@@ -94,18 +94,21 @@ jobs:
9494# Dynamically define job matrix.
9595 # We need a separate matrix entry for each distribution, when the relevant input is true.
9696 # https://stackoverflow.com/questions/65384420/how-do-i-make-a-github-action-matrix-element-conditional
97+ # NOTE(bbezak): Both amd64 and aarch64 need to be built in a single workflow to create a multi-architecture manifest.
98+ # For now include only RL9 in aarch64
9799 - name : Generate build matrix
98100 id : set-matrix
99101 run : |
100102 output="{'distro': ["
101103 if [[ ${{ inputs.rocky-linux-9 }} == 'true' ]]; then
102- output+="{'name': 'rocky', 'release': 9},"
104+ output+="{'name': 'rocky', 'release': 9, 'arch': 'amd64'},"
105+ output+="{'name': 'rocky', 'release': 9, 'arch': 'aarch64'},"
103106 fi
104107 if [[ ${{ inputs.ubuntu-jammy }} == 'true' ]]; then
105- output+="{'name': 'ubuntu', 'release': 'jammy'},"
108+ output+="{'name': 'ubuntu', 'release': 'jammy', 'arch': 'amd64' },"
106109 fi
107110 if [[ ${{ inputs.ubuntu-noble }} == 'true' ]]; then
108- output+="{'name': 'ubuntu', 'release': 'noble'},"
111+ output+="{'name': 'ubuntu', 'release': 'noble', 'arch': 'amd64' },"
109112 fi
110113 # remove trailing comma
111114 output="${output%,}"
@@ -124,7 +127,9 @@ jobs:
124127 container-image-build :
125128 name : Build Kolla container images
126129 if : github.repository == 'stackhpc/stackhpc-kayobe-config'
127- runs-on : ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
130+ runs-on : ${{ matrix.distro.arch == 'aarch64'
131+ && fromJson('["self-hosted","sms","arm64"]')
132+ || needs.runner-selection.outputs.runner_name_container_image_build }}
128133 timeout-minutes : 720
129134 permissions : {}
130135 strategy :
@@ -211,9 +216,16 @@ jobs:
211216 continue-on-error : true
212217 run : |
213218 args="${{ inputs.regexes }}"
219+ if [[ "${{ matrix.distro.arch }}" == 'aarch64' ]]; then
220+ args="$args -e kolla_base_arch=${{ matrix.distro.arch }}"
221+ fi
214222 args="$args -e kolla_base_distro=${{ matrix.distro.name }}"
215223 args="$args -e kolla_base_distro_version=${{ matrix.distro.release }}"
216- args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}"
224+ if [[ "${{ matrix.distro.name }}" == 'rocky' ]]; then
225+ args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}-${{ matrix.distro.arch }}"
226+ else
227+ args="$args -e kolla_tag=${{ steps.write-kolla-tag.outputs.kolla-tag }}"
228+ fi
217229 args="$args -e stackhpc_repo_mirror_auth_proxy_enabled=true"
218230 source venvs/kayobe/bin/activate &&
219231 source src/kayobe-config/kayobe-env --environment ci-builder &&
@@ -226,6 +238,10 @@ jobs:
226238 run : sudo mv /var/log/kolla-build.log image-build-logs/kolla-build-overcloud.log
227239 if : inputs.overcloud
228240
241+ - name : Copy build configs to output directory
242+ run : sudo cp -rnL /opt/kayobe/etc/kolla/* image-build-logs/
243+ if : inputs.overcloud
244+
229245 - name : Build kolla seed images
230246 id : build_seed_images
231247 continue-on-error : true
@@ -239,14 +255,14 @@ jobs:
239255 kayobe seed container image build $args
240256env :
241257 KAYOBE_VAULT_PASSWORD : ${{ secrets.KAYOBE_VAULT_PASSWORD }}
242- if : inputs.seed
258+ if : inputs.seed && matrix.distro.arch == 'amd64'
243259
244260 - name : Copy seed container image build logs to output directory
245261 run : sudo mv /var/log/kolla-build.log image-build-logs/kolla-build-seed.log
246- if : inputs.seed
262+ if : inputs.seed && matrix.distro.arch == 'amd64'
247263
248264 - name : Get built container images
249- run : docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}" > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images
265+ run : docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:${{ steps.write-kolla-tag.outputs.kolla-tag }}* " > ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images
250266
251267 - name : Fail if no images have been built
252268 run : if [ $(wc -l < ${{ matrix.distro.name }}-${{ matrix.distro.release }}-container-images) -le 1 ]; then exit 1; fi
@@ -307,7 +323,7 @@ jobs:
307323 - name : Upload output artifact
308324 uses : actions/upload-artifact@v4
309325 with :
310- name : ${{ matrix.distro.name }}-${{ matrix.distro.release }}-logs
326+ name : ${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ matrix.distro.arch }}- logs
311327 path : image-build-logs
312328 retention-days : 7
313329 if : ${{ !cancelled() }}
@@ -331,6 +347,117 @@ jobs:
331347 run : if [ $(wc -l < image-build-logs/image-scan-output/critical-images.txt) -gt 0 ]; then cat image-build-logs/image-scan-output/critical-images.txt && exit 1; fi
332348 if : ${{ !inputs.push-dirty && !cancelled() }}
333349
350+ create-manifests :
351+ # Only for Rocky Linux for now
352+ name : Create Multiarch Docker Manifests
353+ if : github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push
354+ runs-on : ${{ needs.runner-selection.outputs.runner_name_container_image_build }}
355+ permissions : {}
356+ needs :
357+ - container-image-build
358+ - runner-selection
359+ steps :
360+ - name : Install package dependencies
361+ run : |
362+ sudo apt update
363+ sudo apt install -y git unzip python3-wheel python3-pip python3-venv curl jq wget openssh-server openssh-client
364+ name : Install gh
365+ run : |
366+ sudo mkdir -p -m 755 /etc/apt/keyrings && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null
367+ sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg
368+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
369+ sudo apt update
370+ sudo apt install gh -y
371+ name : Checkout Kayobe Config
372+ uses : actions/checkout@v4
373+ with :
374+ path : src/kayobe-config
375+
376+ - name : Install Kayobe
377+ run : |
378+ mkdir -p venvs &&
379+ pushd venvs &&
380+ python3 -m venv kayobe &&
381+ source kayobe/bin/activate &&
382+ pip install -U pip &&
383+ pip install -r ../src/kayobe-config/requirements.txt
384+ # Required for Pulp auth proxy deployment and Docker registry login.
385+ # Normally installed during host configure.
386+ - name : Install Docker Python SDK
387+ run : |
388+ sudo pip install docker
389+ name : Configure localhost as a seed
390+ run : |
391+ cat > src/kayobe-config/etc/kayobe/environments/ci-builder/inventory/hosts << EOF
392+ # A 'seed' host used for building images.
393+ # Use localhost for container image builds.
394+ [seed]
395+ localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
396+ EOF
397+ # See etc/kayobe/ansible/roles/pulp_auth_proxy/README.md for details.
398+ # NOTE: We override pulp_auth_proxy_conf_path to a path shared by the
399+ # runner and dind containers.
400+ - name : Deploy an authenticating package repository mirror proxy
401+ run : |
402+ source venvs/kayobe/bin/activate &&
403+ source src/kayobe-config/kayobe-env --environment ci-builder &&
404+ kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-auth-proxy.yml -e pulp_auth_proxy_conf_path=/home/runner/_work/pulp_proxy
405+ env :
406+ KAYOBE_VAULT_PASSWORD : ${{ secrets.KAYOBE_VAULT_PASSWORD }}
407+
408+ - name : Download artifacts
409+ uses : actions/download-artifact@v4
410+
411+ - name : Combine pushed images lists
412+ run : |
413+ find . -name 'push-attempt-images.txt' -exec cat {} + > all-pushed-images.txt
414+ name : Log in to Docker registry
415+ run : |
416+ source venvs/kayobe/bin/activate &&
417+ source src/kayobe-config/kayobe-env --environment ci-builder &&
418+ kayobe playbook run ${KAYOBE_CONFIG_PATH}/ansible/docker-registry-login.yml
419+ env :
420+ KAYOBE_VAULT_PASSWORD : ${{ secrets.KAYOBE_VAULT_PASSWORD }}
421+
422+ - name : Create and Push Docker Manifests
423+ run : |
424+ set -ex
425+ mkdir -p logs
426+ images=$(cat all-pushed-images.txt | sort | uniq)
427+ # Filter out Ubuntu and Rocky Bifrost images
428+ manifest_images=$(echo "$images" | grep -E '.*-(amd64|aarch64)$' | sed -E 's/-(amd64|aarch64)$//' | sort | uniq)
429+ if [ -z "$manifest_images" ]; then
430+ echo "No Rocky overcloud images found. Skipping manifest creation." | tee -a logs/manifest-creation.log
431+ exit 0
432+ fi
433+ for base_image in $manifest_images; do
434+ arch_images=""
435+ for arch in amd64 aarch64; do
436+ arch_image="${base_image}-${arch}"
437+ # Check if the image exists in the registry
438+ if docker manifest inspect "$arch_image" > /dev/null 2>&1; then
439+ arch_images="$arch_images $arch_image"
440+ fi
441+ done
442+ if [ -n "$arch_images" ]; then
443+ echo "Creating manifest for $base_image with images:$arch_images" | tee -a logs/manifest-creation.log
444+ docker manifest create "$base_image" $arch_images | tee -a logs/manifest-creation.log
445+ docker manifest push "$base_image" | tee -a logs/manifest-creation.log
446+ else
447+ echo "No images found for $base_image, skipping." | tee -a logs/manifest-creation.log
448+ fi
449+ done
450+
451+ name : Upload manifest logs
452+ uses : actions/upload-artifact@v4
453+ with :
454+ name : manifest-logs
455+ path : |
456+ all-pushed-images.txt
457+ logs/manifest-creation.log
458+ retention-days : 7
459+ if : ${{ !cancelled() }}
460+
334461 # NOTE(mgoddard): Trigger another CI workflow in the
335462 # stackhpc-release-train repository.
336463 - name : Trigger container image repository sync
0 commit comments