From 543429f52639424702bad72a6ec6bae4b941851a Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 24 Oct 2023 12:07:11 +0200 Subject: [PATCH] Move retag or full image decision to ansible --- .github/workflows/collector-full.yml | 57 ++-------------------------- ansible/ci-build-collector-full.yml | 57 ++++++++++++++++++---------- 2 files changed, 39 insertions(+), 75 deletions(-) diff --git a/.github/workflows/collector-full.yml b/.github/workflows/collector-full.yml index fd99cf026e..eca7349a52 100644 --- a/.github/workflows/collector-full.yml +++ b/.github/workflows/collector-full.yml @@ -51,9 +51,6 @@ jobs: runs-on: ubuntu-latest needs: - init - if: | - github.event_name != 'pull_request' || - contains(github.event.pull_request.labels.*.name, 'build-full-images') strategy: fail-fast: false matrix: @@ -140,6 +137,7 @@ jobs: -e collector_tag="${{ inputs.collector-tag }}" \ -e driver_version="${DRIVER_VERSION}" \ -e context_path="${{ github.workspace }}/kernel-modules/container" \ + -e build_full_image=${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'build-full-images') }} \ -e @'${{ github.workspace }}/ansible/secrets.yml' \ ansible/ci-build-collector-full.yml @@ -147,8 +145,7 @@ jobs: runs-on: ubuntu-latest if: | github.event_name != 'pull_request' || - ( contains(github.event.pull_request.labels.*.name, 'build-full-images') && - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') ) + contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') needs: - build-collector-full env: @@ -201,8 +198,7 @@ jobs: runs-on: ubuntu-latest if: | github.event_name == 'pull_request' && - ( contains(github.event.pull_request.labels.*.name, 'build-full-images') && - !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') ) + !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') needs: - build-collector-full steps: @@ -241,50 +237,3 @@ jobs: dst-image: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }}-latest username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - - retag-collector-slim: - # TODO: Runing without build-full-images and with run-multiarch-builds - # should create manifests based on the slim images. - runs-on: ubuntu-latest - if: | - github.event_name == 'pull_request' && - !contains(github.event.pull_request.labels.*.name, 'build-full-images') - env: - COLLECTOR_IMAGE_SLIM: quay.io/stackrox-io/collector:${{ inputs.collector-tag }}-slim - - steps: - - name: Pull slim image - run: | - docker pull "${COLLECTOR_IMAGE_SLIM}" - - - name: Retag and push stackrox-io - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ env.COLLECTOR_IMAGE_SLIM }} - dst-image: quay.io/stackrox-io/collector:${{ inputs.collector-tag }} - username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - - - name: Retag and push stackrox-io -latest - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ env.COLLECTOR_IMAGE_SLIM }} - dst-image: quay.io/stackrox-io/collector:${{ inputs.collector-tag }}-latest - username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - - - name: Retag and push rhacs-eng - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ env.COLLECTOR_IMAGE_SLIM }} - dst-image: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }} - username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - - - name: Retag and push rhacs-eng -latest - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ env.COLLECTOR_IMAGE_SLIM }} - dst-image: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }}-latest - username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} diff --git a/ansible/ci-build-collector-full.yml b/ansible/ci-build-collector-full.yml index dd2e98b5b3..3259fd256d 100644 --- a/ansible/ci-build-collector-full.yml +++ b/ansible/ci-build-collector-full.yml @@ -16,29 +16,44 @@ pull: platform: "linux/{{ arch }}" - - name: Calculate required layers - shell: - cmd: "{{ context_path }}/required-layers.py -m 300 {{ context_path }}/kernel-modules" - register: required_layers + - name: Build full image + when: + - build_full_image + - arch != 'arm64' + block: + - name: Calculate required layers + shell: + cmd: "{{ context_path }}/required-layers.py -m 300 {{ context_path }}/kernel-modules" + register: required_layers - - set_fact: - required_layers: "{{ required_layers.stdout }}" + - set_fact: + required_layers: "{{ required_layers.stdout }}" - - name: Build the collector full image - community.docker.docker_image: - name: "{{ collector_image }}-{{ arch }}" - build: - platform: "linux/{{ arch }}" - target: "probe-layer-{{ required_layers }}" - args: - collector_repo: quay.io/stackrox-io/collector - collector_version: "{{ collector_tag }}-{{ arch }}" - module_version: "{{ driver_version }}" - max_layer_size: 300 - required_layers: "{{ required_layers }}" - path: "{{ context_path }}" - push: true - source: build + - name: Build the collector full image + community.docker.docker_image: + name: "{{ collector_image }}-{{ arch }}" + build: + platform: "linux/{{ arch }}" + target: "probe-layer-{{ required_layers }}" + args: + collector_repo: quay.io/stackrox-io/collector + collector_version: "{{ collector_tag }}-{{ arch }}" + module_version: "{{ driver_version }}" + max_layer_size: 300 + required_layers: "{{ required_layers }}" + path: "{{ context_path }}" + push: true + source: build + + - name: Retag slim image + when: not build_full_image or arch == 'arm64' + block: + - name: Retag slim image + community.docker.docker_image: + name: "{{ collector_image }}-{{ arch }}-slim" + repository: "{{ collector_image }}-{{ arch }}" + push: true + source: local - name: Retag and push stackrox-io -latest community.docker.docker_image: