Fix k3s versioning #382
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release ARM artifacts | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| FORCE_COLOR: 1 | |
| EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} | |
| permissions: read-all | |
| jobs: | |
| get-core-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - id: set-matrix | |
| run: | | |
| content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "core"))'` | |
| # the following lines are only required for multi line json | |
| content="${content//'%'/'%25'}" | |
| content="${content//$'\n'/'%0A'}" | |
| content="${content//$'\r'/'%0D'}" | |
| # end of optional handling for multi line json | |
| echo "::set-output name=matrix::{\"include\": $content }" | |
| # The matrix for standard (provider) images | |
| get-standard-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - run: | | |
| sudo apt update && sudo apt install -y jq | |
| - name: Install earthly | |
| uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1 | |
| with: | |
| repository: quay.io/kairos/packages | |
| packages: utils/earthly | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@master | |
| with: | |
| platforms: all | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@master | |
| - id: set-matrix | |
| run: | | |
| docker run --name luet quay.io/luet/base && docker cp luet:/usr/bin/luet ./ | |
| chmod +x luet | |
| sudo mv luet /usr/bin/luet | |
| # Construct an array like this from the found versions: | |
| earthly --platform=linux/arm64 +extract-framework-profile | |
| # fetch "k3s-openrc" versions | |
| sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(select(.name == "k3s-openrc")) | map(.version) | unique' > k3s_openrc.json | |
| # fetch alpine flavors | |
| jq 'map(select(.arch == "arm64" and .variant == "standard" and .model != "generic" and .flavor == "alpine"))' .github/flavors.json > flavors_openrc.json | |
| # generate combinations | |
| jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}]' flavors_openrc.json k3s_openrc.json > combinations_openrc.json | |
| # fetch "k3s-systemd" versions | |
| sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(select(.name == "k3s-systemd")) | map(.version) | unique' > k3s_systemd.json | |
| # fetch non-alpine flavors | |
| jq 'map(select(.arch == "arm64" and .variant == "standard" and .model and .flavor != "alpine"))' .github/flavors.json > flavors_systemd.json | |
| # generate combinations | |
| jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}]' flavors_systemd.json k3s_systemd.json > combinations_systemd.json | |
| # merge the two combinations | |
| content=$(jq -s 'add' combinations_openrc.json combinations_systemd.json) | |
| # the following lines are only required for multi line json | |
| content="${content//'%'/'%25'}" | |
| content="${content//$'\n'/'%0A'}" | |
| content="${content//$'\r'/'%0D'}" | |
| # end of optional handling for multi line json | |
| echo "::set-output name=matrix::{\"include\": $content }" | |
| build-arm-core: | |
| uses: ./.github/workflows/reusable-docker-arm-build.yaml | |
| name: ${{ matrix.variant }}-${{ matrix.model }} | |
| permissions: | |
| id-token: write # OIDC support | |
| contents: write | |
| security-events: write | |
| actions: read | |
| attestations: read | |
| checks: read | |
| deployments: read | |
| discussions: read | |
| issues: read | |
| packages: read | |
| pages: read | |
| pull-requests: read | |
| repository-projects: read | |
| statuses: read | |
| secrets: inherit | |
| with: | |
| flavor: ${{ matrix.flavor }} | |
| flavor_release: ${{ matrix.flavorRelease }} | |
| family: ${{ matrix.family }} | |
| model: ${{ matrix.model }} | |
| base_image: ${{ matrix.baseImage }} | |
| worker: ${{ matrix.worker }} | |
| variant: ${{ matrix.variant }} | |
| needs: | |
| - get-core-matrix | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}} | |
| build-arm-standard: | |
| uses: ./.github/workflows/reusable-docker-arm-build.yaml | |
| name: ${{ matrix.variant }}-${{ matrix.model }}-${{ matrix.k3s_version }} | |
| permissions: | |
| id-token: write # OIDC support | |
| contents: write | |
| security-events: write | |
| actions: read | |
| attestations: read | |
| checks: read | |
| deployments: read | |
| discussions: read | |
| issues: read | |
| packages: read | |
| pages: read | |
| pull-requests: read | |
| repository-projects: read | |
| statuses: read | |
| secrets: inherit | |
| with: | |
| flavor: ${{ matrix.flavor }} | |
| flavor_release: ${{ matrix.flavorRelease }} | |
| family: ${{ matrix.family }} | |
| model: ${{ matrix.model }} | |
| base_image: ${{ matrix.baseImage }} | |
| worker: ${{ matrix.worker }} | |
| variant: ${{ matrix.variant }} | |
| k3s_version: ${{ matrix.k3s_version }} | |
| needs: | |
| - get-standard-matrix | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{fromJson(needs.get-standard-matrix.outputs.matrix)}} | |
| build-nvidia-base: | |
| runs-on: ARM64 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install kairos-agent (for versioneer) | |
| uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1 | |
| with: | |
| repository: quay.io/kairos/packages-arm64 | |
| packages: system/kairos-agent | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@master | |
| - name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines | |
| run: | | |
| sudo iptables -I INPUT -s 169.254.169.254 -j DROP | |
| sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP | |
| - name: Login to Quay Registry | |
| run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io | |
| - name: Build 🔧 & Push 🚀 | |
| run: | | |
| export IMAGE=quay.io/kairos/cache:nvidia-base | |
| docker build --platform=linux/arm64 -t $IMAGE -f ./images/Dockerfile.nvidia ./images | |
| docker push $IMAGE | |
| nvidia-arm-core: | |
| uses: ./.github/workflows/reusable-docker-arm-build.yaml | |
| permissions: | |
| id-token: write # OIDC support | |
| contents: write | |
| security-events: write | |
| actions: read | |
| attestations: read | |
| checks: read | |
| deployments: read | |
| discussions: read | |
| issues: read | |
| packages: read | |
| pages: read | |
| pull-requests: read | |
| repository-projects: read | |
| statuses: read | |
| needs: build-nvidia-base | |
| secrets: inherit | |
| with: | |
| flavor: ubuntu | |
| flavor_release: "22.04" | |
| family: ubuntu | |
| base_image: quay.io/kairos/cache:nvidia-base | |
| model: nvidia-jetson-agx-orin | |
| worker: ARM64 | |
| variant: core |