From 2a006cb6267098a61509b769a748090025da63ba Mon Sep 17 00:00:00 2001 From: Allison Karlitskaya Date: Thu, 14 Mar 2024 23:39:00 +0100 Subject: [PATCH] workflows: build a multi-arch tasks container Build a tasks container for arm64 in addition to amd64. We do this by splitting the build process into multiple jobs. For the arm one, we make use of the arm runners from BuildJet. At the end, we write the manifest and upload that with the "public" tag name. Remove the local infrastructure and rules for pushing the container; it's not so easy anymore. --- .github/workflows/build-tasks.yml | 64 +++++++++++++++++++++++++++---- Makefile | 4 -- push-container | 15 -------- 3 files changed, 56 insertions(+), 27 deletions(-) delete mode 100755 push-container diff --git a/.github/workflows/build-tasks.yml b/.github/workflows/build-tasks.yml index 34a5164c..4f71c7d8 100644 --- a/.github/workflows/build-tasks.yml +++ b/.github/workflows/build-tasks.yml @@ -1,21 +1,69 @@ name: build-tasks + on: # this is meant to be run on an approved PR branch for convenience workflow_dispatch: + +# We derive a unique ID here to make sure that we don't get into a situation +# where different runners pick different tags (eg: for builds near midnight, or +# in different time zones). The manifest job picks the final name. +env: + tag: quay.io/cockpit/tasks + tmptag: quay.io/cockpit/tasks-tmp:${{ github.run_id }}.${{ github.run_attempt }} + jobs: build: - runs-on: ubuntu-22.04 + strategy: + matrix: + build: + - label: amd64 + runner: buildjet-2vcpu-ubuntu-2204 + - label: arm64 + runner: buildjet-2vcpu-ubuntu-2204-arm + + runs-on: ${{ matrix.build.runner }} environment: quay.io timeout-minutes: 30 + steps: - - name: Clone repository + - + name: Log in to container registry + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_BOTUSER }} + password: ${{ secrets.QUAY_TOKEN }} + - + name: Checkout uses: actions/checkout@v4 + - + name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ env.tmptag }}-${{ matrix.build.label }} + context: tasks/container + file: tasks/container/Containerfile - - name: Log into container registry - run: podman login -u ${{ secrets.QUAY_BOTUSER }} -p ${{ secrets.QUAY_TOKEN }} quay.io + manifest: + needs: build - - name: Build tasks container - run: make tasks-container + runs-on: buildjet-2vcpu-ubuntu-2204 + environment: quay.io + timeout-minutes: 30 + + steps: + - + name: Log in to container registry + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_BOTUSER }} + password: ${{ secrets.QUAY_TOKEN }} + - + name: Create manifest + run: | + docker manifest create tasks '${{ env.tmptag }}'-{amd,arm}64' - - name: Push container to registry - run: make tasks-push + docker manifest push tasks "${{ env.tag }}:$(date --iso-8601)" + docker manifest push tasks "${{ env.tag }}:latest" diff --git a/Makefile b/Makefile index ccc9ca6c..1c55d915 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,6 @@ all: @echo "usage: make containers" >&2 @echo " make tasks-container" >&2 - @echo " make tasks-push" >&2 @echo " make check" >&2 check: @@ -19,8 +18,5 @@ tasks-container: $(DOCKER) build -t quay.io/cockpit/tasks:$(TAG) tasks/container $(DOCKER) tag quay.io/cockpit/tasks:$(TAG) quay.io/cockpit/tasks:latest -tasks-push: - ./push-container quay.io/cockpit/tasks - tasks-secrets: @cd tasks && ./build-secrets $(TASK_SECRETS) diff --git a/push-container b/push-container deleted file mode 100755 index a855abe7..00000000 --- a/push-container +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -eu - -IMAGE=$1 -[ -n "${DOCKER:-}" ] || DOCKER=$(which podman docker 2>/dev/null | head -n1) -ID=$($DOCKER images -q $IMAGE:latest | head -n1) - -TAGS=$($DOCKER images --format '{{.Tag}} {{.ID}}' $IMAGE | sort -u | grep $ID | awk '{print $1}') -if [ $(echo "$TAGS" | wc -w) -ne "2" ]; then - echo "Expected exactly two tags for the image to push: latest and one other" - exit 1 -fi -for PUSHTAG in $TAGS; do - $DOCKER push "$IMAGE:$PUSHTAG" -done