Skip to content

Update docker/build-push-action action to v6.10.0 #1205

Update docker/build-push-action action to v6.10.0

Update docker/build-push-action action to v6.10.0 #1205

Workflow file for this run

# build images GH actions pipeline
#
# On every PR, we want to build images and tag them appropriately.
# As the images are built, we push commits to the PR that:
# - update the dockerfile args with the new tags
# - save the new tags under versions/
name: buildx-images
on:
pull_request:
jobs:
# initial configuration
conf:
runs-on: ubuntu-latest
outputs:
dry-run: ${{ steps.configure.outputs.dry-run }}
run: ${{ steps.configure.outputs.run }}
tag: ${{ steps.configure.outputs.tag }}
kvers: ${{ steps.kvers.outputs.result }}
steps:
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: run-script
name: run-script
with:
result-encoding: string
script: |
res = await github.rest.issues.listLabelsOnIssue({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
for (const l of res.data) {
if (l.name == 'gha-builds/just-dont') {
return 'n'
}
}
return 'y'
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: dry-run-script
name: dry-run-script
with:
result-encoding: string
script: |
res = await github.rest.issues.listLabelsOnIssue({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
for (const l of res.data) {
if (l.name == 'gha-builds/dry-run') {
return 'y'
}
}
return 'n'
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: kvers
name: kernel versions
with:
script: |
var all_kernels = ['4.19', '5.4', '5.10', '5.15', '6.1', '6.6', 'bpf', 'bpf-net', 'bpf-next', 'rhel8.6', 'rhel8.9' ]
var kernels = []
const kernel_label_prefix = 'gha-builds/kernel/'
res = await github.rest.issues.listLabelsOnIssue({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
for (const l of res.data) {
if (l.name.startsWith(kernel_label_prefix)) {
s = l.name.slice(kernel_label_prefix.length)
if (s.length > 0) {
kernels.push(s)
}
}
}
if (kernels.length == 0) {
kernels = all_kernels
}
ret = []
for (const k of kernels) {
options = {"ver": k}
switch (k) {
case 'rhel8.6':
options.dockerfile = "dockerfiles/kernel-images-rhel8"
options.platforms = 'linux/amd64'
options.rhel_ver = '8.6'
options.rhel_kver = '4.18.0-372.32.1.el8_6'
break
case 'rhel8.9':
options.dockerfile = "dockerfiles/kernel-images-rhel8"
options.platforms = 'linux/amd64'
options.rhel_ver = '8.9'
options.rhel_kver = '4.18.0-513.24.1.el8_9'
break
default:
options.dockerfile = "dockerfiles/kernel-images"
options.platforms = 'linux/amd64,linux/arm64'
}
ret.push(options)
}
return ret
- name: configure
id: configure
run: |
echo "Kernels: ${{ steps.kvers.outputs.result }}"
echo "dry-run=${{ steps.dry-run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT
echo "run=${{ steps.run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT
tag=$(date +%Y%m%d.%H%M%S)
echo "tag=$tag" | tee -a $GITHUB_OUTPUT
kernel-builder:
needs: [conf]
if: ${{ needs.conf.outputs.run == 'y' }}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: kernel-builder
build-file: dockerfiles/kernel-builder
build-tag: quay.io/lvh-images/kernel-builder-ci:${{ needs.conf.outputs.tag }}
check-files: dockerfiles/kernel-builder
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
patch-cmd: |
echo ${{ needs.conf.outputs.tag }} > versions/kernel-builder
perl -pi -e 's/^ARG KERNEL_BUILDER_TAG.*$/ARG KERNEL_BUILDER_TAG=${{ needs.conf.outputs.tag }}/' dockerfiles/*
kernel-images:
needs: [conf, kernel-builder]
if: ${{ needs.conf.outputs.run == 'y' }}
strategy:
matrix:
kernel: ${{ fromJSON(needs.conf.outputs.kvers) }}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: kernel-image-${{ matrix.kernel.ver }}
build-file: ${{ matrix.kernel.dockerfile }}
build-tag: quay.io/lvh-images/kernel-images-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}
build-args: |
"KERNEL_VER=${{ matrix.kernel.ver }}"
"RHEL_VER=${{ matrix.kernel.rhel_ver }}"
"RHEL_KVER=${{ matrix.kernel.rhel_kver }}"
check-files: '.'
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
apply-patch: kernel-builder.patch
patch-cmd: |
mkdir -p versions/kernel-images
echo ${{ needs.conf.outputs.tag}} > versions/kernel-images/${{ matrix.kernel.ver }}
platforms: ${{ matrix.kernel.platforms }}
root-builder:
needs: [conf]
if: ${{ needs.conf.outputs.run == 'y' }}
strategy:
matrix:
runner:
- {name: "ubuntu-latest", arch: "amd64"}
- {name: "ubuntu-22.04-arm64", arch: "arm64"}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: root-builder-${{ matrix.runner.arch }}
runner: ${{ matrix.runner.name }}
check-files: dockerfiles/root-builder
build-file: dockerfiles/root-builder
build-tag: quay.io/lvh-images/root-builder-ci:${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }}
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
patch-cmd: |
mkdir -p versions/root-builder
echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/root-builder/${{ matrix.runner.arch }}
root-images:
needs: [conf, root-builder]
if: ${{ needs.conf.outputs.run == 'y' }}
strategy:
matrix:
runner:
- {name: "ubuntu-latest", arch: "amd64"}
- {name: "ubuntu-22.04-arm64", arch: "arm64"}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: root-images-${{ matrix.runner.arch }}
runner: ${{ matrix.runner.name }}
check-files: dockerfiles/root-images _data/images.json _data/env.sh _data/bootstrap
build-file: dockerfiles/root-images
build-tag: quay.io/lvh-images/root-images-ci:${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }}
build-args: |
"ROOT_BUILDER_TAG=$(cat versions/root-builder/${{ matrix.runner.arch }})"
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
apply-patch: root-builder-${{ matrix.runner.arch }}.patch
patch-cmd: |
mkdir -p versions/root-images
echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/root-images/${{ matrix.runner.arch }}
kind-images:
if: ${{ needs.conf.outputs.run == 'y' }}
needs: [conf, kernel-images, root-images]
strategy:
matrix:
kernel: ${{ fromJSON(needs.conf.outputs.kvers) }}
runner:
- {name: "ubuntu-latest", arch: "amd64"}
- {name: "ubuntu-22.04-arm64", arch: "arm64"}
exclude:
- runner: {name: "ubuntu-22.04-arm64", arch: "arm64"}
kernel: {ver: "rhel8.6"}
- runner: {name: "ubuntu-22.04-arm64", arch: "arm64"}
kernel: {ver: "rhel8.9"}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: kind-image-${{ matrix.kernel.ver }}-${{ matrix.runner.arch }}
runner: ${{ matrix.runner.name }}
build-file: dockerfiles/kind-images
build-tag: quay.io/lvh-images/kind-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }}
build-args: |
"KERNEL_VER=${{ matrix.kernel.ver }}"
"KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}"
"ROOT_IMAGES_TAG=$(cat versions/root-images/${{ matrix.runner.arch }})"
check-files: '.'
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
apply-patch: root-images-${{ matrix.runner.arch }}.patch
apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch
patch-cmd: |
mkdir -p versions/kind/${{ matrix.runner.arch }}
echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/kind/${{ matrix.runner.arch }}/${{ matrix.kernel.ver }}
# complexity-test-images is hardcoded amd64 only for now
complexity-test-images:
if: ${{ needs.conf.outputs.run == 'y' }}
needs: [conf, kernel-images, root-images]
strategy:
matrix:
kernel: ${{ fromJSON(needs.conf.outputs.kvers) }}
uses: ./.github/workflows/buildx-stage.yaml
secrets: inherit
with:
name: complexity-test-${{ matrix.kernel.ver }}-amd64
build-file: dockerfiles/complexity-test-images
build-tag: quay.io/lvh-images/complexity-test-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}
build-args: |
"KERNEL_VER=${{ matrix.kernel.ver }}"
"KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}"
"ROOT_IMAGES_TAG=$(cat versions/root-images/amd64)"
check-files: '.'
base-ref: ${{ github.base_ref }}
dry-run: ${{ needs.conf.outputs.dry-run == 'y' }}
apply-patch: root-images-amd64.patch
apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch
patch-cmd: |
mkdir -p versions/complexity-test
echo ${{ needs.conf.outputs.tag}} > versions/complexity-test/${{ matrix.kernel.ver }}
commit-changes:
if: ${{ needs.conf.outputs.run == 'y' }}
needs: [conf, root-images, complexity-test-images, kind-images]
runs-on: ubuntu-latest
outputs:
sha: ${{ steps.push.outputs.sha }}
steps:
- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: download all artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: "*.patch"
path: /tmp/artifacts
- name: push new version
id: push
env:
HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
git switch -c tmp
git config user.name "GH action"
git config user.email "[email protected]"
find /tmp/artifacts -type f ! -size 0 | xargs git am
git reset --soft "$HEAD_REF"
git status
f=$(mktemp)
echo "GHA: update tags" >> $f
echo "" >> $f
git commit -a -F $f --trailer "X-GHA-TAG: ${{ needs.conf.outputs.tag }}"
git push --force origin HEAD:"$HEAD_REF"
sha=$(git rev-parse HEAD)
echo "sha=$sha" | tee -a $GITHUB_OUTPUT
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
SHA: ${{ steps.push.outputs.sha }}
with:
script: |
const { SHA } = process.env
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: `${ SHA }`,
description: "Commit was generated",
state: 'pending',
})
print_image_kernels:
needs: [conf, commit-changes]
if: ${{ needs.conf.outputs.run == 'y' && needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }}
strategy:
matrix:
runner:
- "ubuntu-latest"
- "ubuntu-22.04-arm64"
runs-on: ${{ matrix.runner }}
steps:
- name: install crane
env:
VERSION: v0.19.1
run: |
ARCH=$([ "$(uname -m)" == "aarch64" ] && echo "arm64" || echo $(uname -m))
URL="https://github.com/google/go-containerregistry/releases/download/$VERSION/go-containerregistry_Linux_$ARCH.tar.gz"
curl -fSL $URL | sudo tar -xz -C /usr/local/bin crane
crane version
- name: Install LVH cli
working-directory: /tmp
shell: bash
run: |
crane export quay.io/lvh-images/lvh:latest --platform linux/$(dpkg --print-architecture) lvh.tar
tar --transform='s#usr/bin/##g' -xf lvh.tar usr/bin/lvh
rm lvh.tar
chmod +x lvh && sudo mv lvh /usr/local/bin
lvh version
- name: Install dependencies
run: |
deps="expect cpu-checker qemu-system-x86 qemu-system-aarch64"
n=0
until [ "$n" -ge 5 ]; do
success=1
sudo apt update && \
sudo apt-get clean && \
sudo apt-get -y --no-install-recommends install ${deps} && \
break || success=0
n=$((n+1))
sleep 1
done
[ $success -eq 1 ] || exit 42
- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.commit-changes.outputs.sha }}
- name: versions
id: versions
working-directory: ./versions/kind
run: |
echo "| Image | kernel version |" > /tmp/image-log
echo "| --- | --- |" >> /tmp/image-log
images_folder=/tmp/lvh-images
sudo mkdir $images_folder; sudo chmod 777 $images_folder
for f in $(find $(dpkg --print-architecture) -type f ); do
df -h /
v=$(basename $f)
image_tag=$(cat $f)
image="quay.io/lvh-images/kind-ci:$v-$image_tag"
# extract the qcow2 image
crane export $image --platform linux/$(dpkg --print-architecture) $images_folder/kind_$v.tar
tar --transform='s#data/images/##g' -xvf $images_folder/kind_$v.tar data/images/kind_$v.qcow2.zst
mv kind_$v.qcow2.zst $images_folder
rm $images_folder/kind_$v.tar
zstd -d $images_folder/kind_$v.qcow2.zst -o $images_folder/kind_$v.qcow2
rm $images_folder/kind_$v.qcow2.zst
if [ "$(uname -m)" = "aarch64" ]; then
# extract the compressed kernel
kernel_tag=$(cat ../kernel-images/$v)
kernel="quay.io/lvh-images/kernel-images-ci:$v-$kernel_tag"
crane export $kernel --platform linux/$(dpkg --print-architecture) $images_folder/kernel_$v.tar
tar --transform="s#data/kernels/$v/boot/##g" --wildcards -xvf $images_folder/kernel_$v.tar data/kernels/$v/boot/vmlinuz*
mv vmlinuz* $images_folder/vmlinuz
rm $images_folder/kernel_$v.tar
fi
if [ "$(uname -m)" = "aarch64" ]; then
expect -c "
set timeout 60
spawn lvh run --image $images_folder/kind_$v.qcow2 --kernel $images_folder/vmlinuz
expect -re \"Linux version .*\n\" { exit }
" | tee /tmp/expect.log
else
expect -c "
set timeout 60
spawn lvh run --image $images_folder/kind_$v.qcow2
expect -re \"Linux version .*\n\" { exit }
" | tee /tmp/expect.log
fi
linux_ver=$(cat /tmp/expect.log | sed -ne 's/^.*Linux version \([^ ]\+\).*$/\1/p')
echo "| ${image} | ${linux_ver} |" | tee -a /tmp/image-log
rm $images_folder/*
done
echo 'IMAGE_LOG<<EOF' >> $GITHUB_ENV
cat /tmp/image-log >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ github.event.pull_request.number != '' }}
with:
script: |
const { IMAGE_LOG } = process.env
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `👋\nHere are the kernel versions for the images:\n${IMAGE_LOG}\n`
})
finalize:
needs: [conf, commit-changes, print_image_kernels]
runs-on: ubuntu-latest
if: ${{ always() }}
steps:
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }}
env:
SHA: ${{ needs.commit-changes.outputs.sha }}
with:
script: |
const { SHA } = process.env
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: `${ SHA }`,
description: "Images were generated and tags were updated",
state: 'success',
})
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run == 'y' }}
env:
SHA: ${{ needs.commit-changes.outputs.sha }}
with:
script: |
const { SHA } = process.env
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: `${ SHA }`,
description: "Everything went OK, but this was a dry-run. Failing final check.",
state: 'failure',
})
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ needs.commit-changes.result != 'success' && needs.commit-changes.outputs.sha != '' }}
env:
SHA: ${{ needs.commit-changes.outputs.sha }}
with:
script: |
const { SHA } = process.env
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: `${ SHA }`,
description: "Something went wrong and commit was not successful. Failing final check.",
state: 'failure',
})