mirror of
https://github.com/containers/skopeo.git
synced 2025-06-03 03:59:51 +00:00
[CI:DOCS] Multi-arch image workflow: Make steps generic
This duplicates the change from https://github.com/containers/buildah/pull/3385 Since this workflow is duplicated across three repositories, maintaining changes becomes onerous if the item contents vary between implementations in any way. Improve this situation by encoding the repository-specific details into env. vars. then referencing those vars throughout. This way, a meaningful diff can be worked with to compare the contents across repositories. Also included are abstractions for the specific command used to obtain the project version, and needed details for filtering the output. Both of these vary across the Buildah, Skopeo, and Podman repos. NOTE: This change requires the names of two github action secrets to be updated: SKOPEO_QUAY_USERNAME -> REPONAME_QUAY_USERNAME (and *PASSWORD). Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
parent
643920b373
commit
e460b9aa8c
105
.github/workflows/multi-arch-build.yaml
vendored
105
.github/workflows/multi-arch-build.yaml
vendored
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Please see contrib/skopeoimage/README.md for details on the intentions
|
# Please see contrib/<reponame>image/README.md for details on the intentions
|
||||||
# of this workflow.
|
# of this workflow.
|
||||||
#
|
#
|
||||||
# BIG FAT WARNING: This workflow is duplicated across containers/skopeo,
|
# BIG FAT WARNING: This workflow is duplicated across containers/skopeo,
|
||||||
@ -11,7 +11,7 @@
|
|||||||
name: build multi-arch images
|
name: build multi-arch images
|
||||||
|
|
||||||
on:
|
on:
|
||||||
# Upstream skopeo tends to be very active, with many merges per day.
|
# Upstream tends to be very active, with many merges per day.
|
||||||
# Only run this daily via cron schedule, or manually, not by branch push.
|
# Only run this daily via cron schedule, or manually, not by branch push.
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 8 * * *'
|
- cron: '0 8 * * *'
|
||||||
@ -20,19 +20,23 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
multi:
|
multi:
|
||||||
name: multi-arch Skopeo build
|
name: multi-arch image build
|
||||||
env:
|
env:
|
||||||
SKOPEO_QUAY_REGISTRY: quay.io/skopeo
|
REPONAME: skopeo # No easy way to parse this out of $GITHUB_REPOSITORY
|
||||||
|
# Server/namespace value used to format FQIN
|
||||||
|
REPONAME_QUAY_REGISTRY: quay.io/skopeo
|
||||||
CONTAINERS_QUAY_REGISTRY: quay.io/containers
|
CONTAINERS_QUAY_REGISTRY: quay.io/containers
|
||||||
# list of architectures for build
|
# list of architectures for build
|
||||||
PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
|
PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
|
||||||
|
# Command to execute in container to obtain project version number
|
||||||
|
VERSION_CMD: "--version" # skopeo is the entrypoint
|
||||||
|
|
||||||
# build several images (upstream, testing, stable) in parallel
|
# build several images (upstream, testing, stable) in parallel
|
||||||
strategy:
|
strategy:
|
||||||
# By default, failure of one matrix item cancels all others
|
# By default, failure of one matrix item cancels all others
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
# Builds are located under contrib/skopeoimage/<source> directory
|
# Builds are located under contrib/<reponame>image/<source> directory
|
||||||
source:
|
source:
|
||||||
- upstream
|
- upstream
|
||||||
- testing
|
- testing
|
||||||
@ -57,14 +61,14 @@ jobs:
|
|||||||
driver-opts: network=host
|
driver-opts: network=host
|
||||||
install: true
|
install: true
|
||||||
|
|
||||||
- name: Build and locally push Skopeo
|
- name: Build and locally push image
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: contrib/skopeoimage/${{ matrix.source }}
|
context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
|
||||||
file: ./contrib/skopeoimage/${{ matrix.source }}/Dockerfile
|
file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: localhost:5000/skopeo/${{ matrix.source }}
|
tags: localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
|
||||||
|
|
||||||
# Simple verification that stable images work, and
|
# Simple verification that stable images work, and
|
||||||
# also grab version number use in forming the FQIN.
|
# also grab version number use in forming the FQIN.
|
||||||
@ -72,38 +76,42 @@ jobs:
|
|||||||
if: matrix.source == 'stable'
|
if: matrix.source == 'stable'
|
||||||
id: sniff_test
|
id: sniff_test
|
||||||
run: |
|
run: |
|
||||||
VERSION_OUTPUT="$(docker run localhost:5000/skopeo/${{ matrix.source }} --version)"
|
podman pull --tls-verify=false \
|
||||||
|
localhost:5000/$REPONAME/${{ matrix.source }}
|
||||||
|
VERSION_OUTPUT=$(podman run \
|
||||||
|
localhost:5000/$REPONAME/${{ matrix.source }} \
|
||||||
|
$VERSION_CMD)
|
||||||
echo "$VERSION_OUTPUT"
|
echo "$VERSION_OUTPUT"
|
||||||
VERSION=$(grep -Em1 '^skopeo version' <<<"$VERSION_OUTPUT" | awk '{print $3}')
|
VERSION=$(awk -r -e "/^${REPONAME} version /"'{print $3}' <<<"$VERSION_OUTPUT")
|
||||||
test -n "$VERSION"
|
test -n "$VERSION"
|
||||||
echo "::set-output name=version::${VERSION}"
|
echo "::set-output name=version::$VERSION"
|
||||||
|
|
||||||
- name: Generate skopeo reg. image FQIN(s)
|
- name: Generate image FQIN(s) to push
|
||||||
id: skopeo_reg
|
id: gen_fqin
|
||||||
run: |
|
run: |
|
||||||
if [[ "${{ matrix.source }}" == 'stable' ]]; then
|
if [[ "${{ matrix.source }}" == 'stable' ]]; then
|
||||||
# The `skopeo version` in image just built
|
# The command version in image just built
|
||||||
VERSION='v${{ steps.sniff_test.outputs.version }}'
|
VERSION='v${{ steps.sniff_test.outputs.version }}'
|
||||||
# workaround vim syntax-highlight bug: '
|
# workaround vim syntax-highlight bug: '
|
||||||
# Image tags previously pushed to quay
|
# Image tags previously pushed to quay
|
||||||
ALLTAGS=$(skopeo list-tags \
|
ALLTAGS=$(skopeo list-tags \
|
||||||
docker://$SKOPEO_QUAY_REGISTRY/stable | \
|
docker://$REPONAME_QUAY_REGISTRY/stable | \
|
||||||
jq -r '.Tags[]')
|
jq -r '.Tags[]')
|
||||||
|
|
||||||
# New version? Push quay.io/skopeo/stable:vX.X.X and :latest
|
# New version? Push quay.io/$REPONAME/stable:vX.X.X and :latest
|
||||||
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
|
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
|
||||||
# Assume version-tag is also the most up to date (i.e. "latest")
|
# Assume version-tag is also the most up to date (i.e. "latest")
|
||||||
FQIN="$SKOPEO_QUAY_REGISTRY/stable:$VERSION,$SKOPEO_QUAY_REGISTRY/stable:latest"
|
FQIN="$REPONAME_QUAY_REGISTRY/stable:$VERSION,$REPONAME_QUAY_REGISTRY/stable:latest"
|
||||||
else # Not a new version-tagged image
|
else # Not a new version-tagged image
|
||||||
# Assume other contents changed, so this is the "new" latest.
|
# Assume other contents changed, so this is the "new" latest.
|
||||||
FQIN="$SKOPEO_QUAY_REGISTRY/stable:latest"
|
FQIN="$REPONAME_QUAY_REGISTRY/stable:latest"
|
||||||
fi
|
fi
|
||||||
elif [[ "${{ matrix.source }}" == 'testing' ]]; then
|
elif [[ "${{ matrix.source }}" == 'testing' ]]; then
|
||||||
# Assume some contents changed, always push latest testing.
|
# Assume some contents changed, always push latest testing.
|
||||||
FQIN="$SKOPEO_QUAY_REGISTRY/testing:latest"
|
FQIN="$REPONAME_QUAY_REGISTRY/testing:latest"
|
||||||
elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
|
elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
|
||||||
# Assume some contents changed, always push latest upstream.
|
# Assume some contents changed, always push latest upstream.
|
||||||
FQIN="$SKOPEO_QUAY_REGISTRY/upstream:latest"
|
FQIN="$REPONAME_QUAY_REGISTRY/upstream:latest"
|
||||||
else
|
else
|
||||||
echo "::error::Unknown matrix item '${{ matrix.source }}'"
|
echo "::error::Unknown matrix item '${{ matrix.source }}'"
|
||||||
exit 1
|
exit 1
|
||||||
@ -122,14 +130,14 @@ jobs:
|
|||||||
VERSION='v${{ steps.sniff_test.outputs.version }}'
|
VERSION='v${{ steps.sniff_test.outputs.version }}'
|
||||||
# workaround vim syntax-highlight bug: '
|
# workaround vim syntax-highlight bug: '
|
||||||
ALLTAGS=$(skopeo list-tags \
|
ALLTAGS=$(skopeo list-tags \
|
||||||
docker://$CONTAINERS_QUAY_REGISTRY/skopeo | \
|
docker://$CONTAINERS_QUAY_REGISTRY/$REPONAME | \
|
||||||
jq -r '.Tags[]')
|
jq -r '.Tags[]')
|
||||||
|
|
||||||
# New version? Push quay.io/containers/skopeo:vX.X.X and latest
|
# New version? Push quay.io/containers/$REPONAME:vX.X.X and latest
|
||||||
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
|
if ! fgrep -qx "$VERSION" <<<"$ALLTAGS"; then
|
||||||
FQIN="$CONTAINERS_QUAY_REGISTRY/skopeo:$VERSION,$CONTAINERS_QUAY_REGISTRY/skopeo:latest"
|
FQIN="$CONTAINERS_QUAY_REGISTRY/$REPONAME:$VERSION,$CONTAINERS_QUAY_REGISTRY/$REPONAME:latest"
|
||||||
else # Not a new version-tagged image, only update latest.
|
else # Not a new version-tagged image, only update latest.
|
||||||
FQIN="$CONTAINERS_QUAY_REGISTRY/skopeo:latest"
|
FQIN="$CONTAINERS_QUAY_REGISTRY/$REPONAME:latest"
|
||||||
fi
|
fi
|
||||||
echo "::warning::Pushing $FQIN"
|
echo "::warning::Pushing $FQIN"
|
||||||
echo "::set-output name=fqin::${FQIN}"
|
echo "::set-output name=fqin::${FQIN}"
|
||||||
@ -149,40 +157,39 @@ jobs:
|
|||||||
DELIMITER
|
DELIMITER
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Separate steps to login and push for skopeo and containers quay
|
# Separate steps to login and push for $REPONAME_QUAY_REGISTRY and
|
||||||
# repositories are required, because 2 sets of credentials are used and `docker
|
# $CONTAINERS_QUAY_REGISTRY are required, because 2 sets of credentials
|
||||||
# login` as well as `skopeo login` do not support having 2 different
|
# are used and namespaced within the registry. At the same time, reuse
|
||||||
# credential sets for 1 registry.
|
# of non-shell steps is not supported by Github Actions nor are YAML
|
||||||
# At the same time reuse of non-shell steps is not supported by Github Actions
|
# anchors/aliases, nor composite actions.
|
||||||
# via anchors or composite actions
|
|
||||||
|
|
||||||
# Push to 'skopeo' Quay repo for stable, testing. and upstream
|
# Push to $REPONAME_QUAY_REGISTRY for stable, testing. and upstream
|
||||||
- name: Login to 'skopeo' Quay registry
|
- name: Login to ${{ env.REPONAME_QUAY_REGISTRY }}
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
if: steps.skopeo_reg.outputs.push == 'true'
|
if: steps.gen_fqin.outputs.push == 'true'
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.SKOPEO_QUAY_REGISTRY }}
|
registry: ${{ env.REPONAME_QUAY_REGISTRY }}
|
||||||
# N/B: Secrets are not passed to workflows that are triggered
|
# N/B: Secrets are not passed to workflows that are triggered
|
||||||
# by a pull request from a fork
|
# by a pull request from a fork
|
||||||
username: ${{ secrets.SKOPEO_QUAY_USERNAME }}
|
username: ${{ secrets.REPONAME_QUAY_USERNAME }}
|
||||||
password: ${{ secrets.SKOPEO_QUAY_PASSWORD }}
|
password: ${{ secrets.REPONAME_QUAY_PASSWORD }}
|
||||||
|
|
||||||
- name: Push images to 'skopeo' Quay
|
- name: Push images to ${{ steps.gen_fqin.outputs.fqin }}
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
if: steps.skopeo_reg.outputs.push == 'true'
|
if: steps.gen_fqin.outputs.push == 'true'
|
||||||
with:
|
with:
|
||||||
cache-from: type=registry,ref=localhost:5000/skopeo/${{ matrix.source }}
|
cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
|
||||||
cache-to: type=inline
|
cache-to: type=inline
|
||||||
context: contrib/skopeoimage/${{ matrix.source }}
|
context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
|
||||||
file: ./contrib/skopeoimage/${{ matrix.source }}/Dockerfile
|
file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: ${{ steps.skopeo_reg.outputs.fqin }}
|
tags: ${{ steps.gen_fqin.outputs.fqin }}
|
||||||
labels: |
|
labels: |
|
||||||
${{ env.LABELS }}
|
${{ env.LABELS }}
|
||||||
|
|
||||||
# Push to 'containers' Quay repo only stable skopeo
|
# Push to $CONTAINERS_QUAY_REGISTRY only stable
|
||||||
- name: Login to 'containers' Quay registry
|
- name: Login to ${{ env.CONTAINERS_QUAY_REGISTRY }}
|
||||||
if: steps.containers_reg.outputs.push == 'true'
|
if: steps.containers_reg.outputs.push == 'true'
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
@ -190,14 +197,14 @@ jobs:
|
|||||||
username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
|
username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
|
||||||
password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}
|
password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}
|
||||||
|
|
||||||
- name: Push images to 'containers' Quay
|
- name: Push images to ${{ steps.containers_reg.outputs.fqin }}
|
||||||
if: steps.containers_reg.outputs.push == 'true'
|
if: steps.containers_reg.outputs.push == 'true'
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
cache-from: type=registry,ref=localhost:5000/skopeo/${{ matrix.source }}
|
cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
|
||||||
cache-to: type=inline
|
cache-to: type=inline
|
||||||
context: contrib/skopeoimage/${{ matrix.source }}
|
context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
|
||||||
file: ./contrib/skopeoimage/${{ matrix.source }}/Dockerfile
|
file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: ${{ steps.containers_reg.outputs.fqin }}
|
tags: ${{ steps.containers_reg.outputs.fqin }}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user