--- kind: pipeline name: amd64 platform: os: linux arch: amd64 trigger: event: exclude: - cron clone: retries: 3 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - pull_request - name: build image: rancher/dapper:v0.6.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader, unprivileged_github_token ] environment: GITHUB_TOKEN: from_secret: unprivileged_github_token AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - dapper ci - echo "${DRONE_TAG}-amd64" | sed -e 's/+/-/g' >.tags volumes: - name: docker path: /var/run/docker.sock - name: validate-cross-compilation image: rancher/dapper:v0.6.0 commands: - dapper validate-cross-compilation volumes: - name: docker path: /var/run/docker.sock - name: fossa image: rancher/drone-fossa:latest failure: ignore settings: api_key: from_secret: FOSSA_API_KEY when: instance: - drone-publish.k3s.io ref: include: - "refs/heads/master" - "refs/heads/release-*" event: - push - tag - name: github_binary_release image: plugins/github-release settings: api_key: from_secret: github_token prerelease: true checksum: - sha256 checksum_file: CHECKSUMsum-amd64.txt checksum_flatten: true files: - "dist/artifacts/*" when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: docker-publish image: plugins/docker settings: dockerfile: package/Dockerfile password: from_secret: docker_password repo: "rancher/k3s" username: from_secret: docker_username build_args_from_env: - DRONE_TAG when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: test image: rancher/dapper:v0.6.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ] environment: ENABLE_REGISTRY: 'true' AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test . - > docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY -v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} volumes: - name: docker path: /var/run/docker.sock volumes: - name: docker host: path: /var/run/docker.sock --- kind: pipeline name: conformance platform: os: linux arch: amd64 trigger: event: - cron cron: - nightly steps: - name: build image: rancher/dapper:v0.6.0 commands: - dapper ci - echo "${DRONE_TAG}-amd64" | sed -e 's/+/-/g' >.tags volumes: - name: docker path: /var/run/docker.sock - name: test image: rancher/dapper:v0.6.0 environment: ENABLE_REGISTRY: 'true' commands: - docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test . - > docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e SONOBUOY_VERSION -e ENABLE_REGISTRY -v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} volumes: - name: docker path: /var/run/docker.sock volumes: - name: docker host: path: /var/run/docker.sock --- kind: pipeline name: arm64 platform: os: linux arch: arm64 trigger: event: exclude: - cron clone: retries: 3 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - pull_request - name: build image: rancher/dapper:v0.6.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ] environment: AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - dapper ci - echo "${DRONE_TAG}-arm64" | sed -e 's/+/-/g' >.tags volumes: - name: docker path: /var/run/docker.sock - name: github_binary_release image: plugins/github-release settings: api_key: from_secret: github_token prerelease: true checksum: - sha256 checksum_file: CHECKSUMsum-arm64.txt checksum_flatten: true files: - "dist/artifacts/*" when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: docker-publish image: plugins/docker settings: dockerfile: package/Dockerfile password: from_secret: docker_password repo: "rancher/k3s" username: from_secret: docker_username build_args_from_env: - DRONE_TAG when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: test image: rancher/dapper:v0.6.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ] environment: ENABLE_REGISTRY: 'true' AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test . - > docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY -v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} volumes: - name: docker path: /var/run/docker.sock volumes: - name: docker host: path: /var/run/docker.sock --- kind: pipeline name: arm platform: os: linux arch: arm trigger: event: exclude: - cron clone: retries: 3 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - pull_request - name: build # Keeping Dapper at v0.5.0 for armv7, as newer versions fails with # Bad system call on this architecture. xref: # # https://github.com/k3s-io/k3s/pull/8959#discussion_r1439736566 # https://drone-pr.k3s.io/k3s-io/k3s/7922/3/3 image: rancher/dapper:v0.5.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ] environment: AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - dapper ci - echo "${DRONE_TAG}-arm" | sed -e 's/+/-/g' >.tags volumes: - name: docker path: /var/run/docker.sock - name: github_binary_release image: plugins/github-release:linux-arm settings: api_key: from_secret: github_token prerelease: true checksum: - sha256 checksum_file: CHECKSUMsum-arm.txt checksum_flatten: true files: - "dist/artifacts/*" when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: docker-publish image: plugins/docker:linux-arm settings: dockerfile: package/Dockerfile password: from_secret: docker_password repo: "rancher/k3s" username: from_secret: docker_username build_args_from_env: - DRONE_TAG when: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag - name: test # Refer to comment for arm/build. image: rancher/dapper:v0.5.0 secrets: [ AWS_SECRET_ACCESS_KEY-k3s-ci-uploader, AWS_ACCESS_KEY_ID-k3s-ci-uploader ] environment: ENABLE_REGISTRY: 'true' AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY-k3s-ci-uploader AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID-k3s-ci-uploader commands: - docker build --target test-k3s -t k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} -f Dockerfile.test . - > docker run -i -e REPO -e TAG -e DRONE_TAG -e DRONE_BUILD_EVENT -e IMAGE_NAME -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e SONOBUOY_VERSION -e ENABLE_REGISTRY -v /var/run/docker.sock:/var/run/docker.sock --privileged --network host -v /tmp:/tmp k3s:test-${DRONE_STAGE_ARCH}-${DRONE_COMMIT} volumes: - name: docker path: /var/run/docker.sock volumes: - name: docker host: path: /var/run/docker.sock --- kind: pipeline name: validate_go_mods platform: os: linux arch: amd64 trigger: event: exclude: - cron steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - push - pull_request - name: validate_go_mods image: rancher/dapper:v0.6.0 commands: - docker build --target test-mods -t k3s:mod -f Dockerfile.test . - docker run -i k3s:mod volumes: - name: docker path: /var/run/docker.sock volumes: - name: docker host: path: /var/run/docker.sock --- kind: pipeline name: manifest platform: os: linux arch: amd64 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - push - pull_request - name: manifest image: plugins/docker environment: DOCKER_USERNAME: from_secret: docker_username DOCKER_PASSWORD: from_secret: docker_password settings: dry_run: true dockerfile: Dockerfile.manifest repo: "rancher/k3s-manifest" build_args_from_env: - DOCKER_USERNAME - DOCKER_PASSWORD - DRONE_TAG trigger: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: include: - tag exclude: - cron depends_on: - amd64 - arm64 - arm --- kind: pipeline name: dispatch platform: os: linux arch: amd64 clone: retries: 3 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - push - pull_request - name: dispatch image: curlimages/curl:7.74.0 secrets: [ pat_username, github_token, release_token_k3s ] user: root environment: PAT_USERNAME: from_secret: pat_username PAT_TOKEN: from_secret: github_token K3S_RELEASE_TOKEN: from_secret: release_token_k3s commands: - apk -U --no-cache add bash - scripts/dispatch trigger: instance: - drone-publish.k3s.io ref: - refs/head/master - refs/tags/* event: - tag depends_on: - manifest --- kind: pipeline name: e2e type: docker platform: os: linux arch: amd64 clone: retries: 3 steps: - name: skipfiles image: plugins/git commands: - export NAME=$(test $DRONE_BUILD_EVENT = pull_request && echo remotes/origin/${DRONE_COMMIT_BRANCH:-master} || echo ${DRONE_COMMIT_SHA}~) - export DIFF=$(git --no-pager diff --name-only $NAME | grep -v -f .droneignore); - if [ -z "$DIFF" ]; then echo "All files in PR are on ignore list"; exit 78; else echo "Some files in PR are not ignored, $DIFF"; fi; when: event: - push - pull_request - name: build-e2e-image image: rancher/dapper:v0.6.0 commands: - DOCKER_BUILDKIT=1 docker build --target test-e2e -t test-e2e -f Dockerfile.test . - SKIP_VALIDATE=true SKIP_AIRGAP=true GOCOVER=1 dapper ci - cp dist/artifacts/* /tmp/artifacts/ volumes: - name: cache path: /tmp/artifacts - name: docker path: /var/run/docker.sock - name: test-e2e image: test-e2e pull: never resources: cpu: 6000 memory: 10Gi environment: E2E_REGISTRY: 'true' E2E_GOCOVER: 'true' commands: - mkdir -p dist/artifacts - cp /tmp/artifacts/* dist/artifacts/ - docker stop registry && docker rm registry # Cleanup VMs that are older than 2h. Happens if a previous test panics or is canceled - tests/e2e/scripts/cleanup_vms.sh - docker run -d -p 5000:5000 -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io --name registry registry:2 - | cd tests/e2e/validatecluster vagrant destroy -f go test -v -timeout=45m ./validatecluster_test.go -ci -local cp ./coverage.out /tmp/artifacts/validate-coverage.out - | cd ../secretsencryption vagrant destroy -f go test -v -timeout=30m ./secretsencryption_test.go -ci -local cp ./coverage.out /tmp/artifacts/se-coverage.out - | cd ../splitserver vagrant destroy -f go test -v -timeout=30m ./splitserver_test.go -ci -local cp ./coverage.out /tmp/artifacts/split-coverage.out - | if [ "$DRONE_BUILD_EVENT" = "pull_request" ]; then cd ../upgradecluster vagrant destroy -f # Convert release-1.XX branch to v1.XX channel if [ "$DRONE_BRANCH" = "master" ]; then UPGRADE_CHANNEL="latest" else UPGRADE_CHANNEL=$(echo $DRONE_BRANCH | sed 's/release-/v/') # Check if the UPGRADE_CHANNEL exists, in the case of new minor releases it won't if ! curl --head --silent --fail https://update.k3s.io/v1-release/channels/$UPGRADE_CHANNEL; then UPGRADE_CHANNEL="latest" fi fi E2E_RELEASE_CHANNEL=$UPGRADE_CHANNEL go test -v -timeout=45m ./upgradecluster_test.go -ci -local -ginkgo.v cp ./coverage.out /tmp/artifacts/upgrade-coverage.out fi - docker stop registry && docker rm registry volumes: - name: libvirt path: /var/run/libvirt/ - name: docker path: /var/run/docker.sock - name: cache path: /tmp/artifacts - name: upload to codecov image: robertstettner/drone-codecov settings: token: from_secret: codecov_token files: - /tmp/artifacts/validate-coverage.out - /tmp/artifacts/se-coverage.out - /tmp/artifacts/split-coverage.out - /tmp/artifacts/upgrade-coverage.out flags: - e2etests when: event: - push volumes: - name: cache path: /tmp/artifacts volumes: - name: docker host: path: /var/run/docker.sock - name: libvirt host: path: /var/run/libvirt/ - name: cache temp: {}