diff --git a/.github/workflows/collector-builder.yml b/.github/workflows/collector-builder.yml index 710fee006e..8b7290a4c9 100644 --- a/.github/workflows/collector-builder.yml +++ b/.github/workflows/collector-builder.yml @@ -8,10 +8,16 @@ on: required: true description: | The tag used to build the collector image + architectures: + type: string + required: true + description: | + Space-separated list of architectures to build + outputs: collector-builder-tag: description: The builder tag used by the build - value: ${{ jobs.build-builder-image.outputs.collector-builder-tag || 'master' }} + value: ${{ jobs.builder-needs-rebuilding.outputs.collector-builder-tag }} env: COLLECTOR_TAG: ${{ inputs.collector-tag }} @@ -23,7 +29,12 @@ jobs: name: Determine if builder image needs to be built runs-on: ubuntu-24.04 outputs: - build-image: ${{ steps.changed.outputs.builder-changed }} + build-image: ${{ steps.builder-tag.outputs.build-image || false }} + collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag || 'master'}} + local-exclude: ${{ steps.arch.outputs.local-exclude || '[]'}} + + env: + DEFAULT_BUILDER_TAG: master steps: - uses: actions/checkout@v4 @@ -38,30 +49,50 @@ jobs: - builder/Dockerfile - .github/workflows/collector-builder.yml + - name: Check labels and define builder tag + id: builder-tag + if: | + steps.changed.outputs.builder-changed == 'true' || + (github.event_name == 'push' && ( + github.ref_type == 'tag' || startsWith(github.ref_name, 'release-') + )) || + contains(github.event.pull_request.labels.*.name, 'build-builder-image') || + github.event_name == 'schedule' + run: | + COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}" + if [[ "${{ github.event_name }}" == 'pull_request' || \ + "${{ github.ref_type }}" == 'tag' || \ + "${{ github.ref_name }}" =~ ^release- ]]; then + COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}" + fi + + echo "Rebuild builder image with tag ${COLLECTOR_BUILDER_TAG}" + echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT" + echo "build-image=true" >> "$GITHUB_OUTPUT" + + - name: Check arches for local build + if: ${{ ! contains(inputs.architectures, 'ppc64le') }} + id: arch + run: echo 'local-exclude=[{"arch":"ppc64le"}]' >> "$GITHUB_OUTPUT" + build-builder-image: - name: Build the builder image - runs-on: ubuntu-24.04 + name: Local builder image # Multiarch builds sometimes take for eeeeeeeeeever timeout-minutes: 480 needs: - builder-needs-rebuilding if: | - needs.builder-needs-rebuilding.outputs.build-image == 'true' || - (github.event_name == 'push' && ( - github.ref_type == 'tag' || startsWith(github.ref_name, 'release-') - )) || - contains(github.event.pull_request.labels.*.name, 'build-builder-image') || - github.event_name == 'schedule' - outputs: - collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag }} + needs.builder-needs-rebuilding.outputs.build-image == 'true' strategy: - fail-fast: false matrix: - arch: [amd64, ppc64le, s390x, arm64] + arch: [amd64, arm64, ppc64le] + exclude: ${{ fromJSON(needs.builder-needs-rebuilding.outputs.local-exclude) }} + runs-on: ${{ (matrix.arch == 'amd64' && 'ubuntu-24.04') || 'ubuntu-24.04-arm' }} env: PLATFORM: linux/${{ matrix.arch }} BUILD_TYPE: ci + COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} steps: - uses: actions/checkout@v4 @@ -76,6 +107,54 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Create ansible vars + run: | + cat << EOF > ${{ github.workspace }}/ansible/secrets.yml + --- + stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} + stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} + rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} + rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} + collector_git_ref: ${{ github.ref }} + collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }} + EOF + + - name: Build images + timeout-minutes: 480 + run: | + ansible-galaxy install -r ansible/requirements.yml + ansible-playbook \ + --connection local \ + -i localhost, \ + --limit localhost \ + -e arch='${{ matrix.arch }}' \ + -e @'${{ github.workspace }}/ansible/secrets.yml' \ + ansible/ci-build-builder.yml + + build-builder-image-remote-vm: + name: Remote builder image + # Multiarch builds sometimes take for eeeeeeeeeever + timeout-minutes: 480 + needs: + - builder-needs-rebuilding + if: | + needs.builder-needs-rebuilding.outputs.build-image == 'true' && + contains(inputs.architectures, 's390x') + strategy: + matrix: + arch: [s390x] + runs-on: ubuntu-24.04 + + env: + PLATFORM: linux/${{ matrix.arch }} + BUILD_TYPE: ci + COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - uses: actions/setup-python@v5 with: python-version: "3.10" @@ -101,57 +180,22 @@ jobs: job-tag: builder - name: Create Build VMs - if: | - matrix.arch == 's390x' && - (github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) run: | make -C "${{ github.workspace }}/ansible" create-build-vms - - name: Define builder tag - id: builder-tag - run: | - COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}" - if [[ "${{ github.event_name }}" == 'pull_request' || \ - "${{ github.ref_type }}" == 'tag' || \ - "${{ github.ref_name }}" =~ ^release- ]]; then - COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}" - fi - - echo "COLLECTOR_BUILDER_TAG=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_ENV" - echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT" - - name: Create ansible vars run: | - { - echo "---" - echo "stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}" - echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}" - echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}" - echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}" - echo "collector_git_ref: ${{ github.ref }}" - echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}" - } > ${{ github.workspace }}/ansible/secrets.yml + cat << EOF > ${{ github.workspace }}/ansible/secrets.yml + --- + stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} + stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} + rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} + rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} + collector_git_ref: ${{ github.ref }} + collector_builder_tag: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} + EOF - name: Build images - if: | - (github.event_name != 'pull_request' && matrix.arch != 's390x') || - matrix.arch == 'amd64' || - (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x') - timeout-minutes: 480 - run: | - ansible-galaxy install -r ansible/requirements.yml - ansible-playbook \ - --connection local \ - -i localhost, \ - --limit localhost \ - -e arch='${{ matrix.arch }}' \ - -e @'${{ github.workspace }}/ansible/secrets.yml' \ - ansible/ci-build-builder.yml - - - name: Build s390x images - if: | - (github.event_name != 'pull_request' && matrix.arch == 's390x') || - (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x') timeout-minutes: 480 run: | ansible-playbook \ @@ -162,22 +206,23 @@ jobs: ansible/ci-build-builder.yml - name: Destroy VMs - if: always() && matrix.arch == 's390x' + if: always() run: | make -C ansible destroy-vms create-multiarch-manifest: needs: + - builder-needs-rebuilding - build-builder-image + - build-builder-image-remote-vm name: Create Multiarch manifest runs-on: ubuntu-24.04 if: | - github.event_name != 'pull_request' || - (needs.build-builder-image.outputs.collector-builder-tag != 'cache' && - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) + always() && !contains(join(needs.*.result, ','), 'failure') && + needs.builder-needs-rebuilding.outputs.build-image == 'true' env: - COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }} - ARCHS: amd64 ppc64le s390x arm64 + COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} + ARCHS: ${{ inputs.architectures }} steps: - uses: actions/checkout@v4 @@ -208,45 +253,13 @@ jobs: base-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} archs: ${{ env.ARCHS }} - retag-x86-image: - needs: - - build-builder-image - name: Retag x86 builder image - runs-on: ubuntu-24.04 - if: | - github.event_name == 'pull_request' && - needs.build-builder-image.outputs.collector-builder-tag != 'cache' && - !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') - env: - COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }} - steps: - - name: Pull image to retag - run: | - docker pull "quay.io/stackrox-io/collector-builder:${COLLECTOR_BUILDER_TAG}-amd64" - - - name: Retag and push stackrox-io - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64 - dst-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} - username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - - - name: Retag and push rhacs-eng - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64 - dst-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }} - username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - notify: runs-on: ubuntu-24.04 if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request' needs: - build-builder-image + - build-builder-image-remote-vm - create-multiarch-manifest - - retag-x86-image steps: - name: Slack notification uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 0a401ca01b..4adcd6fcf1 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -18,6 +18,11 @@ on: required: true description: | The builder tag to use in the build + architectures: + type: string + required: true + description: | + Space-separated list of architectures to build env: COLLECTOR_TAG: ${{ inputs.collector-tag }} @@ -28,13 +33,26 @@ env: ADDRESS_SANITIZER: ${{ contains(github.event.pull_request.labels.*.name, 'address-sanitizer') }} jobs: - build-collector-image: - name: Build Collector + prepare-build-collector: + name: Prepare builders for collector runs-on: ubuntu-24.04 + outputs: + local-exclude: ${{ steps.arch.outputs.local-exclude || '[]' }} + + steps: + - name: Check arches for local build + if: ${{ ! contains(inputs.architectures, 'ppc64le') }} + id: arch + run: echo 'local-exclude=[{"arch":"ppc64le"}]' >> "$GITHUB_OUTPUT" + + build-collector-image: + name: Local collector image ${{ matrix.arch }} + needs: prepare-build-collector strategy: - fail-fast: false matrix: - arch: [amd64, ppc64le, arm64] + arch: [amd64, arm64, ppc64le] + exclude: ${{ fromJSON(needs.prepare-build-collector.outputs.local-exclude) }} + runs-on: ${{ (matrix.arch == 'amd64' && 'ubuntu-24.04') || 'ubuntu-24.04-arm' }} env: PLATFORM: linux/${{ matrix.arch }} @@ -62,6 +80,7 @@ jobs: rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} collector_git_ref: ${{ github.ref }} + collector_git_sha: ${{ github.sha }} collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }} disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }} rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }} @@ -71,11 +90,7 @@ jobs: driver_version: ${DRIVER_VERSION} EOF - - name: Build images - if: | - github.event_name != 'pull_request' || - matrix.arch == 'amd64' || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') + - name: Build ${{ matrix.arch }} image locally timeout-minutes: 480 run: | ansible-playbook \ @@ -87,11 +102,10 @@ jobs: ansible/ci-build-collector.yml build-collector-image-remote-vm: - name: Build Collector on a remote VM + name: Remote collector image runs-on: ubuntu-24.04 - if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') + if: contains(inputs.architectures, 's390x') strategy: - fail-fast: false matrix: arch: [s390x] @@ -168,11 +182,9 @@ jobs: - build-collector-image-remote-vm name: Create Multiarch manifest runs-on: ubuntu-24.04 - if: | - github.event_name != 'pull_request' || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') + if: always() && !contains(join(needs.*.result, ','), 'failure') env: - ARCHS: amd64 ppc64le s390x arm64 + ARCHS: ${{ inputs.architectures }} steps: - uses: actions/checkout@v4 @@ -203,35 +215,6 @@ jobs: base-image: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }} archs: ${{ env.ARCHS }} - retag-x86-image: - needs: - - build-collector-image - name: Retag x86 image - runs-on: ubuntu-24.04 - if: | - github.event_name == 'pull_request' && - !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') - steps: - - name: Pull image to retag - run: | - docker pull ${{ inputs.collector-image }}-amd64 - - - name: Retag and push stackrox-io - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ inputs.collector-image }}-amd64 - dst-image: ${{ inputs.collector-image }} - username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - - - name: Retag and push rhacs-eng - uses: stackrox/actions/images/retag-and-push@v1 - with: - src-image: ${{ inputs.collector-image }}-amd64 - dst-image: ${{ env.RHACS_ENG_IMAGE }} - username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - notify: runs-on: ubuntu-24.04 if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request' @@ -239,7 +222,6 @@ jobs: - build-collector-image - build-collector-image-remote-vm - create-multiarch-manifest - - retag-x86-image steps: - name: Slack notification uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index be09716158..1db7bcd88b 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -58,6 +58,13 @@ on: description: | Trigger rebuild of QA containers value: ${{ jobs.common-variables.outputs.rebuild-qa-containers }} + architectures: + description: | + Space-separated list of architectures to build + value: | + ${{ ((github.event_name != 'pull_request' || + contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) && + 'amd64 arm64 ppc64le s390x') || 'amd64 arm64' }} jobs: common-variables: diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 1290e8e7de..a8f17c96b9 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -91,9 +91,6 @@ jobs: arm64-integration-tests: uses: ./.github/workflows/integration-tests-vm-type.yml - if: | - github.event_name != 'pull_request' || inputs.is-konflux || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') strategy: # ensure that if one part of the matrix fails, the # rest will continue diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f002e6eb7b..c9d8e3384d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,6 +40,7 @@ jobs: needs: init with: collector-tag: ${{ needs.init.outputs.collector-tag }} + architectures: ${{ needs.init.outputs.architectures }} secrets: inherit build-collector: @@ -51,6 +52,7 @@ jobs: collector-tag: ${{ needs.init.outputs.collector-tag }} collector-image: ${{ needs.init.outputs.collector-image }} collector-builder-tag: ${{ needs.build-builder-image.outputs.collector-builder-tag }} + architectures: ${{ needs.init.outputs.architectures }} secrets: inherit build-test-containers: diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 5ac589df89..d13562ff21 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -11,16 +11,18 @@ on: jobs: unit-tests: - runs-on: ubuntu-24.04 container: image: quay.io/stackrox-io/collector-builder:${{ inputs.collector-builder-tag }} strategy: fail-fast: false matrix: + arch: [amd64, arm64] cmake-flags: - -DCMAKE_BUILD_TYPE=Release - -DADDRESS_SANITIZER=ON -DCMAKE_BUILD_TYPE=Debug - -DUSE_VALGRIND=ON -DCMAKE_BUILD_TYPE=Debug + runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }} + steps: - uses: actions/checkout@v4 with: