Skip to content

Merge pull request #746 from Elizafox/pkglint #2189

Merge pull request #746 from Elizafox/pkglint

Merge pull request #746 from Elizafox/pkglint #2189

Workflow file for this run

name: e2e melange bootstrap + build
on:
push:
branches:
- 'main'
pull_request:
env:
SOURCE_DATE_EPOCH: 1669683910
jobs:
examples:
name: build examples
runs-on: ubuntu-latest
container:
image: alpine:latest
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
strategy:
matrix:
example:
- git-checkout.yaml
- gnu-hello.yaml
- mbedtls.yaml
- minimal.yaml
- sshfs.yaml
steps:
- name: Fetch dependencies
run: |
cat >/etc/apk/repositories <<_EOF_
https://dl-cdn.alpinelinux.org/alpine/edge/main
https://dl-cdn.alpinelinux.org/alpine/edge/community
https://dl-cdn.alpinelinux.org/alpine/edge/testing
_EOF_
apk upgrade -Ua
apk add go build-base bubblewrap
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: |
make melange
./melange keygen && mv melange.rsa.pub /etc/apk/keys
./melange build --pipeline-dir=pipelines examples/${{matrix.example}} --arch=x86_64 --empty-workspace
runner-kubernetes:
name: build example on kubernetes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.21'
check-latest: true
- name: Setup melange
run: |
make melange
./melange keygen local-melange.rsa
- name: Setup Cluster
uses: chainguard-dev/actions/setup-kind@main
with:
k8s-version: v1.26.x
registry-authority: registry.local:5000
- name: Configure
run: |
cat > .melange.k8s.yaml <<EOF
provider: generic
# Need something small enough for CI to handle
resources:
cpu: 0.5
memory: 1Gi
EOF
- name: Build
run: |
# Pick an example that requires mounting to flex kontext.Bundle()
./melange build --signing-key local-melange.rsa examples/simple-hello/melange.yaml --source-dir="examples/simple-hello" --workspace-dir="examples/simple-hello" --arch=x86_64 --runner kubernetes
bootstrap:
name: bootstrap package
runs-on: ubuntu-latest
container:
image: alpine:latest
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
steps:
- name: Fetch dependencies
run: |
cat >/etc/apk/repositories <<_EOF_
https://dl-cdn.alpinelinux.org/alpine/edge/main
https://dl-cdn.alpinelinux.org/alpine/edge/community
https://dl-cdn.alpinelinux.org/alpine/edge/testing
_EOF_
apk upgrade -Ua
apk add go cosign build-base git bubblewrap
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Mark workspace as a safe repository
run: git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: Build bootstrap melange tool (stage1)
run: make melange
- name: Generate a package signing keypair
run: |
./melange keygen
mv melange.rsa.pub /etc/apk/keys
- name: Prepare build workspace for stage2
run: |
git clone . workspace-stage2/x86_64
- name: Build stage2 melange package with bootstrap melange
run: ./melange build --pipeline-dir=pipelines/ --signing-key=melange.rsa --arch x86_64 --workspace-dir ${{github.workspace}}/workspace-stage2/
- name: Install stage2 melange package
run: apk add ./packages/x86_64/melange-*.apk
- name: Move stage2 artifacts to stage2 directory
run: |
mv packages stage2
- name: Verify operation of stage2 melange
run: melange version
- name: Prepare build workspace for stage3
run: |
git clone . workspace-stage3/x86_64
- name: Build stage3 melange package with stage2 melange
run: melange build --signing-key=melange.rsa --arch x86_64 --workspace-dir ${{github.workspace}}/workspace-stage3/
- name: Install stage3 melange package
run: apk add ./packages/x86_64/melange-*.apk
- name: Move stage3 artifacts to stage3 directory
run: |
mv packages stage3
- name: Ensure melange package is reproducible
run: |
sha256sum stage2/x86_64/*.apk | sed -e 's:stage2/:stage3/:g' | sha256sum -c
- name: Verify operation of stage3 melange
run: melange version