forked from lf-edge/eve
-
Notifications
You must be signed in to change notification settings - Fork 0
163 lines (158 loc) · 5.64 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
---
name: Publish
on: # yamllint disable-line rule:truthy
push:
branches:
- "master"
- "[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+-stable"
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-lts"
jobs:
packages:
if: github.event.repository.full_name == 'lf-edge/eve'
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: arm64-secure
arch: arm64
- os: ubuntu-20.04
arch: amd64
- os: ubuntu-latest
arch: riscv64
steps:
- name: Starting Report
run: |
echo Git Ref: ${{ github.ref }}
echo GitHub Event: ${{ github.event_name }}
echo Disk usage
df -h
echo Memory
free -m
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Force fetch annotated tags (workaround)
# Workaround for https://github.com/actions/checkout/issues/290
run: |
git fetch --force --tags
- name: Determine architecture prefix and ref
env:
REF: ${{ github.ref }}
run: |
# some special installs when building for riscv64
if [ "${{ matrix.arch }}" = riscv64 ]; then
APT_INSTALL="sudo apt install -y binfmt-support qemu-user-static"
# the following weird statement is here to speed up the happy path
# if the default server is responding -- we can skip apt update
$APT_INSTALL || { sudo apt update && $APT_INSTALL ; }
# constraining environment for riscv64 builds
echo "ZARCH=riscv64" >> "$GITHUB_ENV"
fi
echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV"
echo "TAG=$(echo "$REF" | sed -e 's#^.*/##' -e 's#master#snapshot#' -e 's#main#snapshot#')" >> "$GITHUB_ENV"
- name: Login to DockerHUB
run: |
echo "${{ secrets.RELEASE_DOCKERHUB_TOKEN }}" |\
docker login -u "${{ secrets.RELEASE_DOCKERHUB_ACCOUNT }}" --password-stdin
- name: Build packages
run: |
SUCCESS=
# sadly, our build sometimes times out on network access
# and running out of disk space: re-trying for 3 times
for i in 1 2 3; do
if make -e V=1 LINUXKIT_PKG_TARGET=push PRUNE=1 pkgs; then
SUCCESS=true
break
else
# the most likely reason for 'make pkgs' to fail is
# the docker cache produced by the build exhausting
# disk space. So the following can't hurt before we
# retry:
docker rmi -f `docker image ls -q` || :
docker system prune -f || :
fi
done
if [ -z "$SUCCESS" ]; then echo "::error::failed to build and push packages" && exit 1; fi
- name: Post package report
run: |
echo Disk usage
df -h
echo Memory
free -m
docker system df
docker system df -v
- name: Clean
run: |
make clean
docker system prune -f -a
rm -rf ~/.linuxkit
# eve composition can run as a separate job, even on a separate runner, because the packages job
# published everything. Which means all images are already on the OCI registry.
eve:
if: github.event.repository.full_name == 'lf-edge/eve'
needs: packages
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch: [arm64, amd64]
hv: [kvm, xen]
include:
- arch: riscv64
hv: mini
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/run-make
with:
command: "V=1 HV=${{ matrix.hv }} ZARCH=${{ matrix.arch }} LINUXKIT_PKG_TARGET=push eve"
dockerhub-token: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
dockerhub-account: ${{ secrets.RELEASE_DOCKERHUB_ACCOUNT }}
- uses: ./.github/actions/run-make
if: matrix.arch != 'riscv64'
with:
command: "V=1 HV=${{ matrix.hv }} ZARCH=${{ matrix.arch }} LINUXKIT_PKG_TARGET=push sbom collected_sources compare_sbom_collected_sources publish_sources"
dockerhub-token: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
dockerhub-account: ${{ secrets.RELEASE_DOCKERHUB_ACCOUNT }}
verification:
if: github.event.repository.full_name == 'lf-edge/eve'
needs: packages
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch: [arm64, amd64]
hv: [kvm, xen]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/run-make
with:
command: "V=1 HV=${{ matrix.hv }} ZARCH=${{ matrix.arch }} LINUXKIT_PKG_TARGET=push verification"
dockerhub-token: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
dockerhub-account: ${{ secrets.RELEASE_DOCKERHUB_ACCOUNT }}
manifest:
if: github.event.repository.full_name == 'lf-edge/eve'
runs-on: ubuntu-latest
needs: packages
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/run-make
with:
command: "V=1 LINUXKIT_PKG_TARGET=manifest pkgs"
dockerhub-token: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
dockerhub-account: ${{ secrets.RELEASE_DOCKERHUB_ACCOUNT }}
trigger_assets:
if: ${{ (startsWith(github.ref, 'refs/tags/')) && (github.event.repository.full_name == 'lf-edge/eve') }}
needs: [manifest, verification, eve]
uses: lf-edge/eve/.github/workflows/assets.yml@master
with:
tag_ref: ${{ github.ref }}