pulp-oci-images CI #3128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: pulp-oci-images CI | |
on: | |
push: | |
branches: | |
- latest | |
workflow_dispatch: | |
pull_request: | |
env: | |
COLORTERM: 'yes' | |
TERM: 'xterm-256color' | |
PYTEST_ADDOPTS: '--color=yes' | |
PULP_FILE_VERSION: '~=1.12.0' # Forces to use the latest compatible version with pulpcore 3.22 | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# by default, it uses a depth of 1 | |
# this fetches all history so that we can read each commit | |
fetch-depth: 0 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Check commit message | |
if: github.event_name == 'pull_request' | |
env: | |
GITHUB_CONTEXT: ${{ github.event.pull_request.commits_url }} | |
run: | | |
echo ::group::REQUESTS | |
pip install pygithub | |
echo ::endgroup:: | |
for sha in $(curl $GITHUB_CONTEXT | jq '.[].sha' | sed 's/"//g') | |
do | |
python .ci/scripts/validate_commit_message.py $sha | |
VALUE=$? | |
if [ "$VALUE" -gt 0 ]; then | |
exit $VALUE | |
fi | |
done | |
shell: bash | |
base-images: | |
needs: lint | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
outputs: | |
image_variants: "${{ steps.image_variants.outputs.image_variants }}" | |
pulp_ci_centos_id: "${{ steps.pulp_ci_centos_id.outputs.pulp_ci_centos_id }}" | |
steps: | |
# We do not want to build nightly images unless it's a PR to the latest branch, | |
# or a branch/dispatch build on the latest branch. | |
- name: Set the list of image_variants for later jobs | |
id: image_variants | |
run: | | |
if [ "${{ github.base_ref }}" == "latest" ] || [ "${{ github.ref_name }}" == "latest" ]; then | |
echo "image_variants=[\"nightly\",\"stable\"]" >> "$GITHUB_OUTPUT" | |
else | |
echo "image_variants=[\"stable\"]" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Set the temporary image tag | |
run: | | |
temp_base_tag="${GITHUB_REF_NAME%/*}" | |
echo "Building $temp_base_tag" | |
echo "TEMP_BASE_TAG=${temp_base_tag}" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
with: | |
# by default, it uses a depth of 1 | |
# this fetches all history so that we can read each commit | |
fetch-depth: 0 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Dispatch workflows on stable branches | |
if: github.event_name == 'schedule' | |
run: | | |
echo ::group::PYDEPS | |
pip install gitpython requests packaging jinja2 pyyaml | |
echo ::endgroup:: | |
python .ci/scripts/update_ci_branches.py | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
- name: Build images | |
run: | | |
podman version | |
buildah version | |
podman build --format docker --file images/Containerfile.core.base --tag pulp/base:${TEMP_BASE_TAG} . | |
podman build --format docker --file images/pulp_ci_centos/Containerfile --tag pulp/pulp-ci-centos:${TEMP_BASE_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} . | |
# we use the docker format (default), even though it may not be the fastest, | |
# because it supports saving both images at once. | |
# However, it seems to export the common layers twice. | |
# We should look into whether its possible to export just pulp-ci-centos, | |
# and tag the base image manually. | |
- name: Save podman images to tarball | |
id: pulp_ci_centos_id | |
run: | | |
podman save -m -o base-images.tar pulp/base:${TEMP_BASE_TAG} pulp/pulp-ci-centos:${TEMP_BASE_TAG} | |
# The id is unique to the image build (not the Containerfile) and will be used in the cache key | |
# If a workflow completes successfully, every workflow will generate a new cache. | |
# And if we re-run the entire workflow ("Re-run all jobs"), it will generate a new cache too. | |
# If we re-run a failed app-images job, it will use the existing cache from base-images | |
id=$(podman image inspect --format '{{ .Id }}' pulp/pulp-ci-centos:${TEMP_BASE_TAG}) | |
echo "pulp_ci_centos_id=${id}" >> "$GITHUB_OUTPUT" | |
echo "pulp_ci_centos_id=${id}" >> "$GITHUB_ENV" | |
- name: Cache podman images | |
uses: actions/cache/save@v4 | |
with: | |
key: base-images=${{ env.pulp_ci_centos_id }} | |
path: base-images.tar | |
fail-on-cache-miss: true | |
app-images: | |
needs: base-images | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
image_variant: ${{ fromJSON(needs.base-images.outputs.image_variants) }} | |
app: | |
- image_name: pulp-minimal | |
web_image: pulp-web | |
pip_name: pulpcore | |
s6: false | |
- image_name: pulp | |
web_image: pulp-web | |
pip_name: pulpcore | |
s6: true | |
steps: | |
- name: Set the temporary image tags | |
run: | | |
if [ "${{ matrix.image_variant }}" == "nightly" ]; then | |
temp_app_tag="nightly" | |
else | |
temp_app_tag="${GITHUB_REF_NAME%/*}" | |
fi | |
temp_base_tag="${GITHUB_REF_NAME%/*}" | |
echo "Building $temp_app_tag from base $temp_base_tag" | |
echo "TEMP_APP_TAG=${temp_app_tag}" >> $GITHUB_ENV | |
echo "TEMP_BASE_TAG=${temp_base_tag}" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
with: | |
# by default, it uses a depth of 1 | |
# this fetches all history so that we can read each commit | |
fetch-depth: 0 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Install python dependencies | |
if: github.event_name == 'schedule' | |
run: | | |
echo ::group::PYDEPS | |
pip install gitpython requests packaging jinja2 pyyaml | |
echo ::endgroup:: | |
- name: Verify needs.base-images.outputs.pulp_ci_centos_id is not blank | |
run: | | |
if [ -z "${{ needs.base-images.outputs.pulp_ci_centos_id }}" ]; then | |
exit 1 | |
fi | |
- name: Restore podman images from cache | |
uses: actions/cache/restore@v4 | |
with: | |
key: base-images=${{ needs.base-images.outputs.pulp_ci_centos_id }} | |
path: base-images.tar | |
fail-on-cache-miss: true | |
- name: Load podman images from tarball | |
run: | | |
podman load -i base-images.tar | |
- name: Install httpie and podman-compose | |
run: | | |
echo ::group::HTTPIE | |
sudo apt-get update -yq | |
sudo -E apt-get -yq --no-install-suggests --no-install-recommends install httpie | |
echo ::endgroup:: | |
echo "HTTPIE_CONFIG_DIR=$GITHUB_WORKSPACE/.ci/assets/httpie/" >> $GITHUB_ENV | |
pip install podman-compose | |
if [[ $(dpkg-query --showformat='${Version}' --show podman) == "3.4.4+ds1-1ubuntu1.22.04.1" && $(dpkg-query --showformat='${Version}' --show containernetworking-plugins) == "0.9.1+ds1-1" ]] | |
then | |
echo "Working around https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394" | |
curl -O http://archive.ubuntu.com/ubuntu/pool/universe/g/golang-github-containernetworking-plugins/containernetworking-plugins_1.1.1+ds1-1_amd64.deb | |
sudo dpkg -i containernetworking-plugins_1.1.1+ds1-1_amd64.deb | |
fi | |
shell: bash | |
- name: Build images | |
run: | | |
podman version | |
buildah version | |
if [ "${{ matrix.app.s6 }}" == "false" ]; then | |
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile.core --tag pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} --build-arg PULP_FILE_VERSION=${PULP_FILE_VERSION} . | |
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile.webserver --tag pulp/${{ matrix.app.web_image }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_APP_TAG} . | |
else | |
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile --tag pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} --build-arg PULP_FILE_VERSION=${PULP_FILE_VERSION} . | |
fi | |
podman images -a | |
- name: Set version and branch image tags | |
run: | | |
app_version=$(podman run --pull=never pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} bash -c "pip3 show ${{ matrix.app.pip_name }} | sed -n -e 's/Version: //p'") | |
app_branch=$(echo ${app_version} | grep -oP '\d+\.\d+') | |
echo "APP_VERSION: ${app_version}" | |
echo "APP_BRANCH: ${app_branch}" | |
echo "APP_VERSION=${app_version}" >> $GITHUB_ENV | |
echo "APP_BRANCH=${app_branch}" >> $GITHUB_ENV | |
base_version=$(podman run --pull=never pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} bash -c "pip3 show pulpcore | sed -n -e 's/Version: //p'") | |
base_branch=$(echo ${base_version} | grep -oP '\d+\.\d+') | |
echo "BASE_VERSION: ${base_version}" | |
echo "BASE_BRANCH: ${base_branch}" | |
echo "BASE_VERSION=${base_version}" >> $GITHUB_ENV | |
echo "BASE_BRANCH=${base_branch}" >> $GITHUB_ENV | |
- name: Test upgrading to the image in s6 mode | |
if: matrix.app.image_name == 'pulp' | |
run: | | |
# 3.20 has postgres 12 rather than 13 | |
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}" http "quay.io/pulp/all-in-one-pulp:3.20" | |
podman stop pulp | |
podman rm pulp | |
- name: Test the image in s6 mode | |
if: matrix.app.image_name == 'galaxy' | |
run: | | |
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}" | |
podman stop pulp | |
podman rm pulp | |
- name: Test the image in s6 mode with https | |
if: matrix.app.s6 | |
run: | | |
# Delete the database from the previous test 1st, so test.sh does not fail | |
sudo rm -rf pgsql/data | |
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}" https | |
podman stop pulp | |
podman rm pulp | |
- name: Compose up | |
run: | | |
if [ "${{ matrix.app.s6 }}" == "true" ]; then | |
# Reuse the folders from the s6 mode tests | |
FILE="docker-compose.folders.yml" | |
# We'll pull the web image from a registry since we didn't build it. | |
if [ "${{ matrix.image_variant }}" == "nightly" ]; then | |
WEB_TAG="nightly" | |
else | |
WEB_TAG="${APP_BRANCH}" | |
fi | |
else | |
FILE="docker-compose.yml" | |
WEB_TAG="${TEMP_APP_TAG}" | |
fi | |
cd images/compose | |
sed -i "s/pulp-minimal:latest/${{ matrix.app.image_name }}:${TEMP_APP_TAG}/g" $FILE | |
sed -i "s/pulp-web:latest/${{ matrix.app.web_image }}:${WEB_TAG}/g" $FILE | |
id | grep "(root)" || sudo usermod -G root $(whoami) | |
podman-compose -f $FILE up -d | |
sleep 30 | |
for _ in $(seq 20) | |
do | |
sleep 3 | |
if curl --fail http://localhost:8080/pulp/api/v3/status/ > /dev/null 2>&1 | |
then | |
break | |
fi | |
done | |
curl --fail http://localhost:8080/pulp/api/v3/status/ | jq | |
shell: bash | |
- name: Test all components (pulp) | |
if: matrix.app == 'pulp' | |
run: | | |
git clone --depth=1 https://github.com/pulp/pulp_ansible.git | |
git clone --depth=1 https://github.com/pulp/pulp_container.git | |
.ci/scripts/pulp_tests.sh | |
shell: bash | |
env: | |
PY_COLORS: '1' | |
- name: Test all components (galaxy) | |
if: matrix.app == 'galaxy' | |
run: | | |
.ci/scripts/galaxy_ng-tests.sh | |
shell: bash | |
env: | |
PY_COLORS: '1' | |
- name: Github login | |
if: github.event_name != 'pull_request' | |
env: | |
PULP_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PULP_GITHUB_USERNAME: ${{ github.actor }} | |
run: echo "$PULP_GITHUB_TOKEN" | podman login -u "$PULP_GITHUB_USERNAME" --password-stdin ghcr.io | |
- name: Docker login | |
if: github.event_name != 'pull_request' | |
env: | |
DOCKER_BOT_PASSWORD: ${{ secrets.DOCKER_BOT_PASSWORD }} | |
DOCKER_BOT_USERNAME: ${{ secrets.DOCKER_BOT_USERNAME }} | |
run: echo "$DOCKER_BOT_PASSWORD" | podman login -u "$DOCKER_BOT_USERNAME" --password-stdin docker.io | |
- name: Quay login | |
if: github.event_name != 'pull_request' | |
env: | |
QUAY_BOT_PASSWORD: ${{ secrets.QUAY_BOT_PASSWORD }} | |
QUAY_BOT_USERNAME: ${{ secrets.QUAY_BOT_USERNAME }} | |
run: echo "$QUAY_BOT_PASSWORD" | podman login -u "$QUAY_BOT_USERNAME" --password-stdin quay.io | |
- name: Push base images to registries | |
if: github.event_name != 'pull_request' | |
run: | | |
for registry in ghcr.io docker.io quay.io; do | |
# Technically multiple jobs will build and push these 2 images | |
# but it is created once in the base-images job, and will be identical | |
for image_name_looped in base pulp-ci-centos; do | |
if [ "${TEMP_BASE_TAG}" == "latest" ]; then | |
tags="${BASE_BRANCH} ${BASE_VERSION} latest" | |
else | |
tags="${BASE_BRANCH} ${BASE_VERSION}" | |
fi | |
for tag in $tags; do | |
podman tag pulp/${image_name_looped}:${TEMP_BASE_TAG} ${registry}/pulp/${image_name_looped}:${tag} | |
podman push ${registry}/pulp/${image_name_looped}:${tag} | |
done | |
done | |
done | |
unset tag | |
shell: bash | |
- name: Push app images to registries | |
if: github.event_name != 'pull_request' | |
run: | | |
if [ "${{ matrix.app.s6 }}" == "true" ]; then | |
images="${{ matrix.app.image_name }}" | |
else | |
images="${{ matrix.app.image_name }} ${{ matrix.app.web_image }}" | |
fi | |
for registry in ghcr.io docker.io quay.io; do | |
for image_name_looped in $images; do | |
if [ "${{ matrix.image_variant }}" == "stable" ]; then | |
# latest branch stable variant gets tagged as both "latest" and "stable" | |
if [ "${TEMP_APP_TAG}" == "latest" ]; then | |
tags="${APP_BRANCH} ${APP_VERSION} ${{ matrix.image_variant }} latest" | |
else | |
tags="${APP_BRANCH} ${APP_VERSION}" | |
fi | |
else | |
# The matrix should ensure that the nightly variant only ever pertains to the "latest" branch, but let's be extra safe | |
if [ "${GITHUB_REF_NAME%/*}" == "latest" ]; then | |
# "nightly" is a special case, no version / branch tags | |
tags="nightly" | |
fi | |
fi | |
for tag in $tags; do | |
podman tag pulp/${image_name_looped}:${TEMP_APP_TAG} ${registry}/pulp/${image_name_looped}:${tag} | |
podman push ${registry}/pulp/${image_name_looped}:${tag} | |
done | |
done | |
done | |
shell: bash | |
- name: Logs | |
if: always() | |
run: | | |
set +e | |
podman ps -a | |
podman images -a | |
podman logs pulp | |
cd images/compose | |
podman-compose logs | |
podman logs --tail=10000 compose_pulp_api_1 | |
podman logs --tail=10000 compose_pulp_content_1 | |
podman logs --tail=10000 compose_pulp_worker_1 | |
podman logs --tail=10000 compose_pulp_worker_2 | |
podman logs --tail=10000 compose_pulp_web_1 | |
VOLUME_PATH=$(podman volume inspect pulpdev | jq -r .[].Mountpoint) | |
sudo ls -al $VOLUME_PATH | |
sudo tree $VOLUME_PATH | |
http --follow --timeout 30 --check-status --pretty format --print hb http://localhost:8080/pulp/api/v3/status/ || true |