Skip to content

pulp-oci-images CI #3128

pulp-oci-images CI

pulp-oci-images CI #3128

Workflow file for this run

name: pulp-oci-images CI
on:
push:
branches:
- latest
workflow_dispatch:
pull_request:
env:
COLORTERM: 'yes'
TERM: 'xterm-256color'
PYTEST_ADDOPTS: '--color=yes'
PULP_FILE_VERSION: '~=1.12.0' # Forces to use the latest compatible version with pulpcore 3.22
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# by default, it uses a depth of 1
# this fetches all history so that we can read each commit
fetch-depth: 0
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Check commit message
if: github.event_name == 'pull_request'
env:
GITHUB_CONTEXT: ${{ github.event.pull_request.commits_url }}
run: |
echo ::group::REQUESTS
pip install pygithub
echo ::endgroup::
for sha in $(curl $GITHUB_CONTEXT | jq '.[].sha' | sed 's/"//g')
do
python .ci/scripts/validate_commit_message.py $sha
VALUE=$?
if [ "$VALUE" -gt 0 ]; then
exit $VALUE
fi
done
shell: bash
base-images:
needs: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
outputs:
image_variants: "${{ steps.image_variants.outputs.image_variants }}"
pulp_ci_centos_id: "${{ steps.pulp_ci_centos_id.outputs.pulp_ci_centos_id }}"
steps:
# We do not want to build nightly images unless it's a PR to the latest branch,
# or a branch/dispatch build on the latest branch.
- name: Set the list of image_variants for later jobs
id: image_variants
run: |
if [ "${{ github.base_ref }}" == "latest" ] || [ "${{ github.ref_name }}" == "latest" ]; then
echo "image_variants=[\"nightly\",\"stable\"]" >> "$GITHUB_OUTPUT"
else
echo "image_variants=[\"stable\"]" >> "$GITHUB_OUTPUT"
fi
- name: Set the temporary image tag
run: |
temp_base_tag="${GITHUB_REF_NAME%/*}"
echo "Building $temp_base_tag"
echo "TEMP_BASE_TAG=${temp_base_tag}" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
# by default, it uses a depth of 1
# this fetches all history so that we can read each commit
fetch-depth: 0
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Dispatch workflows on stable branches
if: github.event_name == 'schedule'
run: |
echo ::group::PYDEPS
pip install gitpython requests packaging jinja2 pyyaml
echo ::endgroup::
python .ci/scripts/update_ci_branches.py
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
- name: Build images
run: |
podman version
buildah version
podman build --format docker --file images/Containerfile.core.base --tag pulp/base:${TEMP_BASE_TAG} .
podman build --format docker --file images/pulp_ci_centos/Containerfile --tag pulp/pulp-ci-centos:${TEMP_BASE_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} .
# we use the docker format (default), even though it may not be the fastest,
# because it supports saving both images at once.
# However, it seems to export the common layers twice.
# We should look into whether its possible to export just pulp-ci-centos,
# and tag the base image manually.
- name: Save podman images to tarball
id: pulp_ci_centos_id
run: |
podman save -m -o base-images.tar pulp/base:${TEMP_BASE_TAG} pulp/pulp-ci-centos:${TEMP_BASE_TAG}
# The id is unique to the image build (not the Containerfile) and will be used in the cache key
# If a workflow completes successfully, every workflow will generate a new cache.
# And if we re-run the entire workflow ("Re-run all jobs"), it will generate a new cache too.
# If we re-run a failed app-images job, it will use the existing cache from base-images
id=$(podman image inspect --format '{{ .Id }}' pulp/pulp-ci-centos:${TEMP_BASE_TAG})
echo "pulp_ci_centos_id=${id}" >> "$GITHUB_OUTPUT"
echo "pulp_ci_centos_id=${id}" >> "$GITHUB_ENV"
- name: Cache podman images
uses: actions/cache/save@v4
with:
key: base-images=${{ env.pulp_ci_centos_id }}
path: base-images.tar
fail-on-cache-miss: true
app-images:
needs: base-images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image_variant: ${{ fromJSON(needs.base-images.outputs.image_variants) }}
app:
- image_name: pulp-minimal
web_image: pulp-web
pip_name: pulpcore
s6: false
- image_name: pulp
web_image: pulp-web
pip_name: pulpcore
s6: true
steps:
- name: Set the temporary image tags
run: |
if [ "${{ matrix.image_variant }}" == "nightly" ]; then
temp_app_tag="nightly"
else
temp_app_tag="${GITHUB_REF_NAME%/*}"
fi
temp_base_tag="${GITHUB_REF_NAME%/*}"
echo "Building $temp_app_tag from base $temp_base_tag"
echo "TEMP_APP_TAG=${temp_app_tag}" >> $GITHUB_ENV
echo "TEMP_BASE_TAG=${temp_base_tag}" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
# by default, it uses a depth of 1
# this fetches all history so that we can read each commit
fetch-depth: 0
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install python dependencies
if: github.event_name == 'schedule'
run: |
echo ::group::PYDEPS
pip install gitpython requests packaging jinja2 pyyaml
echo ::endgroup::
- name: Verify needs.base-images.outputs.pulp_ci_centos_id is not blank
run: |
if [ -z "${{ needs.base-images.outputs.pulp_ci_centos_id }}" ]; then
exit 1
fi
- name: Restore podman images from cache
uses: actions/cache/restore@v4
with:
key: base-images=${{ needs.base-images.outputs.pulp_ci_centos_id }}
path: base-images.tar
fail-on-cache-miss: true
- name: Load podman images from tarball
run: |
podman load -i base-images.tar
- name: Install httpie and podman-compose
run: |
echo ::group::HTTPIE
sudo apt-get update -yq
sudo -E apt-get -yq --no-install-suggests --no-install-recommends install httpie
echo ::endgroup::
echo "HTTPIE_CONFIG_DIR=$GITHUB_WORKSPACE/.ci/assets/httpie/" >> $GITHUB_ENV
pip install podman-compose
if [[ $(dpkg-query --showformat='${Version}' --show podman) == "3.4.4+ds1-1ubuntu1.22.04.1" && $(dpkg-query --showformat='${Version}' --show containernetworking-plugins) == "0.9.1+ds1-1" ]]
then
echo "Working around https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394"
curl -O http://archive.ubuntu.com/ubuntu/pool/universe/g/golang-github-containernetworking-plugins/containernetworking-plugins_1.1.1+ds1-1_amd64.deb
sudo dpkg -i containernetworking-plugins_1.1.1+ds1-1_amd64.deb
fi
shell: bash
- name: Build images
run: |
podman version
buildah version
if [ "${{ matrix.app.s6 }}" == "false" ]; then
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile.core --tag pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} --build-arg PULP_FILE_VERSION=${PULP_FILE_VERSION} .
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile.webserver --tag pulp/${{ matrix.app.web_image }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_APP_TAG} .
else
podman build --format docker --pull=false --file images/${{ matrix.app.image_name }}/${{ matrix.image_variant }}/Containerfile --tag pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} --build-arg FROM_TAG=${TEMP_BASE_TAG} --build-arg PULP_FILE_VERSION=${PULP_FILE_VERSION} .
fi
podman images -a
- name: Set version and branch image tags
run: |
app_version=$(podman run --pull=never pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} bash -c "pip3 show ${{ matrix.app.pip_name }} | sed -n -e 's/Version: //p'")
app_branch=$(echo ${app_version} | grep -oP '\d+\.\d+')
echo "APP_VERSION: ${app_version}"
echo "APP_BRANCH: ${app_branch}"
echo "APP_VERSION=${app_version}" >> $GITHUB_ENV
echo "APP_BRANCH=${app_branch}" >> $GITHUB_ENV
base_version=$(podman run --pull=never pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG} bash -c "pip3 show pulpcore | sed -n -e 's/Version: //p'")
base_branch=$(echo ${base_version} | grep -oP '\d+\.\d+')
echo "BASE_VERSION: ${base_version}"
echo "BASE_BRANCH: ${base_branch}"
echo "BASE_VERSION=${base_version}" >> $GITHUB_ENV
echo "BASE_BRANCH=${base_branch}" >> $GITHUB_ENV
- name: Test upgrading to the image in s6 mode
if: matrix.app.image_name == 'pulp'
run: |
# 3.20 has postgres 12 rather than 13
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}" http "quay.io/pulp/all-in-one-pulp:3.20"
podman stop pulp
podman rm pulp
- name: Test the image in s6 mode
if: matrix.app.image_name == 'galaxy'
run: |
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}"
podman stop pulp
podman rm pulp
- name: Test the image in s6 mode with https
if: matrix.app.s6
run: |
# Delete the database from the previous test 1st, so test.sh does not fail
sudo rm -rf pgsql/data
images/s6_assets/test.sh "pulp/${{ matrix.app.image_name }}:${TEMP_APP_TAG}" https
podman stop pulp
podman rm pulp
- name: Compose up
run: |
if [ "${{ matrix.app.s6 }}" == "true" ]; then
# Reuse the folders from the s6 mode tests
FILE="docker-compose.folders.yml"
# We'll pull the web image from a registry since we didn't build it.
if [ "${{ matrix.image_variant }}" == "nightly" ]; then
WEB_TAG="nightly"
else
WEB_TAG="${APP_BRANCH}"
fi
else
FILE="docker-compose.yml"
WEB_TAG="${TEMP_APP_TAG}"
fi
cd images/compose
sed -i "s/pulp-minimal:latest/${{ matrix.app.image_name }}:${TEMP_APP_TAG}/g" $FILE
sed -i "s/pulp-web:latest/${{ matrix.app.web_image }}:${WEB_TAG}/g" $FILE
id | grep "(root)" || sudo usermod -G root $(whoami)
podman-compose -f $FILE up -d
sleep 30
for _ in $(seq 20)
do
sleep 3
if curl --fail http://localhost:8080/pulp/api/v3/status/ > /dev/null 2>&1
then
break
fi
done
curl --fail http://localhost:8080/pulp/api/v3/status/ | jq
shell: bash
- name: Test all components (pulp)
if: matrix.app == 'pulp'
run: |
git clone --depth=1 https://github.com/pulp/pulp_ansible.git
git clone --depth=1 https://github.com/pulp/pulp_container.git
.ci/scripts/pulp_tests.sh
shell: bash
env:
PY_COLORS: '1'
- name: Test all components (galaxy)
if: matrix.app == 'galaxy'
run: |
.ci/scripts/galaxy_ng-tests.sh
shell: bash
env:
PY_COLORS: '1'
- name: Github login
if: github.event_name != 'pull_request'
env:
PULP_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PULP_GITHUB_USERNAME: ${{ github.actor }}
run: echo "$PULP_GITHUB_TOKEN" | podman login -u "$PULP_GITHUB_USERNAME" --password-stdin ghcr.io
- name: Docker login
if: github.event_name != 'pull_request'
env:
DOCKER_BOT_PASSWORD: ${{ secrets.DOCKER_BOT_PASSWORD }}
DOCKER_BOT_USERNAME: ${{ secrets.DOCKER_BOT_USERNAME }}
run: echo "$DOCKER_BOT_PASSWORD" | podman login -u "$DOCKER_BOT_USERNAME" --password-stdin docker.io
- name: Quay login
if: github.event_name != 'pull_request'
env:
QUAY_BOT_PASSWORD: ${{ secrets.QUAY_BOT_PASSWORD }}
QUAY_BOT_USERNAME: ${{ secrets.QUAY_BOT_USERNAME }}
run: echo "$QUAY_BOT_PASSWORD" | podman login -u "$QUAY_BOT_USERNAME" --password-stdin quay.io
- name: Push base images to registries
if: github.event_name != 'pull_request'
run: |
for registry in ghcr.io docker.io quay.io; do
# Technically multiple jobs will build and push these 2 images
# but it is created once in the base-images job, and will be identical
for image_name_looped in base pulp-ci-centos; do
if [ "${TEMP_BASE_TAG}" == "latest" ]; then
tags="${BASE_BRANCH} ${BASE_VERSION} latest"
else
tags="${BASE_BRANCH} ${BASE_VERSION}"
fi
for tag in $tags; do
podman tag pulp/${image_name_looped}:${TEMP_BASE_TAG} ${registry}/pulp/${image_name_looped}:${tag}
podman push ${registry}/pulp/${image_name_looped}:${tag}
done
done
done
unset tag
shell: bash
- name: Push app images to registries
if: github.event_name != 'pull_request'
run: |
if [ "${{ matrix.app.s6 }}" == "true" ]; then
images="${{ matrix.app.image_name }}"
else
images="${{ matrix.app.image_name }} ${{ matrix.app.web_image }}"
fi
for registry in ghcr.io docker.io quay.io; do
for image_name_looped in $images; do
if [ "${{ matrix.image_variant }}" == "stable" ]; then
# latest branch stable variant gets tagged as both "latest" and "stable"
if [ "${TEMP_APP_TAG}" == "latest" ]; then
tags="${APP_BRANCH} ${APP_VERSION} ${{ matrix.image_variant }} latest"
else
tags="${APP_BRANCH} ${APP_VERSION}"
fi
else
# The matrix should ensure that the nightly variant only ever pertains to the "latest" branch, but let's be extra safe
if [ "${GITHUB_REF_NAME%/*}" == "latest" ]; then
# "nightly" is a special case, no version / branch tags
tags="nightly"
fi
fi
for tag in $tags; do
podman tag pulp/${image_name_looped}:${TEMP_APP_TAG} ${registry}/pulp/${image_name_looped}:${tag}
podman push ${registry}/pulp/${image_name_looped}:${tag}
done
done
done
shell: bash
- name: Logs
if: always()
run: |
set +e
podman ps -a
podman images -a
podman logs pulp
cd images/compose
podman-compose logs
podman logs --tail=10000 compose_pulp_api_1
podman logs --tail=10000 compose_pulp_content_1
podman logs --tail=10000 compose_pulp_worker_1
podman logs --tail=10000 compose_pulp_worker_2
podman logs --tail=10000 compose_pulp_web_1
VOLUME_PATH=$(podman volume inspect pulpdev | jq -r .[].Mountpoint)
sudo ls -al $VOLUME_PATH
sudo tree $VOLUME_PATH
http --follow --timeout 30 --check-status --pretty format --print hb http://localhost:8080/pulp/api/v3/status/ || true