
path: /var/run/docker.sock
- name: github_binary_release
image: ibuildthecloud/github-release:v0.0.1
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-arm64.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: docker-publish
image: plugins/docker
settings:
dockerfile: package/Dockerfile
password:
from_secret: docker_password
repo: "rancher/k3s"
username:
from_secret: docker_username
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: test
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
ENABLE_REGISTRY: 'true'
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test .
- >
docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY
-v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT}
volumes:
- name: docker
path: /var/run/docker.sock
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: arm
platform:
os: linux
arch: arm
trigger:
event:
exclude:
- cron
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- pull_request
- name: build
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- dapper ci
- echo "${DRONE_TAG}-arm" | sed -e 's/+/-/g' >.tags
volumes:
- name: docker
path: /var/run/docker.sock
- name: github_binary_release
image: ibuildthecloud/github-release:v0.0.1
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-arm.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: docker-publish
image: plugins/docker:linux-arm
settings:
dockerfile: package/Dockerfile
password:
from_secret: docker_password
repo: "rancher/k3s"
username:
from_secret: docker_username
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: test
image: rancher/dapper:v0.5.0
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
ENABLE_REGISTRY: 'true'
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test .
- >
docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY
-v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT}
volumes:
- name: docker
path: /var/run/docker.sock
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: s390x
platform:
os: linux
arch: amd64
# Hack needed for s390x: https://gist.github.com/colstrom/c2f359f72658aaabb44150ac20b16d7c#gistcomment-3858388
node:
arch: s390x
trigger:
event:
exclude:
- cron
clone:
disable: true
steps:
- name: clone
image: alpine/git:v2.30.2-s390x
commands:
- git clone $DRONE_GIT_HTTP_URL .
- git fetch origin $DRONE_COMMIT_REF
- git checkout $DRONE_COMMIT -b origin/$DRONE_TARGET_BRANCH
- name: skipfiles
image: alpine/git:v2.30.2-s390x
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- pull_request
- name: build
image: rancher/dapper:v0.5.8
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
- dapper ci
- echo "${DRONE_TAG}-s390x" | sed -e 's/+/-/g' >.tags
volumes:
- name: docker
path: /var/run/docker.sock
- name: github_binary_release
image: rancher/drone-images:github-release-s390x
settings:
api_key:
from_secret: github_token
prerelease: true
checksum:
- sha256
checksum_file: CHECKSUMsum-s390x.txt
checksum_flatten: true
files:
- "dist/artifacts/*"
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: docker-publish
image: rancher/drone-images:docker-s390x
volumes:
- name: docker
path: /var/run/docker.sock
settings:
dockerfile: package/Dockerfile
password:
from_secret: docker_password
repo: "rancher/k3s"
username:
from_secret: docker_username
when:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
- name: test
image: rancher/dapper:v0.5.8
secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ]
environment:
ENABLE_REGISTRY: 'true'
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader
commands:
# we hardcode s390x as the arch because DRONE_STAGE_ARCH is set to amd64
- docker build --target test-k3s -t k3s:test-s390x-${DRONE_COMMIT} -f Dockerfile.test .
- >
docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY
-v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-s390x-${DRONE_COMMIT}
volumes:
- name: docker
path: /var/run/docker.sock
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: validate_go_mods
platform:
os: linux
arch: amd64
trigger:
event:
exclude:
- cron
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- push
- pull_request
- name: validate_go_mods
image: rancher/dapper:v0.5.0
commands:
- docker build --target test-mods -t k3s:mod -f Dockerfile.test .
- docker run -i k3s:mod
volumes:
- name: docker
path: /var/run/docker.sock
volumes:
- name: docker
host:
path: /var/run/docker.sock
---
kind: pipeline
name: manifest
platform:
os: linux
arch: amd64
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- push
- pull_request
- name: manifest
image: plugins/docker
environment:
DOCKER_USERNAME:
from_secret: docker_username
DOCKER_PASSWORD:
from_secret: docker_password
settings:
dry_run: true
dockerfile: Dockerfile.manifest
repo: "rancher/k3s-manifest"
build_args_from_env:
- DOCKER_USERNAME
- DOCKER_PASSWORD
- DRONE_TAG
trigger:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
include:
- tag
exclude:
- cron
depends_on:
- amd64
- arm64
- s390x
- arm
---
kind: pipeline
name: dispatch
platform:
os: linux
arch: amd64
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- push
- pull_request
- name: dispatch
image: curlimages/curl:7.74.0
user: root
environment:
PAT_USERNAME:
from_secret: pat_username
PAT_TOKEN:
from_secret: github_token
commands:
- apk -U --no-cache add bash
- scripts/dispatch
trigger:
instance:
- drone-publish.k3s.io
ref:
- refs/head/master
- refs/tags/*
event:
- tag
depends_on:
- manifest
---
kind: pipeline
name: e2e
type: docker
platform:
os: linux
arch: amd64
steps:
- name: skipfiles
image: plugins/git
commands:
- export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~)
- export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore);
- if [ -z "$DIFF" ]; then
echo "All files in PR are on ignore list";
exit 78;
else
echo "Some files in PR are not ignored, $DIFF";
fi;
when:
event:
- push
- pull_request
- name: build-e2e-image
image: rancher/dapper:v0.5.0
commands:
- DOCKER_BUILDKIT=1 docker build --target test-e2e -t test-e2e -f Dockerfile.test .
- SKIP_VALIDATE=true SKIP_AIRGAP=true dapper ci
- cp dist/artifacts/* /tmp/artifacts/
volumes:
- name: cache
path: /tmp/artifacts
- name: docker
path: /var/run/docker.sock
- name: test-e2e
image: test-e2e
pull: never
resources:
cpu: 6000
memory: 10Gi
environment:
E2E_REGISTRY: 'true'
commands:
- mkdir -p dist/artifacts
- cp /tmp/artifacts/* dist/artifacts/
- docker stop registry && docker rm registry
# Cleanup any VMs running, happens if a previous test panics
- |
VMS=$(virsh list --name | grep '_server-\|_agent-' || true)
if [ -n "$VMS" ]; then
for vm in $VMS
do
virsh destroy $vm
virsh undefine $vm --remove-all-storage
done
fi
- docker run -d -p 5000:5000 -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io --name registry registry:2
- cd tests/e2e/validatecluster
- vagrant destroy -f
- go test -v -timeout=45m ./validatecluster_test.go -ci -local
- cd ../secretsencryption
- vagrant destroy -f
- go test -v -timeout=30m ./secretsencryption_test.go -ci -local
- cd ../upgradecluster
- E2E_RELEASE_CHANNEL="latest" go test -v -timeout=45m ./upgradecluster_test.go -ci -local
- docker stop registry && docker rm registry
volumes:
- name: libvirt
path: /var/run/libvirt/
- name: docker
path: /var/run/docker.sock
- name: cache
path: /tmp/artifacts
volumes:
- name: docker
host:
path: /var/run/docker.sock
- name: libvirt
host:
path: /var/run/libvirt/
- name: cache
temp: {}