Build oracle images #1660
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # build images GH actions pipeline | |
| # | |
| # On every PR, we want to build images and tag them appropriately. | |
| # As the images are built, we push commits to the PR that: | |
| # - update the dockerfile args with the new tags | |
| # - save the new tags under versions/ | |
| name: buildx-images | |
| on: | |
| pull_request: | |
| jobs: | |
| # initial configuration | |
| conf: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| dry-run: ${{ steps.configure.outputs.dry-run }} | |
| run: ${{ steps.configure.outputs.run }} | |
| tag: ${{ steps.configure.outputs.tag }} | |
| kvers: ${{ steps.kvers.outputs.result }} | |
| steps: | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| id: run-script | |
| name: run-script | |
| with: | |
| result-encoding: string | |
| script: | | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name == 'gha-builds/just-dont') { | |
| return 'n' | |
| } | |
| } | |
| return 'y' | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| id: dry-run-script | |
| name: dry-run-script | |
| with: | |
| result-encoding: string | |
| script: | | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name == 'gha-builds/dry-run') { | |
| return 'y' | |
| } | |
| } | |
| return 'n' | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| id: kvers | |
| name: kernel versions | |
| with: | |
| script: | | |
| var all_kernels = ['bpf-next', 'oracle' ] | |
| var kernels = [] | |
| const kernel_label_prefix = 'gha-builds/kernel/' | |
| res = await github.rest.issues.listLabelsOnIssue({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| for (const l of res.data) { | |
| if (l.name.startsWith(kernel_label_prefix)) { | |
| s = l.name.slice(kernel_label_prefix.length) | |
| if (s.length > 0) { | |
| kernels.push(s) | |
| } | |
| } | |
| } | |
| if (kernels.length == 0) { | |
| kernels = all_kernels | |
| } | |
| ret = [] | |
| for (const k of kernels) { | |
| options = {"ver": k} | |
| switch (k) { | |
| case 'rhel8.9': | |
| options.dockerfile = "dockerfiles/kernel-images-rhel8" | |
| options.platforms = 'linux/amd64' | |
| options.rhel_repo = 'vault' | |
| options.rhel_ver = '8.9' | |
| options.rhel_kver = '4.18.0-513.24.1.el8_9' | |
| options.pkg_repo = 'bookworm' | |
| break | |
| case 'rhel8.10': | |
| options.dockerfile = "dockerfiles/kernel-images-rhel8" | |
| options.platforms = 'linux/amd64' | |
| options.rhel_repo = 'pub' | |
| options.rhel_ver = '8.10' | |
| options.rhel_kver = '4.18.0-553.79.1.el8_10' | |
| options.pkg_repo = 'bookworm' | |
| break | |
| case '4.19': | |
| options.dockerfile = "dockerfiles/kernel-images" | |
| options.platforms = 'linux/amd64,linux/arm64' | |
| options.pkg_repo = 'bookworm' | |
| break | |
| default: | |
| options.dockerfile = "dockerfiles/kernel-images" | |
| options.platforms = 'linux/amd64,linux/arm64' | |
| options.pkg_repo = 'sid' | |
| } | |
| ret.push(options) | |
| } | |
| return ret | |
| - name: configure | |
| id: configure | |
| run: | | |
| echo "Kernels: ${{ steps.kvers.outputs.result }}" | |
| echo "dry-run=${{ steps.dry-run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT | |
| echo "run=${{ steps.run-script.outputs.result }}" | tee -a $GITHUB_OUTPUT | |
| tag=$(date +%Y%m%d.%H%M%S) | |
| echo "tag=$tag" | tee -a $GITHUB_OUTPUT | |
| kernel-builder: | |
| needs: [conf] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kernel-builder | |
| build-file: dockerfiles/kernel-builder | |
| build-tag: quay.io/lvh-images/kernel-builder-ci:${{ needs.conf.outputs.tag }} | |
| check-files: dockerfiles/kernel-builder | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| patch-cmd: | | |
| echo ${{ needs.conf.outputs.tag }} > versions/kernel-builder | |
| perl -pi -e 's/^ARG KERNEL_BUILDER_TAG.*$/ARG KERNEL_BUILDER_TAG=${{ needs.conf.outputs.tag }}/' dockerfiles/* | |
| kernel-images: | |
| needs: [conf, kernel-builder] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kernel-image-${{ matrix.kernel.ver }} | |
| build-file: ${{ matrix.kernel.dockerfile }} | |
| build-tag: quay.io/lvh-images/kernel-images-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "RHEL_REPO=${{ matrix.kernel.rhel_repo }}" | |
| "RHEL_VER=${{ matrix.kernel.rhel_ver }}" | |
| "RHEL_KVER=${{ matrix.kernel.rhel_kver }}" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: kernel-builder.patch | |
| patch-cmd: | | |
| mkdir -p versions/kernel-images | |
| echo ${{ needs.conf.outputs.tag}} > versions/kernel-images/${{ matrix.kernel.ver }} | |
| platforms: ${{ matrix.kernel.platforms }} | |
| root-builder: | |
| needs: [conf] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - {name: "ubuntu-latest", arch: "amd64"} | |
| - {name: "oracle-vm-16cpu-64gb-arm64", arch: "arm64"} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: root-builder-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| check-files: dockerfiles/root-builder | |
| build-file: dockerfiles/root-builder | |
| build-tag: quay.io/lvh-images/root-builder-ci:${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| patch-cmd: | | |
| mkdir -p versions/root-builder | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/root-builder/${{ matrix.runner.arch }} | |
| root-images: | |
| needs: [conf, root-builder] | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - {name: "ubuntu-latest", arch: "amd64"} | |
| - {name: "oracle-vm-16cpu-64gb-arm64", arch: "arm64"} | |
| pkg_repo: | |
| - "bookworm" | |
| - "sid" | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: root-images-${{ matrix.pkg_repo }}-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| check-files: dockerfiles/root-images _data/images.json _data/env.sh _data/bootstrap | |
| build-file: dockerfiles/root-images | |
| build-tag: quay.io/lvh-images/root-images-ci:${{ needs.conf.outputs.tag }}-${{ matrix.pkg_repo }}-${{ matrix.runner.arch }} | |
| build-args: | | |
| "ROOT_BUILDER_TAG=$(cat versions/root-builder/${{ matrix.runner.arch }})" | |
| "PKG_REPO=${{ matrix.pkg_repo }}" | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-builder-${{ matrix.runner.arch }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/root-images/${{ matrix.pkg_repo }} | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.pkg_repo }}-${{ matrix.runner.arch }} > versions/root-images/${{ matrix.pkg_repo }}/${{ matrix.runner.arch }} | |
| kind-images: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, kernel-images, root-images] | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| runner: | |
| - {name: "ubuntu-latest", arch: "amd64"} | |
| - {name: "oracle-vm-16cpu-64gb-arm64", arch: "arm64"} | |
| exclude: | |
| - runner: {name: "oracle-vm-16cpu-64gb-arm64", arch: "arm64"} | |
| kernel: {ver: "rhel8.9"} | |
| - runner: {name: "oracle-vm-16cpu-64gb-arm64", arch: "arm64"} | |
| kernel: {ver: "rhel8.10"} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: kind-image-${{ matrix.kernel.ver }}-${{ matrix.runner.arch }} | |
| runner: ${{ matrix.runner.name }} | |
| build-file: dockerfiles/kind-images | |
| build-tag: quay.io/lvh-images/kind-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}" | |
| "ROOT_IMAGES_TAG=$(cat versions/root-images/${{ matrix.kernel.pkg_repo }}/${{ matrix.runner.arch }})" | |
| "PKG_REPO=${{ matrix.kernel.pkg_repo }}" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-images-${{ matrix.kernel.pkg_repo }}-${{ matrix.runner.arch }}.patch | |
| apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/kind/${{ matrix.runner.arch }} | |
| echo ${{ needs.conf.outputs.tag }}-${{ matrix.runner.arch }} > versions/kind/${{ matrix.runner.arch }}/${{ matrix.kernel.ver }} | |
| # complexity-test-images is hardcoded amd64 only for now | |
| complexity-test-images: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, kernel-images, root-images] | |
| strategy: | |
| matrix: | |
| kernel: ${{ fromJSON(needs.conf.outputs.kvers) }} | |
| uses: ./.github/workflows/buildx-stage.yaml | |
| secrets: inherit | |
| with: | |
| name: complexity-test-${{ matrix.kernel.ver }}-amd64 | |
| build-file: dockerfiles/complexity-test-images | |
| build-tag: quay.io/lvh-images/complexity-test-ci:${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }} | |
| build-args: | | |
| "KERNEL_VER=${{ matrix.kernel.ver }}" | |
| "KERNEL_IMAGE_TAG=${{ matrix.kernel.ver }}-${{ needs.conf.outputs.tag }}" | |
| "ROOT_IMAGES_TAG=$(cat versions/root-images/${{ matrix.kernel.pkg_repo }}/amd64)" | |
| "PKG_REPO=${{ matrix.kernel.pkg_repo }}" | |
| check-files: '.' | |
| base-ref: ${{ github.base_ref }} | |
| dry-run: ${{ needs.conf.outputs.dry-run == 'y' }} | |
| apply-patch: root-images-${{ matrix.kernel.pkg_repo }}-amd64.patch | |
| apply-patch-2: kernel-image-${{ matrix.kernel.ver }}.patch | |
| patch-cmd: | | |
| mkdir -p versions/complexity-test | |
| echo ${{ needs.conf.outputs.tag}} > versions/complexity-test/${{ matrix.kernel.ver }} | |
| commit-changes: | |
| if: ${{ needs.conf.outputs.run == 'y' }} | |
| needs: [conf, root-images, complexity-test-images, kind-images] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha: ${{ steps.push.outputs.sha }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: download all artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| pattern: "*.patch" | |
| path: /tmp/artifacts | |
| - name: push new version | |
| id: push | |
| env: | |
| HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
| run: | | |
| git switch -c tmp | |
| git config user.name "GH action" | |
| git config user.email "[email protected]" | |
| find /tmp/artifacts -type f ! -size 0 | xargs git am | |
| git reset --soft "$HEAD_REF" | |
| git status | |
| f=$(mktemp) | |
| echo "GHA: update tags" >> $f | |
| echo "" >> $f | |
| git commit -a -F $f --trailer "X-GHA-TAG: ${{ needs.conf.outputs.tag }}" | |
| git push --force origin HEAD:"$HEAD_REF" | |
| sha=$(git rev-parse HEAD) | |
| echo "sha=$sha" | tee -a $GITHUB_OUTPUT | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| SHA: ${{ steps.push.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Commit was generated", | |
| state: 'pending', | |
| }) | |
| print_image_kernels: | |
| needs: [conf, commit-changes] | |
| if: ${{ needs.conf.outputs.run == 'y' && needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }} | |
| strategy: | |
| matrix: | |
| runner: | |
| - "ubuntu-latest" | |
| - "oracle-vm-16cpu-64gb-arm64" | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: install crane | |
| env: | |
| VERSION: v0.19.1 | |
| run: | | |
| ARCH=$([ "$(uname -m)" == "aarch64" ] && echo "arm64" || echo $(uname -m)) | |
| URL="https://github.com/google/go-containerregistry/releases/download/$VERSION/go-containerregistry_Linux_$ARCH.tar.gz" | |
| curl -fSL $URL | sudo tar -xz -C /usr/local/bin crane | |
| crane version | |
| - name: Install LVH cli | |
| working-directory: /tmp | |
| shell: bash | |
| run: | | |
| crane export quay.io/lvh-images/lvh:latest --platform linux/$(dpkg --print-architecture) lvh.tar | |
| tar --transform='s#usr/bin/##g' -xf lvh.tar usr/bin/lvh | |
| rm lvh.tar | |
| chmod +x lvh && sudo mv lvh /usr/local/bin | |
| lvh version | |
| - name: Install dependencies | |
| run: | | |
| deps="expect cpu-checker qemu-system-x86 qemu-system-aarch64" | |
| n=0 | |
| until [ "$n" -ge 5 ]; do | |
| success=1 | |
| sudo apt update && \ | |
| sudo apt-get clean && \ | |
| sudo apt-get -y --no-install-recommends install ${deps} && \ | |
| break || success=0 | |
| n=$((n+1)) | |
| sleep 1 | |
| done | |
| [ $success -eq 1 ] || exit 42 | |
| - name: checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ needs.commit-changes.outputs.sha }} | |
| - name: versions | |
| id: versions | |
| working-directory: ./versions/kind | |
| run: | | |
| echo "| Image | kernel version |" > /tmp/image-log | |
| echo "| --- | --- |" >> /tmp/image-log | |
| images_folder=/tmp/lvh-images | |
| sudo mkdir $images_folder; sudo chmod 777 $images_folder | |
| for f in $(find $(dpkg --print-architecture) -type f ); do | |
| df -h / | |
| v=$(basename $f) | |
| image_tag=$(cat $f) | |
| image="quay.io/lvh-images/kind-ci:$v-$image_tag" | |
| # extract the qcow2 image | |
| crane export $image --platform linux/$(dpkg --print-architecture) $images_folder/kind_$v.tar | |
| tar --transform='s#data/images/##g' -xvf $images_folder/kind_$v.tar data/images/kind_$v.qcow2.zst | |
| mv kind_$v.qcow2.zst $images_folder | |
| rm $images_folder/kind_$v.tar | |
| zstd -d $images_folder/kind_$v.qcow2.zst -o $images_folder/kind_$v.qcow2 | |
| rm $images_folder/kind_$v.qcow2.zst | |
| if [ "$(uname -m)" = "aarch64" ]; then | |
| # extract the compressed kernel | |
| kernel_tag=$(cat ../kernel-images/$v) | |
| kernel="quay.io/lvh-images/kernel-images-ci:$v-$kernel_tag" | |
| crane export $kernel --platform linux/$(dpkg --print-architecture) $images_folder/kernel_$v.tar | |
| tar --transform="s#data/kernels/$v/boot/##g" --wildcards -xvf $images_folder/kernel_$v.tar data/kernels/$v/boot/vmlinuz* | |
| mv vmlinuz* $images_folder/vmlinuz | |
| rm $images_folder/kernel_$v.tar | |
| fi | |
| if [ "$(uname -m)" = "aarch64" ]; then | |
| expect -c " | |
| set timeout 60 | |
| spawn lvh run --image $images_folder/kind_$v.qcow2 --kernel $images_folder/vmlinuz | |
| expect -re \"Linux version .*\n\" { exit } | |
| " | tee /tmp/expect.log | |
| else | |
| expect -c " | |
| set timeout 60 | |
| spawn lvh run --image $images_folder/kind_$v.qcow2 | |
| expect -re \"Linux version .*\n\" { exit } | |
| " | tee /tmp/expect.log | |
| fi | |
| linux_ver=$(cat /tmp/expect.log | sed -ne 's/^.*Linux version \([^ ]\+\).*$/\1/p') | |
| echo "| ${image} | ${linux_ver} |" | tee -a /tmp/image-log | |
| rm $images_folder/* | |
| done | |
| echo 'IMAGE_LOG<<EOF' >> $GITHUB_ENV | |
| cat /tmp/image-log >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| finalize: | |
| needs: [conf, commit-changes, print_image_kernels] | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| steps: | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run != 'y' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Images were generated and tags were updated", | |
| state: 'success', | |
| }) | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| if: ${{ needs.commit-changes.result == 'success' && needs.conf.outputs.dry-run == 'y' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Everything went OK, but this was a dry-run. Failing final check.", | |
| state: 'failure', | |
| }) | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| if: ${{ needs.commit-changes.result != 'success' && needs.commit-changes.outputs.sha != '' }} | |
| env: | |
| SHA: ${{ needs.commit-changes.outputs.sha }} | |
| with: | |
| script: | | |
| const { SHA } = process.env | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha: `${ SHA }`, | |
| description: "Something went wrong and commit was not successful. Failing final check.", | |
| state: 'failure', | |
| }) |