2023-02-03 07:05:11 +01:00
|
|
|
name: Build images (RedHat)
|
|
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
release:
|
|
|
|
|
types:
|
|
|
|
|
- published
|
2024-02-10 16:19:34 +01:00
|
|
|
workflow_dispatch:
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
defaults:
|
|
|
|
|
run:
|
|
|
|
|
shell: bash
|
|
|
|
|
|
|
|
|
|
env:
|
|
|
|
|
LATEST_BRANCH: ${{ github.event.repository.default_branch }}
|
2024-02-10 16:19:34 +01:00
|
|
|
IMAGES_PREFIX: "zabbix-"
|
2023-02-03 07:05:11 +01:00
|
|
|
BASE_BUILD_NAME: "build-base"
|
2024-02-10 16:19:34 +01:00
|
|
|
|
|
|
|
|
DOCKERFILES_DIRECTORY: "Dockerfiles"
|
|
|
|
|
|
|
|
|
|
OIDC_ISSUER: "https://token.actions.githubusercontent.com"
|
|
|
|
|
IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/"
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
REGISTRY: "quay.io"
|
|
|
|
|
REGISTRY_NAMESPACE: "redhat-isv-containers"
|
|
|
|
|
PFLT_LOGLEVEL: "warn"
|
|
|
|
|
PFLT_ARTIFACTS: "/tmp/artifacts"
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
init_build:
|
|
|
|
|
name: Initialize build
|
2024-02-10 16:19:34 +01:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
permissions:
|
|
|
|
|
contents: read
|
2023-02-03 07:05:11 +01:00
|
|
|
outputs:
|
|
|
|
|
components: ${{ steps.components.outputs.list }}
|
|
|
|
|
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
|
|
|
|
|
current_branch: ${{ steps.branch_info.outputs.current_branch }}
|
|
|
|
|
sha_short: ${{ steps.branch_info.outputs.sha_short }}
|
|
|
|
|
steps:
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
2024-02-10 16:19:34 +01:00
|
|
|
disable-sudo: true
|
|
|
|
|
egress-policy: block
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
- name: Get branch info
|
|
|
|
|
id: branch_info
|
2024-02-10 16:19:34 +01:00
|
|
|
shell: bash
|
|
|
|
|
env:
|
|
|
|
|
LATEST_BRANCH: ${{ env.LATEST_BRANCH }}
|
|
|
|
|
github_ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || github.ref }}
|
2023-02-03 07:05:11 +01:00
|
|
|
run: |
|
|
|
|
|
result=false
|
2024-02-10 16:19:34 +01:00
|
|
|
sha_short=$(git rev-parse --short HEAD)
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
if [[ "$github_ref" == "refs/tags/"* ]]; then
|
|
|
|
|
github_ref=${github_ref%.*}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
github_ref=${github_ref##*/}
|
|
|
|
|
|
2024-02-10 16:19:34 +01:00
|
|
|
if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then
|
2023-03-07 08:56:16 +01:00
|
|
|
result=true
|
|
|
|
|
fi
|
|
|
|
|
|
2024-02-10 16:19:34 +01:00
|
|
|
echo "::group::Branch data"
|
|
|
|
|
echo "is_default_branch - $result"
|
|
|
|
|
echo "current_branch - $github_ref"
|
|
|
|
|
echo "sha_short - $sha_short"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
|
2023-03-07 08:56:16 +01:00
|
|
|
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
|
2024-02-10 16:19:34 +01:00
|
|
|
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Prepare Zabbix component list
|
|
|
|
|
id: components
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
2024-02-10 16:19:34 +01:00
|
|
|
CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }}
|
2023-02-03 07:05:11 +01:00
|
|
|
run: |
|
2024-02-10 16:19:34 +01:00
|
|
|
component_list=$(jq --raw-output --argjson data "${REDHAT_CERTIFY_CREDENTIALS}" -n '$data."${CURRENT_BRANCH}".components | keys | [ .[] | tostring ] | @json')
|
|
|
|
|
|
|
|
|
|
echo "::group::Zabbix Component List"
|
|
|
|
|
echo "$component_list"
|
|
|
|
|
echo "::endgroup::"
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
echo "list=$component_list" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
build_base:
|
|
|
|
|
timeout-minutes: 30
|
2024-02-10 16:19:34 +01:00
|
|
|
name: Build ${{ matrix.build }} base on RHEL (${{ matrix.arch }})
|
2023-02-03 07:05:11 +01:00
|
|
|
needs: ["init_build"]
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ["build-base"]
|
2024-02-10 16:19:34 +01:00
|
|
|
arch: ["X64", "ARM64"]
|
|
|
|
|
runs-on: [self-hosted, linux, ${{ matrix.arch }}]
|
|
|
|
|
permissions:
|
|
|
|
|
contents: read
|
|
|
|
|
id-token: write
|
2023-02-03 07:05:11 +01:00
|
|
|
steps:
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
- name: Checkout repository
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
|
|
|
|
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Install cosign
|
|
|
|
|
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
|
|
|
|
with:
|
|
|
|
|
cosign-release: 'v2.2.3'
|
|
|
|
|
|
|
|
|
|
- name: Check cosign version
|
|
|
|
|
run: cosign version
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
2024-02-10 16:19:34 +01:00
|
|
|
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
2023-02-03 07:05:11 +01:00
|
|
|
tags: |
|
2024-02-10 16:19:34 +01:00
|
|
|
type=sha,postfix=-${{ matrix.arch }}
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
- name: Build Zabbix Build Base
|
|
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
2024-02-10 16:19:34 +01:00
|
|
|
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
2023-02-03 07:05:11 +01:00
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
containerfiles: |
|
|
|
|
|
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile
|
|
|
|
|
extra-args: |
|
|
|
|
|
--pull
|
|
|
|
|
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Image digest
|
|
|
|
|
env:
|
|
|
|
|
DIGEST: ${{ steps.docker_build.outputs.digest }}
|
|
|
|
|
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
|
|
|
|
run: |
|
|
|
|
|
echo "::group::Image digest"
|
|
|
|
|
echo "$DIGEST"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
echo "::group::Cache file name"
|
|
|
|
|
echo "$CACHE_FILE_NAME"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
|
|
|
|
|
|
|
|
|
- name: Cache image digest
|
|
|
|
|
uses: actions/cache@v4
|
|
|
|
|
with:
|
|
|
|
|
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
|
|
|
|
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
build_base_database:
|
|
|
|
|
timeout-minutes: 180
|
|
|
|
|
needs: [ "build_base", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} base on RHEL
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ["mysql", "sqlite3"]
|
2024-02-10 16:19:34 +01:00
|
|
|
arch: ["X64", "ARM64"]
|
|
|
|
|
runs-on: [self-hosted, linux, ${{ matrix.arch }}]
|
|
|
|
|
permissions:
|
|
|
|
|
contents: read
|
|
|
|
|
id-token: write
|
2023-02-03 07:05:11 +01:00
|
|
|
steps:
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Block egress traffic
|
|
|
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
- name: Checkout repository
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
|
|
|
|
images: zabbix-build-${{ matrix.build }}
|
|
|
|
|
tags: |
|
2024-02-10 16:19:34 +01:00
|
|
|
type=sha,postfix=-${{ matrix.arch }}
|
|
|
|
|
|
|
|
|
|
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
|
|
|
|
uses: actions/cache@v4
|
|
|
|
|
with:
|
|
|
|
|
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
|
|
|
|
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
|
|
|
|
|
|
|
|
|
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
|
|
|
|
|
id: base_build
|
|
|
|
|
env:
|
|
|
|
|
MATRIX_ARCH: ${{ matrix.arch }}
|
|
|
|
|
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
|
|
|
|
|
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
|
|
|
|
run: |
|
|
|
|
|
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
|
|
|
|
|
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
|
|
|
|
|
|
|
|
|
|
echo "::group::Base build image information"
|
|
|
|
|
echo "base_tag=${BASE_TAG}"
|
|
|
|
|
echo "base_build_image=${BUILD_BASE_IMAGE}"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
|
2023-02-03 07:05:11 +01:00
|
|
|
|
2024-02-10 16:19:34 +01:00
|
|
|
- name: Build Zabbix Build Base
|
2023-02-03 07:05:11 +01:00
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
2024-02-10 16:19:34 +01:00
|
|
|
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
2023-02-03 07:05:11 +01:00
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
containerfiles: |
|
2024-02-10 16:19:34 +01:00
|
|
|
${{ env.DOCKERFILES_DIRECTORY }}/build-${{ matrix.build }}/rhel/Dockerfile
|
|
|
|
|
extra-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
|
|
|
|
|
|
|
|
|
|
- name: Image digest
|
|
|
|
|
env:
|
|
|
|
|
DIGEST: ${{ steps.docker_build.outputs.digest }}
|
|
|
|
|
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
|
|
|
|
|
run: |
|
|
|
|
|
echo "::group::Image digest"
|
|
|
|
|
echo "$DIGEST"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
echo "::group::Cache file name"
|
|
|
|
|
echo "$CACHE_FILE_NAME"
|
|
|
|
|
echo "::endgroup::"
|
|
|
|
|
|
|
|
|
|
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
|
|
|
|
|
|
|
|
|
- name: Cache image digest
|
|
|
|
|
uses: actions/cache@v4
|
|
|
|
|
with:
|
|
|
|
|
path: ${{ matrix.build }}_${{ matrix.arch }}
|
|
|
|
|
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
build_images:
|
|
|
|
|
timeout-minutes: 90
|
|
|
|
|
needs: [ "build_base_database", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} image
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
|
|
2023-04-03 08:07:45 +02:00
|
|
|
runs-on: [self-hosted, linux, X64]
|
2023-02-03 07:05:11 +01:00
|
|
|
steps:
|
2024-02-05 05:16:42 +01:00
|
|
|
- uses: actions/checkout@v4
|
2023-02-03 07:05:11 +01:00
|
|
|
|
|
|
|
|
- name: Detect Build Base Image
|
|
|
|
|
id: build_base_image
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base')
|
|
|
|
|
|
|
|
|
|
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT
|
|
|
|
|
|
2024-02-05 05:16:42 +01:00
|
|
|
- name: Generate image name
|
2023-02-03 07:05:11 +01:00
|
|
|
id: image_name
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login')
|
|
|
|
|
|
|
|
|
|
echo "::add-mask::$IMAGE_NAME"
|
|
|
|
|
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Generate credentials
|
|
|
|
|
id: login_credentials
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login')
|
|
|
|
|
REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret')
|
|
|
|
|
|
|
|
|
|
echo "::add-mask::$IMAGE_NAME"
|
|
|
|
|
echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot"
|
|
|
|
|
echo "::add-mask::$REGISTRY_PASSWORD"
|
|
|
|
|
|
|
|
|
|
echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Log in to Quay.io
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: redhat-actions/podman-login@v1.6
|
2023-02-03 07:05:11 +01:00
|
|
|
env:
|
|
|
|
|
LOGIN: ${{ steps.login_credentials.outputs.username }}
|
|
|
|
|
PASSWORD: ${{ steps.login_credentials.outputs.password }}
|
|
|
|
|
with:
|
|
|
|
|
username: redhat-isv-containers+${{ env.LOGIN }}-robot
|
|
|
|
|
password: ${{ env.PASSWORD }}
|
|
|
|
|
registry: ${{ env.REGISTRY }}
|
|
|
|
|
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }}
|
|
|
|
|
|
|
|
|
|
- name: Remove smartmontools
|
|
|
|
|
if: ${{ matrix.build == 'agent2' }}
|
|
|
|
|
run: |
|
|
|
|
|
sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-02-03 07:05:11 +01:00
|
|
|
with:
|
|
|
|
|
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=semver,pattern={{version}}
|
|
|
|
|
type=sha
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=${{ ( github.event_name == 'release' ) }}
|
|
|
|
|
|
|
|
|
|
- name: Build ${{ matrix.build }} and push
|
|
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
|
|
|
|
context: ./Dockerfiles/${{ matrix.build }}/rhel
|
|
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
labels: |
|
|
|
|
|
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
|
|
|
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
|
|
|
|
containerfiles: |
|
|
|
|
|
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile
|
|
|
|
|
build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }}
|
|
|
|
|
|
|
|
|
|
- name: Push to RedHat certification procedure
|
|
|
|
|
id: push_to_registry
|
|
|
|
|
uses: redhat-actions/push-to-registry@v2
|
|
|
|
|
with:
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
|
2023-04-07 06:30:01 +02:00
|
|
|
- name: Preflight
|
|
|
|
|
env:
|
|
|
|
|
PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }}
|
|
|
|
|
PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }}
|
|
|
|
|
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
|
|
|
|
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
|
|
|
|
|
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p $PFLT_ARTIFACTS
|
|
|
|
|
podman run \
|
|
|
|
|
-it \
|
|
|
|
|
--rm \
|
|
|
|
|
--security-opt=label=disable \
|
|
|
|
|
--env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \
|
|
|
|
|
--env PFLT_ARTIFACTS=/artifacts \
|
|
|
|
|
--env PFLT_LOGFILE=/artifacts/preflight.log \
|
|
|
|
|
--env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \
|
|
|
|
|
--env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \
|
|
|
|
|
--env PFLT_DOCKERCONFIG=/temp-authfile.json \
|
|
|
|
|
-v $PFLT_ARTIFACTS:/artifacts \
|
|
|
|
|
-v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \
|
2024-02-05 05:16:42 +01:00
|
|
|
quay.io/opdev/preflight:stable check container ${{ steps.build_image.outputs.image-with-tag }} --submit
|
2023-04-07 06:30:01 +02:00
|
|
|
|
|
|
|
|
- name: Push to RedHat certification procedure
|
|
|
|
|
id: push_to_registry_all_tags
|
|
|
|
|
uses: redhat-actions/push-to-registry@v2
|
|
|
|
|
with:
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
|
|
|
|
|
- name: Cleanup
|
|
|
|
|
run: |
|
|
|
|
|
echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done
|
|
|
|
|
rm -rf ${{ env.PFLT_ARTIFACTS }}
|
|
|
|
|
|
|
|
|
|
build_base_arm:
|
|
|
|
|
timeout-minutes: 30
|
|
|
|
|
name: Build ${{ matrix.build }} base on RHEL (ARM64)
|
|
|
|
|
needs: ["init_build"]
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ["build-base"]
|
|
|
|
|
|
|
|
|
|
runs-on: [self-hosted, linux, ARM64]
|
|
|
|
|
outputs:
|
|
|
|
|
image: ${{ steps.build_image.outputs.image-with-tag }}
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout repository
|
2024-02-05 09:31:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2023-04-07 06:30:01 +02:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 09:31:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-04-07 06:30:01 +02:00
|
|
|
with:
|
|
|
|
|
images: zabbix-${{ matrix.build }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=sha
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=false
|
|
|
|
|
suffix=-arm64
|
|
|
|
|
|
|
|
|
|
- name: Build Zabbix Build Base
|
|
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
|
|
|
|
context: ./Dockerfiles/${{ matrix.build }}/rhel
|
|
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
containerfiles: |
|
|
|
|
|
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile
|
|
|
|
|
extra-args: |
|
|
|
|
|
--pull
|
|
|
|
|
|
|
|
|
|
build_base_database_arm:
|
|
|
|
|
timeout-minutes: 180
|
|
|
|
|
needs: [ "build_base_arm", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} base on RHEL (ARM64)
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ["mysql", "sqlite3"]
|
|
|
|
|
|
|
|
|
|
runs-on: [self-hosted, linux, ARM64]
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout repository
|
2024-02-05 09:31:42 +01:00
|
|
|
uses: actions/checkout@v4
|
2023-04-07 06:30:01 +02:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 1
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 09:31:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-04-07 06:30:01 +02:00
|
|
|
with:
|
|
|
|
|
images: zabbix-build-${{ matrix.build }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=sha
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=false
|
|
|
|
|
suffix=-arm64
|
|
|
|
|
|
|
|
|
|
- name: Build ${{ matrix.build }} image
|
|
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
|
|
|
|
context: ./Dockerfiles/build-${{ matrix.build }}/rhel
|
|
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
containerfiles: |
|
|
|
|
|
./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile
|
|
|
|
|
build-args: BUILD_BASE_IMAGE=${{ needs.build_base_arm.outputs.image }}
|
|
|
|
|
|
|
|
|
|
build_images_arm:
|
|
|
|
|
timeout-minutes: 90
|
|
|
|
|
needs: [ "build_base_database_arm", "init_build"]
|
|
|
|
|
name: Build ${{ matrix.build }} image (ARM64)
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
build: ${{ fromJson(needs.init_build.outputs.components) }}
|
|
|
|
|
|
|
|
|
|
runs-on: [self-hosted, linux, ARM64]
|
|
|
|
|
steps:
|
2024-02-05 05:16:42 +01:00
|
|
|
- uses: actions/checkout@v4
|
2023-04-07 06:30:01 +02:00
|
|
|
|
|
|
|
|
- name: Detect Build Base Image
|
|
|
|
|
id: build_base_image
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base')
|
|
|
|
|
|
|
|
|
|
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT
|
|
|
|
|
|
2024-02-05 05:16:42 +01:00
|
|
|
- name: Generate image name
|
2023-04-07 06:30:01 +02:00
|
|
|
id: image_name
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login')
|
|
|
|
|
|
|
|
|
|
echo "::add-mask::$IMAGE_NAME"
|
|
|
|
|
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Generate credentials
|
|
|
|
|
id: login_credentials
|
|
|
|
|
env:
|
|
|
|
|
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
|
|
|
|
run: |
|
|
|
|
|
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login')
|
|
|
|
|
REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret')
|
|
|
|
|
|
|
|
|
|
echo "::add-mask::$IMAGE_NAME"
|
|
|
|
|
echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot"
|
|
|
|
|
echo "::add-mask::$REGISTRY_PASSWORD"
|
|
|
|
|
|
|
|
|
|
echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
|
|
|
|
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Log in to Quay.io
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: redhat-actions/podman-login@v1.6
|
2023-04-07 06:30:01 +02:00
|
|
|
env:
|
|
|
|
|
LOGIN: ${{ steps.login_credentials.outputs.username }}
|
|
|
|
|
PASSWORD: ${{ steps.login_credentials.outputs.password }}
|
|
|
|
|
with:
|
|
|
|
|
username: redhat-isv-containers+${{ env.LOGIN }}-robot
|
|
|
|
|
password: ${{ env.PASSWORD }}
|
|
|
|
|
registry: ${{ env.REGISTRY }}
|
|
|
|
|
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }}
|
|
|
|
|
|
|
|
|
|
- name: Remove smartmontools
|
|
|
|
|
if: ${{ matrix.build == 'agent2' }}
|
|
|
|
|
run: |
|
|
|
|
|
sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile
|
|
|
|
|
|
|
|
|
|
- name: Generate tags
|
|
|
|
|
id: meta
|
2024-02-05 05:16:42 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2023-04-07 06:30:01 +02:00
|
|
|
with:
|
|
|
|
|
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }}
|
|
|
|
|
tags: |
|
|
|
|
|
type=semver,pattern={{version}}
|
|
|
|
|
type=sha
|
|
|
|
|
flavor: |
|
|
|
|
|
latest=${{ ( github.event_name == 'release' ) }}
|
|
|
|
|
suffix=-arm64,onlatest=true
|
|
|
|
|
|
|
|
|
|
- name: Build ${{ matrix.build }} and push
|
|
|
|
|
id: build_image
|
|
|
|
|
uses: redhat-actions/buildah-build@v2
|
|
|
|
|
with:
|
|
|
|
|
context: ./Dockerfiles/${{ matrix.build }}/rhel
|
|
|
|
|
layers: false
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
labels: |
|
|
|
|
|
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
|
|
|
|
|
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
|
|
|
|
containerfiles: |
|
|
|
|
|
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile
|
2023-04-07 06:50:12 +02:00
|
|
|
build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }}-arm64
|
2023-04-07 06:30:01 +02:00
|
|
|
|
|
|
|
|
- name: Push to RedHat certification procedure
|
|
|
|
|
id: push_to_registry
|
|
|
|
|
uses: redhat-actions/push-to-registry@v2
|
|
|
|
|
with:
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
- name: Preflight
|
|
|
|
|
env:
|
|
|
|
|
PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }}
|
|
|
|
|
PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }}
|
|
|
|
|
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
|
|
|
|
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
|
|
|
|
|
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p $PFLT_ARTIFACTS
|
|
|
|
|
podman run \
|
|
|
|
|
-it \
|
|
|
|
|
--rm \
|
|
|
|
|
--security-opt=label=disable \
|
|
|
|
|
--env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \
|
|
|
|
|
--env PFLT_ARTIFACTS=/artifacts \
|
|
|
|
|
--env PFLT_LOGFILE=/artifacts/preflight.log \
|
|
|
|
|
--env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \
|
|
|
|
|
--env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \
|
|
|
|
|
--env PFLT_DOCKERCONFIG=/temp-authfile.json \
|
|
|
|
|
-v $PFLT_ARTIFACTS:/artifacts \
|
|
|
|
|
-v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \
|
2024-02-05 05:16:42 +01:00
|
|
|
quay.io/opdev/preflight:stable check container ${{ steps.build_image.outputs.image-with-tag }} --submit
|
2023-02-03 07:05:11 +01:00
|
|
|
|
2023-02-05 09:17:09 +01:00
|
|
|
- name: Push to RedHat certification procedure
|
|
|
|
|
id: push_to_registry_all_tags
|
|
|
|
|
uses: redhat-actions/push-to-registry@v2
|
|
|
|
|
with:
|
|
|
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
|
2023-02-03 07:05:11 +01:00
|
|
|
- name: Cleanup
|
|
|
|
|
run: |
|
|
|
|
|
echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done
|
|
|
|
|
rm -rf ${{ env.PFLT_ARTIFACTS }}
|
