diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 69e718ca58..fdc71aec0d 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -59,7 +59,6 @@ jobs: - rootfs-initrd - rootfs-initrd-confidential - runk - - shim-v2 - trace-forwarder - virtiofsd stage: @@ -143,9 +142,58 @@ jobs: retention-days: 15 if-no-files-found: error - create-kata-tarball: + build-asset-shim-v2: runs-on: ubuntu-22.04 needs: build-asset + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Build shim-v2 + id: build + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: shim-v2 + TAR_OUTPUT: shim-v2.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact shim-v2 + if: ${{ matrix.stage != 'release' }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-amd64-shim-v2${{ inputs.tarball-suffix }} + path: kata-build/kata-static-shim-v2.tar.xz + retention-days: 15 + if-no-files-found: error + + create-kata-tarball: + runs-on: ubuntu-22.04 + needs: [build-asset, build-asset-shim-v2] steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index bbe4017a61..a5e8ee9a0d 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -37,7 +37,6 @@ jobs: - stratovirt - rootfs-image - rootfs-initrd - - shim-v2 - virtiofsd steps: - name: Login to Kata Containers quay.io @@ -84,9 +83,57 @@ jobs: retention-days: 15 if-no-files-found: error - create-kata-tarball: + build-asset-shim-v2: runs-on: arm64-builder needs: build-asset + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Build shim-v2 + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: shim-v2 + TAR_OUTPUT: shim-v2.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact shim-v2 + if: ${{ inputs.stage != 'release' }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-arm64-shim-v2${{ inputs.tarball-suffix }} + path: kata-build/kata-static-shim-v2.tar.xz + retention-days: 15 + if-no-files-found: error + + create-kata-tarball: + runs-on: arm64-builder + needs: [build-asset, build-asset-shim-v2] steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index 66e9754739..9f4891d41d 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -31,7 +31,6 @@ jobs: - kernel - qemu - rootfs-initrd - - shim-v2 - virtiofsd stage: - ${{ inputs.stage }} @@ -85,9 +84,62 @@ jobs: retention-days: 1 if-no-files-found: error - create-kata-tarball: + build-asset-shim-v2: runs-on: ppc64le needs: build-asset + steps: + - name: Prepare the self-hosted runner + run: | + ${HOME}/scripts/prepare_runner.sh + sudo rm -rf $GITHUB_WORKSPACE/* + + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Build shim-v2 + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: shim-v2 + TAR_OUTPUT: shim-v2.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact shim-v2 + if: ${{ inputs.stage != 'release' }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-ppc64le-shim-v2${{ inputs.tarball-suffix }} + path: kata-build/kata-static-shim-v2.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: ppc64le + needs: [build-asset, build-asset-shim-v2] steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index cefc562597..97eed6e0d7 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -42,7 +42,6 @@ jobs: - rootfs-image-confidential - rootfs-initrd - rootfs-initrd-confidential - - shim-v2 - virtiofsd env: PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} @@ -163,9 +162,58 @@ jobs: retention-days: 1 if-no-files-found: error + build-asset-shim-v2: + runs-on: s390x + needs: build-asset + steps: + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Build shim-v2 + id: build + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + env: + KATA_ASSET: shim-v2 + TAR_OUTPUT: shim-v2.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} + + - name: store-artifact shim-v2 + if: ${{ inputs.stage != 'release' }} + uses: actions/upload-artifact@v4 + with: + name: kata-artifacts-s390x-shim-v2${{ inputs.tarball-suffix }} + path: kata-build/kata-static-shim-v2.tar.xz + retention-days: 15 + if-no-files-found: error + create-kata-tarball: runs-on: s390x - needs: [build-asset, build-asset-boot-image-se] + needs: [build-asset, build-asset-boot-image-se, build-asset-shim-v2] steps: - uses: actions/checkout@v4 with: