diff --git a/.github/workflows/payload-after-push-amd64.yaml b/.github/workflows/payload-after-push-amd64.yaml new file mode 100644 index 0000000000..30b4303c91 --- /dev/null +++ b/.github/workflows/payload-after-push-amd64.yaml @@ -0,0 +1,96 @@ +name: CI | Publish kata-deploy payload for amd64 +on: + workflow_call: + inputs: + target-arch: + required: true + type: string + +jobs: + build-asset: + runs-on: ubuntu-latest + strategy: + matrix: + asset: + - cloud-hypervisor + - firecracker + - kernel + - nydus + - qemu + - rootfs-image + - rootfs-initrd + - virtiofsd + steps: + - name: Login to Kata Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # This is needed in order to keep the commit ids history + - name: Build ${{ matrix.asset }} + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + sudo cp -r "${build_dir}" "kata-build" + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: yes + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v3 + with: + name: kata-artifacts + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: ubuntu-latest + needs: build-asset + steps: + - uses: actions/checkout@v3 + - name: get-artifacts + uses: actions/download-artifact@v3 + with: + name: kata-artifacts + path: kata-artifacts + - name: merge-artifacts + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts + - name: store-artifacts + uses: actions/upload-artifact@v3 + with: + name: kata-static-tarball + path: kata-static.tar.xz + retention-days: 1 + if-no-files-found: error + + kata-payload: + needs: create-kata-tarball + runs-on: ubuntu-latest + steps: + - name: Login to Confidential Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v3 + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball + + - name: build-and-push-kata-payload + id: build-and-push-kata-payload + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy-ci" \ + "kata-containers-${{ inputs.target-arch }}" diff --git a/.github/workflows/payload-after-push-arm64.yaml b/.github/workflows/payload-after-push-arm64.yaml new file mode 100644 index 0000000000..0dc11a665e --- /dev/null +++ b/.github/workflows/payload-after-push-arm64.yaml @@ -0,0 +1,108 @@ +name: CI | Publish kata-deploy payload for arm64 +on: + workflow_call: + inputs: + target-arch: + required: true + type: string + +jobs: + build-asset: + runs-on: arm64 + strategy: + matrix: + asset: + - cloud-hypervisor + - firecracker + - kernel + - nydus + - qemu + - rootfs-image + - rootfs-initrd + - virtiofsd + steps: + - name: Login to Kata Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # This is needed in order to keep the commit ids history + - name: Build ${{ matrix.asset }} + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + sudo cp -r "${build_dir}" "kata-build" + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: yes + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v3 + with: + name: kata-artifacts + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: arm64 + needs: build-asset + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + - name: get-artifacts + uses: actions/download-artifact@v3 + with: + name: kata-artifacts + path: kata-artifacts + - name: merge-artifacts + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts + - name: store-artifacts + uses: actions/upload-artifact@v3 + with: + name: kata-static-tarball + path: kata-static.tar.xz + retention-days: 1 + if-no-files-found: error + + kata-payload: + needs: create-kata-tarball + runs-on: arm64 + steps: + - name: Login to Confidential Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball + + - name: build-and-push-kata-payload + id: build-and-push-kata-payload + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy-ci" \ + "kata-containers-${{ inputs.target-arch }}" diff --git a/.github/workflows/payload-after-push-s390x.yaml b/.github/workflows/payload-after-push-s390x.yaml new file mode 100644 index 0000000000..0919da2a01 --- /dev/null +++ b/.github/workflows/payload-after-push-s390x.yaml @@ -0,0 +1,107 @@ +name: CI | Publish kata-deploy payload for s390x +on: + workflow_call: + inputs: + target-arch: + required: true + type: string + +jobs: + build-asset: + runs-on: s390x + strategy: + matrix: + asset: + - kernel + - shim-v2 + - qemu + - rootfs-image + - rootfs-initrd + - virtiofsd + steps: + - name: Login to Kata Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # This is needed in order to keep the commit ids history + - name: Build ${{ matrix.asset }} + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + sudo cp -r "${build_dir}" "kata-build" + sudo chown -R $(id -u):$(id -g) "kata-build" + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: yes + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v3 + with: + name: kata-artifacts-s390x + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: s390x + needs: build-asset + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + - name: get-artifacts + uses: actions/download-artifact@v3 + with: + name: kata-artifacts-s390x + path: kata-artifacts + - name: merge-artifacts + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts + - name: store-artifacts + uses: actions/upload-artifact@v3 + with: + name: kata-static-tarball-s390x + path: kata-static.tar.xz + retention-days: 1 + if-no-files-found: error + + kata-payload: + needs: create-kata-tarball + runs-on: s390x + steps: + - name: Login to Confidential Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball-s390x + + - name: build-and-push-kata-payload + id: build-and-push-kata-payload + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy-ci" \ + "kata-containers-${{ inputs.target-arch }}" diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml new file mode 100644 index 0000000000..c121f8d9f3 --- /dev/null +++ b/.github/workflows/payload-after-push.yaml @@ -0,0 +1,47 @@ +name: CI | Publish Kata Containers payload +on: + push: + branches: + - main + - stable-* + +jobs: + build-assets-amd64: + uses: ./.github/workflows/cc-payload-after-push-amd64.yaml + with: + target-arch: amd64 + secrets: inherit + + build-assets-arm64: + uses: ./.github/workflows/cc-payload-after-push-arm64.yaml + with: + target-arch: arm64 + secrets: inherit + + build-assets-s390x: + uses: ./.github/workflows/cc-payload-after-push-s390x.yaml + with: + target-arch: s390x + secrets: inherit + + publish: + runs-on: ubuntu-latest + needs: [build-assets-amd64, build-assets-arm64, build-assets-s390x] + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Confidential Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Push multi-arch manifest + run: | + docker manifest create quay.io/kata-containers/kata-deploy-ci:kata-containers-latest \ + --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-amd64 \ + --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-arm64 \ + --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-s390x + docker manifest push quay.io/kata-containers/kata-deploy-ci:kata-containers-latest diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh new file mode 100755 index 0000000000..29ea59b17b --- /dev/null +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# +# Copyright 2022 Intel +# +# SPDX-License-Identifier: Apache-2.0 +# + +KATA_DEPLOY_DIR="`dirname ${0}`/../../kata-deploy-cc" +KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.xz"}" +REGISTRY="${2:-"quay.io/kata-containers/kata-deploy"}" +TAG="${3:-}" + +echo "Copying ${KATA_DEPLOY_ARTIFACT} to ${KATA_DEPLOY_DIR}" +cp ${KATA_DEPLOY_ARTIFACT} ${KATA_DEPLOY_DIR} + +pushd ${KATA_DEPLOY_DIR} + +IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-$(uname -m)" + +echo "Building the image" +if [ "$(uname -m)" = "s390x" ]; then + docker build \ + --build-arg IMG_NAME=clefos \ + --build-arg IMG_TAG=7 \ + --tag ${IMAGE_TAG} . +else + docker build --tag ${IMAGE_TAG} . +fi + +echo "Pushing the image to quay.io" +docker push ${IMAGE_TAG} + +if [ -n "${TAG}" ]; then + ADDITIONAL_TAG="${REGISTRY}:${TAG}" + + echo "Building the ${ADDITIONAL_TAG} image" + if [ "$(uname -m)" = "s390x" ]; then + docker build \ + --build-arg IMG_NAME=clefos \ + --build-arg IMG_TAG=7 \ + --tag ${ADDITIONAL_TAG} . + else + docker build --tag ${ADDITIONAL_TAG} . + fi + + echo "Pushing the image ${ADDITIONAL_TAG} to quay.io" + docker push ${ADDITIONAL_TAG} +fi + +popd