Skip to content

Commit 3c9c9db

Browse files
RazvanLiviuVarzaruRazvanLiviuVarzaru
committed
MDBF-695 Add GH Actions workflow for building SRPM containers
Prep for integrating srpm tests in buildbot. For every supported platform, build a minimal container image.
1 parent 4e5691c commit 3c9c9db

File tree

2 files changed

+291
-0
lines changed

2 files changed

+291
-0
lines changed

.github/workflows/build-srpm.yml

Lines changed: 205 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,205 @@
1+
---
2+
name: bbw-build-container-srpm
3+
4+
on:
5+
push:
6+
branches:
7+
- 'main'
8+
- 'dev'
9+
paths:
10+
- 'ci_build_images/srpm.Dockerfile'
11+
pull_request:
12+
paths:
13+
- 'ci_build_images/srpm.Dockerfile'
14+
workflow_dispatch:
15+
16+
jobs:
17+
build:
18+
runs-on: ubuntu-24.04
19+
services:
20+
registry:
21+
image: registry:2
22+
ports:
23+
- 5000:5000
24+
name: ${{ matrix.image }} (${{ matrix.tag }} ${{ matrix.platforms }})
25+
strategy:
26+
fail-fast: false
27+
matrix:
28+
include:
29+
- dockerfile: srpm.Dockerfile
30+
image: fedora:41
31+
tag: fedora41-srpm
32+
platforms: linux/amd64, linux/arm64/v8
33+
34+
- dockerfile: srpm.Dockerfile
35+
image: fedora:42
36+
tag: fedora42-srpm
37+
platforms: linux/amd64, linux/arm64/v8
38+
39+
- dockerfile: srpm.Dockerfile
40+
image: registry.access.redhat.com/ubi7
41+
tag: rhel7-srpm
42+
platforms: linux/amd64
43+
44+
- dockerfile: srpm.Dockerfile
45+
image: registry.access.redhat.com/ubi8
46+
tag: rhel8-srpm
47+
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
48+
49+
- dockerfile: srpm.Dockerfile
50+
image: registry.access.redhat.com/ubi9
51+
tag: rhel9-srpm
52+
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
53+
54+
- dockerfile: srpm.Dockerfile
55+
image: registry.access.redhat.com/ubi10
56+
tag: rhel10-srpm
57+
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
58+
59+
- dockerfile: srpm.Dockerfile
60+
image: quay.io/centos/centos:stream9
61+
tag: centosstream9-srpm
62+
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
63+
64+
- dockerfile: srpm.Dockerfile
65+
image: quay.io/centos/centos:stream10
66+
tag: centosstream10-srpm
67+
platforms: linux/amd64, linux/arm64/v8, linux/ppc64le
68+
69+
- dockerfile: srpm.Dockerfile
70+
image: opensuse/leap:15.6
71+
tag: opensuse1506-srpm
72+
platforms: linux/amd64
73+
74+
- dockerfile: srpm.Dockerfile
75+
image: registry.suse.com/bci/bci-base:15.6
76+
tag: sles1506-srpm
77+
platforms: linux/amd64
78+
79+
80+
env:
81+
DEPLOY_IMAGES: false
82+
MAIN_BRANCH: false
83+
WORKDIR: ci_build_images
84+
85+
steps:
86+
- name: Enable Production release - no rebuild
87+
run: echo "MAIN_BRANCH=true" >> $GITHUB_ENV
88+
if: github.ref == 'refs/heads/main'
89+
90+
- uses: actions/checkout@v4
91+
- name: Set up env vars
92+
run: |
93+
set -vx
94+
echo "REPO=bb-worker" >>$GITHUB_ENV
95+
96+
- name: Generate Dockerfile and necessary files
97+
if: ${{ env.MAIN_BRANCH == 'false' }}
98+
run: |
99+
cd ${{ env.WORKDIR }}
100+
cat ${{ matrix.dockerfile }} >$GITHUB_WORKSPACE/Dockerfile
101+
102+
- name: Check Dockerfile with hadolint
103+
if: ${{ env.MAIN_BRANCH == 'false' }}
104+
run: |
105+
docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
106+
107+
- name: Install qemu-user-static
108+
if: ${{ env.MAIN_BRANCH == 'false' }}
109+
run: |
110+
sudo apt-get update
111+
sudo apt-get install -y qemu-user-static
112+
113+
- name: Build image
114+
if: ${{ env.MAIN_BRANCH == 'false' }}
115+
run: |
116+
podman manifest create ${{ env.REPO }}:${{ matrix.tag }}
117+
for arch in $(echo ${{ matrix.platforms }} | sed 's/,/ /g'); do
118+
msg="Build $arch:"
119+
line="${msg//?/=}"
120+
printf "\n${line}\n${msg}\n${line}\n"
121+
podman buildx build --tag ${{ env.REPO }}:${{ matrix.tag }}-${arch//\//-} \
122+
--platform $arch \
123+
--manifest ${{ env.REPO }}:${{ matrix.tag }} \
124+
-f $GITHUB_WORKSPACE/Dockerfile \
125+
--build-arg BASE_IMAGE=${{ matrix.image }}
126+
done
127+
podman images
128+
129+
- name: Push images to local registry
130+
if: ${{ env.MAIN_BRANCH == 'false'}}
131+
run: |
132+
podman manifest push --tls-verify=0 \
133+
--all ${{ env.REPO }}:${{ matrix.tag }} \
134+
docker://localhost:5000/${{ env.REPO }}:${{ matrix.tag }}
135+
136+
- name: Check for registry credentials
137+
run: |
138+
missing=()
139+
[[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER)
140+
[[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN)
141+
for i in "${missing[@]}"; do
142+
echo "Missing github secret: $i"
143+
done
144+
if (( ${#missing[@]} == 0 )); then
145+
echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV
146+
else
147+
echo "Not pushing images to registry"
148+
fi
149+
150+
- name: Login to ghcr.io
151+
if: ${{ env.DEPLOY_IMAGES == 'true' }}
152+
uses: docker/login-action@v2
153+
with:
154+
registry: ghcr.io
155+
username: ${{ github.actor }}
156+
password: ${{ secrets.GITHUB_TOKEN }}
157+
158+
- name: ghcr.io - push dev tag
159+
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
160+
run: |
161+
msg="Push docker image to ghcr.io (${{ matrix.tag }})"
162+
line="${msg//?/=}"
163+
printf "\n${line}\n${msg}\n${line}\n"
164+
skopeo copy --all --src-tls-verify=0 \
165+
docker://localhost:5000/${{ env.REPO }}:${{ matrix.tag }} \
166+
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ matrix.tag }}
167+
168+
169+
- name: ghcr.io - move tag to production
170+
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }}
171+
run: |
172+
msg="Update tag (dev_${{ matrix.tag }} --> ${{ matrix.tag }})"
173+
line="${msg//?/=}"
174+
printf "\n${line}\n${msg}\n${line}\n"
175+
skopeo copy --all --src-tls-verify=0 \
176+
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ matrix.tag }} \
177+
docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ matrix.tag }}
178+
179+
- name: Login to quay.io
180+
if: ${{ env.DEPLOY_IMAGES == 'true' }}
181+
uses: docker/login-action@v2
182+
with:
183+
registry: quay.io
184+
username: ${{ secrets.QUAY_USER }}
185+
password: ${{ secrets.QUAY_TOKEN }}
186+
187+
- name: quay.io - push dev tag
188+
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
189+
run: |
190+
msg="Push docker image to quay.io (${{ matrix.tag }})"
191+
line="${msg//?/=}"
192+
printf "\n${line}\n${msg}\n${line}\n"
193+
skopeo copy --all --src-tls-verify=0 \
194+
docker://localhost:5000/${{ env.REPO }}:${{ matrix.tag }} \
195+
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ matrix.tag }}
196+
197+
- name: quay.io - move tag to production
198+
if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH =='true' }}
199+
run: |
200+
msg="Update tag (dev_${{ matrix.tag }} --> ${{ matrix.tag }})"
201+
line="${msg//?/=}"
202+
printf "\n${line}\n${msg}\n${line}\n"
203+
skopeo copy --all --src-tls-verify=0 \
204+
docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ matrix.tag }} \
205+
docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ matrix.tag }}

ci_build_images/srpm.Dockerfile

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
# Standalone Dockerfile (can be built alone) for providing minimal container images to re-build the server from a source RPM
2+
# for every OS << BASE_IMAGE >> enable required repositories and install the RPM toolset
3+
# buildbot user configuration
4+
5+
ARG BASE_IMAGE
6+
FROM "$BASE_IMAGE"
7+
ARG BASE_IMAGE
8+
LABEL maintainer="MariaDB Buildbot maintainers"
9+
10+
# REPOSITORY AND RPM TOOLS SETUP
11+
# hadolint ignore=SC2086
12+
RUN source /etc/os-release \
13+
&& case $PLATFORM_ID in \
14+
"platform:el8"|"platform:el9"|"platform:el10"|"platform:f41"|"platform:f42") \
15+
dnf -y upgrade \
16+
&& dnf -y install rpm-build yum-utils wget which perl-generators sudo gcc-c++; \
17+
case $ID in \
18+
"rhel") \
19+
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-${PLATFORM_ID##*:el}.noarch.rpm; \
20+
# crb in rhel is enabled with a valid subscription, will be handled by running the container in an RH host
21+
;; \
22+
"centos") \
23+
dnf -y install epel-release \
24+
&& dnf config-manager --set-enabled crb; \
25+
;; \
26+
esac; \
27+
dnf install -y ccache \
28+
&& dnf clean all; \
29+
;; \
30+
*) \
31+
# No $PLATFORM_ID in SUSE nor RH7
32+
case $BASE_IMAGE in \
33+
*leap:15.6|*bci-base:15.6) \
34+
zypper -n update \
35+
&& zypper -n install rpm-build wget which sudo gcc-c++ ccache \
36+
&& zypper clean; \
37+
;; \
38+
# Only AMD64 until EOL
39+
*ubi7) \
40+
yum -y upgrade \
41+
&& rpm -ivh https://dl.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/e/epel-release-7-14.noarch.rpm \
42+
&& yum -y install rpm-build \
43+
yum-utils \
44+
wget \
45+
which \
46+
perl-generators \
47+
sudo \
48+
gcc-c++ \
49+
ccache \
50+
&& yum clean all; \
51+
;; \
52+
*) \
53+
echo "Unsupported base image: $BASE_IMAGE"; \
54+
exit 1; \
55+
;; \
56+
esac; \
57+
;; \
58+
esac
59+
60+
61+
# BUILDOT USER SETUP
62+
RUN if getent passwd 1000; then \
63+
userdel --force --remove "$(getent passwd 1000 | cut -d: -f1)"; \
64+
fi \
65+
&& if grep -q '^buildbot:' /etc/passwd; then \
66+
usermod -s /bin/bash buildbot; \
67+
usermod -d /home/buildbot buildbot; \
68+
else \
69+
useradd -ms /bin/bash buildbot; \
70+
fi \
71+
# UID 1000 is required for AutoFS (sharing produced packages)
72+
&& usermod -u 1000 buildbot \
73+
&& if [ ! -d /home/buildbot ]; then \
74+
mkdir /home/buildbot; \
75+
chown -R buildbot:buildbot /home/buildbot; \
76+
fi \
77+
# rpm build-deps require sudo
78+
# on some platforms there is a default that ALL should ask for password when executing sudo << ALL ALL=(ALL) ALL >>
79+
&& sed -i '/^ALL/d' /etc/sudoers \
80+
&& sed -i '/^Defaults[[:space:]]targetpw/d' /etc/sudoers \
81+
&& echo 'buildbot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers;
82+
83+
84+
RUN ln -s /home/buildbot /buildbot
85+
WORKDIR /buildbot
86+
USER buildbot

0 commit comments

Comments
 (0)