mirror of
https://github.com/kairos-io/kairos.git
synced 2025-02-09 05:18:51 +00:00
885c0eb565
* Push generic images on release also renames the jobs so they are easily identificable from the CI web Signed-off-by: Itxaka <itxaka@kairos.io> * Push arm64 master images as well Signed-off-by: Itxaka <itxaka@kairos.io> --------- Signed-off-by: Itxaka <itxaka@kairos.io>
380 lines
15 KiB
YAML
380 lines
15 KiB
YAML
name: 'Push latest ARM images (Master)'
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
|
|
permissions: read-all
|
|
concurrency:
|
|
group: ci-arm-${{ github.head_ref || github.ref }}-${{ github.repository }}
|
|
cancel-in-progress: true
|
|
env:
|
|
FORCE_COLOR: 1
|
|
jobs:
|
|
get-core-matrix:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
matrix: ${{ steps.set-matrix.outputs.matrix }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
- run: |
|
|
git fetch --prune --unshallow
|
|
- id: set-matrix
|
|
run: |
|
|
content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "core" and .model != "generic"))'`
|
|
# the following lines are only required for multi line json
|
|
content="${content//'%'/'%25'}"
|
|
content="${content//$'\n'/'%0A'}"
|
|
content="${content//$'\r'/'%0D'}"
|
|
# end of optional handling for multi line json
|
|
echo "::set-output name=matrix::{\"include\": $content }"
|
|
|
|
get-core-matrix-generic:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
matrix: ${{ steps.set-matrix.outputs.matrix }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
- id: set-matrix
|
|
run: |
|
|
content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "core" and .model == "generic"))'`
|
|
# the following lines are only required for multi line json
|
|
content="${content//'%'/'%25'}"
|
|
content="${content//$'\n'/'%0A'}"
|
|
content="${content//$'\r'/'%0D'}"
|
|
# end of optional handling for multi line json
|
|
echo "::set-output name=matrix::{\"include\": $content }"
|
|
|
|
# The matrix for standard (provider) images
|
|
get-standard-matrix:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
matrix: ${{ steps.set-matrix.outputs.matrix }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
- run: |
|
|
sudo apt update && sudo apt install -y jq
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@master
|
|
with:
|
|
platforms: all
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@master
|
|
- name: Install earthly
|
|
uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
|
|
with:
|
|
repository: quay.io/kairos/packages
|
|
packages: utils/earthly
|
|
- id: set-matrix
|
|
run: |
|
|
docker run --name luet quay.io/luet/base && docker cp luet:/usr/bin/luet ./
|
|
chmod +x luet
|
|
sudo mv luet /usr/bin/luet
|
|
# Construct an array like this from the found versions:
|
|
earthly --platform=linux/arm64 +extract-framework-profile
|
|
# fetch "k3s-openrc" versions
|
|
sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(select(.name == "k3s-openrc")) | map(.version) | unique' > k3s_openrc.json
|
|
# fetch alpine flavors
|
|
jq 'map(select(.arch == "arm64" and .variant == "standard" and .model != "generic" and .flavor == "alpine"))' .github/flavors.json > flavors_openrc.json
|
|
# generate combinations
|
|
jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}]' flavors_openrc.json k3s_openrc.json > combinations_openrc.json
|
|
# fetch "k3s-systemd" versions
|
|
sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(select(.name == "k3s-systemd")) | map(.version) | unique' > k3s_systemd.json
|
|
# fetch non-alpine flavors
|
|
jq 'map(select(.arch == "arm64" and .variant == "standard" and .model != "generic" and .flavor != "alpine"))' .github/flavors.json > flavors_systemd.json
|
|
# generate combinations
|
|
jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}]' flavors_systemd.json k3s_systemd.json > combinations_systemd.json
|
|
# merge the two combinations
|
|
content=$(jq -s 'add' combinations_openrc.json combinations_systemd.json)
|
|
# the following lines are only required for multi line json
|
|
content="${content//'%'/'%25'}"
|
|
content="${content//$'\n'/'%0A'}"
|
|
content="${content//$'\r'/'%0D'}"
|
|
# end of optional handling for multi line json
|
|
echo "::set-output name=matrix::{\"include\": $content }"
|
|
build-nvidia-base:
|
|
runs-on: fast
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Check if cache image is available
|
|
id: cache
|
|
run: |
|
|
if docker pull quay.io/kairos/cache:nvidia-base; then
|
|
echo "cache_available=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "cache_available=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
- name: Get changed files
|
|
id: changed-files
|
|
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45
|
|
with:
|
|
files_yaml: |
|
|
nvidia:
|
|
- 'images/Dockerfile.nvidia'
|
|
- name: Install kairos-agent (for versioneer)
|
|
uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
|
|
with:
|
|
repository: quay.io/kairos/packages
|
|
packages: system/kairos-agent
|
|
- name: Release space from worker
|
|
if: ${{ steps.cache.outputs.cache_available == 'false' || steps.changed-files.outputs.nvidia_any_changed == 'true' }}
|
|
run: |
|
|
echo "Listing top largest packages"
|
|
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr)
|
|
head -n 30 <<< "${pkgs}"
|
|
echo
|
|
df -h
|
|
echo
|
|
sudo apt-get remove -y '^llvm-.*|^libllvm.*' || true
|
|
sudo apt-get remove --auto-remove android-sdk-platform-tools || true
|
|
sudo apt-get purge --auto-remove android-sdk-platform-tools || true
|
|
sudo rm -rf /usr/local/lib/android
|
|
sudo apt-get remove -y '^dotnet-.*|^aspnetcore-.*' || true
|
|
sudo rm -rf /usr/share/dotnet
|
|
sudo apt-get remove -y '^mono-.*' || true
|
|
sudo apt-get remove -y '^ghc-.*' || true
|
|
sudo apt-get remove -y '.*jdk.*|.*jre.*' || true
|
|
sudo apt-get remove -y 'php.*' || true
|
|
sudo apt-get remove -y hhvm || true
|
|
sudo apt-get remove -y powershell || true
|
|
sudo apt-get remove -y firefox || true
|
|
sudo apt-get remove -y monodoc-manual || true
|
|
sudo apt-get remove -y msbuild || true
|
|
sudo apt-get remove -y microsoft-edge-stable || true
|
|
sudo apt-get remove -y '^google-.*' || true
|
|
sudo apt-get remove -y azure-cli || true
|
|
sudo apt-get remove -y '^mongo.*-.*|^postgresql-.*|^mysql-.*|^mssql-.*' || true
|
|
sudo apt-get remove -y '^gfortran-.*' || true
|
|
sudo apt-get remove -y '^gcc-*' || true
|
|
sudo apt-get remove -y '^g++-*' || true
|
|
sudo apt-get remove -y '^cpp-*' || true
|
|
sudo apt-get autoremove -y
|
|
sudo apt-get clean
|
|
echo
|
|
echo "Listing top largest packages"
|
|
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr)
|
|
head -n 30 <<< "${pkgs}"
|
|
echo
|
|
sudo rm -rfv build || true
|
|
df -h
|
|
- name: Set up Docker Buildx
|
|
if: ${{ steps.cache.outputs.cache_available == 'false' || steps.changed-files.outputs.nvidia_any_changed == 'true' }}
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@master
|
|
- name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines
|
|
if: ${{ steps.cache.outputs.cache_available == 'false' || steps.changed-files.outputs.nvidia_any_changed == 'true' }}
|
|
run: |
|
|
sudo iptables -I INPUT -s 169.254.169.254 -j DROP
|
|
sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP
|
|
- name: Login to Quay Registry
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' && (steps.cache.outputs.cache_available == 'false' || steps.changed-files.outputs.nvidia_any_changed == 'true') }}
|
|
run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
|
|
- name: Build 🔧 & Push 🚀
|
|
if: ${{ steps.cache.outputs.cache_available == 'false' || steps.changed-files.outputs.nvidia_any_changed == 'true' }}
|
|
run: |
|
|
export IMAGE=quay.io/kairos/cache:nvidia-base
|
|
docker build --platform=linux/arm64 -t $IMAGE -f ./images/Dockerfile.nvidia ./images
|
|
docker push $IMAGE
|
|
|
|
nvidia-arm-core:
|
|
uses: ./.github/workflows/reusable-docker-arm-build.yaml
|
|
permissions:
|
|
id-token: write # OIDC support
|
|
contents: write
|
|
security-events: write
|
|
actions: read
|
|
attestations: read
|
|
checks: read
|
|
deployments: read
|
|
discussions: read
|
|
issues: read
|
|
packages: read
|
|
pages: read
|
|
pull-requests: read
|
|
repository-projects: read
|
|
statuses: read
|
|
needs:
|
|
- build-nvidia-base
|
|
secrets: inherit
|
|
with:
|
|
flavor: ubuntu
|
|
flavor_release: "22.04"
|
|
family: ubuntu
|
|
base_image: quay.io/kairos/cache:nvidia-base
|
|
model: nvidia-jetson-agx-orin
|
|
worker: ARM64
|
|
build-arm-core:
|
|
uses: ./.github/workflows/reusable-docker-arm-build.yaml
|
|
permissions:
|
|
id-token: write # OIDC support
|
|
contents: write
|
|
security-events: write
|
|
actions: read
|
|
attestations: read
|
|
checks: read
|
|
deployments: read
|
|
discussions: read
|
|
issues: read
|
|
packages: read
|
|
pages: read
|
|
pull-requests: read
|
|
repository-projects: read
|
|
statuses: read
|
|
secrets: inherit
|
|
with:
|
|
flavor: ${{ matrix.flavor }}
|
|
flavor_release: ${{ matrix.flavorRelease }}
|
|
family: ${{ matrix.family }}
|
|
model: ${{ matrix.model }}
|
|
base_image: ${{ matrix.baseImage }}
|
|
worker: ${{ matrix.worker }}
|
|
needs:
|
|
- get-core-matrix
|
|
strategy:
|
|
fail-fast: false
|
|
matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}}
|
|
build-arm-generic:
|
|
needs:
|
|
- get-core-matrix-generic
|
|
runs-on: ARM64
|
|
permissions:
|
|
id-token: write # OIDC support
|
|
contents: write
|
|
security-events: write
|
|
actions: read
|
|
attestations: read
|
|
checks: read
|
|
deployments: read
|
|
discussions: read
|
|
issues: read
|
|
packages: read
|
|
pages: read
|
|
pull-requests: read
|
|
repository-projects: read
|
|
statuses: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install earthly
|
|
uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
|
|
with:
|
|
repository: quay.io/kairos/packages-arm64
|
|
packages: utils/earthly
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
|
|
- name: Login to Quay Registry
|
|
run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
|
|
- name: Set local mirror
|
|
if: ${{ inputs.worker == 'ARM64' }}
|
|
run: |
|
|
# Configure earthly to use the docker mirror in CI
|
|
# https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
|
|
mkdir -p ~/.earthly/
|
|
cat << EOF > ~/.earthly/config.yml
|
|
global:
|
|
buildkit_additional_config: |
|
|
[registry."docker.io"]
|
|
mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
|
|
[registry."registry.docker-mirror.svc.cluster.local:5000"]
|
|
insecure = true
|
|
http = true
|
|
EOF
|
|
- name: Set Image name (master)
|
|
if: ${{ github.ref == 'refs/heads/master' }}
|
|
run: |
|
|
IMAGE_REF=$(FLAVOR=${{ inputs.flavor }} FLAVOR_RELEASE="${{ inputs.flavor_release }}" MODEL=${{ inputs.model }} TARGETARCH=arm64 VARIANT=core REGISTRY_AND_ORG="quay.io/kairos" RELEASE=master kairos-agent versioneer container-artifact-name)
|
|
echo "IMAGE_REF=${IMAGE_REF}" >> $GITHUB_ENV
|
|
- name: Build container 🔧
|
|
run: |
|
|
earthly -P +arm-container-image \
|
|
--FLAVOR=${{ matrix.flavor }} \
|
|
--FLAVOR_RELEASE=${{ matrix.flavor_release }} \
|
|
--FAMILY=${{ matrix.family }} \
|
|
--BASE_IMAGE=${{ matrix.base_image}} \
|
|
--MODEL=${{ matrix.model }} \
|
|
--VARIANT=${{ matrix.variant }}
|
|
- name: Push 🔧
|
|
if: ${{ github.ref == 'refs/heads/master' }}
|
|
run: |
|
|
docker tag $(cat build/IMAGE) ${{ env.IMAGE_REF }}
|
|
docker push ${{ env.IMAGE_REF }}
|
|
- name: Sign image
|
|
if: ${{ github.ref == 'refs/heads/master' }}
|
|
env:
|
|
COSIGN_YES: true
|
|
run: |
|
|
docker push "${{ env.IMAGE_REF }}" # Otherwise .RepoDigests will be empty for some reason
|
|
cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "${{ env.IMAGE_REF }}")
|
|
|
|
notify:
|
|
runs-on: ubuntu-latest
|
|
if: failure()
|
|
needs:
|
|
- build-arm-core
|
|
- image_and_iso_arm64_generic
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
- run: |
|
|
git fetch --prune --unshallow
|
|
- name: save commit-message
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure()
|
|
run: echo "COMMIT_MSG=$(git log -1 --pretty=format:%s)" >> $GITHUB_ENV
|
|
- name: notify if failure
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure()
|
|
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
|
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
|
|
with:
|
|
payload: |
|
|
{
|
|
"blocks": [
|
|
{
|
|
"type": "section",
|
|
"text": {
|
|
"type": "mrkdwn",
|
|
"text": "Job failure on master branch for job ${{ github.job }} in workflow \"${{ github.workflow }}\"\n\nCommit message is \"${{ env.COMMIT_MSG }}\"\n\n Commit sha is <https://github.com/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>"
|
|
}
|
|
},
|
|
{
|
|
"type": "divider"
|
|
},
|
|
{
|
|
"type": "actions",
|
|
"elements": [
|
|
{
|
|
"type": "button",
|
|
"text": {
|
|
"type": "plain_text",
|
|
"text": ":thisisfine: Failed Run",
|
|
"emoji": true
|
|
},
|
|
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
},
|
|
{
|
|
"type": "button",
|
|
"text": {
|
|
"type": "plain_text",
|
|
"text": ":kairos: Repository link",
|
|
"emoji": true
|
|
},
|
|
"url": "https://github.com/${{ github.repository }}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|