From 610093d71fce5ca1d7f54607a285d694bc38f13d Mon Sep 17 00:00:00 2001 From: Faustin Lammler Date: Thu, 28 Sep 2023 12:07:15 +0200 Subject: [PATCH] Split GH actions RHEL needs specific steps and treatment. --- .github/workflows/bb_containers.yml | 79 +---------- .github/workflows/bb_containers_rhel.yml | 172 +++++++++++++++++++++++ 2 files changed, 175 insertions(+), 76 deletions(-) create mode 100644 .github/workflows/bb_containers_rhel.yml diff --git a/.github/workflows/bb_containers.yml b/.github/workflows/bb_containers.yml index 4c49b281..214e7509 100644 --- a/.github/workflows/bb_containers.yml +++ b/.github/workflows/bb_containers.yml @@ -92,17 +92,6 @@ jobs: # //TEMP Error: Unable to find a match: ccache python3-scons (on # s390x) # platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x - - dockerfile: rhel7.Dockerfile pip.Dockerfile - image: rhel7 - platforms: linux/amd64 - - dockerfile: rhel.Dockerfile - image: ubi8 - tag: rhel8 - platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x - - dockerfile: rhel.Dockerfile pip.Dockerfile - image: ubi9 - tag: rhel9 - platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x - dockerfile: opensuse.Dockerfile pip.Dockerfile image: opensuse/leap:15.3 tag: opensuse15 @@ -128,24 +117,11 @@ jobs: echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV fi echo "REPO=bb-worker" >>$GITHUB_ENV - - name: Check for rhel subscription credentials - if: > - (contains(matrix.dockerfile, 'rhel')) && - github.ref == 'refs/heads/main' - run: | - missing=() - [[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID) - [[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME) - for i in "${missing[@]}"; do - echo "Missing github secret: $i" - done - (( ${#missing[@]} == 0 )) || exit 1 - echo "BUILD_RHEL=true" >> $GITHUB_ENV - name: Generate Dockerfile and necessary files run: | cd ${{ env.WORKDIR }} - cat ${{ matrix.dockerfile }} common.Dockerfile >/home/runner/work/Dockerfile - cp -r qpress /home/runner/work + cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile + cp -r qpress $GITHUB_WORKSPACE - name: No wsrep on 32 bit platforms if: > (contains(matrix.platforms, 'linux/386')) @@ -166,7 +142,6 @@ jobs: # https://access.redhat.com/discussions/672313#comment-2360508 sudo chronyc -a makestep - name: Build image - if: (!contains(matrix.dockerfile, 'rhel')) run: | podman manifest create ${{ env.REPO }}:${{ env.IMG }} for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do @@ -176,47 +151,17 @@ jobs: podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \ --platform $arch \ --manifest ${{ env.REPO }}:${{ env.IMG }} \ - -f /home/runner/work/Dockerfile \ + -f $GITHUB_WORKSPACE/Dockerfile \ --build-arg base_image=${{ matrix.image }} \ --build-arg mariadb_branch=${{ matrix.branch }} done podman images - - name: Build image (rhel) - if: ${{ env.BUILD_RHEL == 'true' }} - run: | - # create secrets - echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid - echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname - podman manifest create ${{ env.REPO }}:${{ env.IMG }} - for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do - msg="Build $arch:" - line="${msg//?/=}" - printf "\n${line}\n${msg}\n${line}\n" - podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \ - --secret id=rhel_orgid,src=./rhel_orgid \ - --secret id=rhel_keyname,src=./rhel_keyname \ - --platform $arch \ - --manifest ${{ env.REPO }}:${{ env.IMG }} \ - -f /home/runner/work/Dockerfile \ - --build-arg base_image=${{ matrix.image }} \ - --build-arg mariadb_branch=${{ matrix.branch }} - done - rm -f rhel_orgid rhel_keyname - podman images - name: Push images to local registry - if: (!contains(matrix.dockerfile, 'rhel')) - run: | - podman manifest push --tls-verify=0 \ - --all ${{ env.REPO }}:${{ env.IMG }} \ - docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} - - name: Push images to local registry (rhel) - if: ${{ env.BUILD_RHEL == 'true' }} run: | podman manifest push --tls-verify=0 \ --all ${{ env.REPO }}:${{ env.IMG }} \ docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} - name: Check multi-arch container - if: (!contains(matrix.dockerfile, 'rhel')) run: | for p in ${{ matrix.platforms }}; do platform="${p/,/}" @@ -229,24 +174,6 @@ jobs: docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp" done - - name: Check multi-arch container (rhel) - if: ${{ env.BUILD_RHEL == 'true' }} - run: | - # make space on the runner (rhel9 can't finish otherwise) - if [[ -d $HOME/.local/share/containers ]]; then - sudo rm -rf $HOME/.local/share/containers - fi - for p in ${{ matrix.platforms }}; do - platform="${p/,/}" - image="localhost:5000/bb-worker:${{ env.IMG }}" - msg="Testing docker image $image on platform $platform" - line="${msg//?/=}" - printf "\n${line}\n${msg}\n${line}\n" - docker pull -q --platform "$platform" "$image" - docker run -i "$image" buildbot-worker --version - docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac - docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp" - done - name: Check for registry credentials run: | missing=() diff --git a/.github/workflows/bb_containers_rhel.yml b/.github/workflows/bb_containers_rhel.yml new file mode 100644 index 00000000..e6ebeb5a --- /dev/null +++ b/.github/workflows/bb_containers_rhel.yml @@ -0,0 +1,172 @@ +--- +name: bbw container build (rhel) + +on: + push: + paths: + - .github/workflows/bb_containers_rhel.yml + - "ci_build_images/**" + pull_request: + paths: + - .github/workflows/bb_containers_rhel.yml + - "ci_build_images/**" + +jobs: + build: + runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }}) + strategy: + fail-fast: false + matrix: + include: + - dockerfile: rhel7.Dockerfile pip.Dockerfile + image: rhel7 + platforms: linux/amd64 + - dockerfile: rhel.Dockerfile + image: ubi8 + tag: rhel8 + platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x + - dockerfile: rhel.Dockerfile pip.Dockerfile + image: ubi9 + tag: rhel9 + platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x + env: + BUILD_RHEL: false + DEPLOY_IMAGES: false + WORKDIR: ci_build_images + + steps: + - uses: actions/checkout@v2 + - name: Set up env vars + run: | + set -vx + [[ -n "${{ matrix.image }}" ]] || { + echo "Missing base image (FROM)" + exit 1 + } + if [[ -n "${{ matrix.tag }}" ]]; then + echo "IMG=${{ matrix.tag }}" >>$GITHUB_ENV + else + TAG_TMP=${{ matrix.image }} + echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV + fi + echo "REPO=bb-worker" >>$GITHUB_ENV + - name: Check for rhel subscription credentials + run: | + missing=() + [[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID) + [[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME) + for i in "${missing[@]}"; do + echo "Missing github secret: $i" + done + (( ${#missing[@]} == 0 )) || exit 1 + echo "BUILD_RHEL=true" >> $GITHUB_ENV + - name: Generate Dockerfile and necessary files + run: | + cd ${{ env.WORKDIR }} + cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile + cp -r qpress $GITHUB_WORKSPACE + - name: Check Dockerfile with hadolint + run: | + docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile + - name: Install qemu-user-static + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static + - name: Make sure that time is in sync + run: | + # RHEL subscription needs that time and date + # is correct and is syncing with an NTP-server + # https://access.redhat.com/discussions/672313#comment-2360508 + sudo chronyc -a makestep + - name: Build image + if: ${{ env.BUILD_RHEL == 'true' }} + run: | + # create secrets + echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid + echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname + podman manifest create ${{ env.REPO }}:${{ env.IMG }} + for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do + msg="Build $arch:" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \ + --secret id=rhel_orgid,src=./rhel_orgid \ + --secret id=rhel_keyname,src=./rhel_keyname \ + --platform $arch \ + --manifest ${{ env.REPO }}:${{ env.IMG }} \ + -f $GITHUB_WORKSPACE/Dockerfile \ + --build-arg base_image=${{ matrix.image }} \ + --build-arg mariadb_branch=${{ matrix.branch }} + done + rm -f rhel_orgid rhel_keyname + podman images + - name: Push images to local registry + if: ${{ env.BUILD_RHEL == 'true' }} + run: | + podman manifest push --tls-verify=0 \ + --all ${{ env.REPO }}:${{ env.IMG }} \ + docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} + - name: Check multi-arch container + run: | + for p in ${{ matrix.platforms }}; do + platform="${p/,/}" + image="localhost:5000/bb-worker:${{ env.IMG }}" + msg="Testing docker image $image on platform $platform" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + docker pull -q --platform "$platform" "$image" + docker run -i "$image" buildbot-worker --version + docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac + docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp" + done + - name: Check for registry credentials + run: | + missing=() + [[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER) + [[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN) + for i in "${missing[@]}"; do + echo "Missing github secret: $i" + done + if (( ${#missing[@]} == 0 )); then + echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV + else + echo "Not pushing images to registry" + fi + - name: Login to ghcr.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push images to ghcr.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + run: | + msg="Push docker image to ghcr.io (${{ env.IMG }})" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + skopeo copy --all --src-tls-verify=0 \ + docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \ + docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }} + - name: Login to registry + if: ${{ env.DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_TOKEN }} + - name: Push images to quay.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + run: | + msg="Push docker image to quay.io (${{ env.IMG }})" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + skopeo copy --all --src-tls-verify=0 \ + docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \ + docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}