docs: add a script to do the tedious work of fetching digests #1719
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Samba Container Image CI | |
| on: | |
| push: | |
| branches: [master] | |
| pull_request: | |
| branches: [master] | |
| schedule: | |
| - cron: '0 2 * * *' | |
| # Allow manually triggering a run in the github ui. | |
| # See: https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow | |
| workflow_dispatch: {} | |
| env: | |
| CONTAINER_CMD: docker | |
| jobs: | |
| checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # We need a newer version of shellcheck to avoid problems with the | |
| # relative imports. Our scripts work on v0.7.2 and up but not the | |
| # v0.7.0 preinstalled in the ubutnu image. We can force a local | |
| # install by expliclity setting SHELLCHECK to `$ALT_BIN/shellcheck` | |
| - name: Run static check tools | |
| run: make check SHELLCHECK=$PWD/.bin/shellcheck | |
| check-commits: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Ensure branches | |
| run: git fetch | |
| - name: Lint git commit messages | |
| run: make check-gitlint | |
| build-server: | |
| # Reminder: the nightly-server images consume nightly samba rpm builds | |
| # it is not *just* an image that gets built nightly | |
| strategy: | |
| matrix: | |
| package_source: [default, nightly] | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| exclude: | |
| # there are no nightly packages for opensuse | |
| - package_source: nightly | |
| os: opensuse | |
| include: | |
| - package_source: devbuilds | |
| os: centos | |
| arch: amd64 | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build the server image | |
| run: make KIND=server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-image | |
| - name: Upload server image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| retention_days: 1 | |
| build-ad-server: | |
| strategy: | |
| matrix: | |
| package_source: [default, nightly] | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| exclude: | |
| # there are no nightly packages for opensuse | |
| - package_source: nightly | |
| os: opensuse | |
| # the distro packages for centos do not include an ad-dc | |
| - package_source: default | |
| os: centos | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build the ad server image | |
| run: make KIND=ad-server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
| - name: Upload ad server image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-ad-server:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| retention_days: 1 | |
| build-client: | |
| strategy: | |
| matrix: | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: build the client image | |
| run: make KIND=client OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
| # The client image is used as a base for the samba-toolbox build process. | |
| - name: Upload the client image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-client:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| retention_days: 1 | |
| build-toolbox: | |
| strategy: | |
| matrix: | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| needs: build-client | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Download locally stored samba-client image to be used as base for building | |
| # samba-toolbox. | |
| - name: Download client image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-client:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| # Workaround: retag the image so that the FQIN image matches the name in | |
| # the toolbox containerfiles. | |
| - name: Apply OS-latest tag to image (for centos) | |
| run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:${{ matrix.os }}-latest | |
| - name: Apply latest tag to image (for fedora) | |
| run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:latest | |
| - name: Build the toolbox image | |
| run: make KIND=toolbox OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
| # Upload the toolbox image for reference and/or image push | |
| - name: Upload the toolbox image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-toolbox:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| retention_days: 1 | |
| test-server: | |
| strategy: | |
| matrix: | |
| package_source: [default, nightly] | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| exclude: | |
| # there are no nightly packages for opensuse | |
| - package_source: nightly | |
| os: opensuse | |
| include: | |
| - package_source: devbuilds | |
| os: centos | |
| arch: amd64 | |
| needs: build-server | |
| runs-on: ubuntu-latest | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download server image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Test the server image | |
| run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh | |
| test-ad-server-kubernetes: | |
| strategy: | |
| matrix: | |
| package_source: [default, nightly] | |
| os: [centos, fedora, opensuse] | |
| arch: [amd64] | |
| exclude: | |
| # there are no nightly packages for opensuse | |
| - package_source: nightly | |
| os: opensuse | |
| # the distro packages for centos do not include an ad-dc | |
| - package_source: default | |
| os: centos | |
| needs: | |
| - build-ad-server | |
| - build-server | |
| # need to explicitly use 20.04 to avoid problems with jq... | |
| runs-on: ubuntu-20.04 | |
| env: | |
| BUILDAH_FORMAT: oci | |
| IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nolar/setup-k3d-k3s@v1 | |
| - name: get nodes | |
| run: kubectl get nodes | |
| - name: Download ad server image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-ad-server:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Download file server image | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:${{ env.IMG_TAG }}" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: import images to k3d | |
| run: k3d image import samba-server:${{ env.IMG_TAG }} samba-ad-server:${{ env.IMG_TAG }} | |
| - name: run the ad-dc deployment test | |
| run: ./tests/test-samba-ad-server-kubernetes.sh | |
| push: | |
| # verify it passes the test jobs first | |
| needs: | |
| - build-client | |
| - build-toolbox | |
| - test-server | |
| - test-ad-server-kubernetes | |
| runs-on: ubuntu-latest | |
| env: | |
| REPO_BASE: quay.io/samba.org | |
| # NOTE: the fromJSON below is needed beause the syntax github uses | |
| # doesn't actually understand JS/JSON style arrays (inline). When I left it | |
| # out I just got an error. It is present in their example(s). | |
| if: > | |
| contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) | |
| && github.repository == 'samba-in-kubernetes/samba-container' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: log in to quay.io | |
| run: ${CONTAINER_CMD} login -u "${{ secrets.QUAY_USER }}" -p "${{ secrets.QUAY_PASS }}" quay.io | |
| # pull in already built images we plan on pushing | |
| # (server images) | |
| - name: Fetch server default-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:default-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Fetch server nightly-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:nightly-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Fetch server nightly-centos-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:nightly-centos-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Fetch server devbuilds-centos-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-server:devbuilds-centos-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| # (ad server images) | |
| - name: Fetch ad-server default-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-ad-server:default-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| - name: Fetch ad-server nightly-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-ad-server:nightly-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| # (client images) | |
| - name: Fetch client default-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-client:default-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| # (toolbox images) | |
| - name: Fetch toolbox default-fedora-amd64 | |
| uses: ishworkh/[email protected] | |
| with: | |
| image: "samba-toolbox:default-fedora-amd64" | |
| container_engine: ${{ env.CONTAINER_CMD }} | |
| # reapply missing tags | |
| - name: Retag images | |
| run: > | |
| ./hack/build-image | |
| --retag | |
| --container-engine=${CONTAINER_CMD} | |
| --repo-base=${REPO_BASE} | |
| --no-distro-qualified | |
| -i samba-server:default-fedora-amd64 | |
| -i samba-server:nightly-fedora-amd64 | |
| -i samba-server:nightly-centos-amd64 | |
| -i samba-server:devbuilds-centos-amd64 | |
| -i samba-ad-server:default-fedora-amd64 | |
| -i samba-ad-server:nightly-fedora-amd64 | |
| -i samba-client:default-fedora-amd64 | |
| -i samba-toolbox:default-fedora-amd64 | |
| - name: Push images | |
| run: > | |
| ./hack/build-image | |
| --push | |
| --container-engine=${CONTAINER_CMD} | |
| --verbose | |
| --push-state=exists | |
| --push-selected-tags=mixed | |
| -i ${REPO_BASE}/samba-server:default-fedora-amd64 | |
| -i ${REPO_BASE}/samba-server:nightly-fedora-amd64 | |
| -i ${REPO_BASE}/samba-server:nightly-centos-amd64 | |
| -i ${REPO_BASE}/samba-server:devbuilds-centos-amd64 | |
| -i ${REPO_BASE}/samba-ad-server:default-fedora-amd64 | |
| -i ${REPO_BASE}/samba-ad-server:nightly-fedora-amd64 | |
| -i ${REPO_BASE}/samba-client:default-fedora-amd64 | |
| -i ${REPO_BASE}/samba-toolbox:default-fedora-amd64 |