Skip to content

docker: update to Debian 12 (Bookworm) #526

docker: update to Debian 12 (Bookworm)

docker: update to Debian 12 (Bookworm) #526

Workflow file for this run

name: Build and Test
env:
GITHUB_TAG: ghcr.io/${{ github.repository }}
on:
push:
branches-ignore:
- '*.tmp'
tags:
- '*'
# Build at 04:00am every Monday
schedule:
- cron: "0 4 * * 1"
pull_request:
workflow_dispatch:
jobs:
test:
strategy:
fail-fast: false
matrix:
variant:
- debos-arch
- debos-bookworm
- debos-bullseye
- debos-trixie
runs-on: ubuntu-latest
defaults:
run:
shell: bash
container:
image: ghcr.io/go-debos/test-containers/${{matrix.variant}}:main
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Test build
run: go build -o debos cmd/debos/debos.go
- name: Run unit tests
run: go test -v ./... | tee test.out
- name: Ensure no tests were skipped
run: "! grep -q SKIP test.out"
build:
name: Build Docker container
runs-on: ubuntu-latest
needs: test
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v3
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
pull: true
file: docker/Dockerfile
tags: debos
cache-from: type=local,src=/tmp/.build-cache
cache-to: type=local,dest=/tmp/.build-cache,mode=max
outputs: type=docker,dest=/tmp/debos-image.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: debos-image
path: /tmp/debos-image.tar
unit-tests:
name: Run unit tests
needs:
- build
runs-on: ubuntu-latest
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v3
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: debos-builder
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache
load: true
target: builder
- name: Run unit tests
run: |
docker-compose -f docker/unit-tests.test.yml \
up --exit-code-from=sut
recipe-tests:
runs-on: ubuntu-latest
needs: build
strategy:
fail-fast: false
matrix:
backend:
- { name: "nofakemachine", backend: "--disable-fakemachine", install_qemu: true }
- { name: "qemu", backend: "--fakemachine-backend=qemu" }
- { name: "uml", backend: "--fakemachine-backend=uml" }
test:
- { name: "recipes", case: "recipes" }
- { name: "debian (amd64)", case: "debian", variables: "-t architecture:amd64" }
- { name: "debian (arm64)", case: "debian", variables: "-t architecture:arm64" }
- { name: "debian (armhf)", case: "debian", variables: "-t architecture:armhf" }
include:
- backend: { name: "arch", backend: "--fakemachine-backend=qemu" }
test: { name: "arch", case: "arch" }
- backend: { name: "qemu", backend: "--fakemachine-backend=qemu" }
test: { name: "partitioning", case: "partitioning" }
- backend: { name: "uml", backend: "--fakemachine-backend=uml" }
test: { name: "apertis", case: "apertis" }
- backend: { name: "uml", backend: "--fakemachine-backend=uml" }
test: { name: "partitioning", case: "partitioning" }
name: ${{matrix.test.name}} on ${{matrix.backend.name}}
steps:
- name: Repository checkout
uses: actions/checkout@v4
- name: Install QEMU emulation binaries
if: matrix.backend.install_qemu
run: |
sudo apt-get update && sudo apt-get install -y qemu-user-static
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: debos-image
path: /tmp
- name: Load image
run: |
docker load --input /tmp/debos-image.tar
- name: run ${{matrix.test.case}} in docker image
run:
docker run
--cgroupns=private
-v $(pwd)/tests:/tests
-w /tests
--tmpfs /scratch:exec
--tmpfs /run
--privileged
-e TMP=/scratch
-e SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1
debos -v
${{matrix.backend.backend}}
${{matrix.test.variables}}
${{matrix.test.case}}/test.yaml
# Job to key success status against
allgreen:
name: allgreen
if: always()
needs:
- unit-tests
- recipe-tests
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
publish-github:
name: Publish to GHCR
needs:
- unit-tests
- recipe-tests
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GITHUB_TAG }}
tags: |
"type=ref,event=branch"
"type=ref,suffix=-{{sha}},event=branch"
"type=ref,suffix=-{{date 'YYYYMMDD'}},event=branch"
"type=ref,event=tag"
"type=ref,event=pr"
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v3
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache
check-dockerhub-secrets:
name: Check DockerHub secrets exist
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
steps:
- id: check-secrets
name: Check secrets exist
run: |
if [[ "${{ secrets.DOCKERHUB_IMAGE }}" != "" && \
"${{ secrets.DOCKERHUB_USERNAME }}" != "" && \
"${{ secrets.DOCKERHUB_PASSWORD }}" != "" ]]; \
then
echo "Dockerhub secrets exist"
echo "has-secrets=true" >> $GITHUB_OUTPUT
else
echo "Dockerhub secrets do not exist; not pushing to Dockerhub"
echo "Please set the following secrets on GitHub (settings > secrets > actions > new):"
echo "DOCKERHUB_IMAGE, DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD"
echo "has-secrets=false" >> $GITHUB_OUTPUT
fi
publish-dockerhub:
name: Publish to DockerHub
needs:
- check-dockerhub-secrets
- unit-tests
- recipe-tests
if: |
needs.check-dockerhub-secrets.outputs.has-secrets == 'true' &&
github.event_name != 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_IMAGE }}
tags: |
"type=ref,event=branch"
"type=ref,suffix=-{{sha}},event=branch"
"type=ref,suffix=-{{date 'YYYYMMDD'}},event=branch"
"type=ref,event=tag"
"type=ref,event=pr"
- name: Login to DockerHub
uses: docker/login-action@v3
continue-on-error: true
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Use cache
uses: actions/cache@v3
with:
path: /tmp/.build-cache
key: ${{ runner.os }}-docker
- name: Build and push Docker image
uses: docker/build-push-action@v5
continue-on-error: true
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: docker/Dockerfile
cache-from: type=local,src=/tmp/.build-cache