build multi-arch images #143

Workflow file for this run

.github/workflows/multi-arch-build.yaml at 86a057e

	---

	# Please see contrib/<reponame>image/README.md for details on the intentions
	# of this workflow.
	#
	# BIG FAT WARNING: This workflow is duplicated across containers/skopeo,
	# containers/buildah, and containers/podman. ANY AND
	# ALL CHANGES MADE HERE MUST BE MANUALLY DUPLICATED
	# TO THE OTHER REPOS.

	name: build multi-arch images

	on:
	# Upstream tends to be very active, with many merges per day.
	# Only run this daily via cron schedule, or manually, not by branch push.
	schedule:
	- cron: '0 8 * * *'
	# allows to run this workflow manually from the Actions tab
	workflow_dispatch:

	jobs:
	multi:
	name: multi-arch image build
	env:
	REPONAME: podman # No easy way to parse this out of $GITHUB_REPOSITORY
	# Server/namespace value used to format FQIN
	REPONAME_QUAY_REGISTRY: quay.io/podman
	CONTAINERS_QUAY_REGISTRY: quay.io/containers
	# list of architectures for build
	PLATFORMS: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
	# Command to execute in container to obtain project version number
	VERSION_CMD: "podman --version"

	# build several images (upstream, testing, stable) in parallel
	strategy:
	# By default, failure of one matrix item cancels all others
	fail-fast: false
	matrix:
	# Builds are located under contrib/<reponame>image/<source> directory
	source:
	- upstream
	- testing
	- stable
	runs-on: ubuntu-latest
	# internal registry caches build for inspection before push
	services:
	registry:
	image: quay.io/libpod/registry:2
	ports:
	- 5000:5000
	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	with:
	driver-opts: network=host
	install: true

	- name: Build and locally push image
	uses: docker/build-push-action@v2
	with:
	context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
	file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
	platforms: ${{ env.PLATFORMS }}
	push: true
	tags: localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}

	# Simple verification that stable images work, and
	# also grab version number use in forming the FQIN.
	- name: amd64 container sniff test
	if: matrix.source == 'stable'
	id: sniff_test
	run: \|
	podman pull --tls-verify=false \
	localhost:5000/$REPONAME/${{ matrix.source }}
	VERSION_OUTPUT=$(podman run \
	localhost:5000/$REPONAME/${{ matrix.source }} \
	$VERSION_CMD)
	echo "$VERSION_OUTPUT"
	VERSION=$(awk -r -e "/^${REPONAME} version /"'{print $3}' <<<"$VERSION_OUTPUT")
	test -n "$VERSION"
	echo "::set-output name=version::$VERSION"

	- name: Generate image FQIN(s) to push
	id: reponame_reg
	run: \|
	if [[ "${{ matrix.source }}" == 'stable' ]]; then
	# The command version in image just built
	VERSION='v${{ steps.sniff_test.outputs.version }}'
	# workaround vim syntax-highlight bug: '
	# Push both new\|updated version-tag and latest-tag FQINs
	FQIN="$REPONAME_QUAY_REGISTRY/stable:$VERSION,$REPONAME_QUAY_REGISTRY/stable:latest"
	elif [[ "${{ matrix.source }}" == 'testing' ]]; then
	# Assume some contents changed, always push latest testing.
	FQIN="$REPONAME_QUAY_REGISTRY/testing:latest"
	elif [[ "${{ matrix.source }}" == 'upstream' ]]; then
	# Assume some contents changed, always push latest upstream.
	FQIN="$REPONAME_QUAY_REGISTRY/upstream:latest"
	else
	echo "::error::Unknown matrix item '${{ matrix.source }}'"
	exit 1
	fi
	echo "::warning::Pushing $FQIN"
	echo "::set-output name=fqin::${FQIN}"
	echo '::set-output name=push::true'

	# This is substantially similar to the above logic,
	# but only handles $CONTAINERS_QUAY_REGISTRY for
	# the stable "latest" and named-version tagged images.
	- name: Generate containers reg. image FQIN(s)
	if: matrix.source == 'stable'
	id: containers_reg
	run: \|
	VERSION='v${{ steps.sniff_test.outputs.version }}'
	# workaround vim syntax-highlight bug: '
	# Push both new\|updated version-tag and latest-tag FQINs
	FQIN="$CONTAINERS_QUAY_REGISTRY/$REPONAME:$VERSION,$CONTAINERS_QUAY_REGISTRY/$REPONAME:latest"
	echo "::warning::Pushing $FQIN"
	echo "::set-output name=fqin::${FQIN}"
	echo '::set-output name=push::true'

	- name: Define LABELS multi-line env. var. value
	run: \|
	# This is a really hacky/strange workflow idiom, required
	# for setting multi-line $LABELS value for consumption in
	# a future step. There is literally no cleaner way to do this :<
	# https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#multiline-strings
	function set_labels() {
	echo 'LABELS<<DELIMITER' >> "$GITHUB_ENV"
	for line; do
	echo "$line" \| tee -a "$GITHUB_ENV"
	done
	echo "DELIMITER" >> "$GITHUB_ENV"
	}

	declare -a lines
	lines=(\
	"org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY}.git"
	"org.opencontainers.image.revision=${GITHUB_SHA}"
	"org.opencontainers.image.created=$(date -u --iso-8601=seconds)"
	)

	# Only the 'stable' matrix source obtains $VERSION
	if [[ "${{ matrix.source }}" == "stable" ]]; then
	lines+=(\
	"org.opencontainers.image.version=${{ steps.sniff_test.outputs.version }}"
	)
	fi

	set_labels "${lines[@]}"

	# Separate steps to login and push for $REPONAME_QUAY_REGISTRY and
	# $CONTAINERS_QUAY_REGISTRY are required, because 2 sets of credentials
	# are used and namespaced within the registry. At the same time, reuse
	# of non-shell steps is not supported by Github Actions nor are YAML
	# anchors/aliases, nor composite actions.

	# Push to $REPONAME_QUAY_REGISTRY for stable, testing. and upstream
	- name: Login to ${{ env.REPONAME_QUAY_REGISTRY }}
	uses: docker/login-action@v1
	if: steps.reponame_reg.outputs.push == 'true'
	with:
	registry: ${{ env.REPONAME_QUAY_REGISTRY }}
	# N/B: Secrets are not passed to workflows that are triggered
	# by a pull request from a fork
	username: ${{ secrets.REPONAME_QUAY_USERNAME }}
	password: ${{ secrets.REPONAME_QUAY_PASSWORD }}

	- name: Push images to ${{ steps.reponame_reg.outputs.fqin }}
	uses: docker/build-push-action@v2
	if: steps.reponame_reg.outputs.push == 'true'
	with:
	cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
	cache-to: type=inline
	context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
	file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
	platforms: ${{ env.PLATFORMS }}
	push: true
	tags: ${{ steps.reponame_reg.outputs.fqin }}
	labels: \|
	${{ env.LABELS }}

	# Push to $CONTAINERS_QUAY_REGISTRY only stable
	- name: Login to ${{ env.CONTAINERS_QUAY_REGISTRY }}
	if: steps.containers_reg.outputs.push == 'true'
	uses: docker/login-action@v1
	with:
	registry: ${{ env.CONTAINERS_QUAY_REGISTRY}}
	username: ${{ secrets.CONTAINERS_QUAY_USERNAME }}
	password: ${{ secrets.CONTAINERS_QUAY_PASSWORD }}

	- name: Push images to ${{ steps.containers_reg.outputs.fqin }}
	if: steps.containers_reg.outputs.push == 'true'
	uses: docker/build-push-action@v2
	with:
	cache-from: type=registry,ref=localhost:5000/${{ env.REPONAME }}/${{ matrix.source }}
	cache-to: type=inline
	context: contrib/${{ env.REPONAME }}image/${{ matrix.source }}
	file: ./contrib/${{ env.REPONAME }}image/${{ matrix.source }}/Dockerfile
	platforms: ${{ env.PLATFORMS }}
	push: true
	tags: ${{ steps.containers_reg.outputs.fqin }}
	labels: \|
	${{ env.LABELS }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build multi-arch images #143

Workflow file

build multi-arch images #143

Jobs

Run details

Workflow file for this run