-
Notifications
You must be signed in to change notification settings - Fork 2
127 lines (113 loc) · 3.99 KB
/
image_build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: image_build
on:
workflow_dispatch:
inputs:
candlepin-ref:
description: 'The reference of Candlepin to build'
required: true
default: 'main'
type: string
push-image:
description: 'Push image'
required: false
default: true
type: boolean
update-latest:
description: "Update 'latest' tag"
required: false
default: true
type: boolean
env:
IMAGE_NAME: candlepin-unofficial
jobs:
image_build:
name: "image_build"
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
ANSIBLE_FORCE_COLOR: 1
steps:
- name: Base setup
run: |
sudo apt-get update
sudo apt-get -y install \
ansible-core \
git-core \
buildah \
podman \
jq
- name: Checkout repository
uses: actions/checkout@v4
- name: Checkout candlepin.git
uses: actions/checkout@v4
with:
repository: candlepin/candlepin
path: candlepin.git
ref: ${{ inputs.candlepin-ref }}
- name: Install ansible bits
run: |
ansible-galaxy collection install -r requirements.yml
- name: Initial build
uses: redhat-actions/buildah-build@v2
with:
image: cp_base
tags: build
containerfiles: |
./Containerfile
oci: true
- name: Get container tag
id: container-tag
run: |
export tag=$(echo ${{ inputs.candlepin-ref }} | sed 's/^candlepin-//g')
echo "tag=$tag" >> $GITHUB_OUTPUT
- name: Customization
run: |
set -euo pipefail
podman run --name=candlepin --hostname=candlepin.local --publish=8443:8443 --publish=2222:22 --privileged --detach -t cp_base
# wait for systemd to start in the container
sleep 5
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory -v playbook.yml
podman exec candlepin poweroff
# wait for system shutdown
sleep 5
podman commit candlepin cp_custom
- name: Build final image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ inputs.update-latest && format('{0} {1}', steps.container-tag.outputs.tag, 'latest') || steps.container-tag.outputs.tag }}
base-image: cp_custom
entrypoint: /sbin/init
oci: true
- name: List images
run: |
podman images
- name: Test newly created image
run: |
set -xeuo pipefail
# run the container
podman run --rm --name=test-candlepin --hostname=candlepin.local --publish=8443:8443 --publish=8080:8080 --detach ${{ steps.build-image.outputs.image }}:${{ steps.container-tag.outputs.tag }}
# setup the local runner
echo '127.0.0.1 candlepin.local' | sudo tee -a /etc/hosts
podman cp test-candlepin:/etc/candlepin/certs/candlepin-ca.crt .
sudo cp candlepin-ca.crt /usr/local/share/ca-certificates/candlepin-ca.crt
sudo update-ca-certificates
# wait for startup
sleep 10
curl https://candlepin.local:8443/candlepin/status | jq
curl --head http://candlepin.local:8080/RPM-GPG-KEY-candlepin
curl --head http://candlepin.local:8080/donaldduck/path/to/fake-content/38072-3902/repodata/repomd.xml
curl --head http://candlepin.local:8080/path/to/fake-content/38072-3902/repodata/repomd.xml
podman stop test-candlepin
- name: Push to the registry
uses: redhat-actions/push-to-registry@v2
if: inputs.push-image
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ghcr.io/${{ github.actor }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}