Update dependency cilium/cilium to v1.16.1 #1048
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # build images GH actions pipeline | |
| # | |
| # On every PR, we want to build images and tag them appropriately. | |
| # As the images are built, we push commits to the PR that: | |
| # - update the dockerfile args with the new tags | |
| # - save the new tags under versions/ | |
| name: buildx-images | |
| on: | |
| pull_request: | |
| jobs: | |
| # initial configuration | |
| conf: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| dry-run: ${{ steps.configure.outputs.dry-run }} | |
| run: ${{ steps.configure.outputs.run }} | |
| tag: ${{ steps.configure.outputs.tag }} | |
| kvers: ${{ steps.kvers.outputs.result }} | |
| steps: | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| id: run-script | |
| name: run-script | |
| with: | |
| result-encoding: string | |
| script: | | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name == 'gha-builds/just-dont') { | |
| return 'n' | |
| } | |
| } | |
| return 'y' | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| id: dry-run-script | |
| name: dry-run-script | |
| with: | |
| result-encoding: string | |
| script: | | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name == 'gha-builds/dry-run') { | |
| return 'y' | |
| } | |
| } | |
| return 'n' | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| id: kvers | |
| name: kernel versions | |
| with: | |
| script: | | |
| var all_kernels = ['4.19', '5.4', '5.10', '5.15', '6.1', '6.6', 'bpf', 'bpf-next', 'rhel8.6', 'rhel8.9' ] | |
| var kernels = [] | |
| const kernel_label_prefix = 'gha-builds/kernel/' | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name.startsWith(kernel_label_prefix)) { | |
| s = l.name.slice(kernel_label_prefix.length) | |
| if (s.length > 0) { | |
| kernels.push(s) | |
| } | |
| } | |
| } | |
| if (kernels.length == 0) { | |
| kernels = all_kernels | |
| } | |
| ret = [] | |
| for (const k of kernels) { | |
| options = {"ver": k} | |
| switch (k) { | |
| case 'rhel8.6': | |
| options.dockerfile = "dockerfiles/kernel-images-rhel8" | |
| options.platforms = 'linux/amd64' | |
| options.rhel_ver = '8.6' | |
| options.rhel_kver = '4.18.0-372.32.1.el8_6' | |
| break | |
| case 'rhel8.9': | |
| options.dockerfile = "dockerfiles/kernel-images-rhel8" | |
| options.platforms = 'linux/amd64' | |
| options.rhel_ver = '8.9' | |
| options.rhel_kver = '4.18.0-513.24.1.el8_9' | |
| break | |
| default: | |
| options.dockerfile = "dockerfiles/kernel-images" | |
| options.platforms = 'linux/amd64,linux/arm64' | |
| } | |
| ret.push(options) | |
| } | |
| return ret | |
| - name: configure | |
| id: configure | |
| run: | | |
| echo "Kernels: ${{ steps.kvers.outputs.result }}" | |
| echo "dry-run=${{ steps.dry-run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT | |
| echo "run=${{ steps.run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT | |
| tag=$(date +%Y%m%d.%H%M%S) | |
| echo "tag=$tag" | tee -a $GITHUB_OUTPUT | |
| kernel-builder: | |
| needs: [conf] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kernel-builder | |
| build-file: dockerfiles/kernel-builder | |
| build-tag: quay.io/lvh-images/kernel-builder-ci:${{ needs.conf.outputs.tag }} | |
| check-files: dockerfiles/kernel-builder | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| patch-cmd: | | |
| echo ${{ needs.conf.outputs.tag }} > versions/kernel-builder | |
| perl -pi -e 's/^ARG KERNEL_BUILDER_TAG.*$/ARG KERNEL_BUILDER_TAG=${{ needs.conf.outputs.tag }}/' dockerfiles/* | |
| kernel-images: | |
| needs: [conf, kernel-builder] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kernel-image-${{ matrix.kernel.ver }} | |
| build-file: ${{ matrix.kernel.dockerfile }} | |
| build-tag: quay.io/lvh-images/kernel-images-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "RHEL_VER=${{ matrix.kernel.rhel_ver }}" | |
| "RHEL_KVER=${{ matrix.kernel.rhel_kver }}" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: kernel-builder.patch | |
| patch-cmd: | | |
| mkdir -p versions/kernel-images | |
| echo ${{ needs.conf.outputs.tag}} > versions/kernel-images/${{ matrix.kernel.ver }} | |
| platforms: ${{ matrix.kernel.platforms }} | |
| root-builder: | |
| needs: [conf] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - {name: "ubuntu-latest-4cores-16gb", arch: "amd64"} | |
| - {name: "actuated-arm64-4cpu-16gb", arch: "arm64"} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: root-builder-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| check-files: dockerfiles/root-builder | |
| build-file: dockerfiles/root-builder | |
| build-tag: quay.io/lvh-images/root-builder-ci:${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| patch-cmd: | | |
| mkdir -p versions/root-builder | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/root-builder/${{ matrix.runner.arch }} | |
| root-images: | |
| needs: [conf, root-builder] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - {name: "ubuntu-latest-4cores-16gb", arch: "amd64"} | |
| - {name: "actuated-arm64-4cpu-16gb", arch: "arm64"} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: root-images-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| check-files: dockerfiles/root-images _data/images.json _data/env.sh _data/bootstrap | |
| build-file: dockerfiles/root-images | |
| build-tag: quay.io/lvh-images/root-images-ci:${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} | |
| build-args: | | |
| "ROOT_BUILDER_TAG=$(cat versions/root-builder/${{ matrix.runner.arch }})" | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-builder-${{ matrix.runner.arch }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/root-images | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/root-images/${{ matrix.runner.arch }} | |
| kind-images: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, kernel-images, root-images] | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| runner: | |
| - {name: "ubuntu-latest-4cores-16gb", arch: "amd64"} | |
| - {name: "actuated-arm64-4cpu-16gb", arch: "arm64"} | |
| exclude: | |
| - runner: {name: "actuated-arm64-4cpu-16gb", arch: "arm64"} | |
| kernel: {ver: "rhel8.6"} | |
| - runner: {name: "actuated-arm64-4cpu-16gb", arch: "arm64"} | |
| kernel: {ver: "rhel8.9"} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kind-image-${{ matrix.kernel.ver }}-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| build-file: dockerfiles/kind-images | |
| build-tag: quay.io/lvh-images/kind-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}" | |
| "ROOT_IMAGES_TAG=$(cat versions/root-images/${{ matrix.runner.arch }})" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-images-${{ matrix.runner.arch }}.patch | |
| apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/kind/${{ matrix.runner.arch }} | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/kind/${{ matrix.runner.arch }}/${{ matrix.kernel.ver }} | |
| # complexity-test-images is hardcoded amd64 only for now | |
| complexity-test-images: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, kernel-images, root-images] | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: complexity-test-${{ matrix.kernel.ver }}-amd64 | |
| build-file: dockerfiles/complexity-test-images | |
| build-tag: quay.io/lvh-images/complexity-test-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}" | |
| "ROOT_IMAGES_TAG=$(cat versions/root-images/amd64)" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-images-amd64.patch | |
| apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/complexity-test | |
| echo ${{ needs.conf.outputs.tag}} > versions/complexity-test/${{ matrix.kernel.ver }} | |
| commit-changes: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, root-images, complexity-test-images, kind-images] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha: ${{ steps.push.outputs.sha }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: download all artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| pattern: "*.patch" | |
| path: /tmp/artifacts | |
| - name: push new version | |
| id: push | |
| run: | | |
| git switch -c tmp | |
| git config user.name "GH action" | |
| git config user.email "[email protected]" | |
| find /tmp/artifacts -type f ! -size 0 | xargs git am | |
| git reset --soft ${{ github.event.pull_request.head.ref }} | |
| git status | |
| f=$(mktemp) | |
| echo "GHA: update tags" >> $f | |
| echo "" >> $f | |
| git commit -a -F $f --trailer "X-GHA-TAG: ${{ needs.conf.outputs.tag }}" | |
| git push --force origin HEAD:${{ github.event.pull_request.head.ref }} | |
| sha=$(git rev-parse HEAD) | |
| echo "sha=$sha" | tee -a $GITHUB_OUTPUT | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| env: | |
| SHA: ${{ steps.push.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Commit was generated", | |
| state: 'pending', | |
| }) | |
| print_image_kernels: | |
| needs: [conf, commit-changes] | |
| if: ${{ needs.conf.outputs.run == 'y' && needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - "ubuntu-latest" | |
| - "actuated-arm64-2cpu-8gb" | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: install crane | |
| env: | |
| VERSION: v0.19.1 | |
| run: | | |
| ARCH=$([ "$(uname -m)" == "aarch64" ] && echo "arm64" || echo $(uname -m)) | |
| URL="https://github.com/google/go-containerregistry/releases/download/$VERSION/go-containerregistry_Linux_$ARCH.tar.gz" | |
| curl -fSL $URL | sudo tar -xz -C /usr/local/bin crane | |
| crane version | |
| - name: Install LVH cli | |
| working-directory: /tmp | |
| shell: bash | |
| run: | | |
| crane export quay.io/lvh-images/lvh:latest --platform linux/$(dpkg --print-architecture) lvh.tar | |
| tar --transform='s#usr/bin/##g' -xf lvh.tar usr/bin/lvh | |
| rm lvh.tar | |
| chmod +x lvh && sudo mv lvh /usr/local/bin | |
| lvh version | |
| - name: Install dependencies | |
| run: | | |
| deps="expect cpu-checker qemu-system-x86 qemu-system-aarch64" | |
| n=0 | |
| until [ "$n" -ge 5 ]; do | |
| success=1 | |
| sudo apt update && \ | |
| sudo apt-get clean && \ | |
| sudo apt-get -y --no-install-recommends install ${deps} && \ | |
| break || success=0 | |
| n=$((n+1)) | |
| sleep 1 | |
| done | |
| [ $success -eq 1 ] || exit 42 | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| ref: ${{ needs.commit-changes.outputs.sha }} | |
| - name: versions | |
| id: versions | |
| working-directory: ./versions/kind | |
| run: | | |
| echo "| Image | kernel version |" > /tmp/image-log | |
| echo "| --- | --- |" >> /tmp/image-log | |
| images_folder=/tmp/lvh-images | |
| sudo mkdir $images_folder; sudo chmod 777 $images_folder | |
| for f in $(find $(dpkg --print-architecture) -type f ); do | |
| df -h / | |
| v=$(basename $f) | |
| image_tag=$(cat $f) | |
| image="quay.io/lvh-images/kind-ci:$v-$image_tag" | |
| # extract the qcow2 image | |
| crane export $image --platform linux/$(dpkg --print-architecture) $images_folder/kind_$v.tar | |
| tar --transform='s#data/images/##g' -xvf $images_folder/kind_$v.tar data/images/kind_$v.qcow2.zst | |
| mv kind_$v.qcow2.zst $images_folder | |
| rm $images_folder/kind_$v.tar | |
| zstd -d $images_folder/kind_$v.qcow2.zst -o $images_folder/kind_$v.qcow2 | |
| rm $images_folder/kind_$v.qcow2.zst | |
| if [ "$(uname -m)" = "aarch64" ]; then | |
| # extract the compressed kernel | |
| kernel_tag=$(cat ../kernel-images/$v) | |
| kernel="quay.io/lvh-images/kernel-images-ci:$v-$kernel_tag" | |
| crane export $kernel --platform linux/$(dpkg --print-architecture) $images_folder/kernel_$v.tar | |
| tar --transform="s#data/kernels/$v/boot/##g" --wildcards -xvf $images_folder/kernel_$v.tar data/kernels/$v/boot/vmlinuz* | |
| mv vmlinuz* $images_folder/vmlinuz | |
| rm $images_folder/kernel_$v.tar | |
| fi | |
| if [ "$(uname -m)" = "aarch64" ]; then | |
| expect -c " | |
| set timeout 60 | |
| spawn lvh run --image $images_folder/kind_$v.qcow2 --kernel $images_folder/vmlinuz | |
| expect -re \"Linux version .*\n\" { exit } | |
| " | tee /tmp/expect.log | |
| else | |
| expect -c " | |
| set timeout 60 | |
| spawn lvh run --image $images_folder/kind_$v.qcow2 | |
| expect -re \"Linux version .*\n\" { exit } | |
| " | tee /tmp/expect.log | |
| fi | |
| linux_ver=$(cat /tmp/expect.log | sed -ne 's/^.*Linux version \([^ ]\+\).*$/\1/p') | |
| echo "| ${image} | ${linux_ver} |" | tee -a /tmp/image-log | |
| rm $images_folder/* | |
| done | |
| echo 'IMAGE_LOG<<EOF' >> $GITHUB_ENV | |
| cat /tmp/image-log >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| - name: comment | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: ${{ github.event.pull_request.number != '' }} | |
| with: | |
| script: | | |
| const { IMAGE_LOG } = process.env | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `👋\nHere are the kernel versions for the images:\n${IMAGE_LOG}\n` | |
| }) | |
| finalize: | |
| needs: [conf, commit-changes, print_image_kernels] | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| steps: | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Images were generated and tags were updated", | |
| state: 'success', | |
| }) | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run == 'y' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Everything went OK, but this was a dry-run. Failing final check.", | |
| state: 'failure', | |
| }) | |
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: ${{ needs.commit-changes.result != 'success' && needs.commit-changes.outputs.sha != '' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Something went wrong and commit was not successful. Failing final check.", | |
| state: 'failure', | |
| }) |