Skip to content

docker: install qemu-user-static from backports #880

docker: install qemu-user-static from backports

docker: install qemu-user-static from backports #880

Workflow file for this run

name: Build and Test
env:
GITHUB_TAG: ghcr.io/${{ github.repository }}
DOCKER_TARGET_PLATFORMS: linux/amd64,linux/arm64
on:
push:
branches-ignore:
- '*.tmp'
tags:
- '*'
# Build at 04:00am every Monday
schedule:
- cron: "0 4 * * 1"
pull_request:
workflow_dispatch:
jobs:
test:
strategy:
fail-fast: false
matrix:
variant:
- arch
- bookworm
- trixie
runs-on: ubuntu-latest
defaults:
run:
shell: bash
container:
image: ghcr.io/go-debos/test-containers/${{matrix.variant}}:main
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Test build
run: go build -o debos cmd/debos/debos.go
- name: Run unit tests
run: go test -v ./... | tee test.out
- name: Ensure no tests were skipped
run: "! grep -q SKIP test.out"
build:
name: Build Docker container
runs-on: ubuntu-latest
needs: test
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v4
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: false
pull: true
file: docker/Dockerfile
platforms: ${{ env.DOCKER_TARGET_PLATFORMS }}
tags: debos
cache-from: type=local,src=/tmp/.build-cache
cache-to: type=local,dest=/tmp/.build-cache,mode=max
# WORKAROUND:
# Docker buildx cannot export multi-platform images with type=docker,
# but only with type=oci. The latter cannot be imported without an
# intermediate registry. Thus export only the amd64 image for usage
# in the test stage.
#
# see https://docs.docker.com/reference/cli/docker/buildx/build/#docker
- name: Export amd64 Docker image for later usage
uses: docker/build-push-action@v6
with:
context: .
push: false
pull: true
file: docker/Dockerfile
platforms: linux/amd64
tags: debos
cache-from: type=local,src=/tmp/.build-cache
cache-to: type=local,dest=/tmp/.build-cache,mode=max
outputs: type=docker,dest=/tmp/debos-image.tar
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: debos-image
path: /tmp/debos-image.tar
unit-tests:
name: Run unit tests
needs:
- build
runs-on: ubuntu-latest
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v4
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: false
tags: debos-builder
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache
load: true
target: builder
- name: Run unit tests
run: |
docker compose -f docker/unit-tests.test.yml \
up --exit-code-from=sut
recipe-tests:
needs: build
strategy:
fail-fast: false
matrix:
backend:
- nofakemachine
- qemu
- uml
- kvm
test:
- { name: "recipes", case: "recipes" }
- { name: "templating", case: "templating", variables: " -t escaped:\\$ba\\'d\\$gers\\ snakes" }
- { name: "partitioning", case: "partitioning" }
- { name: "msdos partitioning", case: "msdos" }
- { name: "debian (amd64)", case: "debian", variables: "-t architecture:amd64" }
exclude:
- backend: nofakemachine
test: { name: "partitioning", case: "partitioning" }
- backend: nofakemachine
test: { name: "msdos partitioning", case: "msdos" }
include:
- backend: kvm
test: { name: "debian (arm64)", case: "debian", variables: "-t architecture:arm64" }
- backend: kvm
test: { name: "debian (armhf)", case: "debian", variables: "-t architecture:armhf" }
- backend: kvm
test: { name: "arch", case: "arch" }
- backend: kvm
test: { name: "apertis", case: "apertis" }
name: ${{matrix.test.name}} on ${{matrix.backend}}
runs-on: 'ubuntu-latest'
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Install QEMU emulation binaries
if: ${{ matrix.backend == 'nofakemachine' }}
run: |
sudo apt-get update && sudo apt-get install -y qemu-user-static
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: debos-image
path: /tmp
- name: Load image
run: |
docker load --input /tmp/debos-image.tar
- name: run ${{matrix.test.case}} in docker image
run:
docker run
--cgroupns=private
-v $(pwd)/tests:/tests
-w /tests
--tmpfs /scratch:exec
--tmpfs /run
${{ matrix.backend.name == 'kvm' && '--device /dev/kvm' || '' }}
--privileged
-e TMP=/scratch
-e SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1
debos -v
${{matrix.backend == 'nofakemachine' && '--disable-fakemachine' || format('{0}{1}', '--fakemachine-backend=',matrix.backend) }}
${{matrix.test.variables}}
${{matrix.test.case}}/test.yaml
# Job to key success status against
allgreen:
name: allgreen
if: always()
needs:
- unit-tests
- recipe-tests
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
publish-github:
name: Publish to GHCR
needs:
- unit-tests
- recipe-tests
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GITHUB_TAG }}
tags: |
"type=ref,event=branch"
"type=ref,suffix=-{{sha}},event=branch"
"type=ref,suffix=-{{date 'YYYYMMDD'}},event=branch"
"type=ref,event=tag"
"type=ref,event=pr"
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v4
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: ${{ env.DOCKER_TARGET_PLATFORMS }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache
check-dockerhub-secrets:
name: Check DockerHub secrets exist
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
steps:
- id: check-secrets
name: Check secrets exist
run: |
if [[ "${{ secrets.DOCKERHUB_IMAGE }}" != "" && \
"${{ secrets.DOCKERHUB_USERNAME }}" != "" && \
"${{ secrets.DOCKERHUB_PASSWORD }}" != "" ]]; \
then
echo "Dockerhub secrets exist"
echo "has-secrets=true" >> $GITHUB_OUTPUT
else
echo "Dockerhub secrets do not exist; not pushing to Dockerhub"
echo "Please set the following secrets on GitHub (settings > secrets > actions > new):"
echo "DOCKERHUB_IMAGE, DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD"
echo "has-secrets=false" >> $GITHUB_OUTPUT
fi
publish-dockerhub:
name: Publish to DockerHub
needs:
- check-dockerhub-secrets
- unit-tests
- recipe-tests
if: |
needs.check-dockerhub-secrets.outputs.has-secrets == 'true' &&
github.event_name != 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_IMAGE }}
tags: |
"type=ref,event=branch"
"type=ref,suffix=-{{sha}},event=branch"
"type=ref,suffix=-{{date 'YYYYMMDD'}},event=branch"
"type=ref,event=tag"
"type=ref,event=pr"
- name: Login to DockerHub
uses: docker/login-action@v3
continue-on-error: true
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v4
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build and push Docker image
uses: docker/build-push-action@v6
continue-on-error: true
with:
context: .
push: true
platforms: ${{ env.DOCKER_TARGET_PLATFORMS }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache