extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2024-11-22 15:53:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prepare universal workflow

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-02-11 00:19:34 +09:00
parent d6bcfb9e73
commit b779827f5f
1 changed files with 135 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
.github/workflows/images_build_rhel.yml vendored
View File

@ -4,6 +4,7 @@ on:
release:
types:
- published
workflow_dispatch:
defaults:
run:
@ -11,7 +12,14 @@ defaults:
env:
LATEST_BRANCH: ${{ github.event.repository.default_branch }}
IMAGES_PREFIX: "zabbix-"
BASE_BUILD_NAME: "build-base"
DOCKERFILES_DIRECTORY: "Dockerfiles"
OIDC_ISSUER: "https://token.actions.githubusercontent.com"
IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/"
REGISTRY: "quay.io"
REGISTRY_NAMESPACE: "redhat-isv-containers"
PFLT_LOGLEVEL: "warn"
@ -20,23 +28,30 @@ env:
jobs:
init_build:
name: Initialize build
runs-on: [self-hosted, linux, X64]
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
components: ${{ steps.components.outputs.list }}
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
current_branch: ${{ steps.branch_info.outputs.current_branch }}
sha_short: ${{ steps.branch_info.outputs.sha_short }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
fetch-depth: 1
disable-sudo: true
egress-policy: block
- name: Get branch info
id: branch_info
shell: bash
env:
LATEST_BRANCH: ${{ env.LATEST_BRANCH }}
github_ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || github.ref }}
run: |
github_ref="${{ github.ref }}"
result=false
sha_short=$(git rev-parse --short HEAD)
if [[ "$github_ref" == "refs/tags/"* ]]; then
github_ref=${github_ref%.*}
@ -44,55 +59,80 @@ jobs:
github_ref=${github_ref##*/}
if [[ "$github_ref" == "${{ env.LATEST_BRANCH }}" ]]; then
if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then
result=true
fi
echo "::group::Branch data"
echo "is_default_branch - $result"
echo "current_branch - $github_ref"
echo "sha_short - $sha_short"
echo "::endgroup::"
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
- name: Prepare Zabbix component list
id: components
env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }}
run: |
component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ steps.branch_info.outputs.current_branch }}".components | keys | [ .[] | tostring ] | @json')
component_list=$(jq --raw-output --argjson data "${REDHAT_CERTIFY_CREDENTIALS}" -n '$data."${CURRENT_BRANCH}".components | keys | [ .[] | tostring ] | @json')
echo "::group::Zabbix Component List"
echo "$component_list"
echo "::endgroup::"
echo "list=$component_list" >> $GITHUB_OUTPUT
build_base:
timeout-minutes: 30
name: Build ${{ matrix.build }} base on RHEL
name: Build ${{ matrix.build }} base on RHEL (${{ matrix.arch }})
needs: ["init_build"]
strategy:
fail-fast: false
matrix:
build: ["build-base"]
runs-on: [self-hosted, linux, X64]
outputs:
image: ${{ steps.build_image.outputs.image-with-tag }}
arch: ["X64", "ARM64"]
runs-on: [self-hosted, linux, ${{ matrix.arch }}]
permissions:
contents: read
id-token: write
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
with:
cosign-release: 'v2.2.3'
- name: Check cosign version
run: cosign version
- name: Generate tags
id: meta
uses: docker/metadata-action@v5
with:
images: zabbix-${{ matrix.build }}
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: |
type=sha
type=sha,postfix=-${{ matrix.arch }}
- name: Build Zabbix Build Base
id: build_image
uses: redhat-actions/buildah-build@v2
with:
context: ./Dockerfiles/${{ matrix.build }}/rhel
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false
tags: ${{ steps.meta.outputs.tags }}
containerfiles: |
@ -100,6 +140,26 @@ jobs:
extra-args: |
--pull
- name: Image digest
env:
DIGEST: ${{ steps.docker_build.outputs.digest }}
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
run: |
echo "::group::Image digest"
echo "$DIGEST"
echo "::endgroup::"
echo "::group::Cache file name"
echo "$CACHE_FILE_NAME"
echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME"
- name: Cache image digest
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
build_base_database:
timeout-minutes: 180
needs: [ "build_base", "init_build"]
@ -108,9 +168,17 @@ jobs:
fail-fast: false
matrix:
build: ["mysql", "sqlite3"]
runs-on: [self-hosted, linux, X64]
arch: ["X64", "ARM64"]
runs-on: [self-hosted, linux, ${{ matrix.arch }}]
permissions:
contents: read
id-token: write
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@v4
with:
@ -122,18 +190,62 @@ jobs:
with:
images: zabbix-build-${{ matrix.build }}
tags: |
type=sha
type=sha,postfix=-${{ matrix.arch }}
- name: Build ${{ matrix.build }} image
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
id: base_build
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
echo "::group::Base build image information"
echo "base_tag=${BASE_TAG}"
echo "base_build_image=${BUILD_BASE_IMAGE}"
echo "::endgroup::"
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
- name: Build Zabbix Build Base
id: build_image
uses: redhat-actions/buildah-build@v2
with:
context: ./Dockerfiles/build-${{ matrix.build }}/rhel
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false
tags: ${{ steps.meta.outputs.tags }}
containerfiles: |
./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile
build-args: BUILD_BASE_IMAGE=${{ needs.build_base.outputs.image }}
${{ env.DOCKERFILES_DIRECTORY }}/build-${{ matrix.build }}/rhel/Dockerfile
extra-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
- name: Image digest
env:
DIGEST: ${{ steps.docker_build.outputs.digest }}
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
run: |
echo "::group::Image digest"
echo "$DIGEST"
echo "::endgroup::"
echo "::group::Cache file name"
echo "$CACHE_FILE_NAME"
echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME"
- name: Cache image digest
uses: actions/cache@v4
with:
path: ${{ matrix.build }}_${{ matrix.arch }}
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
build_images:
timeout-minutes: 90