From e87072b88a6889018db37a60113521f7c0291ca7 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 16 Oct 2024 14:04:02 +0100 Subject: [PATCH] docker: add action to deploy windows build image --- .github/workflows/build.yml | 5 ++ .github/workflows/build_vagrant.yml | 2 +- .github/workflows/build_windows.yml | 48 +++++++++++++++++++ .github/workflows/build_wsl.yml | 2 +- FAQ.md | 2 +- ansible/docker/Dockerfile.win2022 | 22 ++++----- ansible/inventory.yml | 2 - .../roles/ANT/tasks/main.yml | 7 +-- .../roles/Incredibuild/tasks/main.yml | 17 ++++--- .../roles/MSVS_2022/tasks/main.yml | 2 +- .../roles/MSVS_2022_REDIST/tasks/main.yml | 4 +- 11 files changed, 81 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/build_windows.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 553b2f6f58..e0a456b0ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,11 @@ on: branches: - master +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + permissions: contents: read diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index b6b51eb51f..029b946941 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -10,7 +10,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml new file mode 100644 index 0000000000..f863597109 --- /dev/null +++ b/.github/workflows/build_windows.yml @@ -0,0 +1,48 @@ +name: Docker (Windows) + +on: + pull_request: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + push: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +permissions: + id-token: write + contents: read + +jobs: + build: + if: startsWith(github.repository, 'adoptium/') + runs-on: windows-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Login to our Azure subscription + if: github.ref == 'refs/heads/master' + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Build container image + run: docker build -t adoptium.azurecr.io/windows2022_build_image:latest -f ansible/docker/Dockerfile.win2022 . + + - name: Push container image to ACR + if: github.ref == 'refs/heads/master' + run: | + az acr login --name adoptium + docker push adoptium.azurecr.io/windows2022_build_image:latest diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index 2e81b342fe..e59d2e2138 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -14,7 +14,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/FAQ.md b/FAQ.md index 6529c738bf..08e3afa360 100644 --- a/FAQ.md +++ b/FAQ.md @@ -89,7 +89,7 @@ have at the moment: | [Centos6](./ansible/docker/Dockerfile.CentOS6) | [`adoptopenjdk/centos6_build_image`](https://hub.docker.com/r/adoptopenjdk/centos6_build_image)| linux/amd64 | [GH Actions](.github/workflows/build.yml) | Yes | [Alpine3](./ansible/docker/Dockerfile.Alpine3) | [`adoptopenjdk/alpine3_build_image`](https://hub.docker.com/r/adoptopenjdk/alpine3_build_image) | linux/x64 & linux/arm64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes | [Ubuntu 20.04 (riscv64 only)](./ansible/docker/Dockerfile.Ubuntu2004-riscv64) | [`adoptopenjdk/ubuntu2004_build_image:linux-riscv64`](https://hub.docker.com/r/adoptopenjdk/ubuntu2004_build_image) | linux/riscv64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes -| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | n/a - restricted | Windows | No +| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | `adoptium.azurecr.io/windows2022_build_image` - restricted | Windows | [GH Actions](.github/workflows/build_windows.yml) | Yes
(*) - Caveats: diff --git a/ansible/docker/Dockerfile.win2022 b/ansible/docker/Dockerfile.win2022 index 3674a2f145..08eb089eb9 100644 --- a/ansible/docker/Dockerfile.win2022 +++ b/ansible/docker/Dockerfile.win2022 @@ -16,11 +16,10 @@ RUN powershell -Command \ Write-Host 'Checksum verification succeeded!' -ForegroundColor Green; \ }" -# Set up cygwin with git and ansible as a bootstrap, and add to system default path -RUN setup-x86_64.exe --packages git,ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode & \ - C:\cygwin64\bin\git config --system core.autocrlf false & \ - del setup-x86_64.exe & \ - setx PATH "c:\cygwin64\bin;%PATH%" & \ +# Set up cygwin with ansible as a bootstrap, and add to system default path +RUN setup-x86_64.exe --packages ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode && \ + del setup-x86_64.exe && \ + setx PATH "c:\cygwin64\bin;%PATH%" && \ mkdir c:\temp # Download Ansible Config Script & Verify Its Checksum @@ -45,13 +44,14 @@ RUN PowerShell .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999 & \ # Set up WinRM user, clone and run the playbook, then delete the user so it's not in any layer ENV TERM=dumb -RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD & \ - C:\cygwin64\bin\git clone https://github.com/sxa/infrastructure -b windows_docker_support c:/infrastructure & \ - sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ - echo localhost ansible_connection=winrm > infrastructure/ansible/hosts & \ - cd infrastructure\ansible & \ +COPY . infrastructure + +RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD && \ + sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ + echo localhost ansible_connection=winrm > infrastructure/ansible/hosts && \ + cd infrastructure\ansible && \ C:\cygwin64\bin\python3.7m.exe /usr/bin/ansible-playbook -e git_sha=00000000 -e ansible_user=ansible -e ansible_password=%PW% -i hosts \ - --skip-tags=adoptopenjdk,reboot,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019 playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ + --skip-tags=adoptopenjdk,reboot,Windows_Updates,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019,NVidia_Cuda_Toolkit,clang_64bit,clang_32bit,nasm,Rust,IcedTea-Web playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ net user ansible /DELETE ENTRYPOINT ["C:\\Program Files (x86)\\Microsoft Visual Studio\\2022\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"] diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 1504b85c4a..266ce34203 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -15,8 +15,6 @@ hosts: ubuntu2204-x64-1: {ip: 172.187.163.163, user: adoptopenjdk, description: infra-wazuh-server} ubuntu2204-x64-2: {ip: 20.90.182.165, description: trss.adoptium.net} ubuntu2204-x64-3: {ip: 172.187.93.97, description: awx.adoptium.net} - ubuntu2204-vagrant-x64-1: {ip: 172.203.178.157, description: VPC-Qemu-1} - ubuntu2204-vagrant-x64-2: {ip: 48.217.96.46, description: VPC-Qemu-2} - digitalocean: ubuntu2004-x64-1: {ip: 178.62.115.224, description: bastillion.adoptopenjdk.net} diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml index 42affc1265..c0d306f974 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml @@ -64,12 +64,7 @@ tags: ANT - name: Download ant-contrib - win_get_url: - url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip - dest: c:\temp\ant-contrib.zip - force: no - checksum: 22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc - checksum_algorithm: sha256 + win_shell: c:\cygwin64\bin\curl -L -o /cygdrive/c/temp/ant-contrib.zip https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip when: (not ant_contrib_installed.stat.exists) tags: ANT diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml index 598e006981..54643336df 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml @@ -3,16 +3,19 @@ # Incredibuild - Configuration Tasks # ####################################### -- name: Check if the ibxbuild service exists - ansible.windows.win_service_info: - name: IBXDashboard +- name: Check if the IBXDashboard service exists + win_shell: | + if (Get-Service -Name 'IBXDashboard' -ErrorAction SilentlyContinue) { + Write-Host "exists" + } register: service_info + changed_when: false - name: Stop the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: stopped - when: service_info.exists + when: "'exists' in service_info.stdout" - name: Check if incredibuild.conf file exists win_stat: @@ -28,7 +31,7 @@ when: incredibuild_conf_file.stat.exists - name: Start the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: started - when: service_info.exists + when: "'exists' in service_info.stdout" diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml index 309943273f..84bf3b8924 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml @@ -100,7 +100,7 @@ # Download & Install VS2022 When No Layout & Not AdoptOpenJDK # This is the target that you're redirected to when you go to https://aka.ms/vs/17/release/vs_community.exe -- name: Download Visual Studio Community 2022 +- name: Download Visual Studio Build Tools 2022 win_get_url: # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-history # 17.7.34302.85 url: 'https://download.visualstudio.microsoft.com/download/pr/47b236ad-5505-4752-9d2b-5cf9795528bc/87684889f46dec53d1452f4a0ff9fec1ac202a97ebed866718d7c0269e814b28/vs_BuildTools.exe' diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml index ff4805b2e3..641e56fff4 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml @@ -19,13 +19,13 @@ tags: MSVS_2022_REDIST - name: Check if C:\openjdk\devkit exists - ansible.windows.win_stat: + win_stat: path: 'c:\openjdk\devkit' register: directory_status tags: MSVS_2022_REDIST - name: Create C:\openjdk\devkit if it does not exist - ansible.windows.win_file: + win_file: path: 'c:\openjdk\devkit\' state: directory when: not directory_status.stat.exists