File build.specials.obscpio of Package image-build-base
07070100000000000081a400000000000000000000000167a4c679000001c1000000000000000000000000000000000000001700000000.github/dependabot.ymlversion: 2
updates:
# Maintain dependencies for Docker Images
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
labels:
- "kind/dependabot"
reviewers:
- "rancher/k3s"
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
labels:
- "kind/dependabot"
reviewers:
- "rancher/k3s"
07070100000001000081a400000000000000000000000167a4c679000006a8000000000000000000000000000000000000002100000000.github/workflows/image-push.ymlname: Build And Push
on:
push:
tags:
- 'v*'
permissions:
contents: read
jobs:
push-multiarch:
permissions:
contents: read
id-token: write
name: Build and Push amd64 and arm64
runs-on: ubuntu-latest
env:
TAG: ${{ github.ref_name }}
REPOSITORY_OWNER: ${{ github.repository_owner }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Registry Login
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Set the GOLANG_VERSION value
id: get-GOLANG_VERSION
run: |
echo "GO_VERSION=$(make go-version)" >> "$GITHUB_ENV"
- name: Build Container Image
uses: docker/build-push-action@v5
with:
context: .
push: true
build-args: |
"GOLANG_VERSION=${{ env.GO_VERSION }}"
tags: ${{ env.REPOSITORY_OWNER }}/hardened-build-base:${{ env.TAG }}
file: Dockerfile
platforms: linux/amd64,linux/arm64
07070100000002000081a400000000000000000000000167a4c67900000240000000000000000000000000000000000000002100000000.github/workflows/release-go.ymlname: Check Go versions and create releases
on:
schedule:
- cron: "0 17 * * *"
workflow_dispatch:
jobs:
release_go_versions:
name: Check Go versions and create releases
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: setup ecm-distro-tools
uses: rancher/ecm-distro-tools@v0.32.0
with:
version: v0.27.0
- name: check go versions and release
run: |
rke2_release image-build-base-release --alpine-version 3.18
07070100000003000081a400000000000000000000000167a4c679000006d2000000000000000000000000000000000000002000000000.github/workflows/updatecli.ymlname: "Updatecli: Dependency Management"
on:
schedule:
# Runs at 06 PM UTC
- cron: '0 18 * * *'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: write
issues: write
pull-requests: write
jobs:
updatecli:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 'stable'
- name: Install Updatecli
uses: updatecli/updatecli-action@v2
- name: Delete leftover UpdateCLI branches
run: |
gh pr list \
--search "is:closed is:pr head:updatecli_" \
--json headRefName \
--jq ".[].headRefName" | sort -u > closed_prs_branches.txt
gh pr list \
--search "is:open is:pr head:updatecli_" \
--json headRefName \
--jq ".[].headRefName" | sort -u > open_prs_branches.txt
for branch in $(comm -23 closed_prs_branches.txt open_prs_branches.txt); do
if (git ls-remote --exit-code --heads origin "$branch"); then
echo "Deleting leftover UpdateCLI branch - $branch";
git push origin --delete "$branch";
fi
done
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Apply Updatecli
# Never use '--debug' option, because it might leak the access tokens.
run: "updatecli apply --clean --config ./updatecli/updatecli.d/ --values ./updatecli/values.yaml"
env:
UPDATECLI_GITHUB_ACTOR: ${{ github.actor }}
UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
07070100000004000041ed00000000000000000000000167a4c67900000000000000000000000000000000000000000000001200000000.github/workflows07070100000005000041ed00000000000000000000000167a4c67900000000000000000000000000000000000000000000000800000000.github07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
