-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CI:BUILD] Podman FCOS image from main #19477
Conversation
TODO: add https://github.com/packit/wait-for-copr as a github action here. |
9e12e95
to
258a3e6
Compare
@cevich could you PTAL at the included github action? (RE: #19448) goals of the github action:
|
@benoitf in the github issue you were looking for this image to be published at https://quay.io/repository/podman/upstream?tab=tags ? AFAICT, the |
hi, @lsm5 in the issue I said I'm fine with any name Also, would it include 'released' version like : |
I'm thinking an explicit enough rolling tag I'm ok with commit SHAs as tags, but wondering if we'll end up with a really huge tag list, and if that's tolerable. @containers/podman-maintainers wdyt? If that's too much to be handled in PR comments, we could move this over to a discussion or something.
Almost never, assuming I'm reading your question correctly. podman-next copr has whatever exists on the main branch. For podman we cut releases from the release branches. |
The container images built from |
About tags you can set an expiration date like one month or 3 weeks on quay.io So it won't keep all tags forever https://docs.projectquay.io/use_quay.html#tag-expiration
|
ohh my bad. I was under the impression you were talking about pushing those tags to upstream podman. tags in quay should be fine with expiration date. Thanks @benoitf . |
FWIW, we could do any of: https://quay.io/repository/containers/fcos or possibly others, your pick. |
@TomSweeneyRedHat I'm thinking:
and as @benoitf suggested we also keep tags named with the actual commit ID with an expiration date set. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First off the positive: You're brave for figuring out GHA enough to write this. Nice job, well done, and good for you 👍
Unfortunately, I think there are quite a few changes needed here to make it reliable/stable enough to support high-velocity development in this repo.
Taking a step back (I'm not 100% clear on what this job does), it currently only runs on every push to main
, and doesn't seem to really need or touch any low-level github specific things. That makes me think maybe it would be better implemented as a script for a new cirrus-task (this would address many of my concerns above). Of course, I'm happy to help with this if it's a viable option.
Major Bias note: I've been cut, stabbed, shot, spanked, mutilated, and often barely escaped by the skin-of-my-teeth. After probably hundreds of hours fighting with GHA "stuffs" since Beta. IMHO, it's a badly architected automation system, immature (still), overly complex (in subtle ways), and fragile (breaking changes happen). Again IMHO, if/when/where possible, most automation should avoid using it in favor of our standard tried/true/boring/ancient/mature/non-fancy Cirrus-CI solution.)
chatgpt created the structure, i filled in the blanks 😆
Those are the 3 things we need. Packit people suggested using
Yup, I'm aware of your thoughts on this :D . Just that I saw many other GHA's already, so I thought I'd go ahead. |
@lsm5 your naming suggestion works for me. |
Ya, hence my positive comment up-front. Knowing how GHA works in general is a useful skill to have.
If I understand things right (maybe left, maybe not at all), I think the first two items could be valuable to do at the PR level. Confirming Cirrus (or GHA workflow) is able to successfully sync. with both the build, and confirm the artifact is "good" (i.e. maybe curl it down, do a test install, other simple checks). For the third item, maybe we can do the build in the PR test-context but throw away the image at the end. If the run is for the main branch (i.e. post-merge), then it could do something else (if needed)? (Please correct my misunderstandings) |
ack 😄
@benoitf is looking for end-user consumable fcos images, so ideally the end result should be an image pushed to AFAICT, all of these steps can/should run only after the PR has merged. |
@lsm5 I confirm the use case. To have an image on quay.io with tag being the git sha each time a PR is merged on the main branch. |
It's just a container image no? This could be a really simple check, like does I would suggest running the build as a new Cirrus-CI task (using a VM) with the following features:
|
LGTM, though please remember to drop a comment re: followup PR where you're going to work on the Cirrus task. If you can put it in a code or git-commit that would be even better. |
Ahh there, you go. Thanks. |
@cevich removed draft status. mind going ahead with the final slash-lgtm ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
|
||
env: | ||
IMAGE_NAME: fcos | ||
IMAGE_TAGS: latest next podman-next ${{ github.sha }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor: I don't really see a need for next
or podman-next
, since latest
will be effectively the exact same thing.
Also Minor: Using a "naked" commit sha as a tag makes me slightly uncomfortable. It makes sense as an annotation or label for sure. But any lay-person looking at an image named "fcos" on quay, will likely have no clue what the sha belongs to. I'm not 100% on what the intended use of this image is, but I would think something like the full podman version would be more helpful.
Since you're setting an expiration of these tags, it's fine to fixup this stuff later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, now that I think of it, someone browsing: quay.io/podman/fcos
and looking at the tag latest
would assume it's stable, like for example: fedora:latest
points to fedora's latest release. Maybe latest should be removed. If I gotta choose between next and podman-next, I'll choose podman-next.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya, `podman-next' is way more meaningful than 'latest'
image: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: ${{env.IMAGE_TAGS }} | ||
containerfiles: | | ||
./contrib/podman-next/fcos-podmanimage/Containerfile . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor-nit: There's no need to do the |
line-wrapping thing for a single line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's what the redhat-action doc used, so I used the same. I can remove it in followup
tags: ${{ steps.build-image.outputs.tags }} | ||
registry: ${{ env.IMAGE_REGISTRY }} | ||
username: ${{ secrets.QUAY_PODMAN_USERNAME }} | ||
password: ${{ secrets.QUAY_PODMAN_PASSWORD }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just as a reminder: It would be really great to have some kind of notification if the job fails. Basically nobody pays any attention to the 'Actions' tab of the repo. and it seems important to know if the build fails for some reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remind me, do you know of a failure notification mechanism in GHA?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only way I know to do this is like https://github.com/containers/podman/blob/main/.github/workflows/discussion_lock.yml#L57-L68 but maybe there's a way to send an in-app notification? I never looked into it.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich, lsm5 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@benoitf let's hope this works: https://quay.io/repository/podman/fcos?tab=builds |
Ignore that one. That was a manual trigger on quay and not via GHA. I still need to fix something in the GHA which I will continue in #19830 |
@lsm5 I tried the command, first part is working. No error
But then I restart the podman machine
but it's never booting
qemu process is at 99-100% I also tried on a fresh machine (no container, etc) |
created #19851 to discuss the issue |
Followup on containers#19477 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Followup on containers#19477 Remove commented out cirrus task for fcos image build with podman-next and add 2 github actions: 1 for running a simple uni-arch image build on every PR and another to actually build multiarch images and push to quay after merge. `podman --version` will also include git short sha for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <[email protected]>
Does this PR introduce a user-facing change?