[Release-1.30] GHA + Testing Backports

.drone.yml

@@ -49,28 +49,6 @@ steps:
     event:
       - push
       - tag
-
-- name: github_binary_release
-  image: plugins/github-release
-  settings:
-    api_key:
-      from_secret: github_token
-    prerelease: true
-    checksum:
-    - sha256
-    checksum_file: CHECKSUMsum-amd64.txt
-    checksum_flatten: true
-    files:
-    - "dist/artifacts/*"
-  when:
-    instance:
-    - drone-publish.k3s.io
-    ref:
-    - refs/head/master
-    - refs/tags/*
-    event:
-    - tag
-
 - name: docker-publish
   image: plugins/docker
   settings:
@@ -189,27 +167,6 @@ steps:
   - name: docker
     path: /var/run/docker.sock
 
-- name: github_binary_release
-  image: plugins/github-release
-  settings:
-    api_key:
-      from_secret: github_token
-    prerelease: true
-    checksum:
-    - sha256
-    checksum_file: CHECKSUMsum-arm64.txt
-    checksum_flatten: true
-    files:
-    - "dist/artifacts/*"
-  when:
-    instance:
-    - drone-publish.k3s.io
-    ref:
-    - refs/head/master
-    - refs/tags/*
-    event:
-    - tag
-
 - name: docker-publish
   image: plugins/docker
   settings:
@@ -304,28 +261,6 @@ steps:
   volumes:
   - name: docker
     path: /var/run/docker.sock
-
-- name: github_binary_release
-  image: plugins/github-release:linux-arm
-  settings:
-    api_key:
-      from_secret: github_token
-    prerelease: true
-    checksum:
-    - sha256
-    checksum_file: CHECKSUMsum-arm.txt
-    checksum_flatten: true
-    files:
-    - "dist/artifacts/*"
-  when:
-    instance:
-    - drone-publish.k3s.io
-    ref:
-    - refs/head/master
-    - refs/tags/*
-    event:
-    - tag
-
 - name: docker-publish
   image: plugins/docker:linux-arm
   settings:

.github/workflows/build-k3s.yaml

@@ -19,20 +19,9 @@ on:
         description: 'Upload contents of build/out, used to build the k3s image externally'
         required: false
         default: false
-      cache:
-        type: string
-        description: 'Cache mode: "read", "write", or empty for no cache'
-        required: false
-        default: ''
-
-# Note that is workflow requires the following permissions:
-#   contents: read
-# If using the cache: write option, you will need:
-#   packages: write
-# If using the cache: read option, you will need:
-#   packages: read
-
 
+permissions:
+  contents: read
 
 jobs:
   build:
@@ -67,14 +56,6 @@ jobs:
           echo "dirty=${DIRTY}"
         } >> "$GITHUB_OUTPUT"
 
-    - name: Login to GitHub Container Registry
-      if: inputs.cache == 'write'
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
     - name: Build K3s Binary Native
       if: inputs.arch == 'arm64' || inputs.arch == 'amd64'
       env:
@@ -91,8 +72,6 @@ jobs:
           TREE_STATE=${{ steps.git_vars.outputs.tree_state }}
           COMMIT=${{ steps.git_vars.outputs.commit }}
           DIRTY=${{ steps.git_vars.outputs.dirty }}
-        cache-from: ${{ inputs.cache != '' && format('type=registry,ref=ghcr.io/{0}:cache-{1}', github.repository, inputs.arch) || '' }}
-        cache-to: ${{ inputs.cache == 'write' && format('type=registry,ref=ghcr.io/{0}:cache-{1},mode=max', github.repository, inputs.arch) || '' }}
         push: false
         provenance: mode=min
         outputs: type=local,dest=.

.github/workflows/e2e.yaml

@@ -35,7 +35,6 @@ jobs:
     uses: ./.github/workflows/build-k3s.yaml
     with:
       upload-image: true
-      cache: ${{ github.ref == 'refs/heads/master' && 'write' || 'read' }}
   build-arm64:
     uses: ./.github/workflows/build-k3s.yaml
     permissions:
@@ -44,7 +43,6 @@ jobs:
     with:
       arch: arm64
       upload-image: true
-      cache: ${{ github.ref == 'refs/heads/master' && 'write' || 'read' }}
   e2e:
     name: "E2E Tests"
     needs: build

.github/workflows/integration.yaml

@@ -29,13 +29,9 @@ env:
 
 jobs:
   build:
-    permissions:
-      contents: read
-      packages: read
     uses: ./.github/workflows/build-k3s.yaml
     with:
       os: linux
-      cache: read
   build-windows:
     uses: ./.github/workflows/build-k3s.yaml
     with:

.github/workflows/release.yml

@@ -13,23 +13,20 @@ jobs:
     name: Build Binary (amd64)
     uses: ./.github/workflows/build-k3s.yaml
     with:
-      cache: '' # No cache for release builds
       upload-build: true
 
   build-arm64:
     name: Build Binary (arm64)
     uses: ./.github/workflows/build-k3s.yaml
     with:
       arch: arm64
-      cache: '' # No cache for release builds
       upload-build: true
 
   build-arm:
     name: Build Binary (arm)
     uses: ./.github/workflows/build-k3s.yaml
     with:
       arch: arm
-      cache: '' # No cache for release builds
       upload-build: true
 
   push-release-image:
@@ -52,7 +49,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: COnfigure image tags
+      - name: Configure image tags
         id: tag_config
         run: |
           TAG=${GITHUB_REF#refs/tags/}
@@ -74,7 +71,8 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ghcr.io/${{ github.repository_owner }}/k3s
+          images: |
+            ghcr.io/${{ github.repository_owner }}/k3s
           flavor: latest=false
           tags: ${{ steps.tag_config.outputs.tag_spec }}
 
@@ -102,3 +100,96 @@ jobs:
           build-args: |
             DRONE_TAG=${{ github.ref_name }}
 
+  upload-release-airgap:
+    name: Build Airgap Pkg (${{ matrix.arch }})
+    runs-on: ubuntu-latest # Runs on standard runner, docker pulls with --platform
+    permissions: 
+      contents: write  # Needed to update release with assets
+    strategy:
+      matrix:
+        arch: [amd64, arm64, arm]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install Dependencies
+        run: sudo apt-get update -y && sudo apt-get install -y zstd pigz
+
+      - name: Create Airgap Package (${{ matrix.arch }})
+        run: |
+          mkdir -p ./dist/artifacts
+          ./scripts/package-airgap ${{ matrix.arch }}
+
+      - name: Caculate Airgap sha256sum
+        run: sha256sum dist/artifacts/k3s-airgap-images-${{ matrix.arch }}* | sed 's|dist/artifacts/||' > dist/artifacts/k3s-airgap-images-${{ matrix.arch }}.sha256sum
+
+      - name: Upload Airgap sha256sum
+        uses: actions/upload-artifact@v4
+        with:
+          name: k3s-airgap-images-${{ matrix.arch }}.sha256sum
+          path: dist/artifacts/k3s-airgap-images-${{ matrix.arch }}.sha256sum
+
+      - name: Upload k3s-images.txt to Release
+        uses: softprops/action-gh-release@v2
+        # This action is recommended by GITHUB, they don't support a first party action for releases
+        # See https://github.com/actions/create-release?tab=readme-ov-file#github-action---releases-api
+        if: ${{ matrix.arch == 'amd64' }}
+        with:
+          files: |
+            dist/artifacts/k3s-images.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Airgap Assets to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            dist/artifacts/k3s-airgap-images*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  upload-release-assets:
+    name: Prepare and Upload Release Assets
+    permissions: 
+      contents: write # Needed to update release with assets
+    runs-on: ubuntu-latest
+    needs: [build-amd64, build-arm64, build-arm, upload-release-airgap]
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: "Download Binaries and Airgap sha256sum"
+      uses: actions/download-artifact@v4
+      with:
+        pattern: k3s*
+        path: ./dist/artifacts
+        merge-multiple: true
+
+    - name: "Combine and format sha256sum files"
+      run: |
+        for arch in amd64 arm64 arm; do
+          output_file="./dist/artifacts/sha256sum-${arch}.txt"
+          cat ./dist/artifacts/k3s-airgap-images-$arch*.sha256sum >> "$output_file"
+          rm ./dist/artifacts/k3s-airgap-images-$arch*.sha256sum
+          if [[ "$arch" == "amd64" ]]; then
+            cat ./dist/artifacts/k3s.sha256sum >> "$output_file"
+            rm ./dist/artifacts/k3s.sha256sum # Remove the original file to avoid uploading it
+          else
+            cat ./dist/artifacts/k3s-${arch}.sha256sum >> "$output_file"
+            rm ./dist/artifacts/k3s-${arch}.sha256sum # Remove the original file to avoid uploading it
+          fi
+        done    
+
+    - name: Upload Assets to Release
+      uses: softprops/[email protected]
+      with:
+        files: |
+          dist/artifacts/k3s*
+          dist/artifacts/sha256sum*
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+