diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000000..d2fb4897dcb --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +pki-acme.tar +pki-builder.tar +pki-ca.tar +pki-runner.tar +pki-server.tar +ipa-runner.tar diff --git a/.github/workflows/acme-tests.yml b/.github/workflows/acme-tests.yml index dd70e0d8d55..12ddb34e57d 100644 --- a/.github/workflows/acme-tests.yml +++ b/.github/workflows/acme-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,acme --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 40c6a3a6120..f4c6e5b3667 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,20 +48,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/ca-tests.yml b/.github/workflows/ca-tests.yml index bbc6559f5ff..a21155192fd 100644 --- a/.github/workflows/ca-tests.yml +++ b/.github/workflows/ca-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,tests --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/ca-tests2.yml b/.github/workflows/ca-tests2.yml index 6b261a84900..8019c8f4240 100644 --- a/.github/workflows/ca-tests2.yml +++ b/.github/workflows/ca-tests2.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,tests --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/kra-tests.yml b/.github/workflows/kra-tests.yml index 22056287ace..1b3136ef96a 100644 --- a/.github/workflows/kra-tests.yml +++ b/.github/workflows/kra-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,kra,tests --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/ocsp-tests.yml b/.github/workflows/ocsp-tests.yml index 7c248012cf9..525dae5685f 100644 --- a/.github/workflows/ocsp-tests.yml +++ b/.github/workflows/ocsp-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,ocsp,tests --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/python-tests.yml b/.github/workflows/python-tests.yml index f3a5012141a..323d55ac21e 100644 --- a/.github/workflows/python-tests.yml +++ b/.github/workflows/python-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,tests --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/qe-tests.yml b/.github/workflows/qe-tests.yml index 8b81ab5ac2a..f541d6e9fe7 100644 --- a/.github/workflows/qe-tests.yml +++ b/.github/workflows/qe-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/rpminspect-test.yml b/.github/workflows/rpminspect-test.yml index 7d6c55041b2..b50a43fd699 100644 --- a/.github/workflows/rpminspect-test.yml +++ b/.github/workflows/rpminspect-test.yml @@ -11,25 +11,47 @@ jobs: test: name: Test runs-on: ubuntu-latest - container: registry.fedoraproject.org/fedora:${{ inputs.os }} env: SHARED: /tmp/workdir/pki steps: - name: Clone repository uses: actions/checkout@v2 - - name: Download PKI packages - uses: actions/download-artifact@v2 + - name: Retrieve builder image + uses: actions/cache@v3 with: - name: pki-build-${{ inputs.os }} - path: | - build/ + key: pki-tools-builder-${{ inputs.os }}-${{ github.run_id }} + path: pki-builder.tar + + - name: Load builder image + run: docker load --input pki-builder.tar + + - name: Set up builder container + run: | + docker run \ + --name=builder \ + --privileged \ + --detach \ + pki-builder + + while : + do + docker exec builder echo "Container is ready" && break + echo "Waiting for container..." + sleep 1 + [ $((++i)) -ge 30 ] && exit 1 + done + + - name: Check builder container logs + if: always() + run: | + docker logs builder - name: Install rpminspect run: | - dnf install -y dnf-plugins-core rpm-build findutils - dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect - dnf install -y rpminspect rpminspect-data-fedora + docker exec builder dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect + docker exec builder dnf install -y rpminspect rpminspect-data-fedora + - name: Run rpminspect on SRPM and RPMs run: | - tests/bin/rpminspect.sh + docker exec builder tests/bin/rpminspect.sh diff --git a/.github/workflows/server-tests.yml b/.github/workflows/server-tests.yml index f9ee8ce563f..17f2b48be54 100644 --- a/.github/workflows/server-tests.yml +++ b/.github/workflows/server-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/sonarcloud-pull.yml b/.github/workflows/sonarcloud-pull.yml index a3b5acf4021..256678a4e05 100644 --- a/.github/workflows/sonarcloud-pull.yml +++ b/.github/workflows/sonarcloud-pull.yml @@ -115,15 +115,6 @@ jobs: git fetch pki git rebase pki/${{ needs.retrieve-pr.outputs.pr-base }} - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/tks-tests.yml b/.github/workflows/tks-tests.yml index 448d1858bc6..c46ec3ad86e 100644 --- a/.github/workflows/tks-tests.yml +++ b/.github/workflows/tks-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,tks --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/.github/workflows/tools-tests.yml b/.github/workflows/tools-tests.yml index 3375ede9a60..99fa3618894 100644 --- a/.github/workflows/tools-tests.yml +++ b/.github/workflows/tools-tests.yml @@ -30,30 +30,29 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-timestamp --work-dir=build rpm + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 - - name: Upload PKI packages - uses: actions/upload-artifact@v2 + - name: Build builder image + uses: docker/build-push-action@v2 with: - name: pki-build-${{ matrix.os }} - path: | - build/RPMS/ - build/SRPMS/ + context: . + build-args: | + OS_VERSION=${{ matrix.os }} + COPR_REPO=${{ needs.init.outputs.repo }} + tags: pki-builder + target: pki-builder + outputs: type=docker,dest=pki-builder.tar - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + - name: Store builder image + uses: actions/cache@v3 + with: + key: pki-tools-builder-${{ matrix.os }}-${{ github.run_id }} + path: pki-builder.tar - name: Build runner image uses: docker/build-push-action@v2 diff --git a/.github/workflows/tps-tests.yml b/.github/workflows/tps-tests.yml index fefa1ba14d9..2d7be37eb00 100644 --- a/.github/workflows/tps-tests.yml +++ b/.github/workflows/tps-tests.yml @@ -30,20 +30,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.init.outputs.matrix) }} - container: registry.fedoraproject.org/fedora:${{ matrix.os }} steps: - name: Clone repository uses: actions/checkout@v2 - - name: Install dependencies - run: | - dnf install -y dnf-plugins-core rpm-build moby-engine - dnf copr enable -y ${{ needs.init.outputs.repo }} - dnf builddep -y --allowerasing --spec ./pki.spec --nogpgcheck - - - name: Build PKI packages - run: ./build.sh --with-pkgs=base,server,ca,kra,tks,tps --with-timestamp --work-dir=build rpm - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/Dockerfile b/Dockerfile index 7113d88fede..a106683013e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,27 @@ RUN dnf install -y systemd \ CMD [ "/usr/sbin/init" ] +################################################################################ +FROM fedora-runner AS pki-builder + +ARG COPR_REPO + +# Enable COPR repo if specified +RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi + +# Install packages +RUN dnf install -y rpm-build + +# Import PKI sources +COPY . /root/pki/ +WORKDIR /root/pki + +# Install PKI dependencies +RUN dnf builddep -y --spec pki.spec + +# Build and install PKI packages +RUN ./build.sh --work-dir=build rpm + ################################################################################ FROM fedora-runner AS pki-runner @@ -31,8 +52,8 @@ ARG COPR_REPO # Enable COPR repo if specified RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi -# Import PKI packages -COPY build/RPMS /tmp/RPMS/ +# Copy PKI packages +COPY --from=pki-builder /root/pki/build/RPMS/* /tmp/RPMS/ # Install PKI packages RUN dnf localinstall -y /tmp/RPMS/* \