Skip to content

Commit

Permalink
Split GH actions
Browse files Browse the repository at this point in the history
RHEL needs specific steps and treatment.
  • Loading branch information
fauust committed Sep 28, 2023
1 parent 2071e5f commit 3da1608
Show file tree
Hide file tree
Showing 2 changed files with 172 additions and 76 deletions.
79 changes: 3 additions & 76 deletions .github/workflows/bb_containers.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,17 +92,6 @@ jobs:
# //TEMP Error: Unable to find a match: ccache python3-scons (on
# s390x)
# platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: rhel7.Dockerfile pip.Dockerfile
image: rhel7
platforms: linux/amd64
- dockerfile: rhel.Dockerfile
image: ubi8
tag: rhel8
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: rhel.Dockerfile pip.Dockerfile
image: ubi9
tag: rhel9
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: opensuse.Dockerfile pip.Dockerfile
image: opensuse/leap:15.3
tag: opensuse15
Expand All @@ -128,24 +117,11 @@ jobs:
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
fi
echo "REPO=bb-worker" >>$GITHUB_ENV
- name: Check for rhel subscription credentials
if: >
(contains(matrix.dockerfile, 'rhel')) &&
github.ref == 'refs/heads/main'
run: |
missing=()
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
(( ${#missing[@]} == 0 )) || exit 1
echo "BUILD_RHEL=true" >> $GITHUB_ENV
- name: Generate Dockerfile and necessary files
run: |
cd ${{ env.WORKDIR }}
cat ${{ matrix.dockerfile }} common.Dockerfile >/home/runner/work/Dockerfile
cp -r qpress /home/runner/work
cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
cp -r qpress $GITHUB_WORKSPACE
- name: No wsrep on 32 bit platforms
if: >
(contains(matrix.platforms, 'linux/386'))
Expand All @@ -166,7 +142,6 @@ jobs:
# https://access.redhat.com/discussions/672313#comment-2360508
sudo chronyc -a makestep
- name: Build image
if: (!contains(matrix.dockerfile, 'rhel'))
run: |
podman manifest create ${{ env.REPO }}:${{ env.IMG }}
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
Expand All @@ -176,47 +151,17 @@ jobs:
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \
--platform $arch \
--manifest ${{ env.REPO }}:${{ env.IMG }} \
-f /home/runner/work/Dockerfile \
-f $GITHUB_WORKSPACE/Dockerfile \
--build-arg base_image=${{ matrix.image }} \
--build-arg mariadb_branch=${{ matrix.branch }}
done
podman images
- name: Build image (rhel)
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
# create secrets
echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid
echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname
podman manifest create ${{ env.REPO }}:${{ env.IMG }}
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
msg="Build $arch:"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \
--secret id=rhel_orgid,src=./rhel_orgid \
--secret id=rhel_keyname,src=./rhel_keyname \
--platform $arch \
--manifest ${{ env.REPO }}:${{ env.IMG }} \
-f /home/runner/work/Dockerfile \
--build-arg base_image=${{ matrix.image }} \
--build-arg mariadb_branch=${{ matrix.branch }}
done
rm -f rhel_orgid rhel_keyname
podman images
- name: Push images to local registry
if: (!contains(matrix.dockerfile, 'rhel'))
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
- name: Push images to local registry (rhel)
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
- name: Check multi-arch container
if: (!contains(matrix.dockerfile, 'rhel'))
run: |
for p in ${{ matrix.platforms }}; do
platform="${p/,/}"
Expand All @@ -229,24 +174,6 @@ jobs:
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done
- name: Check multi-arch container (rhel)
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
# make space on the runner (rhel9 can't finish otherwise)
if [[ -d $HOME/.local/share/containers ]]; then
sudo rm -rf $HOME/.local/share/containers
fi
for p in ${{ matrix.platforms }}; do
platform="${p/,/}"
image="localhost:5000/bb-worker:${{ env.IMG }}"
msg="Testing docker image $image on platform $platform"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
docker pull -q --platform "$platform" "$image"
docker run -i "$image" buildbot-worker --version
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done
- name: Check for registry credentials
run: |
missing=()
Expand Down
169 changes: 169 additions & 0 deletions .github/workflows/bb_containers_rhel.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
---
name: bbw container build (rhel)

on:
push:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"
pull_request:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"

jobs:
build:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }})
strategy:
fail-fast: false
matrix:
include:
- dockerfile: rhel7.Dockerfile pip.Dockerfile
image: rhel7
platforms: linux/amd64
- dockerfile: rhel.Dockerfile
image: ubi8
tag: rhel8
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: rhel.Dockerfile pip.Dockerfile
image: ubi9
tag: rhel9
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
env:
BUILD_RHEL: false
DEPLOY_IMAGES: false
WORKDIR: ci_build_images

steps:
- uses: actions/checkout@v2
- name: Set up env vars
run: |
set -vx
[[ -n "${{ matrix.image }}" ]] || {
echo "Missing base image (FROM)"
exit 1
}
if [[ -n "${{ matrix.tag }}" ]]; then
echo "IMG=${{ matrix.tag }}" >>$GITHUB_ENV
else
TAG_TMP=${{ matrix.image }}
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
fi
echo "REPO=bb-worker" >>$GITHUB_ENV
- name: Check for rhel subscription credentials
run: |
missing=()
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
(( ${#missing[@]} == 0 )) || exit 1
echo "BUILD_RHEL=true" >> $GITHUB_ENV
- name: Generate Dockerfile and necessary files
run: |
cd ${{ env.WORKDIR }}
cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
cp -r qpress $GITHUB_WORKSPACE
- name: Check Dockerfile with hadolint
run: |
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
- name: Install qemu-user-static
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static
- name: Make sure that time is in sync
run: |
# RHEL subscription needs that time and date
# is correct and is syncing with an NTP-server
# https://access.redhat.com/discussions/672313#comment-2360508
sudo chronyc -a makestep
- name: Build image
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
podman manifest create ${{ env.REPO }}:${{ env.IMG }}
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
msg="Build $arch:"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \
--secret id=rhel_orgid,src=./rhel_orgid \
--secret id=rhel_keyname,src=./rhel_keyname \
--platform $arch \
--manifest ${{ env.REPO }}:${{ env.IMG }} \
-f $GITHUB_WORKSPACE/Dockerfile \
--build-arg base_image=${{ matrix.image }} \
--build-arg mariadb_branch=${{ matrix.branch }}
done
rm -f rhel_orgid rhel_keyname
podman images
- name: Push images to local registry
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
- name: Check multi-arch container
run: |
for p in ${{ matrix.platforms }}; do
platform="${p/,/}"
image="localhost:5000/bb-worker:${{ env.IMG }}"
msg="Testing docker image $image on platform $platform"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
docker pull -q --platform "$platform" "$image"
docker run -i "$image" buildbot-worker --version
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done
- name: Check for registry credentials
run: |
missing=()
[[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER)
[[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
if (( ${#missing[@]} == 0 )); then
echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV
else
echo "Not pushing images to registry"
fi
- name: Login to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to ghcr.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }}
- name: Login to registry
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Push images to quay.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to quay.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}

0 comments on commit 3da1608

Please sign in to comment.