summaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2022-03-10 12:51:47 -0500
committerChris Evich <cevich@redhat.com>2022-03-28 16:56:28 -0400
commitf6963cea130133086f739173b55d1af74a680fef (patch)
treec021fa21bce3432686595cb2b35bf483d1130b06 /.github
parent914e9b3f7057394401b45bbb732fb573414356ff (diff)
downloadpodman-f6963cea130133086f739173b55d1af74a680fef.tar.gz
podman-f6963cea130133086f739173b55d1af74a680fef.tar.bz2
podman-f6963cea130133086f739173b55d1af74a680fef.zip
Cirrus: Build multi-arch images + manifests
Github-actions for large/complex tasks is hard to read and maintain. Reimplement the multi-arch image build workflow into a set of bash scripts that use all native contrainer-org tooling. This requires a special VM image setup with emulation to build foreign architectures. It also requires renaming the `helloimage` directory, because the build script uses the directory name in the image FQIN. Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/multi-arch-build.yaml212
1 files changed, 0 insertions, 212 deletions
diff --git a/.github/workflows/multi-arch-build.yaml b/.github/workflows/multi-arch-build.yaml
deleted file mode 100644
index 1dc485d71..000000000
--- a/.github/workflows/multi-arch-build.yaml
+++ /dev/null
@@ -1,212 +0,0 @@
----
-
-# Please see contrib/<reponame>image/README.md for details on the intentions
-# of this workflow.
-#
-# BIG FAT WARNING: This workflow is duplicated across containers/skopeo,
-# containers/buildah, and containers/podman. ANY AND
-# ALL CHANGES MADE HERE MUST BE MANUALLY DUPLICATED
-# TO THE OTHER REPOS.
-
-name: build multi-arch images
-
-on:
- # Upstream tends to be very active, with many merges per day.
- # Only run this daily via cron schedule, or manually, not by branch push.
- schedule:
- - cron: '0 8 * * *'
- # allows to run this workflow manually from the Actions tab
- workflow_dispatch:
-
-permissions:
- contents: read
-
-jobs:
- multi:
- name: multi-arch image build
- env:
- REPONAME: podman # No easy way to parse this out of $GITHUB_REPOSITORY
- # Server/namespace value used to format FQIN
- REPONAME_QUAY_REGISTRY: quay.io/podman
- CONTAINERS_QUAY_REGISTRY: quay.io/containers
- # list of architectures for build
- PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
- # Command to execute in container to obtain project version number
- VERSION_CMD: "podman --version"
-
- # build several images (upstream, testing, stable) in parallel
- strategy:
- # By default, failure of one matrix item cancels all others
- fail-fast: false
- matrix:
- # Builds are located under contrib/<reponame>image/<source> directory
- source:
- - upstream
- - testing
- - stable
- runs-on: ubuntu-latest
- # internal registry caches build for inspection before push
- services:
- registry:
- image: quay.io/libpod/registry:2
- ports:
- - 5000:5000
- steps:
- - name: Checkout
- uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
-
- - name: Set up QEMU
- uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1
- with:
- driver-opts: network=host
- install: true
-
- - name: Build and locally push image
- uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2
- with:
- context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
- file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
- platforms: ${{ env.PLATFORMS }}
- push: true
- tags: localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
-
- # Simple verification that stable images work, and
- # also grab version number use in forming the FQIN.
- - name: amd64 container sniff test
- if: matrix.source == 'stable'
- id: sniff_test
- run: |
- podman pull --tls-verify=false \
- localhost:5000/$REPONAME/${{ matrix.source }}
- VERSION_OUTPUT=$(podman run \
- localhost:5000/$REPONAME/${{ matrix.source }} \
- $VERSION_CMD)
- echo "$VERSION_OUTPUT"
- VERSION=$(awk -r -e "/^${REPONAME} version /"'{print $3}' <<<"$VERSION_OUTPUT")
- test -n "$VERSION"
- echo "::set-output name=version::$VERSION"
-
- - name: Generate image FQIN(s) to push
- id: reponame_reg
- run: |
- if [[ "${{ matrix.source }}" == 'stable' ]]; then
- # The command version in image just built
- VERSION='v${{ steps.sniff_test.outputs.version }}'
- # workaround vim syntax-highlight bug: '
- # Push both new|updated version-tag and latest-tag FQINs
- FQIN="$REPONAME_QUAY_REGISTRY/stable:$VERSION,$REPONAME_QUAY_REGISTRY/stable:latest"
- elif [[ "${{ matrix.source }}" == 'testing' ]]; then
- # Assume some contents changed, always push latest testing.
- FQIN="$REPONAME_QUAY_REGISTRY/testing:latest"
- elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
- # Assume some contents changed, always push latest upstream.
- FQIN="$REPONAME_QUAY_REGISTRY/upstream:latest"
- else
- echo "::error::Unknown matrix item '${{ matrix.source }}'"
- exit 1
- fi
- echo "::warning::Pushing $FQIN"
- echo "::set-output name=fqin::${FQIN}"
- echo '::set-output name=push::true'
-
- # This is substantially similar to the above logic,
- # but only handles $CONTAINERS_QUAY_REGISTRY for
- # the stable "latest" and named-version tagged images.
- - name: Generate containers reg. image FQIN(s)
- if: matrix.source == 'stable'
- id: containers_reg
- run: |
- VERSION='v${{ steps.sniff_test.outputs.version }}'
- # workaround vim syntax-highlight bug: '
- # Push both new|updated version-tag and latest-tag FQINs
- FQIN="$CONTAINERS_QUAY_REGISTRY/$REPONAME:$VERSION,$CONTAINERS_QUAY_REGISTRY/$REPONAME:latest"
- echo "::warning::Pushing $FQIN"
- echo "::set-output name=fqin::${FQIN}"
- echo '::set-output name=push::true'
-
- - name: Define LABELS multi-line env. var. value
- run: |
- # This is a really hacky/strange workflow idiom, required
- # for setting multi-line $LABELS value for consumption in
- # a future step. There is literally no cleaner way to do this :<
- # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#multiline-strings
- function set_labels() {
- echo 'LABELS<<DELIMITER' >> "$GITHUB_ENV"
- for line; do
- echo "$line" | tee -a "$GITHUB_ENV"
- done
- echo "DELIMITER" >> "$GITHUB_ENV"
- }
-
- declare -a lines
- lines=(\
- "org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY}.git"
- "org.opencontainers.image.revision=${GITHUB_SHA}"
- "org.opencontainers.image.created=$(date -u --iso-8601=seconds)"
- )
-
- # Only the 'stable' matrix source obtains $VERSION
- if [[ "${{ matrix.source }}" == "stable" ]]; then
- lines+=(\
- "org.opencontainers.image.version=${{ steps.sniff_test.outputs.version }}"
- )
- fi
-
- set_labels "${lines[@]}"
-
- # Separate steps to login and push for $REPONAME_QUAY_REGISTRY and
- # $CONTAINERS_QUAY_REGISTRY are required, because 2 sets of credentials
- # are used and namespaced within the registry. At the same time, reuse
- # of non-shell steps is not supported by Github Actions nor are YAML
- # anchors/aliases, nor composite actions.
-
- # Push to $REPONAME_QUAY_REGISTRY for stable, testing. and upstream
- - name: Login to ${{ env.REPONAME_QUAY_REGISTRY }}
- uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1
- if: steps.reponame_reg.outputs.push == 'true'
- with:
- registry: ${{ env.REPONAME_QUAY_REGISTRY }}
- # N/B: Secrets are not passed to workflows that are triggered
- # by a pull request from a fork
- username: ${{ secrets.REPONAME_QUAY_USERNAME }}
- password: ${{ secrets.REPONAME_QUAY_PASSWORD }}
-
- - name: Push images to ${{ steps.reponame_reg.outputs.fqin }}
- uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2
- if: steps.reponame_reg.outputs.push == 'true'
- with:
- cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
- cache-to: type=inline
- context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
- file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
- platforms: ${{ env.PLATFORMS }}
- push: true
- tags: ${{ steps.reponame_reg.outputs.fqin }}
- labels: |
- ${{ env.LABELS }}
-
- # Push to $CONTAINERS_QUAY_REGISTRY only stable
- - name: Login to ${{ env.CONTAINERS_QUAY_REGISTRY }}
- if: steps.containers_reg.outputs.push == 'true'
- uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1
- with:
- registry: ${{ env.CONTAINERS_QUAY_REGISTRY}}
- username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
- password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}
-
- - name: Push images to ${{ steps.containers_reg.outputs.fqin }}
- if: steps.containers_reg.outputs.push == 'true'
- uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2
- with:
- cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
- cache-to: type=inline
- context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
- file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
- platforms: ${{ env.PLATFORMS }}
- push: true
- tags: ${{ steps.containers_reg.outputs.fqin }}
- labels: |
- ${{ env.LABELS }}