From 4c86e462e8b5707f55fdeaa6681befcdce8e8557 Mon Sep 17 00:00:00 2001 From: Magnus Kulke Date: Fri, 6 Dec 2024 17:06:10 +0100 Subject: [PATCH] wip: test build w/o sudo Signed-off-by: Magnus Kulke --- .github/workflows/podvm_mkosi.yaml | 295 +++++++++++++++-------------- 1 file changed, 149 insertions(+), 146 deletions(-) diff --git a/.github/workflows/podvm_mkosi.yaml b/.github/workflows/podvm_mkosi.yaml index 36122c589..37d32a2dd 100644 --- a/.github/workflows/podvm_mkosi.yaml +++ b/.github/workflows/podvm_mkosi.yaml @@ -1,62 +1,66 @@ -name: Create a Pod VM image with mkosi +# name: Create a Pod VM image with mkosi +name: mgns mkosi on: - workflow_dispatch: - inputs: - registry: - default: 'quay.io/confidential-containers' - required: false - type: string - image_tag: - default: '' - required: false - type: string - git_ref: - description: Git ref to checkout the cloud-api-adaptor repository. - required: true - type: string - arch: - description: Which arch we are building the mkosi image for - default: 'amd64' - required: false - type: string - debug: - description: Whether to build the image in debug mode - default: false - required: false - type: boolean - - workflow_call: - inputs: - registry: - default: 'quay.io/confidential-containers' - required: false - type: string - image_tag: - default: '' - required: false - type: string - git_ref: - description: Git ref to checkout the cloud-api-adaptor repository. - required: true - type: string - arch: - description: Which arch we are building the mkosi image for - default: 'amd64' - required: false - type: string - debug: - description: Whether to build the image in debug mode - default: false - required: false - type: boolean - outputs: - qcow2_oras_image: - description: The location of the qcow2 oras container this workflow pushed - value: ${{ jobs.build-image.outputs.qcow2_oras_image }} - docker_oci_image: - description: The location of the docker oci container image this workflow pushed - value: ${{ jobs.build-image.outputs.docker_oci_image }} + # workflow_dispatch: + # inputs: + # registry: + # default: 'quay.io/confidential-containers' + # required: false + # type: string + # image_tag: + # default: '' + # required: false + # type: string + # git_ref: + # description: Git ref to checkout the cloud-api-adaptor repository. + # required: true + # type: string + # arch: + # description: Which arch we are building the mkosi image for + # default: 'amd64' + # required: false + # type: string + # debug: + # description: Whether to build the image in debug mode + # default: false + # required: false + # type: boolean + + # workflow_call: + # inputs: + # registry: + # default: 'quay.io/confidential-containers' + # required: false + # type: string + # image_tag: + # default: '' + # required: false + # type: string + # git_ref: + # description: Git ref to checkout the cloud-api-adaptor repository. + # required: true + # type: string + # arch: + # description: Which arch we are building the mkosi image for + # default: 'amd64' + # required: false + # type: string + # debug: + # description: Whether to build the image in debug mode + # default: false + # required: false + # type: boolean + # outputs: + # qcow2_oras_image: + # description: The location of the qcow2 oras container this workflow pushed + # value: ${{ jobs.build-image.outputs.qcow2_oras_image }} + # docker_oci_image: + # description: The location of the docker oci container image this workflow pushed + # value: ${{ jobs.build-image.outputs.docker_oci_image }} + push: + branches: + - mkulke/remove-sudo-from-mkosi defaults: run: @@ -77,34 +81,34 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: "${{ inputs.git_ref }}" + # with: + # fetch-depth: 0 + # ref: "${{ inputs.git_ref }}" - - name: Rebase the code - if: github.event_name == 'pull_request_target' - working-directory: ./ - run: | - ./hack/ci-helper.sh rebase-atop-of-the-latest-target-branch + # - name: Rebase the code + # if: github.event_name == 'pull_request_target' + # working-directory: ./ + # run: | + # ./hack/ci-helper.sh rebase-atop-of-the-latest-target-branch - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to quay Container Registry - if: ${{ startsWith(inputs.registry, 'quay.io') }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} - - - name: Login to the ghcr Container registry - if: ${{ startsWith(inputs.registry, 'ghcr.io') }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # - name: Login to quay Container Registry + # if: ${{ startsWith(inputs.registry, 'quay.io') }} + # uses: docker/login-action@v3 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_USERNAME }} + # password: ${{ secrets.QUAY_PASSWORD }} + + # - name: Login to the ghcr Container registry + # if: ${{ startsWith(inputs.registry, 'ghcr.io') }} + # uses: docker/login-action@v3 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} - name: Install build dependencies run: | @@ -115,14 +119,14 @@ jobs: - name: Read properties from versions.yaml run: | go_version="$(yq '.tools.golang' versions.yaml)" - echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV" + # echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV" echo "ORAS_VERSION=$(yq -e '.tools.oras' versions.yaml)" >> "$GITHUB_ENV" - - name: Setup Golang version ${{ env.GO_VERSION }} - if: ${{ inputs.arch == 's390x' }} - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} + # - name: Setup Golang version ${{ env.GO_VERSION }} + # if: ${{ inputs.arch == 's390x' }} + # uses: actions/setup-go@v5 + # with: + # go-version: ${{ env.GO_VERSION }} - uses: oras-project/setup-oras@v1 with: @@ -144,7 +148,7 @@ jobs: ARCH: ${{ inputs.arch }} - name: Install mkosi - if: ${{ inputs.arch == 's390x' }} + if: inputs.arch == 's390x' run: | git clone -b v22 https://github.com/systemd/mkosi sudo rm -f /usr/local/bin/mkosi @@ -152,75 +156,74 @@ jobs: mkosi --version - name: Install Nix - if: ${{ inputs.arch == 'amd64' }} + if: runner.arch == 'x64' uses: cachix/install-nix-action@v30 - name: Build nix shell to cache dependencies - if: ${{ inputs.arch == 'amd64' }} + if: runner.arch == 'x64' run: nix build .#devShells.x86_64-linux.podvm-mkosi - name: Build mkosi debug image - if: ${{ inputs.debug == 'true' }} + if: inputs.debug working-directory: src/cloud-api-adaptor/podvm-mkosi run: make image-debug - name: Build mkosi image - if: ${{ inputs.debug != 'true' }} + if: !inputs.debug working-directory: src/cloud-api-adaptor/podvm-mkosi run: make image - - name: Upload the qcow2 with oras - id: publish_oras_qcow2 - working-directory: src/cloud-api-adaptor/podvm-mkosi - run: | - mkdir oras - cd oras - cp ../build/podvm-*.qcow2 . - tar cJf podvm.tar.xz podvm-*.qcow2 - image=${{ inputs.registry }}/podvm-generic-fedora - if [ "${{inputs.debug}}" = "true" ]; then - image=${image}-debug - fi - image=${image}-${{ inputs.arch }} - tag=$(git rev-parse --short HEAD) - oras push "${image}:${tag}" podvm.tar.xz - - # If the input has a different image-tag then also push it with that tag - if [ -n "${{ inputs.image_tag }}" ] && [ "${{ inputs.image_tag }}" != "${tag}" ];then - oras push "${image}:${{ inputs.image_tag }}" podvm.tar.xz - fi - - # add image and digest to output for attestation - echo "image=${image}" >> "$GITHUB_OUTPUT" - digest="$(oras manifest fetch "${image}:${tag}" --descriptor | jq -r .digest)" - echo "digest=${digest}" >> "$GITHUB_OUTPUT" - echo "tag=${tag}" >> "$GITHUB_OUTPUT" - - - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ steps.publish_oras_qcow2.outputs.image }} - subject-digest: ${{ steps.publish_oras_qcow2.outputs.digest }} - push-to-registry: true - - - - name: Clean up some space for the docker provider build - working-directory: src/cloud-api-adaptor/podvm-mkosi - run: | - sudo du --max-depth=2 /home/runner || true - sudo du --max-depth=2 /var/lib || true - sudo rm -rf /nix - sudo rm -rf ./build - sudo rm -rf ./mkosi.cache - - - name: Build image for docker provider - id: build_docker_oci - working-directory: src/cloud-api-adaptor/podvm-mkosi - run: | - tag=$(git rev-parse --short HEAD) - PODVM_TAG=${tag} make image-container - PODVM_TAG=${tag} make push-image-container - arch=$(uname -m) - arch=${arch/x86_64/amd64} - echo "image=ghcr.io/${{ github.repository }}/podvm-docker-image-${arch}:${tag}" >> "$GITHUB_OUTPUT" - env: - REGISTRY: ghcr.io/${{ github.repository }} + # - name: Upload the qcow2 with oras + # id: publish_oras_qcow2 + # working-directory: src/cloud-api-adaptor/podvm-mkosi + # run: | + # mkdir oras + # cd oras + # cp ../build/podvm-*.qcow2 . + # tar cJf podvm.tar.xz podvm-*.qcow2 + # image=${{ inputs.registry }}/podvm-generic-fedora + # if [ "${{inputs.debug}}" = "true" ]; then + # image=${image}-debug + # fi + # image=${image}-${{ inputs.arch }} + # tag=$(git rev-parse --short HEAD) + # oras push "${image}:${tag}" podvm.tar.xz + + # # If the input has a different image-tag then also push it with that tag + # if [ -n "${{ inputs.image_tag }}" ] && [ "${{ inputs.image_tag }}" != "${tag}" ];then + # oras push "${image}:${{ inputs.image_tag }}" podvm.tar.xz + # fi + + # # add image and digest to output for attestation + # echo "image=${image}" >> "$GITHUB_OUTPUT" + # digest="$(oras manifest fetch "${image}:${tag}" --descriptor | jq -r .digest)" + # echo "digest=${digest}" >> "$GITHUB_OUTPUT" + # echo "tag=${tag}" >> "$GITHUB_OUTPUT" + + # - uses: actions/attest-build-provenance@v1 + # with: + # subject-name: ${{ steps.publish_oras_qcow2.outputs.image }} + # subject-digest: ${{ steps.publish_oras_qcow2.outputs.digest }} + # push-to-registry: true + + # - name: Clean up some space for the docker provider build + # working-directory: src/cloud-api-adaptor/podvm-mkosi + # run: | + # sudo du --max-depth=2 /home/runner || true + # sudo du --max-depth=2 /var/lib || true + # sudo rm -rf /nix + # sudo rm -rf ./build + # sudo rm -rf ./mkosi.cache + + # - name: Build image for docker provider + # id: build_docker_oci + # working-directory: src/cloud-api-adaptor/podvm-mkosi + # run: | + # tag=$(git rev-parse --short HEAD) + # PODVM_TAG=${tag} make image-container + # PODVM_TAG=${tag} make push-image-container + # arch=$(uname -m) + # arch=${arch/x86_64/amd64} + # echo "image=ghcr.io/${{ github.repository }}/podvm-docker-image-${arch}:${tag}" >> "$GITHUB_OUTPUT" + # env: + # REGISTRY: ghcr.io/${{ github.repository }}