From f74f58960553fee13e5a23b0db91d509be2c1306 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 2 Feb 2023 14:40:05 +0100 Subject: [PATCH] ci: add containerized libvirt build workflow (#1130) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add libvirt container build workflow * Update release workflow * Update image libvirt base image --------- Signed-off-by: Daniel Weiße --- .github/workflows/build-libvirt-image.yml | 35 ++++++ .../workflows/build-micro-service-manual.yml | 106 ------------------ .github/workflows/release.yml | 32 ++++-- cli/internal/libvirt/Dockerfile | 3 +- 4 files changed, 60 insertions(+), 116 deletions(-) create mode 100644 .github/workflows/build-libvirt-image.yml delete mode 100644 .github/workflows/build-micro-service-manual.yml diff --git a/.github/workflows/build-libvirt-image.yml b/.github/workflows/build-libvirt-image.yml new file mode 100644 index 000000000..c9b366aa3 --- /dev/null +++ b/.github/workflows/build-libvirt-image.yml @@ -0,0 +1,35 @@ +name: Build and upload libvirt image + +on: + workflow_dispatch: + push: + branches: + - main + - "release/**" + paths: + - "cli/internal/libvirt/**" + - ".github/workflows/build-libvirt-image.yml" + +jobs: + build-qemu-metadata-api: + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + steps: + - name: Check out repository + id: checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Build and upload libvirt container image + id: build-and-upload + uses: ./.github/actions/build_micro_service + with: + name: "libvirt" + dockerfile: "cli/internal/libvirt/Dockerfile" + githubToken: ${{ secrets.GITHUB_TOKEN }} + cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} + cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} + cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-micro-service-manual.yml b/.github/workflows/build-micro-service-manual.yml deleted file mode 100644 index fe6466d4a..000000000 --- a/.github/workflows/build-micro-service-manual.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Build micro-service Manual - -on: - workflow_dispatch: - inputs: - microService: - description: "Name of the micro-service image to build" - type: choice - options: - - "join-service" - - "key-service" - - "verification-service" - - "qemu-metadata-api" - - "filebeat-debugd" - - "logstash-debugd" - required: true - default: "join-service" - imageTag: - description: "Container image tag" - required: true - default: "manual-build" - version: - description: "Version of the image to build" - required: true - default: "0.0.0" - ref: - type: string - description: "Git ref to checkout" - required: false - release: - type: boolean - description: "Is this a release build?" - required: false - default: false - workflow_call: - inputs: - microService: - description: "Name of the micro-service image to build" - type: string - required: true - imageTag: - type: string - description: "Container image tag" - required: true - version: - type: string - description: "Version of the image to build" - required: true - ref: - type: string - description: "Git ref to checkout" - required: false - release: - type: boolean - description: "Is this a release build?" - required: true - -jobs: - build-micro-service: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ inputs.ref || github.head_ref }} - - - name: Setup Go environment - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.19.5" - - # choose the correct Dockerfile depending on what micro-service is being build - - name: Set Dockerfile variable - id: set-variable - run: | - case "${{ inputs.microService }}" in - "join-service" ) - echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;; - "key-service" ) - echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;; - "verification-service" ) - echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;; - "qemu-metadata-api" ) - echo "microServiceDockerfile=hack/qemu-metadata-api/Dockerfile" >> "$GITHUB_ENV" ;; - "filebeat-debugd" ) - echo "microServiceDockerfile=debugd/internal/debugd/logcollector/filebeat/Dockerfile" >> "$GITHUB_ENV" ;; - "logstash-debugd" ) - echo "microServiceDockerfile=debugd/internal/debugd/logcollector/logstash/Dockerfile" >> "$GITHUB_ENV" ;; - esac - - - name: Build and upload container image - id: build-and-upload - uses: ./.github/actions/build_micro_service - with: - name: ${{ inputs.microService }} - projectVersion: ${{ inputs.version }} - dockerfile: ${{ env.microServiceDockerfile }} - pushTag: ${{ inputs.imageTag }} - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ inputs.release && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ inputs.release && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ inputs.release && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60f9954c6..e3ecd303f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -149,19 +149,33 @@ jobs: cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} micro-services-metadata: - name: Build micro services + name: Build docker images + runs-on: ubuntu-22.04 needs: [verify-inputs, prepare-release-branch] - uses: ./.github/workflows/build-micro-service-manual.yml permissions: contents: read packages: write - secrets: inherit - with: - microService: qemu-metadata-api - imageTag: ${{ inputs.version }} - version: ${{ needs.verify-inputs.outputs.WITHOUT_V }} - ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} - release: true + strategy: + matrix: + appName: + [qemu-metadata-api, libvirt] + include: + - appName: qemu-metadata-api + dockerfile: ./hack/qemu-metadata-api/Dockerfile + - appName: libvirt + dockerfile: ./cli/internal/libvirt/Dockerfile + steps: + - name: Build docker image + uses: ./.github/actions/build_micro_service + with: + name: ${{ matrix.appName }} + pushTag: ${{ inputs.version }} + projectVersion: ${{ needs.verify-inputs.outputs.WITHOUT_V }} + dockerfile: ${{ matrix.dockerfile }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} + cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} + cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} update-versions: name: Update container image versions diff --git a/cli/internal/libvirt/Dockerfile b/cli/internal/libvirt/Dockerfile index 44eda06ee..c09214797 100644 --- a/cli/internal/libvirt/Dockerfile +++ b/cli/internal/libvirt/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS deploy +FROM fedora:37@sha256:3487c98481d1bba7e769cf7bcecd6343c2d383fdd6bed34ec541b6b23ef07664 AS release RUN dnf -y update && \ dnf -y install dnf-plugins-core \ libvirt-daemon-config-network \ @@ -7,6 +7,7 @@ RUN dnf -y update && \ swtpm \ swtpm-tools \ libvirt-client && \ + dnf remove -y python-setuptools && \ dnf clean all # Prevent cgroup issues on Fedora and configure libvirt