From c3da232c730dea16fb5d98915db73ca10fffabcf Mon Sep 17 00:00:00 2001 From: Stephanos Ioannidis Date: Fri, 22 Mar 2024 20:34:51 +0900 Subject: [PATCH] [WIP] .github: workflows: Use buildah --- .github/workflows/ci.yml | 299 ++++++++++++++++++++------------------- 1 file changed, 151 insertions(+), 148 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c5d845b..bc63936 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,6 +24,8 @@ jobs: name: Build (${{ matrix.variant.platform }}) runs-on: group: ${{ matrix.variant.builder }} + container: + image: ghcr.io/zephyrproject-rtos/image-build:v1.0.0 strategy: fail-fast: true @@ -36,45 +38,61 @@ jobs: arch: arm64 builder: zephyr-runner-v2-linux-arm64-4xlarge - services: - registry: - image: registry:2 - ports: - - 5000:5000 + env: + DOCKERHUB_BASE: docker.io/zephyrprojectrtos + GHCR_BASE: ghcr.io/zephyrproject-rtos + BASE_IMAGE_NAME: ci-base-testing + CI_IMAGE_NAME: ci-testing + DEVELOPER_IMAGE_NAME: zephyr-build-testing steps: - name: Checkout uses: actions/checkout@v3 - - name: Generate local metadata for base image - id: meta_ci_base - uses: docker/metadata-action@v4 - with: - images: | - localhost:5000/zephyrproject-rtos/ci-base-testing + # - name: Set up build environment + # run: | + # # Install Podman. + # dnf -y install podman - - name: Generate local metadata for CI image - id: meta_ci - uses: docker/metadata-action@v4 + # # Use VFS storage driver because FUSE is not available inside + # # unprivileged runner containers. + # sed -i 's/driver = .*/driver = "vfs"/' /etc/containers/storage.conf + + # # Set XDG_RUNTIME_DIR to ensure that Podman correctly resolves temporary + # # directory path. + # export XDG_RUNTIME_DIR="/tmp/users/$(id -u)" + # mkdir -p $XDG_RUNTIME_DIR + # echo "XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR" >> $GITHUB_ENV + + # # Create a dummy Docker config file because podman-login action + # # requires it. + # mkdir -p $HOME/.docker + # echo '{ "auths": {} }' > $HOME/.docker/config.json + + - name: Login to DockerHub + if: ${{ github.event_name != 'pull_request' }} + uses: redhat-actions/podman-login@v1 with: - images: | - localhost:5000/zephyrproject-rtos/ci-testing + registry: docker.io + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Generate local metadata for Developer image - id: meta_developer - uses: docker/metadata-action@v4 + - name: Login to GitHub Container Registry + if: ${{ github.event_name != 'pull_request' }} + uses: redhat-actions/podman-login@v1 with: - images: | - localhost:5000/zephyrproject-rtos/zephyr-build-testing + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Generate push metadata for base image + - name: Generate metadata for base image if: ${{ github.event_name != 'pull_request' }} - id: meta_ci_base_push + id: meta_ci_base uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/ci-base-testing - ghcr.io/zephyrproject-rtos/ci-base-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.BASE_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.BASE_IMAGE_NAME }} flavor: | latest=false suffix=-${{ matrix.variant.arch }} @@ -82,14 +100,14 @@ jobs: type=ref,event=branch type=ref,event=tag - - name: Generate push metadata for CI image + - name: Generate metadata for CI image if: ${{ github.event_name != 'pull_request' }} - id: meta_ci_push + id: meta_ci uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/ci-testing - ghcr.io/zephyrproject-rtos/ci-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.CI_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.CI_IMAGE_NAME }} flavor: | latest=false suffix=-${{ matrix.variant.arch }} @@ -97,14 +115,14 @@ jobs: type=ref,event=branch type=ref,event=tag - - name: Generate push metadata for Developer image + - name: Generate metadata for Developer image if: ${{ github.event_name != 'pull_request' }} - id: meta_developer_push + id: meta_developer uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/zephyr-build-testing - ghcr.io/zephyrproject-rtos/zephyr-build-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.DEVELOPER_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.DEVELOPER_IMAGE_NAME }} flavor: | latest=false suffix=-${{ matrix.variant.arch }} @@ -112,111 +130,96 @@ jobs: type=ref,event=branch type=ref,event=tag - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - driver-opts: network=host - - - name: Build base docker image - uses: docker/build-push-action@v3 + - name: Build base image + uses: redhat-actions/buildah-build@v2 with: context: . - file: Dockerfile.base - platforms: ${{ matrix.variant.platform }} - push: true + containerfiles: Dockerfile.base tags: ${{ steps.meta_ci_base.outputs.tags }} labels: ${{ steps.meta_ci_base.outputs.labels }} - - name: Build CI docker image - uses: docker/build-push-action@v3 - with: - context: . - file: Dockerfile.ci - platforms: ${{ matrix.variant.platform }} - push: true - tags: ${{ steps.meta_ci.outputs.tags }} - labels: ${{ steps.meta_ci.outputs.labels }} - build-args: | - BASE_IMAGE=localhost:5000/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base.outputs.version }} - - - name: Build Developer docker image - uses: docker/build-push-action@v3 - with: - context: . - file: Dockerfile.devel - platforms: ${{ matrix.variant.platform }} - push: true - tags: ${{ steps.meta_developer.outputs.tags }} - labels: ${{ steps.meta_developer.outputs.labels }} - build-args: | - BASE_IMAGE=localhost:5000/zephyrproject-rtos/ci-testing:${{ steps.meta_ci.outputs.version }} - - - name: Login to DockerHub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v2 - with: - registry: docker.io - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v2 + # - name: Build CI image + # uses: docker/build-push-action@v3 + # with: + # context: . + # file: Dockerfile.ci + # platforms: ${{ matrix.variant.platform }} + # push: true + # tags: ${{ steps.meta_ci.outputs.tags }} + # labels: ${{ steps.meta_ci.outputs.labels }} + # build-args: | + # BASE_IMAGE=localhost:5000/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base.outputs.version }} + + # - name: Build Developer image + # uses: docker/build-push-action@v3 + # with: + # context: . + # file: Dockerfile.devel + # platforms: ${{ matrix.variant.platform }} + # push: true + # tags: ${{ steps.meta_developer.outputs.tags }} + # labels: ${{ steps.meta_developer.outputs.labels }} + # build-args: | + # BASE_IMAGE=localhost:5000/zephyrproject-rtos/ci-testing:${{ steps.meta_ci.outputs.version }} + + - name: Push base image + uses: redhat-actions/push-to-registry@v2 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push base docker image - if: ${{ github.event_name != 'pull_request' }} - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: localhost:5000/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base.outputs.version }} - dst: ${{ steps.meta_ci_base_push.outputs.tags }} - - - name: Push CI docker image - if: ${{ github.event_name != 'pull_request' }} - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: localhost:5000/zephyrproject-rtos/ci-testing:${{ steps.meta_ci.outputs.version }} - dst: ${{ steps.meta_ci_push.outputs.tags }} - - - name: Push Developer docker image - if: ${{ github.event_name != 'pull_request' }} - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: localhost:5000/zephyrproject-rtos/zephyr-build-testing:${{ steps.meta_developer.outputs.version }} - dst: ${{ steps.meta_developer_push.outputs.tags }} + tags: ${{ steps.meta_ci_base.outputs.tags }} merge: name: Merge runs-on: group: zephyr-runner-v2-linux-x64-4xlarge + container: + image: ghcr.io/zephyrproject-rtos/image-build:v1.0.0 needs: build if: ${{ github.event_name != 'pull_request' }} steps: + # - name: Set up build environment + # run: | + # # Install Podman. + # dnf -y install podman + + # # Use VFS storage driver because FUSE is not available inside + # # unprivileged runner containers. + # sed -i 's/driver = .*/driver = "vfs"/' /etc/containers/storage.conf + + # # Set XDG_RUNTIME_DIR to ensure that Podman correctly resolves temporary + # # directory path. + # export XDG_RUNTIME_DIR="/tmp/users/$(id -u)" + # mkdir -p $XDG_RUNTIME_DIR + # echo "XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR" >> $GITHUB_ENV + + # # Create a dummy Docker config file because podman-login action + # # requires it. + # mkdir -p $HOME/.docker + # echo '{ "auths": {} }' > $HOME/.docker/config.json + - name: Login to DockerHub - uses: docker/login-action@v2 + if: ${{ github.event_name != 'pull_request' }} + uses: redhat-actions/podman-login@v1 with: registry: docker.io - username: ${{ secrets.DOCKERHUB_USERNAME }} + username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + if: ${{ github.event_name != 'pull_request' }} + uses: redhat-actions/podman-login@v1 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Generate push metadata for base docker image - id: meta_ci_base_push + - name: Generate metadata for base image + id: meta_ci_base uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/ci-base-testing - ghcr.io/zephyrproject-rtos/ci-base-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.BASE_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.BASE_IMAGE_NAME }} flavor: | latest=false tags: | @@ -224,13 +227,13 @@ jobs: type=ref,event=tag type=raw,value=latest,enable={{is_default_branch}} - - name: Generate push metadata for CI image - id: meta_ci_push + - name: Generate metadata for CI image + id: meta_ci uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/ci-testing - ghcr.io/zephyrproject-rtos/ci-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.CI_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.CI_IMAGE_NAME }} flavor: | latest=false tags: | @@ -238,13 +241,13 @@ jobs: type=ref,event=tag type=raw,value=latest,enable={{is_default_branch}} - - name: Generate push metadata for Developer image - id: meta_developer_push + - name: Generate metadata for Developer image + id: meta_developer uses: docker/metadata-action@v4 with: images: | - docker.io/zephyrprojectrtos/zephyr-build-testing - ghcr.io/zephyrproject-rtos/zephyr-build-testing + ${{ env.DOCKERHUB_BASE }}/${{ env.DEVELOPER_IMAGE_NAME }} + ${{ env.GHCR_BASE }}/${{ env.DEVELOPER_IMAGE_NAME }} flavor: | latest=false tags: | @@ -255,15 +258,15 @@ jobs: - name: Create multi-architecture image run: | archs=(amd64 arm64) - ci_base_image="ghcr.io/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base_push.outputs.version }}" - ci_image="ghcr.io/zephyrproject-rtos/ci-testing:${{ steps.meta_ci_push.outputs.version }}" - developer_image="ghcr.io/zephyrproject-rtos/zephyr-build-testing:${{ steps.meta_developer_push.outputs.version }}" + ci_base_image="${{ env.GHCR_BASE }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.meta_ci_base.outputs.version }}" + ci_image="${{ env.GHCR_BASE }}/${{ env.CI_IMAGE_NAME }}:${{ steps.meta_ci.outputs.version }}" + developer_image="${{ env.GHCR_BASE }}/${{ env.DEVELOPER_IMAGE_NAME }}:${{ steps.meta_developer.outputs.version }}" # Pull architecture-specific images for arch in ${archs[@]}; do - docker pull ${ci_base_image}-${arch} - docker pull ${ci_image}-${arch} - docker pull ${developer_image}-${arch} + podman pull ${ci_base_image}-${arch} + podman pull ${ci_image}-${arch} + podman pull ${developer_image}-${arch} done # Create multi-architecture image @@ -273,28 +276,28 @@ jobs: developer_image_amend_flags+="--amend ${developer_image}-${arch} " done - docker manifest create ${ci_base_image} ${ci_base_image_amend_flags} - docker manifest create ${ci_image} ${ci_image_amend_flags} - docker manifest create ${developer_image} ${developer_image_amend_flags} - - docker manifest push ${ci_base_image} - docker manifest push ${ci_image} - docker manifest push ${developer_image} - - - name: Push base docker image - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: ghcr.io/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base_push.outputs.version }} - dst: ${{ steps.meta_ci_base_push.outputs.tags }} - - - name: Push CI docker image - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: ghcr.io/zephyrproject-rtos/ci-testing:${{ steps.meta_ci_push.outputs.version }} - dst: ${{ steps.meta_ci_push.outputs.tags }} - - - name: Push Developer docker image - uses: stephanosio/tag-push-action@v2.1.0 - with: - src: ghcr.io/zephyrproject-rtos/zephyr-build-testing:${{ steps.meta_developer_push.outputs.version }} - dst: ${{ steps.meta_developer_push.outputs.tags }} + podman manifest create ${ci_base_image} ${ci_base_image_amend_flags} + podman manifest create ${ci_image} ${ci_image_amend_flags} + podman manifest create ${developer_image} ${developer_image_amend_flags} + + podman manifest push ${ci_base_image} + podman manifest push ${ci_image} + podman manifest push ${developer_image} + + # - name: Push base docker image + # uses: stephanosio/tag-push-action@v2.1.0 + # with: + # src: ghcr.io/zephyrproject-rtos/ci-base-testing:${{ steps.meta_ci_base_push.outputs.version }} + # dst: ${{ steps.meta_ci_base_push.outputs.tags }} + + # - name: Push CI docker image + # uses: stephanosio/tag-push-action@v2.1.0 + # with: + # src: ghcr.io/zephyrproject-rtos/ci-testing:${{ steps.meta_ci_push.outputs.version }} + # dst: ${{ steps.meta_ci_push.outputs.tags }} + + # - name: Push Developer docker image + # uses: stephanosio/tag-push-action@v2.1.0 + # with: + # src: ghcr.io/zephyrproject-rtos/zephyr-build-testing:${{ steps.meta_developer_push.outputs.version }} + # dst: ${{ steps.meta_developer_push.outputs.tags }}