Skip to content

Add Debian-based image #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
theihor merged 1 commit into from
Jan 27, 2026
Merged

Add Debian-based image #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 37 additions & 42 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,50 +11,67 @@ on:
push:
branches:
- main
- staging
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches:
- main
- staging
workflow_dispatch:

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}

LIBBPF_CI_TAG: v4
RUNNER_VERSION: 2.331.0

jobs:
build:

runs-on: ubuntu-latest
name: ${{ matrix.tag }}
runs-on: ${{ matrix.runs_on }}
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
strategy:
fail-fast: false
matrix:
ubuntu_version: [noble]
arch: [s390x, aarch64, x86_64]
include:
- arch: s390x
dockerfile: s390x.Dockerfile
platform: linux/s390x
- arch: x86_64
dockerfile: Dockerfile
platform: linux/amd64
tag: main-noble-x86_64
runs_on: ubuntu-latest

- arch: aarch64
dockerfile: Dockerfile
platform: linux/arm64
tag: main-noble-aarch64
runs_on: ubuntu-24.04-arm

- arch: s390x
dockerfile: s390x.Dockerfile
platform: linux/s390x
tag: main-noble-s390x
runs_on: ubuntu-latest

- arch: x86_64
dockerfile: Dockerfile
dockerfile: kbuilder-debian.Dockerfile
platform: linux/amd64
tag: kbuilder-debian-x86_64
runs_on: ubuntu-latest

- arch: aarch64
dockerfile: kbuilder-debian.Dockerfile
platform: linux/arm64
tag: kbuilder-debian-aarch64
runs_on: ubuntu-24.04-arm

steps:

- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6

# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
Expand All @@ -66,9 +83,8 @@ jobs:
run: cosign version

- name: Set up QEMU
if: matrix.arch == 's390x'
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:qemu-v9.2.2

- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
Expand All @@ -83,27 +99,6 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
latest=auto
prefix=
suffix=-${{ matrix.ubuntu_version }}-${{ matrix.arch }}
tags: |
# Generate old tag names (e.g main-s390x, main-x86_64...) when building noble
# branch event
type=ref,enable=${{ matrix.ubuntu_version == 'noble' }},suffix=-${{ matrix.arch }},event=branch
# pr event
type=ref,enable=${{ matrix.ubuntu_version == 'noble' }},prefix=pr-,suffix=-${{ matrix.arch }},event=pr
# tags for all pr/branches
type=ref,event=branch,enable=true,priority=600
type=ref,event=pr,enable=true,prefix=pr-,priority=600

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
Expand All @@ -113,10 +108,11 @@ jobs:
context: .
file: ${{ matrix.dockerfile }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.tag }}
platforms: ${{ matrix.platform }}
build-args: UBUNTU_VERSION=${{ matrix.ubuntu_version }}
build-args: |
LIBBPF_CI_TAG=${{ env.LIBBPF_CI_TAG }}
RUNNER_VERSION=${{ env.RUNNER_VERSION }}

# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
Expand All @@ -127,7 +123,6 @@ jobs:
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
TAGS: ${{ steps.meta.outputs.tags }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign --yes ${TAGS}
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.tag }}
42 changes: 29 additions & 13 deletions .github/workflows/version_bump.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: s390x version bump
name: RUNNER_VERSION bump

# This workflow pulls the latest official actions runner version using GH API
# and update our s390x Dockerfile.
# and update RUNNER_VERSION variable.
# If a change happens, the change will be commited in a versioned branch and
# a PR will be created. Upon merging, the branch will be deleted.
#
Expand All @@ -14,13 +14,13 @@ on:

jobs:
bump_version:
runs-on: ubuntu-latest
runs-on: ubuntu-slim
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6

- name: Get latest runner release
id: release
Expand All @@ -35,14 +35,30 @@ jobs:

- name: Update release
id: bump
run: sed -i 's#^ARG RUNNER_VERSION=.*#ARG RUNNER_VERSION=${{ steps.release.outputs.ACTIONS_VERSION}}#' s390x.Dockerfile
run: |
sed -i 's#RUNNER_VERSION:.*#RUNNER_VERSION: ${{ steps.release.outputs.ACTIONS_VERSION }}#' .github/workflows/publish.yml

- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
title: "[automated] s390x: bump RUNNER_VERSION to v${{ steps.release.outputs.ACTIONS_VERSION}}"
commit-message: "[automated] s390x: bump RUNNER_VERSION to v${{ steps.release.outputs.ACTIONS_VERSION}}"
branch: "version-bump/${{ steps.release.outputs.ACTIONS_VERSION}}"
delete-branch: true
body: ""
reviewers: anakryiko, chantra, danielocfb, yurinnick, theihor
env:
GH_TOKEN: ${{ github.token }}
RUNNER_VERSION: ${{ steps.release.outputs.ACTIONS_VERSION }}
BRANCH: version-bump/${{ steps.release.outputs.ACTIONS_VERSION }}
run: |

if git diff --quiet; then
echo "No changes to commit"
exit 0
fi

git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"

git checkout -b "${BRANCH}"
git add -A
git commit -m "[automated] Bump RUNNER_VERSION to v${VERSION}"
git push -u origin "${BRANCH}"

gh pr create \
--title "[automated] Bump RUNNER_VERSION to v${VERSION}" \
--body "" \
--reviewer anakryiko,danielocfb,theihor
7 changes: 1 addition & 6 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,6 @@ FROM myoung34/github-runner:ubuntu-${UBUNTU_VERSION}
ARG UBUNTU_VERSION

COPY install-dependencies.sh /tmp/install-dependencies.sh
RUN bash /tmp/install-dependencies.sh

RUN apt-get clean
RUN bash /tmp/install-dependencies.sh run

COPY token.sh /token.sh

COPY setup-mirror-repos.sh /tmp/setup-mirror-repos.sh
RUN bash /tmp/setup-mirror-repos.sh
37 changes: 25 additions & 12 deletions install-dependencies.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,40 @@
#!/bin/bash

set -euo pipefail
set -xeuo pipefail

export DEPS=${1:-"all"} # "build", "run" or "all"

# Most of the BPF CI dependencies are set up by libbpf/ci/setup-build-env action
# This script runs a subset of that, in order to cache the packages at image build time
export LIBBPF_CI_TAG=v3
export LIBBPF_CI_TAG=${LIBBPF_CI_TAG:-"v4"}
export RUNNER_VERSION=${RUNNER_VERSION:-2.331.0}

# These should correspond to https://github.com/kernel-patches/vmtest/blob/master/.github/scripts/matrix.py#L20-L21
# Otherwise there is no point in caching dependencies in the image
export GCC_VERSION=15
export LLVM_VERSION=21

# do not install pahole and cross-compilation toolchain in the docker image
export TARGET_ARCH=$(uname -m)
export PAHOLE_BRANCH=none
# Otherwise there is no point in caching the dependencies in the image
export GCC_VERSION=${GCC_VERSION:-15}
export LLVM_VERSION=${LLVM_VERSION:-21}

scratch=$(mktemp -d)
cd $scratch

# Install pre-requisites for GitHub Actions Runner client app
# https://github.com/actions/runner/blob/main/docs/start/envlinux.md
curl -Lf https://raw.githubusercontent.com/actions/runner/v${RUNNER_VERSION}/src/Misc/layoutbin/installdependencies.sh \
-o install-gha-runner-deps.sh
bash install-gha-runner-deps.sh

# Use libbpf/ci/setup-build-env scripts
git clone --depth 1 --branch $LIBBPF_CI_TAG https://github.com/libbpf/ci.git actions

# Install build dependencies only on x86_64, we cross-compile everything else
if [ "$(uname -m)" == "x86_64" ]; then
if [ "$DEPS" = "all" ] || [ "$DEPS" = "build" ]; then
# do not install cross-compilation toolchain by default
export TARGET_ARCH=$(uname -m)
cd "${scratch}/actions/setup-build-env" && ./action.sh
fi

cd "${scratch}/actions/run-vmtest" && ./install-dependencies.sh
if [ "$DEPS" = "all" ] || [ "$DEPS" = "run" ]; then
cd "${scratch}/actions/run-vmtest" && ./install-dependencies.sh
fi

cd / && rm -rf $scratch
sudo apt-get clean
17 changes: 17 additions & 0 deletions kbuilder-debian.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM debian:experimental

ARG RUNNER_VERSION=2.331.0
ARG LIBBPF_CI_TAG=v4

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update -y && apt-get install -y --no-install-recommends \
ca-certificates curl git sudo wget

COPY setup-mirror-repos.sh /tmp/setup-mirror-repos.sh
RUN bash /tmp/setup-mirror-repos.sh

COPY install-dependencies.sh /tmp/install-dependencies.sh
RUN bash /tmp/install-dependencies.sh build

RUN apt-get clean
2 changes: 1 addition & 1 deletion s390x.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ RUN apt-get install -y --no-install-recommends \
software-properties-common sudo tar unzip wget zip zstd

COPY install-dependencies.sh /tmp/install-dependencies.sh
RUN /tmp/install-dependencies.sh
RUN /tmp/install-dependencies.sh run

RUN apt-get -y install aspnetcore-runtime-8.0

Expand Down
5 changes: 0 additions & 5 deletions setup-mirror-repos.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,6 @@

set -euo pipefail

if [ "$(uname -m)" != "x86_64" ]; then
echo "Skip setting up mirror repos in non-x86_64 image"
exit 0
fi

mkdir -p /libbpfci/mirrors
git clone https://github.com/kernel-patches/bpf.git /libbpfci/mirrors/linux
chmod -R a+rX /libbpfci/mirrors