extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-05-31 15:16:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prepare universal workflow

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-02-11 17:12:08 +09:00
parent e7366fb0a5
commit df0f6345ab
1 changed files with 304 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

360
.github/workflows/images_build_rhel.yml vendored
View File

@ -4,30 +4,50 @@ on:
release: release:
types: types:
- published - published
workflow_dispatch:
defaults: defaults:
run: run:
shell: bash shell: bash
env: env:
AUTO_PUSH_IMAGES: ${{ vars.AUTO_PUSH_IMAGES }}
LATEST_BRANCH: ${{ github.event.repository.default_branch }} LATEST_BRANCH: ${{ github.event.repository.default_branch }}
IMAGES_PREFIX: "zabbix-"
BASE_BUILD_NAME: "build-base" BASE_BUILD_NAME: "build-base"
DOCKERFILES_DIRECTORY: "Dockerfiles"
OIDC_ISSUER: "https://token.actions.githubusercontent.com"
IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/"
REGISTRY: "quay.io" REGISTRY: "quay.io"
REGISTRY_NAMESPACE: "redhat-isv-containers" REGISTRY_NAMESPACE: "redhat-isv-containers"
PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable"
PFLT_LOGLEVEL: "warn" PFLT_LOGLEVEL: "warn"
PFLT_ARTIFACTS: "/tmp/artifacts" PFLT_ARTIFACTS: "/tmp/artifacts"
TRUNK_BRANCH: "7.0"
jobs: jobs:
init_build: init_build:
name: Initialize build name: Initialize build
runs-on: [self-hosted, linux, X64] runs-on: ubuntu-latest
permissions:
contents: read
outputs: outputs:
components: ${{ steps.components.outputs.list }} components: ${{ steps.components.outputs.list }}
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
current_branch: ${{ steps.branch_info.outputs.current_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }}
sha_short: ${{ steps.branch_info.outputs.sha_short }} sha_short: ${{ steps.branch_info.outputs.sha_short }}
steps: steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@ -35,9 +55,13 @@ jobs:
- name: Get branch info - name: Get branch info
id: branch_info id: branch_info
shell: bash
env:
LATEST_BRANCH: ${{ env.LATEST_BRANCH }}
github_ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || github.ref }}
run: | run: |
github_ref="${{ github.ref }}"
result=false result=false
sha_short=$(git rev-parse --short HEAD)
if [[ "$github_ref" == "refs/tags/"* ]]; then if [[ "$github_ref" == "refs/tags/"* ]]; then
github_ref=${github_ref%.*} github_ref=${github_ref%.*}
@ -45,139 +69,268 @@ jobs:
github_ref=${github_ref##*/} github_ref=${github_ref##*/}
if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then
result=true
fi
echo "::group::Branch data"
echo "is_default_branch - $result"
echo "current_branch - $github_ref"
echo "sha_short - $sha_short"
echo "::endgroup::"
echo "is_default_branch=$result" >> $GITHUB_OUTPUT echo "is_default_branch=$result" >> $GITHUB_OUTPUT
echo "current_branch=${{ env.TRUNK_BRANCH }}" >> $GITHUB_OUTPUT echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
- name: Prepare Zabbix component list - name: Prepare Zabbix component list
id: components id: components
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }}
run: | run: |
component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ steps.branch_info.outputs.current_branch }}".components | keys | [ .[] | tostring ] | @json') component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components | keys | @json")
echo "::group::Zabbix Component List"
echo "$component_list"
echo "::endgroup::"
echo "list=$component_list" >> $GITHUB_OUTPUT echo "list=$component_list" >> $GITHUB_OUTPUT
build_base: build_base:
timeout-minutes: 30 timeout-minutes: 30
name: Build ${{ matrix.build }} base on RHEL name: Build ${{ matrix.build }} base (${{ matrix.arch }})
needs: ["init_build"] needs: ["init_build"]
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
build: ["build-base"] build: [build-base]
arch: [X64, ARM64]
runs-on: [self-hosted, linux, X64] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
outputs: permissions:
image: ${{ steps.build_image.outputs.image-with-tag }} contents: read
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
with:
cosign-release: 'v2.2.3'
- name: Check cosign version
run: cosign version
- name: Fix string case
id: lc
env:
ARCH: ${{ matrix.arch }}
run: |
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: zabbix-${{ matrix.build }} images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: | tags: |
type=sha type=sha,suffix=-${{ steps.lc.outputs.arch }}
- name: Build Zabbix Build Base - name: Build Zabbix Build Base
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@v2
with: with:
context: ./Dockerfiles/${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
containerfiles: | containerfiles: |
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
extra-args: | extra-args: |
--pull --pull
- name: Image digest
env:
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
run: |
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2)
echo "::group::Image digest"
echo "$DIGEST"
echo "::endgroup::"
echo "::group::Cache file name"
echo "$CACHE_FILE_NAME"
echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME"
- name: Cache image digest
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
build_base_database: build_base_database:
timeout-minutes: 180 timeout-minutes: 180
needs: [ "build_base", "init_build"] needs: [ "build_base", "init_build"]
name: Build ${{ matrix.build }} base on RHEL name: Build ${{ matrix.build }} base (${{ matrix.arch }})
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
build: ["mysql", "sqlite3"] build: [build-mysql, build-sqlite3]
arch: [X64, ARM64]
runs-on: [self-hosted, linux, X64] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
permissions:
contents: read
id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
- name: Fix string case
id: lc
env:
ARCH: ${{ matrix.arch }}
run: |
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: zabbix-build-${{ matrix.build }} images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: | tags: |
type=sha type=sha,suffix=-${{ steps.lc.outputs.arch }}
- name: Build ${{ matrix.build }} image - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
id: base_build
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
echo "::group::Base build image information"
echo "base_tag=${BASE_TAG}"
echo "base_build_image=${BUILD_BASE_IMAGE}"
echo "::endgroup::"
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
- name: Build Zabbix Build Base
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@v2
with: with:
context: ./Dockerfiles/build-${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
containerfiles: | containerfiles: |
./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
build-args: BUILD_BASE_IMAGE=${{ needs.build_base.outputs.image }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
- name: Image digest
env:
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
run: |
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2)
echo "::group::Image digest"
echo "$DIGEST"
echo "::endgroup::"
echo "::group::Cache file name"
echo "$CACHE_FILE_NAME"
echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME"
- name: Cache image digest
uses: actions/cache@v4
with:
path: ${{ matrix.build }}_${{ matrix.arch }}
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
build_images: build_images:
timeout-minutes: 90 timeout-minutes: 90
needs: [ "build_base_database", "init_build"] needs: [ "build_base_database", "init_build"]
name: Build ${{ matrix.build }} image name: Build ${{ matrix.build }} image (${{ matrix.arch }})
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
build: ${{ fromJson(needs.init_build.outputs.components) }} build: ${{ fromJson(needs.init_build.outputs.components) }}
arch: [X64, ARM64]
runs-on: [self-hosted, linux, X64] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
permissions:
contents: read
id-token: write
steps: steps:
- uses: actions/checkout@v4 - name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Fix string case
id: lc
env:
ARCH: ${{ matrix.arch }}
run: |
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
- name: Detect Build Base Image - name: Detect Build Base Image
id: build_base_image id: build_base_image
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
run: | run: |
BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base') BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".build_base")
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT echo "::group::Build base image"
echo "build_base=$BUILD_BASE"
echo "::endgroup::"
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT
- name: Generate image name - name: Generate image name
id: image_name id: image_name
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
run: | run: |
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
echo "::add-mask::$IMAGE_NAME" echo "::add-mask::$IMAGE_NAME"
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
- name: Generate credentials - name: Generate credentials
id: login_credentials id: login_credentials
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
run: | run: |
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret') REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".secret")
echo "::add-mask::$IMAGE_NAME" echo "::add-mask::$IMAGE_NAME"
echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot"
echo "::add-mask::$REGISTRY_PASSWORD" echo "::add-mask::$REGISTRY_PASSWORD"
echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
- name: Log in to Quay.io - name: Log in to Quay.io
uses: redhat-actions/podman-login@v1.6 uses: redhat-actions/podman-login@v1.6
@ -188,12 +341,14 @@ jobs:
username: redhat-isv-containers+${{ env.LOGIN }}-robot username: redhat-isv-containers+${{ env.LOGIN }}-robot
password: ${{ env.PASSWORD }} password: ${{ env.PASSWORD }}
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
- name: Remove smartmontools - name: Remove smartmontools
if: ${{ matrix.build == 'agent2' }} if: ${{ matrix.build == 'agent2' }}
env:
DOCKERFILES_DIRECTORY: ${{ env.DOCKERFILES_DIRECTORY }}
run: | run: |
sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile sed -i '/smartmontools/d' "$DOCKERFILES_DIRECTORY/agent2/rhel/Dockerfile"
- name: Generate tags - name: Generate tags
id: meta id: meta
@ -204,38 +359,72 @@ jobs:
type=semver,pattern={{version}} type=semver,pattern={{version}}
type=sha type=sha
flavor: | flavor: |
latest=${{ ( github.event_name == 'release' ) }} latest=${{ github.event_name == 'release' }}
suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true
- name: Build ${{ matrix.build }} and push - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}
key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag
id: base_build
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
echo "::group::Base build image information"
echo "base_tag=${BASE_TAG}"
echo "base_build_image=${BUILD_BASE_IMAGE}"
echo "::endgroup::"
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
- name: Build ${{ matrix.build }}
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@v2
with: with:
context: ./Dockerfiles/${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: | labels: |
org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
containerfiles: | containerfiles: |
./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
- name: Push to RedHat certification procedure - name: Push to RedHat certification procedure
id: push_to_registry id: push_to_registry
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@v2
with: with:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
- name: Preflight - name: Preflight
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
env: env:
PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }}
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
run: | run: |
mkdir -p $PFLT_ARTIFACTS mkdir -p $PFLT_ARTIFACTS
podman run \ echo "::group::Pull preflight image"
podman pull "$PREFLIGHT_IMAGE"
echo "::endgroup::"
echo "::group::Perform certification tests"
podman run \
-it \ -it \
--rm \ --rm \
--security-opt=label=disable \ --security-opt=label=disable \
@ -247,15 +436,74 @@ jobs:
--env PFLT_DOCKERCONFIG=/temp-authfile.json \ --env PFLT_DOCKERCONFIG=/temp-authfile.json \
-v $PFLT_ARTIFACTS:/artifacts \ -v $PFLT_ARTIFACTS:/artifacts \
-v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \ -v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \
quay.io/opdev/preflight:stable check container ${{ steps.build_image.outputs.image-with-tag }} --submit "$PREFLIGHT_IMAGE" check container $IMAGE_TAG --submit
podman rmi -i -f "$PREFLIGHT_IMAGE"
echo "::endgroup::"
- name: Push to RedHat certification procedure - name: Push to RedHat certification procedure
id: push_to_registry_all_tags id: push_to_registry_all_tags
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@v2
with: with:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
- name: Cleanup - name: Cleanup artifacts
if: ${{ always() }}
env:
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
TAGS: ${{ steps.meta.outputs.tags }}
run: | run: |
echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done echo "::group::Post build actions"
rm -rf ${{ env.PFLT_ARTIFACTS }} echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done
rm -rf "$PFLT_ARTIFACTS"
podman rmi -i -f "$PREFLIGHT_IMAGE"
echo "::endgroup::"
clean_artifacts:
timeout-minutes: 90
needs: [ "build_images", "init_build"]
name: Build ${{ matrix.build }} image (${{ matrix.arch }})
strategy:
fail-fast: false
matrix:
build: [build-mysql, build-sqlite3]
arch: [X64, ARM64]
runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
if: ${{ always() && needs.build_base_database.result == 'success' }}
permissions: {}
steps:
- name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ matrix.build }}_${{ matrix.arch }}
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ matrix.build }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
podman rmi -i -f "$BUILD_BASE_IMAGE"
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
podman rmi -i -f "$BUILD_BASE_IMAGE"