Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MDBF-773 - QUAY,GHCR move / create tags for Production images #552

Merged
merged 5 commits into from
Aug 30, 2024
Merged

MDBF-773 - QUAY,GHCR move / create tags for Production images #552

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e472cdc
Use different set of container images between environments
RazvanLiviuVarzaru Aug 30, 2024
0b1a357
Implement DEV tags
RazvanLiviuVarzaru Aug 30, 2024
e3d3fa9
Implement DEV tags for RHEL
RazvanLiviuVarzaru Aug 30, 2024
018eda5
Make "release container" use the workflow template
RazvanLiviuVarzaru Aug 30, 2024
09651dc
Fix - pull request comments
RazvanLiviuVarzaru Aug 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 0 additions & 150 deletions .github/workflows/bbw_build_container_release.yml
View file
Open in desktop

This file was deleted.

83 changes: 67 additions & 16 deletions .github/workflows/bbw_build_container_rhel.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,20 @@ name: bbw-build-container-rhel
on:
push:
paths:
- 'ci_build_images/buildbot-worker.Dockerfile'
RazvanLiviuVarzaru marked this conversation as resolved.
Show resolved Hide resolved
- .github/workflows/bbw_build_container_rhel.yml
- "ci_build_images/**"
- 'ci_build_images/pip.Dockerfile'
- 'ci_build_images/qpress.Dockerfile'
- 'ci_build_images/rhel.Dockerfile'
- 'ci_build_images/rhel7.Dockerfile'
pull_request:
paths:
- 'ci_build_images/buildbot-worker.Dockerfile'
- .github/workflows/bbw_build_container_rhel.yml
- "ci_build_images/**"
- 'ci_build_images/pip.Dockerfile'
- 'ci_build_images/qpress.Dockerfile'
- 'ci_build_images/rhel.Dockerfile'
- 'ci_build_images/rhel7.Dockerfile'

jobs:
build:
Expand Down Expand Up @@ -39,11 +47,16 @@ jobs:
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
nogalera: false
env:
MAIN_BRANCH: false
BUILD_RHEL: false
DEPLOY_IMAGES: false
WORKDIR: ci_build_images

steps:
- name: Enable Production release - no rebuild
run: echo "MAIN_BRANCH=true" >> $GITHUB_ENV
if: github.ref == 'refs/heads/main'

- uses: actions/checkout@v4
- name: Set up env vars
run: |
Expand All @@ -59,44 +72,55 @@ jobs:
echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
fi
echo "REPO=bb-worker" >>$GITHUB_ENV

- name: Check for rhel subscription credentials
if: >
github.repository == 'mariadb/buildbot' &&
github.ref == 'refs/heads/main'
github.repository == 'mariadb/buildbot'
run: |
missing=()
[[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
[[ -n "${{ secrets.RHEL_KEYNAME }}" ]] || missing+=(RHEL_KEYNAME)
for i in "${missing[@]}"; do
echo "Missing github secret: $i"
done
(( ${#missing[@]} == 0 )) || exit 1
echo "BUILD_RHEL=true" >> $GITHUB_ENV

if (( ${#missing[@]} == 0 )); then
echo "BUILD_RHEL=true" >> $GITHUB_ENV
else
echo "Not building RHEL"
fi

- name: Generate Dockerfile and necessary files
if: ${{ env.MAIN_BRANCH == 'false' }}
RazvanLiviuVarzaru marked this conversation as resolved.
Show resolved Hide resolved
run: |
cd ${{ env.WORKDIR }}
cat ${{ matrix.dockerfile }} qpress.Dockerfile buildbot-worker.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
if [ "${{ matrix.nogalera }}" == true ]; then
sed -i -e '/ci.mariadb.org\/galera/d' -e '/WSREP_PROVIDER/d' -e '/galera-4/d' $GITHUB_WORKSPACE/Dockerfile
fi
cp -r qpress $GITHUB_WORKSPACE

- name: Check Dockerfile with hadolint
if: ${{ env.MAIN_BRANCH == 'false' }}
run: |
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile

- name: Install qemu-user-static
if: ${{ env.BUILD_RHEL == 'true' }}
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static

- name: Make sure that time is in sync
if: ${{ env.BUILD_RHEL == 'true' }}
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
# RHEL subscription needs that time and date
# is correct and is syncing with an NTP-server
# https://access.redhat.com/discussions/672313#comment-2360508
sudo chronyc -a makestep

- name: Build image
if: ${{ env.BUILD_RHEL == 'true' }}
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
# create secrets
echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid
Expand All @@ -117,14 +141,16 @@ jobs:
done
rm -f rhel_orgid rhel_keyname
podman images

- name: Push images to local registry
if: ${{ env.BUILD_RHEL == 'true' }}
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
podman manifest push --tls-verify=0 \
--all ${{ env.REPO }}:${{ env.IMG }} \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}

- name: Check multi-arch container
if: ${{ env.BUILD_RHEL == 'true' }}
if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
# make some space on the runner
if [[ -d $HOME/.local/share/containers ]]; then
Expand All @@ -141,6 +167,7 @@ jobs:
docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
done

- name: Check for registry credentials
if: ${{ env.BUILD_RHEL == 'true' }}
run: |
Expand All @@ -155,35 +182,59 @@ jobs:
else
echo "Not pushing images to registry"
fi

- name: Login to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images to ghcr.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}

- name: ghcr.io - push dev tag
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
msg="Push docker image to ghcr.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }}

- name: ghcr.io - move tag to production
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }}
run: |
msg="Update tag (dev_${{ env.IMG }} --> ${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }} \
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }}

- name: Login to registry
if: ${{ env.DEPLOY_IMAGES == 'true' }}
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Push images to quay.io
if: ${{ env.DEPLOY_IMAGES == 'true' }}

- name: quay.io - push dev tag
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
run: |
msg="Push docker image to quay.io (${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }}

- name: quay.io - push dev tag
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }}
run: |
msg="Update tag (dev_${{ env.IMG }} --> ${{ env.IMG }})"
line="${msg//?/=}"
printf "\n${line}\n${msg}\n${line}\n"
skopeo copy --all --src-tls-verify=0 \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }} \
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}
Loading