Skip to content

Commit

Permalink
Refactor into reusable workflows
Browse files Browse the repository at this point in the history 
- Normally will just build kubler images
- For now manually kick off early statges, or chains
  • Loading branch information
@berney
berney committed Feb 5, 2024
1 parent 1240b3d commit 65a8b09
Show file tree
Hide file tree
Showing 7 changed files with 515 additions and 450 deletions.
267 changes: 267 additions & 0 deletions .github/workflows/builders.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,267 @@
name: Bake Builders
on:
#push:
# branches:
# - main
workflow_dispatch:
workflow_call:

# Jobs run in parallel
# Jobs are independent with separate file systems, IP addresses, etc.
jobs:
stage3:
runs-on: ubuntu-latest
needs:
- setup
- kubler-portage
env:
KUBLER_IMAGE: ghcr.io/${{ github.repository }}
PORTAGE_DATE: ${{ needs.setup.outputs.portage_date }}
PORTAGE_IMAGE: ${{ needs.kubler-portage.outputs.portage_image }}
strategy:
fail-fast: false
matrix:
include:
- name: bob
stage3:
base: gentoo/stage3:hardened-nomultilib
tmp_image: ghcr.io/${{ github.repository }}/tmp/stage3-amd64-hardened-nomultilib-openrc:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/stage3-amd64-hardened-nomultilib-openrc:${{ needs.setup.outputs.portage_date }}
cache: stage3-amd64-hardened-nomultilib-openrc
goss: stage3/amd64-hardened-nomultilib-openrc
core:
def_chost: x86_64-pc-linux-gnu
tmp_image: ghcr.io/${{ github.repository }}/tmp/bob-core:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/bob-core:${{ needs.setup.outputs.portage_date }}
cache: bob-core
goss: core/bob-core
bob:
target: bob
tmp_image: ghcr.io/${{ github.repository }}/tmp/bob:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/bob:${{ needs.setup.outputs.portage_date }}
cache: bob
goss: builder/bob
- name: bob-musl
stage3:
base: gentoo/stage3:musl-hardened
tmp_image: ghcr.io/${{ github.repository }}/tmp/stage3-amd64-musl-hardened:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/stage3-amd64-musl-hardened:${{ needs.setup.outputs.portage_date }}
cache: stage3-amd64-musl-hardened
goss: stage3/amd64-musl-hardened
core:
def_chost: x86_64-gentoo-linux-musl
tmp_image: ghcr.io/${{ github.repository }}/tmp/bob-musl-core:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/bob-musl-core:${{ needs.setup.outputs.portage_date }}
cache: bob-musl-core
goss: core/bob-musl-core
bob:
target: bob-musl
tmp_image: ghcr.io/${{ github.repository }}/tmp/bob-musl:${{ needs.setup.outputs.portage_date }}
image: ghcr.io/${{ github.repository }}/bob-musl:${{ needs.setup.outputs.portage_date }}
cache: bob-musl
goss: builder/bob-musl
steps:
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:latest
platforms: all

- name: 🐋 Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
with:
# This breaks kubler https://github.com/edannenberg/kubler/issues/215
# Sets up `docker build` command as an alias to `docker buildx` (default `false`)
install: true

- name: 🐋 Docker Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Check out repository code
uses: actions/checkout@v4

- uses: oras-project/setup-oras@v1

- name: 🐋 Docker Pull stage3
id: stage3-pull
continue-on-error: true
run: |
set -eu
docker pull "${{ matrix.stage3.image }}"
- name: 🐋🍳 Docker Bake Kubler stage3 - test pulled
id: stage3-pull-test
if: ${{ steps.stage3-pull.outcome == 'success' }}
continue-on-error: true
run: |
set -eux
docker run --rm "${{ matrix.stage3.image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.stage3.image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.stage3.image }}" eselect profile show
cd "${{ matrix.stage3.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "$KUBLER_IMAGE" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.stage3.image }}" validate --color
- name: 🐋🍳 Docker Bake Kubler stage3 - list targets
if: ${{ steps.stage3-pull.outcome == 'failure' || steps.stage3-pull-test.outcome == 'failure' }}
uses: docker/bake-action/subaction/list-targets@v4
with:
workdir: bob-stage3

- name: 🐋🍳 Docker Bake Kubler stage3
if: ${{ steps.stage3-pull.outcome == 'failure' || steps.stage3-pull-test.outcome == 'failure' }}
uses: docker/bake-action@v4
with:
workdir: bob-stage3
push: true
# In the `docker-bake.hcl`
# There is a variable `BASE_TAG` and `BASE_IMAGE`. `BASE_IMAGE` interpolates `BASE_TAG`i
# These can be set with env vars when using `docker buildx bake` command
# For the gentoo-stage3 target there's no `BASE_TAG` arg, only `BASE_IMAGE` which defaults to `BASE_IMAGE` var
# When using bake-action we need to set the `BASE_IMAGE` arg, setting `BASE_TAG` arg won't do what we want.
set: |
gentoo-stage3.args.BASE_IMAGE=${{ matrix.stage3.base }}
gentoo-stage3.args.PORTAGE=${{ env.PORTAGE_IMAGE }}
gentoo-stage3.tags=${{ matrix.stage3.tmp_image }}
gentoo-stage3.cache-from=type=gha,scope=portage
gentoo-stage3.cache-from=type=gha,scope=${{ matrix.stage3.cache }}
gentoo-stage3.cache-to=type=gha,scope=${{ matrix.stage3.cache }}
- name: 🐋🍳 Docker Bake Kubler stage3 - test baked
if: ${{ steps.stage3-pull.outcome == 'failure' || steps.stage3-pull-test.outcome == 'failure' }}
run: |
set -eux
docker run --rm "${{ matrix.stage3.tmp_image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.stage3.tmp_image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.stage3.tmp_image }}" eselect profile show
cd "${{ matrix.stage3.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "$KUBLER_IMAGE" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.stage3.tmp_image }}" validate --color
- name: 🐋🍳 Docker Bake Kubler stage3 - oras cp
if: ${{ steps.stage3-pull.outcome == 'failure' || steps.stage3-pull-test.outcome == 'failure' }}
run: |
set -eux
oras cp -v "${{ matrix.stage3.tmp_image }}" "${{ matrix.stage3.image }}"
- name: 🐋 Docker Pull bob-core
id: bob-core-pull
continue-on-error: true
run: |
set -eu
docker pull "${{ matrix.core.image }}"
- name: 🐋🍳 Docker Bake Kubler bob-core - test pulled
id: bob-core-pull-test
if: ${{ steps.bob-core-pull.outcome == 'success' }}
run: |
set -eux
docker run --rm "${{ matrix.core.image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.core.image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.core.image }}" eselect profile show
docker run --rm "${{ matrix.core.image }}" ls -l /var/cache
cd "${{ matrix.core.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "${KUBLER_IMAGE}" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.core.image }}" validate --color
- name: 🐋🍳 Docker Bake Kubler bob-core - list targets
if: ${{ steps.bob-core-pull.outcome == 'failure' || steps.bob-core-pull-test.outcome == 'failure' }}
uses: docker/bake-action/subaction/list-targets@v4
with:
workdir: bob-core

- name: 🐋🍳 Docker Bake Kubler bob-core
if: ${{ steps.bob-core-pull.outcome == 'failure' || steps.bob-core-pull-test.outcome == 'failure' }}
uses: docker/bake-action@v4
with:
workdir: bob-core
push: true
set: |
core.args.DEF_CHOST=${{ matrix.core.def_chost }}
core.args.BASE_IMAGE=${{ matrix.stage3.image }}
core.tags=${{ matrix.core.tmp_image }}
core.cache-from=type=gha,scope=portage
core.cache-from=type=gha,scope=${{ matrix.stage3.cache }}
core.cache-from=type=gha,scope=${{ matrix.core.cache }}
core.cache-to=type=gha,scope=${{ matrix.core.cache }}
- name: 🐋🍳 Docker Bake Kubler bob-core - test baked
if: ${{ steps.bob-core-pull.outcome == 'failure' || steps.bob-core-pull-test.outcome == 'failure' }}
run: |
set -eux
docker run --rm "${{ matrix.core.tmp_image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.core.tmp_image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.core.tmp_image }}" eselect profile show
docker run --rm "${{ matrix.core.tmp_image }}" ls -l /var/cache
cd "${{ matrix.core.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "${KUBLER_IMAGE}" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.core.tmp_image }}" validate --color
- name: 🐋🍳 Docker Bake Kubler bob-core - oras cp
if: ${{ steps.bob-core-pull.outcome == 'failure' || steps.bob-core-pull-test.outcome == 'failure' }}
run: |
set -eux
oras cp -v "${{ matrix.core.tmp_image }}" "${{ matrix.core.image }}"
- name: 🐋 Docker Pull bob
id: bob-pull
continue-on-error: true
run: |
set -eu
docker pull "${{ matrix.bob.image }}"
- name: 🐋 Docker Build kubler builder - bob - test pulled
id: bob-pull-test
if: ${{ steps.bob-pull.outcome == 'success' }}
run: |
set -eux
docker run --rm "${{ matrix.bob.image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.bob.image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.bob.image }}" eselect profile show
docker run --rm "${{ matrix.bob.image }}" ls -l /var/cache
docker run --rm "${{ matrix.bob.image }}" ls -l /var/cache/eix
docker run --rm "${{ matrix.bob.image }}" eix --selected -c
cd "${{ matrix.bob.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "${KUBLER_IMAGE}" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.bob.image }}" validate --color
- name: 🐋 Docker Build kubler builder - bob - list targets
if: ${{ steps.bob-pull.outcome == 'failure' || steps.bob-pull-test.outcome == 'failure' }}
uses: docker/bake-action/subaction/list-targets@v4
with:
workdir: ${{ matrix.bob.goss }}

- name: 🐋🍳 Docker Bake Kubler builder - bob
if: ${{ steps.bob-pull.outcome == 'failure' || steps.bob-pull-test.outcome == 'failure' }}
uses: docker/bake-action@v4
with:
workdir: ${{ matrix.bob.goss }}
push: true
set: |
${{matrix.bob.target}}.args.BASE_IMAGE=${{ matrix.core.image }}
${{matrix.bob.target}}.tags=${{ matrix.bob.tmp_image }}
${{matrix.bob.target}}.cache-from=type=gha,scope=portage
${{matrix.bob.target}}.cache-from=type=gha,scope=${{ matrix.stage3.cache }}
${{matrix.bob.target}}.cache-from=type=gha,scope=${{ matrix.core.cache }}
${{matrix.bob.target}}.cache-from=type=gha,scope=${{ matrix.bob.cache }}
${{matrix.bob.target}}.cache-to=type=gha,scope=${{ matrix.bob.cache }}
- name: 🐋 Docker Build kubler builder - bob - test baked
if: ${{ steps.bob-pull.outcome == 'failure' || steps.bob-pull-test.outcome == 'failure' }}
run: |
set -eux
docker run --rm "${{ matrix.bob.tmp_image }}" cat /etc/gentoo-release
docker run --rm "${{ matrix.bob.tmp_image }}" sh -c "grep -E 'Latest|stage3' /latest-stage3*.txt"
docker run --rm "${{ matrix.bob.tmp_image }}" eselect profile show
docker run --rm "${{ matrix.bob.tmp_image }}" ls -l /var/cache
docker run --rm "${{ matrix.bob.tmp_image }}" ls -l /var/cache/eix
docker run --rm "${{ matrix.bob.tmp_image }}" eix --selected -c
cd "${{ matrix.bob.goss }}" || exit 1
docker run --rm -v /run/docker.sock:/run/docker.sock -v "$(pwd):/src:ro" -w /src -e CONTAINER_MODE=entrypoint "${KUBLER_IMAGE}" dgoss run -w /goss --entrypoint /goss/goss "${{ matrix.bob.tmp_image }}" validate --color
- name: 🐋🍳 Docker Bake Kubler builder - bob - oras cp
if: ${{ steps.bob-pull.outcome == 'failure' || steps.bob-pull-test.outcome == 'failure' }}
run: |
set -eux
oras cp -v "${{ matrix.bob.tmp_image }}" "${{ matrix.bob.image }}"
9 changes: 9 additions & 0 deletions .github/workflows/chain-builders.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: Chain Builders-Kubler
on:
workflow_dispatch:

jobs:
call-builders:
uses: ./.github/builders.yml
call-kubler-build:
uses: ./.github/kubler-build.yml
13 changes: 13 additions & 0 deletions .github/workflows/chain-full.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Full Chain
on:
workflow_dispatch:

jobs:
call-setup:
uses: ./.github/setup.yml
call-portage:
uses: ./.github/portage.yml
call-builders:
uses: ./.github/builders.yml
call-kubler-build:
uses: ./.github/kubler-build.yml
11 changes: 11 additions & 0 deletions .github/workflows/chain-portage.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: Chain Portage-Builders-Kubler
on:
workflow_dispatch:

jobs:
call-portage:
uses: ./.github/portage.yml
call-builders:
uses: ./.github/builders.yml
call-kubler-build:
uses: ./.github/kubler-build.yml
Loading

0 comments on commit 65a8b09

Please sign in to comment.