From 11d7ce77716a8fe28667369543979889127a4db6 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 7 Apr 2023 13:30:01 +0900 Subject: [PATCH] Added ARM build --- ...d_rhel_amd64.yml => images_build_rhel.yml} | 210 +++++++++++++++++- 1 file changed, 209 insertions(+), 1 deletion(-) rename .github/workflows/{images_build_rhel_amd64.yml => images_build_rhel.yml} (54%) diff --git a/.github/workflows/images_build_rhel_amd64.yml b/.github/workflows/images_build_rhel.yml similarity index 54% rename from .github/workflows/images_build_rhel_amd64.yml rename to .github/workflows/images_build_rhel.yml index 047555173..4649d18a4 100644 --- a/.github/workflows/images_build_rhel_amd64.yml +++ b/.github/workflows/images_build_rhel.yml @@ -12,7 +12,7 @@ on: paths: - '!**/README.md' - 'Dockerfiles/*/rhel/*' - - '.github/workflows/images_build_rhel_amd64.yml' + - '.github/workflows/images_build_rhel.yml' defaults: run: @@ -271,3 +271,211 @@ jobs: run: | echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done rm -rf ${{ env.PFLT_ARTIFACTS }} + + build_base_arm: + timeout-minutes: 30 + name: Build ${{ matrix.build }} base on RHEL (ARM64) + needs: ["init_build"] + strategy: + fail-fast: false + matrix: + build: ["build-base"] + + runs-on: [self-hosted, linux, ARM64] + outputs: + image: ${{ steps.build_image.outputs.image-with-tag }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Generate tags + id: meta + uses: docker/metadata-action@v4 + with: + images: zabbix-${{ matrix.build }} + tags: | + type=sha + flavor: | + latest=false + suffix=-arm64 + + - name: Build Zabbix Build Base + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + context: ./Dockerfiles/${{ matrix.build }}/rhel + layers: false + tags: ${{ steps.meta.outputs.tags }} + containerfiles: | + ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile + extra-args: | + --pull + + build_base_database_arm: + timeout-minutes: 180 + needs: [ "build_base_arm", "init_build"] + name: Build ${{ matrix.build }} base on RHEL (ARM64) + strategy: + fail-fast: false + matrix: + build: ["mysql", "sqlite3"] + + runs-on: [self-hosted, linux, ARM64] + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 1 + + - name: Generate tags + id: meta + uses: docker/metadata-action@v4 + with: + images: zabbix-build-${{ matrix.build }} + tags: | + type=sha + flavor: | + latest=false + suffix=-arm64 + + - name: Build ${{ matrix.build }} image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + context: ./Dockerfiles/build-${{ matrix.build }}/rhel + layers: false + tags: ${{ steps.meta.outputs.tags }} + containerfiles: | + ./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile + build-args: BUILD_BASE_IMAGE=${{ needs.build_base_arm.outputs.image }} + + build_images_arm: + timeout-minutes: 90 + needs: [ "build_base_database_arm", "init_build"] + name: Build ${{ matrix.build }} image (ARM64) + strategy: + fail-fast: false + matrix: + build: ${{ fromJson(needs.init_build.outputs.components) }} + + runs-on: [self-hosted, linux, ARM64] + steps: + - uses: actions/checkout@v3 + + - name: Detect Build Base Image + id: build_base_image + env: + REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + run: | + BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base') + + echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT + + - name: Genarate image name + id: image_name + env: + REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + run: | + IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') + + echo "::add-mask::$IMAGE_NAME" + echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT + + - name: Generate credentials + id: login_credentials + env: + REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + run: | + IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') + REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret') + + echo "::add-mask::$IMAGE_NAME" + echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" + echo "::add-mask::$REGISTRY_PASSWORD" + + echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT + echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT + + - name: Log in to Quay.io + uses: redhat-actions/podman-login@v1.5 + env: + LOGIN: ${{ steps.login_credentials.outputs.username }} + PASSWORD: ${{ steps.login_credentials.outputs.password }} + with: + username: redhat-isv-containers+${{ env.LOGIN }}-robot + password: ${{ env.PASSWORD }} + registry: ${{ env.REGISTRY }} + auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} + + - name: Remove smartmontools + if: ${{ matrix.build == 'agent2' }} + run: | + sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile + + - name: Generate tags + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }} + tags: | + type=semver,pattern={{version}} + type=sha + flavor: | + latest=${{ ( github.event_name == 'release' ) }} + suffix=-arm64,onlatest=true + + - name: Build ${{ matrix.build }} and push + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + context: ./Dockerfiles/${{ matrix.build }}/rhel + layers: false + tags: ${{ steps.meta.outputs.tags }} + labels: | + org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} + org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} + containerfiles: | + ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile + build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image_arm.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }} + + - name: Push to RedHat certification procedure + id: push_to_registry + uses: redhat-actions/push-to-registry@v2 + with: + tags: ${{ steps.meta.outputs.tags }} + + - name: Preflight + env: + PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} + PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} + PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} + PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} + PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} + run: | + mkdir -p $PFLT_ARTIFACTS + podman run \ + -it \ + --rm \ + --security-opt=label=disable \ + --env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \ + --env PFLT_ARTIFACTS=/artifacts \ + --env PFLT_LOGFILE=/artifacts/preflight.log \ + --env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \ + --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \ + --env PFLT_DOCKERCONFIG=/temp-authfile.json \ + -v $PFLT_ARTIFACTS:/artifacts \ + -v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \ + quay.io/opdev/preflight:1.5.1 check container ${{ steps.build_image.outputs.image-with-tag }} --submit + + - name: Push to RedHat certification procedure + id: push_to_registry_all_tags + uses: redhat-actions/push-to-registry@v2 + with: + tags: ${{ steps.meta.outputs.tags }} + + - name: Cleanup + run: | + echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done + rm -rf ${{ env.PFLT_ARTIFACTS }}