test workflow

snir911 · snir911 · commit c4d8dc5e4ae0 · 2025-07-06T09:35:30.000+03:00
diff --git a/.github/README.md b/.github/README.md
@@ -0,0 +1,135 @@
+# GitHub Actions Workflows
+
+This directory contains GitHub Actions workflows for the sandboxed-containers-operator project.
+
+## Bootc PodVM Build Workflow
+
+The `bootc-podvm-build.yml` workflow builds bootc-based PodVM container images and converts them to disk images for deployment.
+
+### Features
+
+- **Multi-target builds**: Builds both standard and NVIDIA-enabled PodVM images
+- **Disk image conversion**: Converts bootc container images to qcow2 disk images using bootc-image-builder
+- **Artifact-based workflow**: Uses container artifacts for efficient container-to-disk conversion
+- **Artifact management**: Uploads both container images and disk images as artifacts
+- **Cloud provider support**: Configurable for Azure, AWS, and libvirt
+
+### Triggers
+
+The workflow runs on:
+- **Push events** to `main` or `devel` branches when bootc files change
+- **Pull requests** to `main` or `devel` branches (container build only, no push)
+- **Manual dispatch** with configurable options
+
+### Manual Execution
+
+You can manually trigger the workflow from the GitHub Actions tab with these options:
+
+- **Cloud Provider**: Choose between `azure`, `aws`, or `libvirt`
+- **Build Disk**: Whether to build the disk image from the container
+- **Container Variant**: Choose between `standard` or `nvidia` variant for disk conversion
+
+
+
+### Workflow Jobs
+
+#### 1. build-container
+- Builds the standard bootc PodVM container image
+- Saves container as workflow artifact
+- Uses Docker layer caching for efficiency
+
+#### 2. build-nvidia-container
+- Builds NVIDIA GPU-enabled PodVM container image
+- Only runs for Azure cloud provider
+- Saves container as workflow artifact
+
+#### 3. build-disk-image
+- Downloads container image artifacts from previous jobs (no registry required)
+- Supports both standard and nvidia container variants
+- Converts the container image to a qcow2 disk image using bootc-image-builder
+- Compresses the disk image with xz
+- Uploads as workflow artifacts
+- Generates metadata including checksums
+
+### Artifacts
+
+The workflow generates these artifacts:
+
+- **Container Images**: Saved as workflow artifacts (`podvm-bootc-container-{sha}`, `podvm-bootc-nvidia-container-{sha}`)
+- **Disk Images**: Available as workflow artifacts (`podvm-disk-{variant}-{provider}-{sha}`)
+- **Metadata**: JSON file with build information and checksums (`podvm-disk-metadata-{variant}-{provider}-{sha}`)
+
+### Usage Examples
+
+#### Building for Azure with NVIDIA support:
+```bash
+# Trigger manually from GitHub Actions UI
+# Select: cloud_provider=azure, container_variant=nvidia, build_disk=true
+```
+
+#### Building for AWS:
+```bash
+# Trigger manually from GitHub Actions UI  
+# Select: cloud_provider=aws, build_disk=true
+```
+
+#### Development workflow:
+```bash
+# Create a pull request with changes to bootc files
+# Workflow will build containers and generate artifacts
+```
+
+### Artifact-Based Workflow Benefits
+
+This workflow uses GitHub Actions artifacts to pass container images between jobs:
+
+- **No registry required**: Complete workflow runs without external registry dependencies
+- **Faster builds**: Eliminates registry push/pull overhead
+- **Cost efficient**: No registry bandwidth usage
+- **Secure**: Container images stay within the GitHub Actions environment
+- **Reliable**: No dependency on external registry availability
+- **Simplified setup**: No secrets or registry configuration needed
+
+The workflow saves container images as tar files in the first job, uploads them as artifacts, then downloads and loads them in the disk conversion job.
+
+### Disk Image Usage
+
+The generated disk images can be used:
+
+1. **Direct deployment**: Download the compressed qcow2 from artifacts
+2. **Cloud upload**: Use the disk image for VM creation in your cloud provider
+3. **OSC integration**: Reference the container image URI in OSC ConfigMaps
+
+### Configuration
+
+The workflow uses the `config.toml` file in the bootc directory for bootc-image-builder configuration. Modify this file to customize:
+
+- Root filesystem size
+- User accounts
+- Additional packages
+- Kernel parameters
+
+### Troubleshooting
+
+#### Common Issues:
+
+1. **Disk space**: The workflow includes cleanup steps to free space on runners
+2. **Build failures**: Check the bootc-image-builder logs in the workflow output
+3. **Missing artifacts**: If disk conversion fails, check that the container build job completed successfully
+4. **Container loading**: Verify that the tar file was properly created and downloaded
+
+#### Debugging:
+
+- Enable debug logging by setting `ACTIONS_STEP_DEBUG=true` in repository secrets
+- Check individual job logs for detailed error messages
+- Verify the Containerfile syntax and build context
+- Check artifact upload/download logs for container image transfer issues
+
+### Contributing
+
+When modifying the workflow:
+
+1. Test changes in a fork first
+2. Ensure all paths in triggers are correct
+3. Consider impact on artifact storage limits
+4. Verify container image naming consistency across jobs
diff --git a/.github/workflows/bootc-podvm-build.yaml b/.github/workflows/bootc-podvm-build.yaml
@@ -0,0 +1,237 @@
+name: Build Bootc PodVM Image
+
+on:
+  push:
+    branches: [ devel ]
+    paths:
+      - 'config/peerpods/podvm/bootc/**'
+  pull_request:
+    branches: [ devel ]
+    paths:
+      - 'config/peerpods/podvm/bootc/**'
+  workflow_dispatch:
+    inputs:
+      cloud_provider:
+        description: 'Cloud provider (azure, aws, libvirt)'
+        required: true
+        default: 'azure'
+        type: choice
+        options:
+          - azure
+          - aws
+          - libvirt
+
+      build_disk:
+        description: 'Build disk image from container'
+        required: false
+        default: true
+        type: boolean
+      container_variant:
+        description: 'Container variant to convert to disk (standard or nvidia)'
+        required: false
+        default: 'standard'
+        type: choice
+        options:
+          - standard
+          - nvidia
+
+env:
+  CLOUD_PROVIDER: ${{ github.event.inputs.cloud_provider || 'azure' }}
+
+jobs:
+  build-container:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete huge unnecessary tools folder
+        run: rm -rf /opt/hostedtoolcache
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build container image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: config/peerpods/podvm/bootc
+          file: config/peerpods/podvm/bootc/Containerfile.fedora
+          target: default-target
+          build-args: |
+            CLOUD_PROVIDER=${{ env.CLOUD_PROVIDER }}
+          tags: podvm-bootc:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64
+          outputs: type=docker,dest=/tmp/podvm-bootc.tar
+
+      - name: Upload container image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: podvm-bootc-container-${{ github.sha }}
+          path: /tmp/podvm-bootc.tar
+          retention-days: 7
+
+
+
+  build-nvidia-container:
+    runs-on: ubuntu-latest
+    if: github.event.inputs.cloud_provider == 'azure' || github.event_name != 'workflow_dispatch'
+    steps:
+      - name: Delete huge unnecessary tools folder
+        run: rm -rf /opt/hostedtoolcache
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build NVIDIA container image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: config/peerpods/podvm/bootc
+          file: config/peerpods/podvm/bootc/Containerfile.fedora
+          target: nvidia-podvm-bootc
+          build-args: |
+            CLOUD_PROVIDER=${{ env.CLOUD_PROVIDER }}
+          tags: podvm-bootc-nvidia:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64
+          outputs: type=docker,dest=/tmp/podvm-bootc-nvidia.tar
+
+      - name: Upload NVIDIA container image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: podvm-bootc-nvidia-container-${{ github.sha }}
+          path: /tmp/podvm-bootc-nvidia.tar
+          retention-days: 7
+
+  build-disk-image:
+    runs-on: ubuntu-latest
+    needs: [build-container, build-nvidia-container]
+    if: github.event_name != 'pull_request' && (github.event.inputs.build_disk != 'false') && (always() && !cancelled() && !failure())
+    steps:
+      - name: Delete huge unnecessary tools folder
+        run: rm -rf /opt/hostedtoolcache
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Determine container variant
+        run: |
+          VARIANT="${{ github.event.inputs.container_variant || 'standard' }}"
+          echo "CONTAINER_VARIANT=$VARIANT" >> $GITHUB_ENV
+
+          if [ "$VARIANT" = "nvidia" ]; then
+            echo "ARTIFACT_NAME=podvm-bootc-nvidia-container-${{ github.sha }}" >> $GITHUB_ENV
+            echo "CONTAINER_FILE=podvm-bootc-nvidia.tar" >> $GITHUB_ENV
+          else
+            echo "ARTIFACT_NAME=podvm-bootc-container-${{ github.sha }}" >> $GITHUB_ENV
+            echo "CONTAINER_FILE=podvm-bootc.tar" >> $GITHUB_ENV
+          fi
+
+      - name: Download container image artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ env.ARTIFACT_NAME }}
+          path: /tmp
+
+      - name: Load container image
+        run: |
+          # Load the container image from the artifact
+          echo "Loading container from: /tmp/${{ env.CONTAINER_FILE }}"
+          docker load -i /tmp/${{ env.CONTAINER_FILE }}
+
+          # Get the loaded image name and tag
+          IMAGE_NAME=$(docker images --format "table {{.Repository}}:{{.Tag}}" | grep -v REPOSITORY | head -n1)
+          echo "Loaded image: $IMAGE_NAME (variant: ${{ env.CONTAINER_VARIANT }})"
+          echo "LOADED_IMAGE=$IMAGE_NAME" >> $GITHUB_ENV
+
+          # Transfer image from Docker to Podman storage for bootc-image-builder
+          echo "Transferring image to Podman storage..."
+          docker save "$IMAGE_NAME" | sudo podman load
+
+          # Verify image is available in Podman
+          sudo podman images | grep -E "(REPOSITORY|$(echo $IMAGE_NAME | cut -d: -f1))"
+
+      - name: Create output directory
+        run: |
+          mkdir -p output
+          sudo chown -R $(id -u):$(id -g) output
+
+      - name: Convert container to disk image
+        run: |
+          echo "Converting container image: $LOADED_IMAGE"
+
+          # Convert bootc container to qcow2 disk image using the loaded image
+          sudo podman run \
+            --rm \
+            --privileged \
+            --security-opt label=type:unconfined_t \
+            -v $(pwd)/config/peerpods/podvm/bootc/config.toml:/config.toml:ro \
+            -v $(pwd)/output:/output \
+            -v /var/lib/containers/storage:/var/lib/containers/storage \
+            quay.io/centos-bootc/bootc-image-builder:latest \
+            --type qcow2 \
+            --rootfs xfs \
+            --use-librepo=True \
+            "$LOADED_IMAGE"
+
+      - name: Compress disk image
+        run: |
+          cd output/qcow2
+          if [ -f disk.qcow2 ]; then
+            echo "Compressing disk image..."
+            xz -9 -T 0 disk.qcow2
+            ls -lah disk.qcow2.xz
+          else
+            echo "Error: disk.qcow2 not found"
+            ls -la
+            exit 1
+          fi
+
+      - name: Upload disk image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: podvm-disk-${{ env.CONTAINER_VARIANT }}-${{ env.CLOUD_PROVIDER }}-${{ github.sha }}
+          path: output/qcow2/disk.qcow2.xz
+          retention-days: 30
+
+      - name: Generate disk image metadata
+        run: |
+          cd output/qcow2
+          if [ -f disk.qcow2.xz ]; then
+            echo "DISK_SIZE=$(stat -c%s disk.qcow2.xz)" >> $GITHUB_ENV
+            echo "DISK_SHA256=$(sha256sum disk.qcow2.xz | cut -d' ' -f1)" >> $GITHUB_ENV
+          fi
+
+      - name: Create release info
+        if: github.ref == 'refs/heads/devel'
+        run: |
+          cat > disk-info.json << EOF
+          {
+            "cloud_provider": "${{ env.CLOUD_PROVIDER }}",
+            "container_variant": "${{ env.CONTAINER_VARIANT }}",
+            "container_image": "${{ env.LOADED_IMAGE }}",
+            "disk_size_bytes": "${{ env.DISK_SIZE }}",
+            "disk_sha256": "${{ env.DISK_SHA256 }}",
+            "build_date": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+            "git_commit": "${{ github.sha }}",
+            "git_ref": "${{ github.ref }}"
+          }
+          EOF
+
+      - name: Upload disk metadata
+        if: github.ref == 'refs/heads/devel'
+        uses: actions/upload-artifact@v4
+        with:
+          name: podvm-disk-metadata-${{ env.CONTAINER_VARIANT }}-${{ env.CLOUD_PROVIDER }}-${{ github.sha }}
+          path: disk-info.json
+          retention-days: 90
