opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-03-13 08:01:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
49eb047c0ae4481b367d243399c00a7375858ba0
podman/.github/workflows/multi-arch-build.yaml
Chris Evich 21bef6db6e Update container image docs + fix unstable execution 
Update the order of image documentation to be from most to least stable.
Similarly, avoid depending on execution of upstream podman, when
building/pushing.  It's easily possible for this build to function but
execution to fail due to some partially implemented feature.

Also, ensure images tagged `latest` are pushed for every matrix
item.  For 'upstream' and 'testing', this replaces use of the
'master' tag.

Lastly, update workflow comments and split the 'podman' and 'containers'
FQIN steps and outputs to improve readability.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-04-29 11:23:59 -04:00

207 lines
8.3 KiB
YAML
Raw Blame History

---
# Please see contrib/podmanimage/README.md for details on the intentions
# of this workflow.
name: build multi-arch images
on:
# Upstream podman tends to be very active, with many merges per day.
# Only run this daily via cron schedule, or manually, not by branch push.
schedule:
- cron: '0 8 * * *'
# allows to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
multi:
name: multi-arch Podman build
env:
PODMAN_QUAY_REGISTRY: quay.io/podman
CONTAINERS_QUAY_REGISTRY: quay.io/containers
# list of architectures for build
PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
# build several images (upstream, testing, stable) in parallel
strategy:
matrix:
# Builds are located under contrib/podmanimage/<source> directory
source:
- upstream
- testing
- stable
runs-on: ubuntu-latest
# internal registry caches build for inspection before push
services:
registry:
image: quay.io/libpod/registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host
install: true
- name: Build and locally push Podman
uses: docker/build-push-action@v2
with:
context: contrib/podmanimage/${{ matrix.source }}
file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
tags: localhost:5000/podman/${{ matrix.source }}
# Simple verification that stable images work, and
# also grab version number use in forming the FQIN.
- name: amd64 container sniff test
if: matrix.source = 'stable'
id: sniff_test
run: |
VERSION_OUTPUT="$(docker run localhost:5000/podman/${{ matrix.source }} \
podman --storage-driver=vfs version)"
echo "$VERSION_OUTPUT"
VERSION=$(grep -Em1 '^Version: ' <<<"$VERSION_OUTPUT" | awk '{print $2}')
test -n "$VERSION"
echo "::set-output name=version::${VERSION}"
- name: Generate podman reg. image FQIN(s)
id: podman_reg
run: |
if [[ "${{ matrix.source }}" == 'stable' ]]; then
# The `podman version` in image just built
VERSION='v${{ steps.sniff_test.outputs.version }}'
# workaround vim syntax-highlight bug: '
# Image tags previously pushed to quay
ALLTAGS=$(skopeo list-tags \
docker://$PODMAN_QUAY_REGISTRY/stable | \
jq -r '.Tags[]')
# New image? Push quay.io/podman/stable:vX.X.X and :latest
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
# Assume version-tag is also the most up to date (i.e. "latest")
FQIN="$PODMAN_QUAY_REGISTRY/stable:$VERSION,$PODMAN_QUAY_REGISTRY/stable:latest"
else # Not a new version-tagged image
# Assume other contents changed, so this is the "new" latest.
FQIN="$PODMAN_QUAY_REGISTRY/stable:latest"
fi
elif [[ "${{ matrix.source }}" == 'testing' ]]; then
# Assume some contents changed, always push latest testing.
FQIN="$PODMAN_QUAY_REGISTRY/testing:latest"
elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
# Assume some contents changed, always push latest upstream.
FQIN="$PODMAN_QUAY_REGISTRY/upstream:latest"
else
echo "::error::Unknown matrix item '${{ matrix.source }}'"
exit 1
fi
echo "::warning::Pushing $FQIN"
echo "::set-output name=fqin::${FQIN}"
echo '::set-output name=push::true'
# This is substantially the same as the above step, except the
# $CONTAINERS_QUAY_REGISTRY is used and the "testing"
# flavor is never pushed.
- name: Generate containers reg. image FQIN(s)
if: matrix.source != 'testing'
id: containers_reg
run: |
if [[ "${{ matrix.source }}" == 'stable' ]]; then
VERSION='v${{ steps.sniff_test.outputs.version }}'
# workaround vim syntax-highlight bug: '
ALLTAGS=$(skopeo list-tags \
docker://$CONTAINERS_QUAY_REGISTRY/podman | \
jq -r '.Tags[]')
# New image? Push quay.io/containers/podman:vX.X.X and :latest
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
FQIN="$CONTAINERS_QUAY_REGISTRY/podman:$VERSION,$CONTAINERS_QUAY_REGISTRY/podman:latest"
else # Not a new version-tagged image, but contents may be updated
FQIN="$CONTAINERS_QUAY_REGISTRY/podman:latest"
fi
elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
FQIN="$CONTAINERS_QUAY_REGISTRY/podman:latest"
else
echo "::error::Unknown matrix item '${{ matrix.source }}'"
exit 1
fi
echo "::warning::Pushing $FQIN"
echo "::set-output name=fqin::${FQIN}"
echo '::set-output name=push::true'
- name: Define LABELS multi-line env. var. value
run: |
# This is a really hacky/strange workflow idiom, required
# for setting multi-line $LABELS value for consumption in
# a future step.
# https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#multiline-strings
cat << EOF | tee -a $GITHUB_ENV
LABELS<<DELIMITER
org.opencontainers.image.source=https://github.com/${{ github.repository }}.git
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=$(date -u --iso-8601=seconds)
DELIMITER
EOF
# Separate steps to login and push for podman and containers quay
# repositories are required, because 2 sets of credentials are used and `docker
# login` as well as `podman login` do not support having 2 different
# credential sets for 1 registry.
# At the same time reuse of non-shell steps is not supported by Github Actions
# via anchors or composite actions
# Push to 'podman' Quay repo for stable, testing. and upstream
- name: Login to 'podman' Quay registry
uses: docker/login-action@v1
if: steps.podman_reg.outputs.push == 'true'
with:
registry: ${{ env.PODMAN_QUAY_REGISTRY }}
# N/B: Secrets are not passed to workflows that are triggered
# by a pull request from a fork
username: ${{ secrets.PODMAN_QUAY_USERNAME }}
password: ${{ secrets.PODMAN_QUAY_PASSWORD }}
- name: Push images to 'podman' Quay
uses: docker/build-push-action@v2
if: steps.podman_reg.outputs.push == 'true'
with:
cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }}
cache-to: type=inline
context: contrib/podmanimage/${{ matrix.source }}
file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
tags: ${{ steps.podman_push.outputs.fqin }}
labels: |
${{ env.LABELS }}
# Push to 'containers' Quay repo only stable podman
- name: Login to 'containers' Quay registry
if: steps.containers_reg.outputs.push == 'true'
uses: docker/login-action@v1
with:
registry: ${{ env.CONTAINERS_QUAY_REGISTRY}}
username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}
- name: Push images to 'containers' Quay
if: steps.containers_reg.outputs.push == 'true'
uses: docker/build-push-action@v2
with:
cache-from: type=registry,ref=localhost:5000/podman/${{ matrix.source }}
cache-to: type=inline
context: contrib/podmanimage/${{ matrix.source }}
file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
tags: ${{ steps.containers_reg.outputs.fqin }}
labels: |
${{ env.LABELS }}
Reference in New Issue View Git Blame Copy Permalink