-
Notifications
You must be signed in to change notification settings - Fork 0
Add workflow to rebuild all available old version and the latest one #2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
29feca1
Add workflow to rebuild all available old version and the latest one
6d65bf9
Remove qemu installation - java/kotlin can be compiled without it for…
09e73f4
Use bowtie action instead of manual installation
92c2d2a
Tmp cheanges to test workflow
58e11f8
Add GH_TOKEN when reading tags
ce68718
Pass a parameter with build platform to builder
192c26b
Try target platform as input for builder image
dd520bc
Go back to BUILDPLATFORM as input to builder image. Add it as ARG as …
8eecef3
Return back the qemu installation
d280a35
Use only git to collect tags
36343bd
Fetch full history
658ef51
Remove tmp changes for testing
cb11da9
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] 20da7ec
Try using universal base image for build
c63fe64
Use image with jdk 21. There is no ubi image for jdk 17
9da2dc1
Disable qemu installation
5712070
Try docker out of curiosity
22079ca
Remove docker actions
d40f100
Try using platforms instead of archs
3807527
Try raw podman command
cddf842
Try passing BUILDPLATFORM to builder image
c392a46
Remove step with podman
ff2a2cc
Retrun back the original builder image
61038f3
Retrun arhs back to see if built will fail
f976eb6
Make changes in files to invalidate docker cache
c7d5cdf
Revert "Make changes in files to invalidate docker cache"
29e624a
Remove platform parameter from docker image
ce12a04
Revert "Remove platform parameter from docker image"
cac3b88
Disable qemu in build all workflow
a674dc3
Remove qemu installation from workflows
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| name: Build Bowtie Image for all available versions | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | ||
|
|
||
| jobs: | ||
| versions: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| revisions: ${{ steps.revisions.outputs.value }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| fetch-tags: true | ||
| - name: Collect available versions | ||
| id: revisions | ||
| run: | | ||
| tags=$(jq -c -n '$ARGS.positional + ["main"]' --args $(git tag --list)) | ||
| echo "value=$(echo $tags | jq -c .)" >> $GITHUB_OUTPUT | ||
|
|
||
| build: | ||
| needs: versions | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| revision: ${{ fromJson(needs.versions.outputs.revisions) }} | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| attestations: write | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ matrix.revision }} | ||
|
|
||
| - name: Compute implementation name | ||
| id: impl | ||
| run: echo "name=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Install bowtie | ||
| uses: bowtie-json-schema/bowtie@main | ||
|
|
||
| - name: Build | ||
| id: build_image | ||
| uses: redhat-actions/buildah-build@v2 | ||
| with: | ||
| context: '.' | ||
| containerfiles: | | ||
| Dockerfile | ||
| image: ${{ steps.impl.outputs.name }} | ||
| tags: ${{ github.sha }} ${{ matrix.revision == 'main' && 'latest' || '' }} | ||
| archs: amd64, arm64 | ||
|
|
||
| - name: Set DOCKER_HOST so podman-built images are findable | ||
| run: | | ||
| systemctl --user enable --now podman.socket | ||
| sudo loginctl enable-linger $USER | ||
| podman --remote info | ||
| echo "DOCKER_HOST=unix://$(podman info --format '{{.Host.RemoteSocket.Path}}')" >> $GITHUB_ENV | ||
|
|
||
| - name: Smoke Test | ||
| run: | | ||
| bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format json | ||
| bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format markdown >> $GITHUB_STEP_SUMMARY | ||
|
|
||
| - name: Collect current version | ||
| id: current-version | ||
| run: | | ||
| version=$(bowtie info \ | ||
| --implementation "localhost/${{ steps.build_image.outputs.image-with-tag }}" \ | ||
| --format json | jq -r '.version // empty') | ||
| echo "value=${version}" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Print collected version | ||
| run: echo "current_version=${{ steps.current-version.outputs.value }}" | ||
|
|
||
| - name: Log in to ghcr.io | ||
| uses: redhat-actions/podman-login@v1 | ||
| with: | ||
| username: ${{ github.actor }} | ||
| password: ${{ github.token }} | ||
| registry: ${{ env.IMAGE_REGISTRY }} | ||
|
|
||
| - name: Add tag with version to the image | ||
| run: podman tag ${{ steps.build_image.outputs.image-with-tag }} ${{ steps.build_image.outputs.image }}:${{ steps.current-version.outputs.value }} | ||
|
|
||
| - name: Publish | ||
| id: push | ||
| uses: redhat-actions/push-to-registry@v2 | ||
| with: | ||
| image: ${{ steps.build_image.outputs.image }} | ||
| tags: ${{ steps.current-version.outputs.value }} ${{ steps.build_image.outputs.tags }} | ||
| registry: ${{ env.IMAGE_REGISTRY }} | ||
|
|
||
| - name: Generate attestation for images | ||
| uses: actions/attest-build-provenance@v2 | ||
| with: | ||
| subject-name: ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }} | ||
| subject-digest: ${{ steps.push.outputs.digest }} | ||
| push-to-registry: true | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We really need all 3 of these write perms? (Another thing I'd like to do going forward is make sure we run zizmor on all workflows, which will complain about this, but if it's needed it's needed)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I understand we need them to publish provenance. But I will double check.
Re zizmor: I will look at it (probably in a separate PR). Never heard about that tool before
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
id-token and attestations permissions are required by actions/attest-build-provenance@v2
https://github.com/actions/attest-build-provenance?tab=readme-ov-file#usage
packages required to publish the image
Not sure about contents though. According to this link
contents: readare default permission for github token. So, probably we can remove itUh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But maybe it explicitly restricts permissions to read, because there is a column
Default access (permissive)which has read/write value for that permission typeThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reg zizmor: did I get you right that you want to run zizmor as a part of CI (whenever workflow files are changed)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It actually also integrates with pre-commit hook:
https://woodruffw.github.io/zizmor/usage/#use-with-pre-commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I forget if I've added it to bowtie itself but I've definitely added that workflow to a bunch of other repos I maintain
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't find zizmor in bowtie. Have you added it as a pre-commit hook or as a service workflow in other repos? Just to make it consistent across them