diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 77af603fea..abd8edd08b 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -53,11 +53,6 @@ jobs: - qemu - qemu-snp-experimental - stratovirt - - rootfs-image - - rootfs-image-confidential - - rootfs-image-mariner - - rootfs-initrd - - rootfs-initrd-confidential - runk - trace-forwarder - virtiofsd @@ -142,6 +137,70 @@ jobs: retention-days: 15 if-no-files-found: error + build-asset-rootfs: + runs-on: ubuntu-22.04 + needs: build-asset + strategy: + matrix: + asset: + - rootfs-image + - rootfs-image-confidential + - rootfs-image-mariner + - rootfs-initrd + - rootfs-initrd-confidential + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: get-artifacts + uses: actions/download-artifact@v4 + with: + pattern: kata-artifacts-amd64-*${{ inputs.tarball-suffix }} + path: kata-artifacts + merge-multiple: true + + - name: Build ${{ matrix.asset }} + id: build + run: | + ./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "${KATA_ASSET}" + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }} + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 15 + if-no-files-found: error + build-asset-shim-v2: runs-on: ubuntu-22.04 needs: build-asset @@ -192,7 +251,7 @@ jobs: create-kata-tarball: runs-on: ubuntu-22.04 - needs: [build-asset, build-asset-shim-v2] + needs: [build-asset, build-asset-rootfs, build-asset-shim-v2] steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index 7d0e170471..f7d5649948 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -35,8 +35,6 @@ jobs: - nydus - qemu - stratovirt - - rootfs-image - - rootfs-initrd - virtiofsd steps: - name: Login to Kata Containers quay.io @@ -74,6 +72,66 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }} + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 15 + if-no-files-found: error + + build-asset-rootfs: + runs-on: arm64-builder + needs: build-asset + strategy: + matrix: + asset: + - rootfs-image + - rootfs-initrd + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: get-artifacts + uses: actions/download-artifact@v4 + with: + pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} + path: kata-artifacts + merge-multiple: true + + - name: Build ${{ matrix.asset }} + run: | + ./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "${KATA_ASSET}" + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + - name: store-artifact ${{ matrix.asset }} if: ${{ inputs.stage != 'release' }} uses: actions/upload-artifact@v4 @@ -132,7 +190,7 @@ jobs: create-kata-tarball: runs-on: arm64-builder - needs: [build-asset, build-asset-shim-v2] + needs: [build-asset, build-asset-rootfs, build-asset-shim-v2] steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index 8da80c391f..77607d8789 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -30,7 +30,6 @@ jobs: - agent - kernel - qemu - - rootfs-initrd - virtiofsd stage: - ${{ inputs.stage }} @@ -84,6 +83,72 @@ jobs: retention-days: 1 if-no-files-found: error + build-asset-rootfs: + runs-on: ppc64le + needs: build-asset + strategy: + matrix: + asset: + - rootfs-initrd + stage: + - ${{ inputs.stage }} + steps: + - name: Prepare the self-hosted runner + run: | + ${HOME}/scripts/prepare_runner.sh + sudo rm -rf $GITHUB_WORKSPACE/* + + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: get-artifacts + uses: actions/download-artifact@v4 + with: + pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} + path: kata-artifacts + merge-multiple: true + + - name: Build ${{ matrix.asset }} + run: | + ./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "${KATA_ASSET}" + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }} + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + build-asset-shim-v2: runs-on: ppc64le needs: build-asset @@ -138,7 +203,7 @@ jobs: create-kata-tarball: runs-on: ppc64le - needs: [build-asset, build-asset-shim-v2] + needs: [build-asset, build-asset-rootfs, build-asset-shim-v2] steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index a546419f23..b948bf3925 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -38,10 +38,6 @@ jobs: - kernel-confidential - pause-image - qemu - - rootfs-image - - rootfs-image-confidential - - rootfs-initrd - - rootfs-initrd-confidential - virtiofsd env: PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} @@ -114,9 +110,72 @@ jobs: retention-days: 15 if-no-files-found: error - build-asset-boot-image-se: + build-asset-rootfs: runs-on: s390x needs: build-asset + strategy: + matrix: + asset: + - rootfs-image + - rootfs-image-confidential + - rootfs-initrd + - rootfs-initrd-confidential + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: get-artifacts + uses: actions/download-artifact@v4 + with: + pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} + path: kata-artifacts + merge-multiple: true + + - name: Build ${{ matrix.asset }} + id: build + run: | + ./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "${KATA_ASSET}" + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }} + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 15 + if-no-files-found: error + + build-asset-boot-image-se: + runs-on: s390x + needs: [build-asset, build-asset-rootfs] steps: - uses: actions/checkout@v4 @@ -142,11 +201,7 @@ jobs: - name: Build boot-image-se run: | - base_dir=tools/packaging/kata-deploy/local-build/ - cp -r kata-artifacts ${base_dir}/build - # Skip building dependant artifacts of boot-image-se-tarball - # because we already have them from the previous build - sed -i 's/\(^boot-image-se-tarball:\).*/\1/g' ${base_dir}/Makefile + ./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "boot-image-se" make boot-image-se-tarball build_dir=$(readlink -f build) sudo cp -r "${build_dir}" "kata-build" @@ -212,7 +267,7 @@ jobs: create-kata-tarball: runs-on: s390x - needs: [build-asset, build-asset-boot-image-se, build-asset-shim-v2] + needs: [build-asset, build-asset-rootfs, build-asset-boot-image-se, build-asset-shim-v2] steps: - uses: actions/checkout@v4 with: