Skip to content
---
name: bbw container build (rhel)
on:
push:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"
pull_request:
paths:
- .github/workflows/bb_containers_rhel.yml
- "ci_build_images/**"
jobs:
build:
runs-on: self-hosted
services:
registry:
image: registry:2
ports:
- 5000:5000
name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }})
strategy:
fail-fast: false
matrix:
include:
- dockerfile: rhel7.Dockerfile pip.Dockerfile
image: rhel7
platforms: linux/amd64
- dockerfile: rhel.Dockerfile
image: ubi8
tag: rhel8
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
- dockerfile: rhel.Dockerfile pip.Dockerfile
image: ubi9
tag: rhel9
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
env:
BUILD_RHEL: false
DEPLOY_IMAGES: false
WORKDIR: ci_build_images
steps:
- uses: actions/checkout@v2
- name: Set up env vars
run: |
set -vx
[[ -n "${{ matrix.image }}" ]] || {
echo "Missing base image (FROM)"
exit 1
}
if [[ -n "${{ matrix.tag }}" ]]; then
echo "IMG=${{ matrix.tag }}" >>$GITHUB_ENV
else
TAG_TMP=${{ matrix.image }}
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
fi
echo "REPO=bb-worker" >>$GITHUB_ENV
- name: Check for rhel subscription credentials
run: |
missing=()
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
(( ${#missing[@]} == 0 )) || exit 1
echo "BUILD_RHEL=true" >> $GITHUB_ENV
- name: Generate Dockerfile and necessary files
run: |
cd ${{ env.WORKDIR }}
cat ${{ matrix.dockerfile }} common.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
cp -r qpress $GITHUB_WORKSPACE
- name: Check Dockerfile with hadolint
run: |
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
- name: Enable Systemd session for cgroupv2
run: |
CURRENT_USER=$(whoami)
sudo loginctl enable-linger $(id -u $CURRENT_USER)
- name: Build image
run: |
# //TEMP need probably a cleaning step at the end
if [[ -d $HOME/.local/share/containers ]]; then
sudo rm -rf $HOME/.local/share/containers
fi
# create secrets
echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid
echo "${{ secrets.RHEL_KEYNAME }}" >rhel_keyname
podman manifest create ${{ env.REPO }}:${{ env.IMG }}
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
msg="Build $arch:"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
podman buildx build --tag ${{ env.REPO }}:${{ env.IMG }}-${arch//\//-} \
--secret id=rhel_orgid,src=./rhel_orgid \
--secret id=rhel_keyname,src=./rhel_keyname \
--platform $arch \
--manifest ${{ env.REPO }}:${{ env.IMG }} \
-f $GITHUB_WORKSPACE/Dockerfile \
--build-arg base_image=${{ matrix.image }} \
--build-arg mariadb_branch=${{ matrix.branch }}
done
rm -f rhel_orgid rhel_keyname
podman images
- name: Push images to local registry
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
- name: Check multi-arch container
run: |
for p in ${{ matrix.platforms }}; do
platform="${p/,/}"
image="localhost:5000/bb-worker:${{ env.IMG }}"
msg="Testing docker image $image on platform $platform"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
docker pull -q --platform "$platform" "$image"
docker run -i "$image" buildbot-worker --version
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done
- name: Check for registry credentials
run: |
missing=()
[[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER)
[[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
if (( ${#missing[@]} == 0 )); then
echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV
else
echo "Not pushing images to registry"
fi
- name: Login to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to ghcr.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }}
- name: Login to registry
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Push images to quay.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
run: |
msg="Push docker image to quay.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}