[CI] Add workflow to build premerge-buildbot container

boomanaiden154 · web-flow · commit 93611e4de7b2 · 2025-07-31T08:59:07.000-07:00
This patch sets up a workflow in a similar vein to all the other container images for building the premerge-buildbot container and publishing it to GHCR. There is a lot of duplicate code and eventually this should be refactored into an action. This is on my TODO list. Reviewers: cmtice Reviewed By: cmtice Pull Request: #528
diff --git a/.github/workflows/build-premerge-buildbot-container.yml b/.github/workflows/build-premerge-buildbot-container.yml
@@ -0,0 +1,76 @@
+name: Build Premerge Buildbot Container
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/build-premerge-buildbot-container.yml
+      - 'premerge/buildbot/**'
+  pull_request:
+    paths:
+      - .github/workflows/build-premerge-buildbot-container.yml
+      - 'premerge/buildbot/**'
+
+jobs:
+  build-premerge-buildbot-container:
+    if: github.repository_owner == 'llvm'
+    runs-on: ubuntu-24.04
+    outputs:
+      container-name: ${{ steps.vars.outputs.container-name }}
+      container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
+      container-filename: ${{ steps.vars.outputs.container-filename }}
+    steps:
+      - name: Checkout LLVM Zorg
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          sparse-checkout: premerge/buildbot
+      - name: Write Variables
+        id: vars
+        run: |
+          tag=`date +%s`
+          container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/premerge-buildbot"
+          echo "container-name=$container_name" >> $GITHUB_OUTPUT
+          echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
+          echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
+      - name: Build Container
+        working-directory: ./premerge/buildbot
+        run: |
+          podman build -t ${{ steps.vars.outputs.container-name-tag }} -f Dockerfile .
+      # Save the container so we have it in case the push fails.  This also
+      # allows us to separate the push step into a different job so we can
+      # maintain minimal permissions while building the container.
+      - name: Save Container Image
+        run: |
+          podman save  ${{ steps.vars.outputs.container-name-tag }} >  ${{ steps.vars.outputs.container-filename }}
+      - name: Upload Container Image
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: container
+          path: ${{ steps.vars.outputs.container-filename }}
+          retention-days: 14
+
+  push-premerge-buildbot-container:
+    if: github.event_name == 'push'
+    needs:
+      - build-premerge-buildbot-container
+    permissions:
+      packages: write
+    runs-on: ubuntu-24.04
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Download Container Image
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: container
+      - name: Push Container
+        run: |
+          podman load -i ${{ needs.build-premerge-buildbot-container.outputs.container-filename }}
+          podman tag ${{ needs.build-premerge-buildbot-container.outputs.container-name-tag }} ${{ needs.build-premerge-buildbot-container.outputs.container-name }}:latest
+          podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
+          podman push ${{ needs.build-premerge-buildbot-container.outputs.container-name-tag }}
+          podman push ${{ needs.build-premerge-buildbot-container.outputs.container-name }}:latest
