Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workflow to build ppc64le binary for ubi #6005

Merged
merged 5 commits into from
Jul 12, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 136 additions & 0 deletions .github/workflows/build-ubi-dependency.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
name: Build UBI ppc64le Dependency

on:
# TODO: remove push
push:
oseoin marked this conversation as resolved.
Show resolved Hide resolved
schedule:
- cron: "30 4 * * 1" # run Mon at 04:30 UTC
workflow_dispatch:
inputs:
nginx_version:
type: string
description: "NGINX Version to build for"
required: false
force:
type: boolean
description: "Force rebuild"
required: false
default: false

env:
IMAGE_NAME: ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le

concurrency:
group: ${{ github.ref_name }}-ubi-ppc64le-build
cancel-in-progress: true

jobs:
checks:
name: Check versions
runs-on: ubuntu-22.04
permissions:
packages: read
contents: read
strategy:
fail-fast: false
outputs:
nginx_version: ${{ steps.var.outputs.nginx_version }}
njs_version: ${{ steps.var.outputs.njs_version }}
target_exists: ${{ steps.var.outputs.target_image_exists }}
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Output Variables
id: var
run: |
if [ -n "${{ inputs.nginx_version }}" ]; then
nginx_v=${{ inputs.nginx_version }}
else
nginx_v=$(grep -m1 'FROM nginx:' <Dockerfile | cut -d '@' -f1 | awk -F'[: ]' '{print $3}')
fi
target_image=${{ env.IMAGE_NAME }}:nginx-${nginx_v}
if docker manifest inspect ${target_image}; then
target_image_exists=true
else
target_image_exists=false
fi
docker pull nginx:$nginx_v || exit 1
njs=$(docker run nginx:$nginx_v env | grep NJS_VERSION | cut -d= -f2)
echo "> Outputs -------------------------------"
echo "NJS_VERSION=$njs"
echo "nginx_version=${nginx_v}"
echo "njs_version=${njs}"
echo "target_image_exists=${target_image_exists}"
echo "nginx_version=${nginx_v}" >> $GITHUB_OUTPUT
echo "njs_version=${njs}" >> $GITHUB_OUTPUT
echo "target_image_exists=${target_image_exists}" >> $GITHUB_OUTPUT

build-binaries:
name: Build Binary Container Image
if: ${{ needs.checks.outputs.target_exists != 'true' || inputs.force }}
needs: checks
runs-on: ubuntu-22.04
permissions:
packages: write
contents: read
strategy:
fail-fast: false
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
with:
platforms: arm64,ppc64le,s390x

- name: Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0

- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
name=${{ env.IMAGE_NAME }},enable=true
tags: |
type=raw,value=nginx-${{ needs.checks.outputs.nginx_version }},enable=true
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index

- name: Build and push
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
file: ./build/dependencies/Dockerfile.ubi-ppc64le
context: "."
pull: true
push: true
# build multi-arch so that it can be mounted from any image
# even though only ppc64le will contain binaries
platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/s390x"
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
cache-from: type=gha,scope=nginx-ubi-ppc64le
cache-to: type=gha,scope=nginx-ubi-ppc64le,mode=max
target: final
sbom: false
provenance: mode=max
build-args: |
NGINX=${{ needs.checks.outputs.nginx_version }}
NJS=${{ needs.checks.outputs.njs_version }}
33 changes: 33 additions & 0 deletions build/dependencies/Dockerfile.ubi-ppc64le
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# syntax=docker/dockerfile:1.8
FROM nginx:1.27.0@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df AS nginx

FROM redhat/ubi9:9.4@sha256:12417683f9fe6cd6b8cb58b293f174621886e5d68cf41066127d28e42424ad40 AS rpm-build
ARG NGINX
ARG NJS
ENV NGINX_VERSION ${NGINX}
ENV NJS_VERSION ${NJS}


RUN mkdir -p /nginx/; \
# only build for ppc64le but make multiarch image for mounting
[ $(uname -p) != ppc64le ] && exit 0; \
rpm --import https://nginx.org/keys/nginx_signing.key \
&& printf "%s\n" "[nginx]" "name=nginx src repo" \
"baseurl=https://nginx.org/packages/mainline/centos/9/SRPMS" \
"gpgcheck=1" "enabled=1" "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \
&& dnf install rpm-build gcc make dnf-plugins-core which -y \
&& dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
&& nginxPackages=" \
nginx-${NGINX_VERSION} \
nginx-module-xslt-${NGINX_VERSION} \
nginx-module-image-filter-${NGINX_VERSION} \
nginx-module-njs-${NGINX_VERSION}+${NJS_VERSION} \
" \
&& dnf config-manager --set-enabled ubi-9-codeready-builder \
&& dnf download --source ${nginxPackages} \
&& dnf builddep -y --srpm nginx*.rpm \
&& rpmbuild --rebuild --nodebuginfo nginx*.rpm \
&& cp /root/rpmbuild/RPMS/$(arch)/* /nginx/

FROM scratch AS final
COPY --link --from=rpm-build /nginx /
Loading