aboutsummaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2021-04-21 09:56:26 -0400
committerChris Evich <cevich@redhat.com>2021-04-22 16:20:59 -0400
commit3c5bb7bf0fd2776be29c1a65306b7fc2ab254db8 (patch)
treec91927c8b1cd5580c7c73b292e6eae33e2db5faa /.github
parenta67aec72eda161876b9ba6d4d31af0d7de8fc824 (diff)
downloadpodman-3c5bb7bf0fd2776be29c1a65306b7fc2ab254db8.tar.gz
podman-3c5bb7bf0fd2776be29c1a65306b7fc2ab254db8.tar.bz2
podman-3c5bb7bf0fd2776be29c1a65306b7fc2ab254db8.zip
Add github-action workflow to build/push multi-arch
This borrows very heavily from the work done for buildah by @barthy1 - Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>. Some changes to code and comments made for clarity and specificity. Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/multi-arch-build.yaml181
1 files changed, 181 insertions, 0 deletions
diff --git a/.github/workflows/multi-arch-build.yaml b/.github/workflows/multi-arch-build.yaml
new file mode 100644
index 000000000..1781604fe
--- /dev/null
+++ b/.github/workflows/multi-arch-build.yaml
@@ -0,0 +1,181 @@
+name: build multi-arch images
+
+on:
+ # Upstream podman tends to be very active, with many merges per day.
+ # Only run this daily via cron schedule, or manually, not by branch push.
+ schedule:
+ - cron: '0 8 * * *'
+ # allows to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+jobs:
+ multi:
+ name: multi-arch Podman build
+ env:
+ PODMAN_QUAY_REGISTRY: quay.io/podman
+ CONTAINERS_QUAY_REGISTRY: quay.io/containers
+ # list of architectures for build
+ PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
+
+ # build several images (upstream, testing, stable) in parallel
+ strategy:
+ matrix:
+ # Builds are located under contrib/podmanimage/<source> directory
+ source:
+ - upstream
+ - testing
+ - stable
+ runs-on: ubuntu-latest
+ # internal registry caches build for inspection before push
+ services:
+ registry:
+ image: quay.io/libpod/registry:2
+ ports:
+ - 5000:5000
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+ with:
+ driver-opts: network=host
+ install: true
+
+ - name: Build and locally push Podman
+ uses: docker/build-push-action@v2
+ with:
+ context: contrib/podmanimage/${{ matrix.source }}
+ file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
+ platforms: ${{ env.PLATFORMS }}
+ push: true
+ tags: localhost:5000/podman/${{ matrix.source }}
+
+ # Simple verification that container works + grab version number
+ - name: amd64 container sniff test
+ id: sniff_test
+ run: |
+ VERSION_OUTPUT="$(docker run localhost:5000/podman/${{ matrix.source }} \
+ podman --storage-driver=vfs version)"
+ echo "$VERSION_OUTPUT"
+ VERSION=$(grep -Em1 '^Version: ' <<<"$VERSION_OUTPUT" | awk '{print $2}')
+ test -n "$VERSION"
+ echo "::set-output name=version::${VERSION}"
+
+ # Generate image FQINs, labels, check whether to push
+ - name: Generate image information
+ id: image_info
+ run: |
+ if [[ "${{ matrix.source }}" == 'stable' ]]; then
+ # quay.io/podman/stable:vX.X.X
+ ALLTAGS=$(skopeo list-tags \
+ docker://${{ env.PODMAN_QUAY_REGISTRY }}/stable | \
+ jq -r '.Tags[]')
+ PUSH="false"
+ if fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
+ PUSH="true"
+ fi
+
+ FQIN='${{ env.PODMAN_QUAY_REGISTRY }}/stable:v${{ steps.sniff_test.outputs.version }}' # workaround vim syntax-hilighting bug: '
+ # Only push if version tag does not exist
+ if [[ "$PUSH" == "true" ]]; then
+ echo "Will push $FQIN"
+ echo "::set-output name=podman_push::${PUSH}"
+ echo "::set-output name=podman_fqin::${FQIN}"
+ fi
+
+ # quay.io/containers/podman:vX.X.X
+ unset ALLTAGS
+ ALLTAGS=$(skopeo list-tags \
+ docker://${{ env.CONTAINERS_QUAY_REGISTRY }}/podman | \
+ jq -r '.Tags[]')
+ PUSH="false"
+ if fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
+ PUSH="true"
+ fi
+
+ FQIN='${{ env.CONTAINERS_QUAY_REGISTRY}}/podman:v${{ steps.sniff_test.outputs.version }}' # workaround vim syntax-hilighting bug: '
+ # Only push if version tag does not exist
+ if [[ "$PUSH" == "true" ]]; then
+ echo "Will push $FQIN"
+ echo "::set-output name=containers_push::${PUSH}"
+ echo "::set-output name=containers_fqin::$FQIN"
+ fi
+ else # upstream and testing podman image
+ P_FQIN='${{ env.PODMAN_QUAY_REGISTRY }}/${{ matrix.source }}:master' # workaround vim syntax-hilighting bug: '
+ C_FQIN='${{ env.CONTAINERS_QUAY_REGISTRY}}/podman:master' # workaround vim syntax-hilighting bug: '
+ echo "Will push $P_FQIN and $C_FQIN"
+ echo "::set-output name=podman_fqin::${P_FQIN}"
+ echo "::set-output name=containers_fqin::${C_FQIN}"
+ # Always push 'master' tag
+ echo '::set-output name=podman_push::true'
+ echo '::set-output name=containers_push::true'
+ fi
+
+ # Hack to set $LABELS env. var. in _future_ steps.
+ # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#multiline-strings
+ cat << EOF | tee $GITHUB_ENV
+ LABELS<<DELIMITER
+ org.opencontainers.image.source=https://github.com/${{ github.repository }}.git
+ org.opencontainers.image.revision=${{ github.sha }}
+ org.opencontainers.image.created=$(date -u --iso-8601=seconds)
+ DELIMITER
+ EOF
+
+ # Separate steps to login and push for podman and containers quay
+ # repositories are required, because 2 sets of credentials are used and `docker
+ # login` as well as `podman login` do not support having 2 different
+ # credential sets for 1 registry.
+ # At the same time reuse of non-shell steps is not supported by Github Actions
+ # via anchors or composite actions
+
+ # Push to 'podman' Quay repo for stable, testing. and upstream
+ - name: Login to 'podman' Quay registry
+ uses: docker/login-action@v1
+ if: ${{ steps.image_info.outputs.podman_push == 'true' }}
+ with:
+ registry: ${{ env.PODMAN_QUAY_REGISTRY }}
+ # N/B: Secrets are not passed to workflows that are triggered
+ # by a pull request from a fork
+ username: ${{ secrets.PODMAN_QUAY_USERNAME }}
+ password: ${{ secrets.PODMAN_QUAY_PASSWORD }}
+
+ - name: Push images to 'podman' Quay
+ uses: docker/build-push-action@v2
+ if: ${{ steps.image_info.outputs.podman_push == 'true' }}
+ with:
+ cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }}
+ cache-to: type=inline
+ context: contrib/podmanimage/${{ matrix.source }}
+ file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
+ platforms: ${{ env.PLATFORMS }}
+ push: true
+ tags: ${{ steps.image_info.outputs.podman_fqin }}
+ labels: |
+ ${{ env.LABELS }}
+
+ # Push to 'containers' Quay repo only stable podman
+ - name: Login to 'containers' Quay registry
+ if: ${{ steps.image_info.outputs.containers_push == 'true' }}
+ uses: docker/login-action@v1
+ with:
+ registry: ${{ env.CONTAINERS_QUAY_REGISTRY}}
+ username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
+ password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}
+
+ - name: Push images to 'containers' Quay
+ if: ${{ steps.image_info.outputs.containers_push == 'true' }}
+ uses: docker/build-push-action@v2
+ with:
+ cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }}
+ cache-to: type=inline
+ context: contrib/podmanimage/${{ matrix.source }}
+ file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
+ platforms: ${{ env.PLATFORMS }}
+ push: true
+ tags: ${{ steps.image_info.outputs.containers_fqin }}
+ labels: |
+ ${{ env.LABELS }}