enable s390x caching #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Collector builder image build | ||
on: | ||
workflow_call: | ||
inputs: | ||
collector-tag: | ||
type: string | ||
required: true | ||
description: | | ||
The tag used to build the collector image | ||
outputs: | ||
collector-builder-tag: | ||
description: The builder tag used by the build | ||
value: ${{ jobs.build-builder-image.outputs.collector-builder-tag || 'master' }} | ||
env: | ||
COLLECTOR_TAG: ${{ inputs.collector-tag }} | ||
DEFAULT_BUILDER_TAG: master | ||
ANSIBLE_CONFIG: ${{ github.workspace }}/ansible/ansible.cfg | ||
jobs: | ||
builder-needs-rebuilding: | ||
name: Determine if builder image needs to be built | ||
runs-on: ubuntu-latest | ||
outputs: | ||
build-image: ${{ steps.changed.outputs.builder-changed }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: dorny/paths-filter@v3 | ||
id: changed | ||
with: | ||
filters: | | ||
builder-changed: | ||
- builder/install/** | ||
- builder/third_party/** | ||
- builder/Dockerfile | ||
- .github/workflows/collector-builder.yml | ||
build-builder-image: | ||
name: Build the builder image | ||
runs-on: ubuntu-latest | ||
# Multiarch builds sometimes take for eeeeeeeeeever | ||
timeout-minutes: 480 | ||
needs: | ||
- builder-needs-rebuilding | ||
if: | | ||
needs.builder-needs-rebuilding.outputs.build-image == 'true' || | ||
(github.event_name == 'push' && ( | ||
github.ref_type == 'tag' || startsWith(github.ref_name, 'release-') | ||
)) || | ||
contains(github.event.pull_request.labels.*.name, 'build-builder-image') || | ||
github.event_name == 'schedule' | ||
outputs: | ||
collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag }} | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
arch: [amd64, ppc64le, s390x, arm64] | ||
env: | ||
PLATFORM: linux/${{ matrix.arch }} | ||
BUILD_TYPE: ci | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Set up builder ccache | ||
uses: actions/cache@v3 | ||
with: | ||
path: {{ github.workspace }}/builder/.ccache | ||
key: builder-ccache-${{ matrix.arch }}-${{ github.head_ref || github.ref_name }}-${{ github.sha }} | ||
restore-keys: | | ||
builder-ccache-${{ matrix.arch }}- | ||
- name: inject builder-ccache into docker | ||
uses: reproducible-containers/[email protected] | ||
with: | ||
cache-map: | | ||
{ | ||
"builder-ccache": "/root/.ccache" | ||
} | ||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: "3.10" | ||
- uses: 'google-github-actions/auth@v2' | ||
with: | ||
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' | ||
- uses: 'google-github-actions/setup-gcloud@v2' | ||
- uses: ./.github/actions/setup-vm-creds | ||
with: | ||
gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} | ||
gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} | ||
s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} | ||
ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} | ||
ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} | ||
s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} | ||
ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} | ||
redhat-username: ${{ secrets.REDHAT_USERNAME }} | ||
redhat-password: ${{ secrets.REDHAT_PASSWORD }} | ||
vm-type: all | ||
job-tag: builder | ||
- name: Create Build VMs | ||
if: | | ||
matrix.arch == 's390x' && | ||
(github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) | ||
run: | | ||
make -C "${{ github.workspace }}/ansible" create-build-vms | ||
- name: Define builder tag | ||
id: builder-tag | ||
run: | | ||
COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}" | ||
if [[ "${{ github.event_name }}" == 'pull_request' || \ | ||
"${{ github.ref_type }}" == 'tag' || \ | ||
"${{ github.ref_name }}" =~ ^release- ]]; then | ||
COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}" | ||
fi | ||
echo "COLLECTOR_BUILDER_TAG=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_ENV" | ||
echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT" | ||
- name: Create ansible vars | ||
run: | | ||
{ | ||
echo "---" | ||
echo "stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}" | ||
echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}" | ||
echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}" | ||
echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}" | ||
echo "collector_git_ref: ${{ github.ref }}" | ||
echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}" | ||
} > ${{ github.workspace }}/ansible/secrets.yml | ||
- name: Build images | ||
if: | | ||
(github.event_name != 'pull_request' && matrix.arch != 's390x') || | ||
matrix.arch == 'amd64' || | ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x') | ||
timeout-minutes: 480 | ||
run: | | ||
ansible-galaxy install -r ansible/requirements.yml | ||
ansible-playbook \ | ||
--connection local \ | ||
-i localhost, \ | ||
--limit localhost \ | ||
-e arch='${{ matrix.arch }}' \ | ||
-e @'${{ github.workspace }}/ansible/secrets.yml' \ | ||
ansible/ci-build-builder.yml | ||
- name: Build s390x images | ||
if: | | ||
(github.event_name != 'pull_request' && matrix.arch == 's390x') || | ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x') | ||
timeout-minutes: 480 | ||
run: | | ||
ansible-playbook \ | ||
-i ansible/ci \ | ||
-e build_hosts='job_id_${{ env.JOB_ID }}' \ | ||
-e arch='${{ matrix.arch }}' \ | ||
-e github_workspace='${{ github.workspace }}' \ | ||
-e @'${{ github.workspace }}/ansible/secrets.yml' \ | ||
ansible/ci-build-builder.yml | ||
- name: Destroy VMs | ||
if: always() && matrix.arch == 's390x' | ||
run: | | ||
make -C ansible destroy-vms | ||
- name: Store artifacts | ||
if: always() | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: builder-${{ matrix.arch }}-logs | ||
path: | | ||
${{ github.workspace }}/build_builder_image.log | ||
create-multiarch-manifest: | ||
needs: | ||
- build-builder-image | ||
name: Create Multiarch manifest | ||
runs-on: ubuntu-latest | ||
if: | | ||
github.event_name != 'pull_request' || | ||
(needs.build-builder-image.outputs.collector-builder-tag != 'cache' && | ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) | ||
env: | ||
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }} | ||
ARCHS: amd64 ppc64le s390x arm64 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Login to quay.io/stackrox-io | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} | ||
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} | ||
- name: Create and push multiarch manifest for builder to stackrox-io | ||
uses: ./.github/actions/create-multiarch-manifest | ||
with: | ||
base-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} | ||
archs: ${{ env.ARCHS }} | ||
- name: Login to quay.io/rhacs-eng | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} | ||
password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} | ||
- name: Create and push multiarch manifest for builder to rhacs-eng | ||
uses: ./.github/actions/create-multiarch-manifest | ||
with: | ||
base-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} | ||
archs: ${{ env.ARCHS }} | ||
retag-x86-image: | ||
needs: | ||
- build-builder-image | ||
name: Retag x86 builder image | ||
runs-on: ubuntu-latest | ||
if: | | ||
github.event_name == 'pull_request' && | ||
needs.build-builder-image.outputs.collector-builder-tag != 'cache' && | ||
!contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') | ||
env: | ||
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }} | ||
steps: | ||
- name: Pull image to retag | ||
run: | | ||
docker pull "quay.io/stackrox-io/collector-builder:${COLLECTOR_BUILDER_TAG}-amd64" | ||
- name: Retag and push stackrox-io | ||
uses: stackrox/actions/images/retag-and-push@v1 | ||
with: | ||
src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64 | ||
dst-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} | ||
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} | ||
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} | ||
- name: Retag and push rhacs-eng | ||
uses: stackrox/actions/images/retag-and-push@v1 | ||
with: | ||
src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64 | ||
dst-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} | ||
username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} | ||
password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} |