ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: import ansible, k3s, pulp offline workflows from svc-design main repo

Browse Source
This commit is contained in:
Haitao Pan 2025-06-11 20:29:30 +08:00
parent 47fe2ee1ab
commit 8606f64433
6 changed files with 647 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/ansible-lint-container.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: Run Ansible Lint in Container
on:
pull_request:
branches: ["main", "stable", "release/v*"]
paths:
- '**/*.yaml'
- '**/*.yml'
workflow_dispatch:
branches:
- main
jobs:
ansible-lint:
runs-on: ubuntu-latest
container:
image: images.onwalk.net/public/base/alpine-ansible-ci-runner:0c09618
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run ansible-lint
run: echo ${{ secrets.VAULT_PASSWORD }} > ~/.vault_password && ansible-lint

111
.github/workflows/ansible-offline-installer.yml vendored Normal file
View File

@ -0,0 +1,111 @@
name: Create and Test Offline Ansible Installer Release
on:
pull_request:
paths:
- '.github/workflows/ansible-offline-installer.yml'
workflow_dispatch:
branches:
- main
jobs:
prepare-offline-package:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
# Install dependencies and prepare packages for Ubuntu/Debian
- name: Install dependencies for Ubuntu/Debian
run: |
sudo apt update
sudo apt install -y python3 python3-pip
pip3 install --download /tmp/offline_packages ansible
# Install dependencies for CentOS (7.x and 8.x)
- name: Install dependencies for CentOS (7.x and 8.x)
run: |
sudo yum install -y python3 python3-pip
pip3 install --download /tmp/offline_packages ansible
if: runner.os == 'Linux' && (startsWith(runner.os, 'rhel') || startsWith(runner.os, 'centos'))
# Create the installer package
- name: Create ansible-offline-installer.tar.gz
run: |
mkdir -p installer
tar -czvf installer/ansible-offline-package.tar.gz -C /tmp offline_packages
echo '#!/bin/bash' > installer/install-ansible.sh
echo 'if [ -f /etc/os-release ]; then' >> installer/install-ansible.sh
echo ' . /etc/os-release' >> installer/install-ansible.sh
echo ' if [[ "$ID" == "ubuntu" || "$ID_LIKE" == "debian" ]]; then' >> installer/install-ansible.sh
echo ' pip3 install --no-index --find-links=/tmp/offline_packages ansible' >> installer/install-ansible.sh
echo ' elif [[ "$ID" == "centos" || "$ID" == "rhel" ]]; then' >> installer/install-ansible.sh
echo ' pip3 install --no-index --find-links=/tmp/offline_packages ansible' >> installer/install-ansible.sh
echo ' fi' >> installer/install-ansible.sh
echo 'fi' >> installer/install-ansible.sh
chmod +x installer/install-ansible.sh
tar -czvf ansible-offline-installer.tar.gz installer
# Upload the installer package as an artifact
- name: Upload ansible-offline-installer.tar.gz as artifact
uses: actions/upload-artifact@v2
with:
name: ansible-offline-installer
path: ansible-offline-installer.tar.gz
test-installer:
runs-on: ubuntu-latest
needs: prepare-offline-package
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04, ubuntu-24.04, centos-7, centos-8]
steps:
- name: Checkout the repository
uses: actions/checkout@v2
# Download the installer package from the artifact
- name: Download the installer package from artifact
uses: actions/download-artifact@v2
with:
name: ansible-offline-installer
# Extract the installer package
- name: Extract the installer package
run: |
tar -xzvf ansible-offline-installer.tar.gz
# Run the installer script
- name: Run the installer script
run: |
./installer/install-ansible.sh
# Verify Ansible installation
- name: Verify Ansible installation
run: |
ansible --version
create-release:
runs-on: ubuntu-latest
needs: test-installer
if: success() # Only run if the test-installer job succeeds
steps:
- name: Create Release
id: create_release
uses: actions/create-release@v1
with:
tag_name: v${{ github.run_number }}-${{ github.run_id }} # Generate version number
release_name: Release v${{ github.run_number }}-${{ github.run_id }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload ansible-offline-installer.tar.gz to Release
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ github.run_number }}-${{ github.run_id }}
files: |
ansible-offline-installer.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

131
.github/workflows/build-k3s-offline-installer.yml vendored Normal file
View File

@ -0,0 +1,131 @@
name: Build Offline K3s Installer
on:
push:
paths:
- 'scripts/make_k3s_offline_package.sh'
- '.github/workflows/build-k3s-offline-installer.yml'
workflow_dispatch:
jobs:
build-k3s-installer:
strategy:
matrix:
arch: [amd64, arm64]
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install dependencies
run: |
export NERDCTL_VERSION=2.0.4
sudo apt-get update && sudo apt-get install -y curl tar tree
# 安装 K3s
curl -sfL https://get.k3s.io | sh -
# 设置 kubeconfig
mkdir -p $HOME/.kube
sudo cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
sudo chown $USER:$USER $HOME/.kube/config
# 安装 nerdctl
sudo curl -LO https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz
sudo tar -C /usr/local/bin -xzf nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz
sudo chmod +x /usr/local/bin/nerdctl
# k3s 测试
kubectl get nodes
kubectl get pods -A
# nerdctl 测试
sudo nerdctl --version
sudo nerdctl --namespace k8s.io --address /run/k3s/containerd/containerd.sock ps
- name: Run Offline Package Builder
run: |
chmod +x scripts/make_k3s_offline_package.sh
ARCH=${{ matrix.arch }} ./scripts/make_k3s_offline_package.sh
- name: Compress Offline Installer
run: |
tar czvf k3s-offline-package-${{ matrix.arch }}.tar.gz k3s-offline-package
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: k3s-offline-package-${{ matrix.arch }}
path: k3s-offline-package-${{ matrix.arch }}.tar.gz
test-k3s-installer:
needs: build-k3s-installer
strategy:
matrix:
arch: [amd64]
runs-on: ubuntu-latest
steps:
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: k3s-offline-package-${{ matrix.arch }}
path: ./test-dir
- name: Extract Package
run: |
cd test-dir
tar -xzvf k3s-offline-package-${{ matrix.arch }}.tar.gz
- name: Setup K3s and Test
run: |
cd test-dir/k3s-offline-package
bash install-server.sh
KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl get nodes
KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl get pods -A
publish-release:
needs: test-k3s-installer
runs-on: ubuntu-latest
env:
tag_name: offline-k3s-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
- name: Create GitHub Release
id: create_release
uses: actions/create-release@v1
with:
tag_name: ${{ env.tag_name }}
release_name: Daily Build ${{ env.tag_name }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download amd64 Artifact
uses: actions/download-artifact@v4
with:
name: k3s-offline-package-amd64
path: release-artifacts
- name: Download arm64 Artifact
uses: actions/download-artifact@v4
with:
name: k3s-offline-package-arm64
path: release-artifacts
- name: Upload to GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ env.tag_name }}
files: |
release-artifacts/k3s-offline-package-amd64.tar.gz
release-artifacts/k3s-offline-package-arm64.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

152
.github/workflows/build-offline-package.yaml vendored Normal file
View File

@ -0,0 +1,152 @@
name: Build Offline Nginx Ingress Installer
on:
push:
paths:
- 'scripts/ingress-installer.sh'
- '.github/workflows/build-offline-package.yaml'
workflow_dispatch:
jobs:
build-offline-installer:
strategy:
matrix:
arch: [amd64, arm64]
runs-on: ubuntu-latest
outputs:
artifact-name: ${{ steps.upload-artifact.outputs.artifact-name }}
steps:
- uses: actions/checkout@v4
- name: Prepare directories
run: |
mkdir -p offline-installer/{images,charts,scripts,bin}
- name: Download nerdctl binary for ${{ matrix.arch }}
run: |
wget https://github.com/containerd/nerdctl/releases/download/v2.0.3/nerdctl-2.0.3-linux-${{ matrix.arch }}.tar.gz \
-O offline-installer/nerdctl.tar.gz
- name: Pull & export required images
run: |
docker pull nginx/nginx-ingress:2.4.0
docker pull registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407
docker save nginx/nginx-ingress:2.4.0 \
-o offline-installer/images/nginx-ingress.tar
docker save registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407 \
-o offline-installer/images/kube-webhook-certgen.tar
- name: Download Helm Chart (nginx-stable/nginx-ingress v0.15.0)
run: |
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
helm pull nginx-stable/nginx-ingress --version=0.15.0 --untar --untardir offline-installer/charts
- name: Copy installer script
run: |
cp scripts/ingress-installer.sh offline-installer/scripts/
chmod +x offline-installer/scripts/ingress-installer.sh
- name: Package offline installer
run: |
cd offline-installer
tar czvf ../offline-setup-nginx-ingress-${{ matrix.arch }}.tar.gz ./
cd ..
- name: Upload artifact
id: upload-artifact
uses: actions/upload-artifact@v4
with:
name: offline-setup-nginx-ingress-${{ matrix.arch }}
path: offline-setup-nginx-ingress-${{ matrix.arch }}.tar.gz
test-offline-installer:
needs: build-offline-installer
strategy:
matrix:
arch: [amd64]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download offline installer artifact for ${{ matrix.arch }}
uses: actions/download-artifact@v4
with:
name: offline-setup-nginx-ingress-${{ matrix.arch }}
path: offline-test
- name: Setup K3s and KUBECONFIG for user
run: |
curl -sfL https://get.k3s.io | sudo sh -
# 配置当前用户的 kubeconfig
mkdir -p $HOME/.kube
sudo cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
sudo chown $USER:$USER $HOME/.kube/config
# 测试 kubectl 可用性(不需要 sudo
kubectl get nodes
kubectl version
- name: Install Helm
run: |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | sudo bash
- name: Load offline installer package
run: |
cd offline-test
tar -xzvf offline-setup-nginx-ingress-${{ matrix.arch }}.tar.gz
sudo tar xzvf nerdctl.tar.gz -C /usr/local/bin/
docker load -i images/nginx-ingress.tar
docker load -i images/kube-webhook-certgen.tar
cd ..
- name: Run offline installer in K3S cluster
run: |
cd offline-test
bash scripts/ingress-installer.sh # ❗不要用 sudo除非你传入 KUBECONFIG
sleep 10
helm list -A
kubectl -n ingress get pods
publish-release:
needs: test-offline-installer
runs-on: ubuntu-latest
env:
tag_name: offline-nginx-ingress-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
- name: Create Release
id: create_release
uses: actions/create-release@v1
with:
tag_name: ${{ env.tag_name }}
release_name: Daily Build ${{ env.tag_name }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download amd64 artifact
uses: actions/download-artifact@v4
with:
name: offline-setup-nginx-ingress-amd64
path: release-artifacts
- name: Download arm64 artifact
uses: actions/download-artifact@v4
with:
name: offline-setup-nginx-ingress-arm64
path: release-artifacts
- name: Upload offline installers to GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ env.tag_name }}
files: |
release-artifacts/offline-setup-nginx-ingress-amd64.tar.gz
release-artifacts/offline-setup-nginx-ingress-arm64.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

140
.github/workflows/build-pulp-offline-installer.yml vendored Normal file
View File

@ -0,0 +1,140 @@
name: Build Offline Pulp Installer
on:
push:
paths:
- 'scripts/pulp-installer.sh'
- '.github/workflows/build-pulp-offline-installer.yml'
workflow_dispatch:
jobs:
build-pulp-installer:
strategy:
matrix:
arch: [amd64, arm64]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Prepare offline structure
run: mkdir -p offline-pulp/{charts,scripts,images,manifests}
- name: Download Helm Chart
run: |
helm repo add pulp-operator https://github.com/pulp/pulp-k8s-resources/raw/main/helm-charts/ --force-update
helm repo update
helm pull pulp-operator/pulp-operator --untar --untardir offline-pulp/charts
- name: Pull & Save Image
run: |
docker pull quay.io/pulp/pulp-operator:v1.0.0-beta.5
docker save quay.io/pulp/pulp-operator:v1.0.0-beta.5 -o offline-pulp/images/pulp-operator.tar
docker pull gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
docker save gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 -o offline-pulp/images/kube-rbac-proxy.tar
- name: Copy installer script
run: |
cp scripts/pulp-installer.sh offline-pulp/scripts/
chmod +x offline-pulp/scripts/pulp-installer.sh
- name: Package offline installer
run: |
cd offline-pulp
tar czvf ../offline-setup-pulp-${{ matrix.arch }}.tar.gz ./
cd ..
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: offline-setup-pulp-${{ matrix.arch }}
path: offline-setup-pulp-${{ matrix.arch }}.tar.gz
test-offline-installer:
needs: build-pulp-installer
strategy:
matrix:
arch: [amd64]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download offline installer artifact for ${{ matrix.arch }}
uses: actions/download-artifact@v4
with:
name: offline-setup-pulp-${{ matrix.arch }}
path: offline-test
- name: Setup K3s and KUBECONFIG for user
run: |
curl -sfL https://get.k3s.io | sudo sh -
mkdir -p $HOME/.kube
sudo cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
sudo chown $USER:$USER $HOME/.kube/config
kubectl get nodes
kubectl version
- name: Install Helm
run: |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | sudo bash
- name: Load offline installer package
run: |
cd offline-test
tar -xzvf offline-setup-pulp-${{ matrix.arch }}.tar.gz
if [ -f nerdctl.tar.gz ]; then
sudo tar xzvf nerdctl.tar.gz -C /usr/local/bin/
fi
docker load -i images/pulp-operator.tar
cd ..
- name: Run offline Pulp installer in K3S
run: |
cd offline-test
bash scripts/pulp-installer.sh
sleep 15
helm list -A
kubectl -n pulp get pods
publish-release:
needs: test-offline-installer
runs-on: ubuntu-latest
env:
tag_name: offline-pulp-${{ github.run_number }}
steps:
- uses: actions/checkout@v4
- name: Create Release
id: create_release
uses: actions/create-release@v1
with:
tag_name: ${{ env.tag_name }}
release_name: Daily Build ${{ env.tag_name }}
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download amd64 artifact
uses: actions/download-artifact@v4
with:
name: offline-setup-pulp-amd64
path: release-artifacts
- name: Download arm64 artifact
uses: actions/download-artifact@v4
with:
name: offline-setup-pulp-arm64
path: release-artifacts
- name: Upload offline installers to GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ env.tag_name }}
files: |
release-artifacts/offline-setup-pulp-amd64.tar.gz
release-artifacts/offline-setup-pulp-arm64.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

88
.github/workflows/self-signed-ssl-cert-workflow.yml vendored Normal file
View File

@ -0,0 +1,88 @@
name: Generate and Release Self-Signed SSL Certificates
on:
push:
tags:
- "release-*"
pull_request:
paths:
- '.github/workflows/self-signed-ssl-cert-workflow.yml'
workflow_dispatch:
inputs:
domain:
description: 'Domain to generate certificate for'
required: false
default: 'kube.registry.local'
valid_days:
description: 'Certificate validity (days)'
required: false
default: '3650'
env:
DOMAIN: ${{ github.event.inputs.domain || 'kube.registry.local' }}
VALID_DAYS: ${{ github.event.inputs.valid_days || '3650' }}
OUTPUT_DIR: ssl_certificates
TAG_NAME: ${{ github.ref_name != '' && github.ref_name || format('daily-{0}', github.run_number) }}
jobs:
generate-cert:
runs-on: ubuntu-latest
outputs:
tag_name: ${{ env.TAG_NAME }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Ensure script is executable
run: chmod +x scripts/generate_ssl.sh
- name: Generate Self-Signed SSL Certificate
run: scripts/generate_ssl.sh "$DOMAIN" "$VALID_DAYS" "$OUTPUT_DIR"
- name: Package Certificates
run: tar -czvf ssl_certificates.tar.gz -C "$OUTPUT_DIR" .
- name: Upload SSL Certificates Artifact
uses: actions/upload-artifact@v4
with:
name: self-signed-ssl-certificates
path: ssl_certificates.tar.gz
test-cert:
needs: generate-cert
runs-on: ubuntu-latest
steps:
- name: Download SSL Certificates
uses: actions/download-artifact@v4
with:
name: self-signed-ssl-certificates
- name: Unpack Certificates
run: tar -xzvf ssl_certificates.tar.gz
- name: Validate Certificate with OpenSSL
run: |
openssl x509 -in ssl_certificates/cert.pem -noout -subject -issuer -dates
echo "✅ Certificate appears valid"
release-cert:
needs: test-cert
if: startsWith(github.ref, 'refs/tags/release-') || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- name: Download SSL Certificates
uses: actions/download-artifact@v4
with:
name: self-signed-ssl-certificates
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.ref_name != '' && github.ref_name || format('daily-{0}', github.run_number) }}
name: >-
${{ startsWith(github.ref, 'refs/tags/')
&& format('Release {0}', github.ref_name)
|| format('Daily Build {0}', github.run_number) }}
files: ssl_certificates.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}