-
Notifications
You must be signed in to change notification settings - Fork 280
154 lines (139 loc) · 5.24 KB
/
container-image-buildah.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Container Image
on:
workflow_dispatch:
inputs:
platforms:
description: "comma-separated list of platforms to build for, e.g. linux/amd64,linux/s390x,linux/ppc64le,linux/riscv64 (leave empty for defaults)"
default: ''
custom_tag:
description: optional custom tag on remote repo you want image to be tagged with
default: scratch
workflow_call:
inputs:
platforms:
required: false
default: ''
type: string
custom_tag:
required: false
default: ''
type: string
schedule:
# every Wednesday morning
- cron: 7 7 * * 3
push:
branches: [ master ]
tags:
- '*' # Push events to every tag not containing /
pull_request:
types: [opened, reopened, synchronize]
concurrency:
group: ci-container-build-${{ github.ref }}-1
cancel-in-progress: true
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# Sets permissions of the GITHUB_TOKEN to allow deployment to ghcr.io
permissions:
contents: read
packages: write
id-token: write
jobs:
buildah:
runs-on: ubuntu-latest
steps:
- name: Sanitize Platforms
id: platforms
run: |
platforms="${{ inputs.platforms == '' && 'linux/amd64,linux/arm64' || inputs.platforms }}"
archs="$( sed -e 's#linux/##g' <<< $platforms )"
echo "platforms=$platforms" >> $GITHUB_OUTPUT
echo "archs=$archs" >> $GITHUB_OUTPUT
# Allow multi-target builds
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ steps.platforms.outputs.archs }}
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: redhat-actions/podman-login@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=schedule
type=raw,value=latest,enable=${{ github.ref_name == 'master' }}
${{ github.ref_name == 'master' && 'type=raw,value=nightly' }}
type=ref,event=branch,enable=${{ github.ref_name != 'master' && inputs.custom_tag == '' }}
${{ inputs.custom_tag }}
type=ref,event=tag
type=ref,event=pr
# https://github.com/actions/checkout
- uses: actions/checkout@v4
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
tags: ${{ steps.meta.outputs.tags }}
platforms: ${{ steps.platforms.outputs.platforms }}
labels: ${{ steps.meta.outputs.labels }}
layers: false
oci: true
tls-verify: true
extra-args: |
--squash
--jobs=3
containerfiles: |
Dockerfile
- name: Echo Outputs
run: |
echo "Image: ${{ steps.build-image.outputs.image }}"
echo "Tags: ${{ steps.build-image.outputs.tags }}"
echo "Tagged Image: ${{ steps.build-image.outputs.image-with-tag }}"
- name: Check images created
run: buildah images
- name: Smoke test the images
run: |
set -ex
# accessing a mapped port from a container did not work so lets
# create a pod where both - server and client have same localhost
podman pod create > podid
platforms="${{ steps.platforms.outputs.platforms }}"
test_tag () {
podman run -d --pod-id-file=podid --name=listener -u 14:0 "${{ steps.build-image.outputs.image-with-tag }}$1" -s 0.0.0.0:1234
sleep 3
podman logs listener
podman run --pod-id-file=podid --rm -i "${{ steps.build-image.outputs.image-with-tag }}$1" ws://127.0.0.1:1234/ <<< "Test Message $1"
echo Expecting "\"Test Message $1\"" in listener log..
podman logs listener | tee /dev/stderr | grep -q "Test Message $1"
podman rm -f listener
}
if [ x$( sed -E -e 's#[^/]##g' <<< $platforms ) != "x/" ]; then
# if we are here, user has selected more than one build platform
arch_tags=$( tr ',' ' ' <<< $platforms | tr -d '/' )
# removed slashes to produce "linuxamd64 linuxs390x linuxppc64le"
for tag in $arch_tags; do test_tag -$tag; done
else
# if we are here, user has selected a single build platform
test_tag
fi
- name: Push To Container Registry
id: push-to-container-registry
uses: redhat-actions/push-to-registry@v2
if: github.event_name != 'pull_request'
with:
tags: ${{ steps.build-image.outputs.tags }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-to-container-registry.outputs.registry-paths }}"