rancher/.github/workflows/push.yml

name: Push to release branches
on:
  push:
    branches:
      - "main"
      - "release/v*"
env:
  COMMIT: ${{ github.sha }}
  DOCKERIO_REGISTRY: "docker.io"
  AWS_DEFAULT_REGION: "us-east-1"
  REPOSITORY_OWNER: ${{ github.repository_owner }}
  IMAGE: ${{ github.repository_owner }}/rancher
  IMAGE_AGENT: ${{ github.repository_owner }}/rancher-agent
  IMAGE_INSTALLER: ${{ github.repository_owner }}/system-agent-installer-rancher
  REGISTRY: "docker.io"
jobs:
  unit-tests:
    uses: ./.github/workflows/unit-test.yml
  build-server:
    runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
    strategy:
      matrix:
        os: [linux]
        arch: [x64, arm64]
    env:
      ARCH: ${{ matrix.arch }}
      OS: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: setup and build
        uses: ./.github/actions/build-images/server
  build-agent:
    strategy:
      matrix:
        os: [linux]
        arch: [x64, arm64]
    runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
    env:
      ARCH: ${{ matrix.arch }}
      OS: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: setup and build
        uses: ./.github/actions/build-images/agent
  integration-tests:
    needs: [build-server, build-agent]
    with:
      parent_run_id: ${{ github.run_id }}
    uses: ./.github/workflows/integration-tests.yml
  push-images:
    needs: [unit-tests, integration-tests]
    strategy:
      matrix:
        os: [linux]
        arch: [x64, arm64]
    runs-on: runs-on,runner=2cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
    permissions:
      contents: read
      id-token: write
    env:
      ARCH: ${{ matrix.arch }}
      OS: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Load Secrets from Vault
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
      - name: push
        uses: ./.github/actions/push-images
  build-publish-chart:
    needs: [push-images]
    runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
    container: registry.suse.com/bci/bci-base:15.7
    permissions:
      contents: read
      id-token: write
    concurrency:
      group: 'build-chart-tag'
      # instead of cancelling other runs, wait until they are finished
      cancel-in-progress: false
    env:
      ARCH: amd64
    steps:
      - name: install dependencies
        shell: bash
        run: zypper install -y git
      - name: Git safe directory
        run: git config --global --add safe.directory "$PWD"
      - name: Checkout code
        uses: actions/checkout@v4
      - name: setup and build
        uses: ./.github/actions/rancher-chart/build
      - name: Load Secrets from Vault
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/optimus-charts-access-key/credentials token | AWS_ACCESS_KEY_ID_CHARTS ;
            secret/data/github/repo/${{ github.repository }}/optimus-charts-secret-key/credentials token | AWS_SECRET_ACCESS_KEY_CHARTS ;
            secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials accessKeyId | AWS_ACCESS_KEY_ID_CACHE_INVALIDATION ;
            secret/data/github/repo/${{ github.repository }}/chart-dns-invalidator/credentials secretAccessKey | AWS_SECRET_ACCESS_KEY_CACHE_INVALIDATION ;
            secret/data/github/repo/${{ github.repository }}/chart-optimus-uploader/credentials stagingChartsOptimusBucketName | CHARTS_BUCKET_NAME ;
      - name: publish
        uses: ./.github/actions/rancher-chart/publish-aws
  build-installer:
    runs-on: runs-on,runner=4cpu-${{ matrix.os }}-${{ matrix.arch }},image=ubuntu22-full-${{ matrix.arch }},run-id=${{ github.run_id }}
    strategy:
      matrix:
        os: [linux]
        arch: [x64, arm64]
    permissions:
      contents: read
      id-token: write
    env:
      ARCH: ${{ matrix.arch }}
      OS: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Load Secrets from Vault
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
      - name: build
        uses: ./.github/actions/build-images/installer
  merge-server-agent-installer-manifests:
    needs: [push-images, build-installer]
    runs-on: runs-on,runner=2cpu-linux-x64,image=ubuntu22-full-x64,run-id=${{ github.run_id }}
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Load Secrets from Vault
        uses: rancher-eio/read-vault-secrets@main
        with:
          secrets: |
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
            secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Docker Registry
        uses: docker/login-action@v3
        with:
          username: ${{ env.DOCKER_USERNAME }}
          password: ${{ env.DOCKER_PASSWORD }}
          registry: ${{ env.REGISTRY }}
      - name: merge server manifests
        with:
          image: "${{ env.IMAGE }}"
        uses: ./.github/actions/merge-manifests
      - name: merge agent manifests
        with:
          image: "${{ env.IMAGE_AGENT }}"
        uses: ./.github/actions/merge-manifests
      - name: merge installer manifests
        with:
          image: "${{ env.IMAGE_INSTALLER }}"
        uses: ./.github/actions/merge-manifests