diff options
-rw-r--r-- | .github/workflows/multi-arch-build.yaml | 115 | ||||
-rw-r--r-- | contrib/podmanimage/README.md | 23 | ||||
-rw-r--r-- | contrib/podmanimage/stable/manual/Containerfile | 36 |
3 files changed, 79 insertions, 95 deletions
diff --git a/.github/workflows/multi-arch-build.yaml b/.github/workflows/multi-arch-build.yaml index e4ab88544..5bf807013 100644 --- a/.github/workflows/multi-arch-build.yaml +++ b/.github/workflows/multi-arch-build.yaml @@ -1,3 +1,8 @@ +--- + +# Please see contrib/podmanimage/README.md for details on the intentions +# of this workflow. + name: build multi-arch images on: @@ -54,8 +59,10 @@ jobs: push: true tags: localhost:5000/podman/${{ matrix.source }} - # Simple verification that container works + grab version number + # Simple verification that stable images work, and + # also grab version number use in forming the FQIN. - name: amd64 container sniff test + if: matrix.source = 'stable' id: sniff_test run: | VERSION_OUTPUT="$(docker run localhost:5000/podman/${{ matrix.source }} \ @@ -65,69 +72,69 @@ jobs: test -n "$VERSION" echo "::set-output name=version::${VERSION}" - # Generate image FQINs, labels, check whether to push - - name: Generate image information - id: image_info + - name: Generate podman reg. image FQIN(s) + id: podman_reg run: | - VERSION='v${{ steps.sniff_test.outputs.version }}' - # workaround vim syntax-hilighting bug: ' if [[ "${{ matrix.source }}" == 'stable' ]]; then - # quay.io/podman/stable:vX.X.X + # The `podman version` in image just built + VERSION='v${{ steps.sniff_test.outputs.version }}' + # workaround vim syntax-highlight bug: ' + # Image tags previously pushed to quay ALLTAGS=$(skopeo list-tags \ docker://$PODMAN_QUAY_REGISTRY/stable | \ jq -r '.Tags[]') - PUSH="false" - if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then - PUSH="true" - fi - FQIN="$PODMAN_QUAY_REGISTRY/stable:$VERSION" - # Only push if version tag does not exist - if [[ "$PUSH" == "true" ]]; then - echo "Will push $FQIN" - echo "::set-output name=podman_push::true" - echo "::set-output name=podman_fqin::${FQIN}" - else - echo "Not pushing, $FQIN already exists." + # New image? Push quay.io/podman/stable:vX.X.X and :latest + if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then + # Assume version-tag is also the most up to date (i.e. "latest") + FQIN="$PODMAN_QUAY_REGISTRY/stable:$VERSION,$PODMAN_QUAY_REGISTRY/stable:latest" + else # Not a new version-tagged image + # Assume other contents changed, so this is the "new" latest. + FQIN="$PODMAN_QUAY_REGISTRY/stable:latest" fi - - # quay.io/containers/podman:vX.X.X - unset ALLTAGS + elif [[ "${{ matrix.source }}" == 'testing' ]]; then + # Assume some contents changed, always push latest testing. + FQIN="$PODMAN_QUAY_REGISTRY/testing:latest" + elif [[ "${{ matrix.source }}" == 'upstream' ]]; then + # Assume some contents changed, always push latest upstream. + FQIN="$PODMAN_QUAY_REGISTRY/upstream:latest" + else + echo "::error::Unknown matrix item '${{ matrix.source }}'" + exit 1 + fi + echo "::warning::Pushing $FQIN" + echo "::set-output name=fqin::${FQIN}" + echo '::set-output name=push::true' + + # This is substantially the same as the above step, except the + # $CONTAINERS_QUAY_REGISTRY is used and the "testing" + # flavor is never pushed. + - name: Generate containers reg. image FQIN(s) + if: matrix.source != 'testing' + id: containers_reg + run: | + if [[ "${{ matrix.source }}" == 'stable' ]]; then + VERSION='v${{ steps.sniff_test.outputs.version }}' + # workaround vim syntax-highlight bug: ' ALLTAGS=$(skopeo list-tags \ docker://$CONTAINERS_QUAY_REGISTRY/podman | \ jq -r '.Tags[]') - PUSH="false" - if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then - PUSH="true" - fi - FQIN="$CONTAINERS_QUAY_REGISTRY/podman:$VERSION" - # Only push if version tag does not exist - if [[ "$PUSH" == "true" ]]; then - echo "Will push $FQIN" - echo "::set-output name=containers_push::true" - echo "::set-output name=containers_fqin::$FQIN" - else - echo "Not pushing, $FQIN already exists." + # New image? Push quay.io/containers/podman:vX.X.X and :latest + if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then + FQIN="$CONTAINERS_QUAY_REGISTRY/podman:$VERSION,$CONTAINERS_QUAY_REGISTRY/podman:latest" + else # Not a new version-tagged image, but contents may be updated + FQIN="$CONTAINERS_QUAY_REGISTRY/podman:latest" fi - elif [[ "${{ matrix.source }}" == 'testing' ]]; then - P_FQIN="$PODMAN_QUAY_REGISTRY/testing:master" - echo "Will push $P_FQIN" - echo "::set-output name=podman_fqin::${P_FQIN}" - echo '::set-output name=podman_push::true' elif [[ "${{ matrix.source }}" == 'upstream' ]]; then - P_FQIN="$PODMAN_QUAY_REGISTRY/upstream:master" - C_FQIN="$CONTAINERS_QUAY_REGISTRY/podman:master" - echo "Will push $P_FQIN and $C_FQIN" - echo "::set-output name=podman_fqin::${P_FQIN}" - echo "::set-output name=containers_fqin::${C_FQIN}" - # Always push 'master' tag - echo '::set-output name=podman_push::true' - echo '::set-output name=containers_push::true' + FQIN="$CONTAINERS_QUAY_REGISTRY/podman:latest" else - echo "::error ::Unknown matrix value ${{ matrix.source }}" + echo "::error::Unknown matrix item '${{ matrix.source }}'" exit 1 fi + echo "::warning::Pushing $FQIN" + echo "::set-output name=fqin::${FQIN}" + echo '::set-output name=push::true' - name: Define LABELS multi-line env. var. value run: | @@ -153,7 +160,7 @@ jobs: # Push to 'podman' Quay repo for stable, testing. and upstream - name: Login to 'podman' Quay registry uses: docker/login-action@v1 - if: ${{ steps.image_info.outputs.podman_push == 'true' }} + if: steps.podman_reg.outputs.push == 'true' with: registry: ${{ env.PODMAN_QUAY_REGISTRY }} # N/B: Secrets are not passed to workflows that are triggered @@ -163,7 +170,7 @@ jobs: - name: Push images to 'podman' Quay uses: docker/build-push-action@v2 - if: ${{ steps.image_info.outputs.podman_push == 'true' }} + if: steps.podman_reg.outputs.push == 'true' with: cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }} cache-to: type=inline @@ -171,13 +178,13 @@ jobs: file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile platforms: ${{ env.PLATFORMS }} push: true - tags: ${{ steps.image_info.outputs.podman_fqin }} + tags: ${{ steps.podman_push.outputs.fqin }} labels: | ${{ env.LABELS }} # Push to 'containers' Quay repo only stable podman - name: Login to 'containers' Quay registry - if: ${{ steps.image_info.outputs.containers_push == 'true' }} + if: steps.containers_reg.outputs.push == 'true' uses: docker/login-action@v1 with: registry: ${{ env.CONTAINERS_QUAY_REGISTRY}} @@ -185,7 +192,7 @@ jobs: password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }} - name: Push images to 'containers' Quay - if: ${{ steps.image_info.outputs.containers_push == 'true' }} + if: steps.containers_reg.outputs.push == 'true' uses: docker/build-push-action@v2 with: cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }} @@ -194,6 +201,6 @@ jobs: file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile platforms: ${{ env.PLATFORMS }} push: true - tags: ${{ steps.image_info.outputs.containers_fqin }} + tags: ${{ steps.containers_reg.outputs.fqin }} labels: | ${{ env.LABELS }} diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md index 7641f6c7e..32590d185 100644 --- a/contrib/podmanimage/README.md +++ b/contrib/podmanimage/README.md @@ -16,11 +16,24 @@ default to `/`. The container images are: - * quay.io/containers/podman - This image is built using the latest stable version of Podman in a Fedora based container. Built with [podmanimage/stable/Dockerfile](stable/Dockerfile). - * quay.io/podman/stable - This image is built using the latest stable version of Podman in a Fedora based container. Built with [podmanimage/stable/Dockerfile](stable/Dockerfile). - * quay.io/podman/upstream - This image is built using the latest code found in this GitHub repository. When someone creates a commit and pushes it, the image is created. Due to that the image changes frequently and is not guaranteed to be stable. Built with [podmanimage/upstream/Dockerfile](upstream/Dockerfile). - * quay.io/podman/testing - This image is built using the latest version of Podman that is or was in updates testing for Fedora. At times this may be the same as the stable image. This container image will primarily be used by the development teams for verification testing when a new package is created. Built with [podmanimage/testing/Dockerfile](testing/Dockerfile). - * quay.io/podman/stable:version - This image is built manually using a Fedora based container. An RPM is first pulled from the [Fedora Updates System](https://bodhi.fedoraproject.org/) and the image is built from there. For more details, see the Containerfile used to build it, [podmanimage/stable/manual/Containerfile](stable/manual/Containerfile). + * `quay.io/containers/podman:<version>` and `quay.io/podman/stable:<version>` - + These images are built when a new podman version becomes available in + Fedora. These images are intended to be unchanging and stable, they will + never be updated by automation once they've been pushed. For build + details, see the configuration used to build it, + [podmanimage/stable/Dockerfile](stable/Dockerfile). + * `quay.io/containers/podman:latest` and `quay.io/podman/stable:latest` - + Built daily using the same Containerfile as above. The podman version + will remain the "latest" available in Fedora, however the other image + contents may vary compared to the version-tagged images. + * `quay.io/podman/testing:latest` - This image is built daily, using the + latest version of Podman that was in the Fedora `updates-testing` repository. + The image is Built with [podmanimage/testing/Dockerfile](testing/Dockerfile). + * `quay.io/podman/upstream:latest` - This image is built daily using the latest + code found in this GitHub repository. Due to the image changing frequently, + it's not guaranteed to be stable or even executable. The image is built with + [podmanimage/upstream/Dockerfile](upstream/Dockerfile). + ## Sample Usage diff --git a/contrib/podmanimage/stable/manual/Containerfile b/contrib/podmanimage/stable/manual/Containerfile deleted file mode 100644 index fb4d1adc0..000000000 --- a/contrib/podmanimage/stable/manual/Containerfile +++ /dev/null @@ -1,36 +0,0 @@ -# stable/manual/Containerfile -# -# Build a Podman container image from the latest -# stable version of Podman on the Fedora Updates System. -# https://bodhi.fedoraproject.org/updates/?search=podman -# This image can be used to create a secured container -# that runs safely with privileges within the container. -# This Containerfile builds version 1.7.0, the version and -# the RPM name would need to be adjusted before a run as -# appropriate. -# -# To use, first copy an rpm file from bodhi to `/root/tmp` -# and then run: -# 'podman build -f ./Containerfile -t quay.io/podman/stable:v1.7.0 .' -# -# Once complete run: -# `podman push quay.io/stable:v1.7.0 docker://quay.io/podman/stable:v1.7.0` -# -# Start Build Process using the latest Fedora -FROM registry.fedoraproject.org/fedora:latest - -# Don't include container-selinux and remove -# directories used by dnf that are just taking -# up space. -# -COPY /tmp/podman-1.7.0-3.fc30.x86_64.rpm /tmp -RUN yum -y install /tmp/podman-1.7.0-3.fc30.x86_64.rpm fuse-overlayfs --exclude container-selinux; rm -rf /var/cache /var/log/dnf* /var/log/yum.* /tmp/podman*.rpm - -ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ - -# chmod containers.conf and adjust storage.conf to enable Fuse storage. -RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock - - -ENV _CONTAINERS_USERNS_CONFIGURED="" |