Updating the base OS and install necessary extra packages (multiplatform) #38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update base OS image | |
| run-name: Updating the base OS and install necessary extra packages (multiplatform) | |
| # This workflow builds the pgEdge base test image with full reproducibility metadata: | |
| # - Captures build timestamp, git commit SHA, branch, and Rocky Linux version | |
| # - Embeds build information in /etc/pgedge/build-info.txt within the image | |
| # - Tags images with both :latest and :${GIT_COMMIT} for version tracking | |
| # - Adds OCI labels for standard metadata inspection | |
| # - Prints all build metadata to workflow output for issue reproduction | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_name: | |
| description: 'Base image name (without registry/owner prefix)' | |
| required: false | |
| default: 'base-test-image' | |
| type: string | |
| image_tag: | |
| description: 'Additional custom tag (besides :latest and :<commit-sha>)' | |
| required: false | |
| default: '' | |
| type: string | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| pull-and-test: | |
| strategy: | |
| fail-fast: true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout spock | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Add permissions | |
| run: | | |
| sudo chmod -R a+w ${GITHUB_WORKSPACE} | |
| # See https://github.com/orgs/community/discussions/27086 | |
| - name: set lower case owner name | |
| run: | | |
| echo "OWNER_LC=${OWNER,,}" >> ${GITHUB_ENV} | |
| env: | |
| OWNER: '${{ github.repository_owner }}' | |
| # Capture build metadata for reproducibility | |
| - name: Capture build metadata | |
| id: meta | |
| run: | | |
| echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} | |
| echo "GIT_COMMIT=$(git rev-parse HEAD)" >> ${GITHUB_ENV} | |
| echo "GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)" >> ${GITHUB_ENV} | |
| echo "ROCKYLINUX_VERSION=$(docker run --rm rockylinux:9 cat /etc/rocky-release)" >> ${GITHUB_ENV} | |
| echo "IMAGE_NAME=${{ inputs.image_name || 'base-test-image' }}" >> ${GITHUB_ENV} | |
| # Print build information | |
| echo "=========================================" | |
| echo "pgEdge Base Image Build Information" | |
| echo "=========================================" | |
| echo "Image Name: ${{ inputs.image_name || 'base-test-image' }}" | |
| echo "Custom Tag: ${{ inputs.image_tag }}" | |
| echo "Build Date: $(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
| echo "Git Commit: $(git rev-parse HEAD)" | |
| echo "Git Branch: $(git rev-parse --abbrev-ref HEAD)" | |
| echo "Rocky Linux: $(docker run --rm rockylinux:9 cat /etc/rocky-release)" | |
| echo "Platforms: linux/amd64, linux/arm64" | |
| echo "=========================================" | |
| # Set up QEMU for multiplatform builds | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Set up Docker Buildx | |
| # Codacy wants us to use full commit SHA. This is for v3 | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| # Login to GHCR | |
| - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef | |
| with: | |
| registry: ghcr.io | |
| username: $OWNER_LC | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Prepare cached version of the base image with build metadata | |
| - name: Build and push multiplatform base system image | |
| uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 | |
| with: | |
| context: . | |
| file: tests/docker/Dockerfile-base.el9 | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: | | |
| ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:latest | |
| ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:${{ env.GIT_COMMIT }} | |
| ${{ inputs.image_tag && format('ghcr.io/{0}/{1}:{2}', env.OWNER_LC, env.IMAGE_NAME, inputs.image_tag) || '' }} | |
| build-args: | | |
| BUILD_DATE=${{ env.BUILD_DATE }} | |
| GIT_COMMIT=${{ env.GIT_COMMIT }} | |
| GIT_BRANCH=${{ env.GIT_BRANCH }} | |
| ROCKYLINUX_VERSION=${{ env.ROCKYLINUX_VERSION }} | |
| cache-from: type=gha,scope=base | |
| cache-to: type=gha,mode=max,scope=base | |
| provenance: false | |
| sbom: false | |
| # Verify multiplatform manifest | |
| - name: Inspect multiplatform manifest | |
| run: | | |
| docker buildx imagetools inspect ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:latest | |
| # Verify and display build information from the image | |
| - name: Display build information | |
| run: | | |
| echo "" | |
| echo "=========================================" | |
| echo "Multiplatform Image Built Successfully!" | |
| echo "=========================================" | |
| echo "Image Name: ${{ env.IMAGE_NAME }}" | |
| echo "Platforms: linux/amd64, linux/arm64" | |
| echo "" | |
| echo "Image Tags:" | |
| echo " - ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:latest" | |
| echo " - ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:${{ env.GIT_COMMIT }}" | |
| if [ -n "${{ inputs.image_tag }}" ]; then | |
| echo " - ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:${{ inputs.image_tag }}" | |
| fi | |
| echo "" | |
| echo "To pull this specific build:" | |
| echo " docker pull ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:${{ env.GIT_COMMIT }}" | |
| echo "" | |
| echo "Docker will automatically select the correct architecture:" | |
| echo " - linux/amd64 for Intel/AMD systems" | |
| echo " - linux/arm64 for Apple Silicon Macs (M1/M2/M3/M4)" | |
| echo "" | |
| echo "To view build info from the image:" | |
| echo " docker run --rm ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:latest cat /etc/pgedge/build-info.txt" | |
| echo "" | |
| echo "To inspect image labels:" | |
| echo " docker inspect ghcr.io/${{ env.OWNER_LC }}/${{ env.IMAGE_NAME }}:latest | jq '.[0].Config.Labels'" | |
| echo "=========================================" | |
| # ============================================================================== | |
| # Build Complete! | |
| # ============================================================================== | |
| # The base image is available at: | |
| # https://github.com/pgedge/spock/pkgs/container/<image-name> | |
| # | |
| # Workflow Inputs (configurable through Actions UI): | |
| # - image_name: Base image name (default: 'base-test-image') | |
| # - image_tag: Optional custom tag in addition to :latest and :<commit-sha> | |
| # | |
| # Each build includes comprehensive reproducibility metadata: | |
| # 1. /etc/pgedge/build-info.txt - Embedded build information file | |
| # 2. OCI image labels with build timestamp, commit SHA, and branch | |
| # 3. Commit-specific tag (:<commit-sha>) for immutable references | |
| # 4. Optional custom tag (:<custom-tag>) if provided | |
| # 5. Workflow output with all build parameters | |
| # | |
| # To reproduce any build: | |
| # 1. Check workflow output or image labels for git commit SHA | |
| # 2. Checkout that commit: git checkout <sha> | |
| # 3. Run the docker build command shown in /etc/pgedge/build-info.txt | |
| # | |
| # Documentation: tests/docker/Dockerfile-base.md | |
| # ============================================================================== |