Avoid building containers on BB repo push if branch is not DEV/MAIN #329
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: bbw-build-container-rhel | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'dev' | |
paths: | |
- 'ci_build_images/buildbot-worker.Dockerfile' | |
- .github/workflows/bbw_build_container_rhel.yml | |
- 'ci_build_images/pip.Dockerfile' | |
- 'ci_build_images/qpress.Dockerfile' | |
- 'ci_build_images/rhel.Dockerfile' | |
pull_request: | |
paths: | |
- 'ci_build_images/buildbot-worker.Dockerfile' | |
- .github/workflows/bbw_build_container_rhel.yml | |
- 'ci_build_images/pip.Dockerfile' | |
- 'ci_build_images/qpress.Dockerfile' | |
- 'ci_build_images/rhel.Dockerfile' | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }}) | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- dockerfile: rhel.Dockerfile | |
image: ubi8 | |
tag: rhel8 | |
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x | |
nogalera: false | |
- dockerfile: rhel.Dockerfile | |
image: ubi9 | |
tag: rhel9 | |
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x | |
nogalera: false | |
env: | |
MAIN_BRANCH: false | |
BUILD_RHEL: false | |
DEPLOY_IMAGES: false | |
WORKDIR: ci_build_images | |
steps: | |
- name: Enable Production release - no rebuild | |
run: echo "MAIN_BRANCH=true" >> $GITHUB_ENV | |
if: github.ref == 'refs/heads/main' | |
- uses: actions/checkout@v4 | |
- name: Set up env vars | |
run: | | |
set -vx | |
[[ -n "${{ matrix.image }}" ]] || { | |
echo "Missing base image (FROM)" | |
exit 1 | |
} | |
if [[ -n "${{ matrix.tag }}" ]]; then | |
echo "IMG=${{ matrix.tag }}" >>$GITHUB_ENV | |
else | |
TAG_TMP=${{ matrix.image }} | |
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV | |
fi | |
echo "REPO=bb-worker" >>$GITHUB_ENV | |
- name: Check for rhel subscription credentials | |
if: > | |
github.repository == 'mariadb/buildbot' | |
run: | | |
missing=() | |
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID) | |
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME) | |
for i in "${missing[@]}"; do | |
echo "Missing github secret: $i" | |
done | |
if (( ${#missing[@]} == 0 )); then | |
echo "BUILD_RHEL=true" >> $GITHUB_ENV | |
else | |
echo "Not building RHEL" | |
fi | |
- name: Generate Dockerfile and necessary files | |
if: ${{ env.MAIN_BRANCH == 'false' }} | |
run: | | |
cd ${{ env.WORKDIR }} | |
cat ${{ matrix.dockerfile }} qpress.Dockerfile buildbot-worker.Dockerfile >$GITHUB_WORKSPACE/Dockerfile | |
if [ "${{ matrix.nogalera }}" == true ]; then | |
sed -i -e '/ci.mariadb.org\/galera/d' -e '/WSREP_PROVIDER/d' -e '/galera-4/d' $GITHUB_WORKSPACE/Dockerfile | |
fi | |
cp -r qpress $GITHUB_WORKSPACE | |
- name: Check Dockerfile with hadolint | |
if: ${{ env.MAIN_BRANCH == 'false' }} | |
run: | | |
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile | |
- name: Install qemu-user-static | |
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y qemu-user-static | |
- name: Make sure that time is in sync | |
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
# RHEL subscription needs that time and date | |
# is correct and is syncing with an NTP-server | |
# https://access.redhat.com/discussions/672313#comment-2360508 | |
sudo chronyc -a makestep | |
- name: Build image | |
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
# create secrets | |
echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid | |
echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname | |
podman manifest create ${{ env.REPO }}:${{ env.IMG }} | |
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do | |
msg="Build $arch:" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \ | |
--secret id=rhel_orgid,src=./rhel_orgid \ | |
--secret id=rhel_keyname,src=./rhel_keyname \ | |
--platform $arch \ | |
--manifest ${{ env.REPO }}:${{ env.IMG }} \ | |
-f $GITHUB_WORKSPACE/Dockerfile \ | |
--build-arg BASE_IMAGE=${{ matrix.image }} \ | |
--build-arg MARIADB_BRANCH=${{ matrix.branch }} | |
done | |
rm -f rhel_orgid rhel_keyname | |
podman images | |
- name: Push images to local registry | |
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
podman manifest push --tls-verify=0 \ | |
--all ${{ env.REPO }}:${{ env.IMG }} \ | |
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} | |
- name: Check multi-arch container | |
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
# make some space on the runner | |
if [[ -d $HOME/.local/share/containers ]]; then | |
sudo rm -rf $HOME/.local/share/containers | |
fi | |
for p in ${{ matrix.platforms }}; do | |
platform="${p/,/}" | |
image="localhost:5000/bb-worker:${{ env.IMG }}" | |
msg="Testing docker image $image on platform $platform" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
docker pull -q --platform "$platform" "$image" | |
docker run -i "$image" buildbot-worker --version | |
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac | |
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp" | |
done | |
- name: Check for registry credentials | |
if: ${{ env.BUILD_RHEL == 'true' }} | |
run: | | |
missing=() | |
[[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER) | |
[[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN) | |
for i in "${missing[@]}"; do | |
echo "Missing github secret: $i" | |
done | |
if (( ${#missing[@]} == 0 )); then | |
echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV | |
else | |
echo "Not pushing images to registry" | |
fi | |
- name: Login to ghcr.io | |
if: ${{ env.DEPLOY_IMAGES == 'true' }} | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: ghcr.io - push dev tag | |
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
msg="Push docker image to ghcr.io (dev_${{ env.IMG }})" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
skopeo copy --all --src-tls-verify=0 \ | |
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \ | |
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }} | |
- name: ghcr.io - move tag to production | |
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }} | |
run: | | |
msg="Update tag (dev_${{ env.IMG }} --> ${{ env.IMG }})" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
skopeo copy --all --src-tls-verify=0 \ | |
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }} \ | |
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }} | |
- name: Login to registry | |
if: ${{ env.DEPLOY_IMAGES == 'true' }} | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USER }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: quay.io - push dev tag | |
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }} | |
run: | | |
msg="Push docker image to quay.io (dev_${{ env.IMG }})" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
skopeo copy --all --src-tls-verify=0 \ | |
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \ | |
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }} | |
- name: quay.io - move tag to production | |
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }} | |
run: | | |
msg="Update tag (dev_${{ env.IMG }} --> ${{ env.IMG }})" | |
line="${msg//?/=}" | |
printf "\n${line}\n${msg}\n${line}\n" | |
skopeo copy --all --src-tls-verify=0 \ | |
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }} \ | |
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }} |