-
Notifications
You must be signed in to change notification settings - Fork 25
172 lines (169 loc) · 6.48 KB
/
bb_containers_rhel.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
name: bbw container build (rhel)
on:
push:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"
pull_request:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"
jobs:
build:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }})
strategy:
fail-fast: false
matrix:
include:
- dockerfile: rhel7.Dockerfile pip.Dockerfile
image: rhel7
platforms: linux/amd64
- dockerfile: rhel.Dockerfile
image: ubi8
tag: rhel8
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: rhel.Dockerfile pip.Dockerfile
image: ubi9
tag: rhel9
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
env:
BUILD_RHEL: false
DEPLOY_IMAGES: false
WORKDIR: ci_build_images
steps:
- uses: actions/checkout@v2
- name: Set up env vars
run: |
set -vx
[[ -n "${{ matrix.image }}" ]] || {
echo "Missing base image (FROM)"
exit 1
}
if [[ -n "${{ matrix.tag }}" ]]; then
echo "IMG=${{ matrix.tag }}" >>$GITHUB_ENV
else
TAG_TMP=${{ matrix.image }}
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
fi
echo "REPO=bb-worker" >>$GITHUB_ENV
- name: Check for rhel subscription credentials
run: |
missing=()
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
(( ${#missing[@]} == 0 )) || exit 1
echo "BUILD_RHEL=true" >> $GITHUB_ENV
- name: Generate Dockerfile and necessary files
run: |
cd ${{ env.WORKDIR }}
cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
cp -r qpress $GITHUB_WORKSPACE
- name: Check Dockerfile with hadolint
run: |
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
- name: Install qemu-user-static
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static
- name: Make sure that time is in sync
run: |
# RHEL subscription needs that time and date
# is correct and is syncing with an NTP-server
# https://access.redhat.com/discussions/672313#comment-2360508
sudo chronyc -a makestep
- name: Build image
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
# create secrets
echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid
echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname
podman manifest create ${{ env.REPO }}:${{ env.IMG }}
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
msg="Build $arch:"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \
--secret id=rhel_orgid,src=./rhel_orgid \
--secret id=rhel_keyname,src=./rhel_keyname \
--platform $arch \
--manifest ${{ env.REPO }}:${{ env.IMG }} \
-f $GITHUB_WORKSPACE/Dockerfile \
--build-arg base_image=${{ matrix.image }} \
--build-arg mariadb_branch=${{ matrix.branch }}
done
rm -f rhel_orgid rhel_keyname
podman images
- name: Push images to local registry
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
- name: Check multi-arch container
run: |
for p in ${{ matrix.platforms }}; do
platform="${p/,/}"
image="localhost:5000/bb-worker:${{ env.IMG }}"
msg="Testing docker image $image on platform $platform"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
docker pull -q --platform "$platform" "$image"
docker run -i "$image" buildbot-worker --version
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done
- name: Check for registry credentials
run: |
missing=()
[[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER)
[[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
if (( ${#missing[@]} == 0 )); then
echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV
else
echo "Not pushing images to registry"
fi
- name: Login to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to ghcr.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }}
- name: Login to registry
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Push images to quay.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to quay.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}