Skip to content

Commit

Permalink
Workflow to build ppc64le binary for ubi (#6005)
Browse files Browse the repository at this point in the history
  • Loading branch information
@oseoin
oseoin authored Jul 12, 2024
1 parent 5ec176c commit 233c8b2
Show file tree
Hide file tree
Showing 2 changed files with 170 additions and 0 deletions.
137 changes: 137 additions & 0 deletions .github/workflows/build-ubi-dependency.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
name: Build UBI ppc64le Dependency

on:
push:
branches:
- main
paths:
- build/dependencies/Dockerfile.ubi-ppc64le
workflow_dispatch:
inputs:
nginx_version:
type: string
description: "NGINX Version to build for"
required: false
force:
type: boolean
description: "Force rebuild"
required: false
default: false

env:
IMAGE_NAME: ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le

concurrency:
group: ${{ github.ref_name }}-ubi-ppc64le-build
cancel-in-progress: true

jobs:
checks:
name: Check versions
runs-on: ubuntu-22.04
permissions:
packages: read
contents: read
strategy:
fail-fast: false
outputs:
nginx_version: ${{ steps.var.outputs.nginx_version }}
njs_version: ${{ steps.var.outputs.njs_version }}
target_exists: ${{ steps.var.outputs.target_image_exists }}
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Output Variables
id: var
run: |
if [ -n "${{ inputs.nginx_version }}" ]; then
nginx_v=${{ inputs.nginx_version }}
else
nginx_v=$(grep -m1 'FROM nginx:' <build/dependencies/Dockerfile.ubi-ppc64le | cut -d '@' -f1 | awk -F'[: ]' '{print $3}')
fi
target_image=${{ env.IMAGE_NAME }}:nginx-${nginx_v}
if docker manifest inspect ${target_image}; then
target_image_exists=true
else
target_image_exists=false
fi
docker pull nginx:$nginx_v || exit 1
njs=$(docker run nginx:$nginx_v env | grep NJS_VERSION | cut -d= -f2)
echo "> Outputs -------------------------------"
echo "NJS_VERSION=$njs"
echo "nginx_version=${nginx_v}"
echo "njs_version=${njs}"
echo "target_image_exists=${target_image_exists}"
echo "nginx_version=${nginx_v}" >> $GITHUB_OUTPUT
echo "njs_version=${njs}" >> $GITHUB_OUTPUT
echo "target_image_exists=${target_image_exists}" >> $GITHUB_OUTPUT
build-binaries:
name: Build Binary Container Image
if: ${{ needs.checks.outputs.target_exists != 'true' || inputs.force }}
needs: checks
runs-on: ubuntu-22.04
permissions:
packages: write
contents: read
strategy:
fail-fast: false
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
with:
platforms: arm64,ppc64le,s390x

- name: Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0

- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
name=${{ env.IMAGE_NAME }},enable=true
tags: |
type=raw,value=nginx-${{ needs.checks.outputs.nginx_version }},enable=true
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index

- name: Build and push
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
file: ./build/dependencies/Dockerfile.ubi-ppc64le
context: "."
pull: true
push: true
# build multi-arch so that it can be mounted from any image
# even though only ppc64le will contain binaries
platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/s390x"
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
cache-from: type=gha,scope=nginx-ubi-ppc64le
cache-to: type=gha,scope=nginx-ubi-ppc64le,mode=max
target: final
sbom: false
provenance: mode=max
build-args: |
NGINX=${{ needs.checks.outputs.nginx_version }}
NJS=${{ needs.checks.outputs.njs_version }}
33 changes: 33 additions & 0 deletions build/dependencies/Dockerfile.ubi-ppc64le
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# syntax=docker/dockerfile:1.8
FROM nginx:1.27.0@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df AS nginx

FROM redhat/ubi9:9.4@sha256:081c96d1b1c7cd1855722d01f1ca53360510443737b1eb33284c6c4c330e537c AS rpm-build
ARG NGINX
ARG NJS
ENV NGINX_VERSION ${NGINX}
ENV NJS_VERSION ${NJS}


RUN mkdir -p /nginx/; \
# only build for ppc64le but make multiarch image for mounting
[ $(uname -p) != ppc64le ] && exit 0; \
rpm --import https://nginx.org/keys/nginx_signing.key \
&& printf "%s\n" "[nginx]" "name=nginx src repo" \
"baseurl=https://nginx.org/packages/mainline/centos/9/SRPMS" \
"gpgcheck=1" "enabled=1" "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \
&& dnf install rpm-build gcc make dnf-plugins-core which -y \
&& dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
&& nginxPackages=" \
nginx-${NGINX_VERSION} \
nginx-module-xslt-${NGINX_VERSION} \
nginx-module-image-filter-${NGINX_VERSION} \
nginx-module-njs-${NGINX_VERSION}+${NJS_VERSION} \
" \
&& dnf config-manager --set-enabled ubi-9-codeready-builder \
&& dnf download --source ${nginxPackages} \
&& dnf builddep -y --srpm nginx*.rpm \
&& rpmbuild --rebuild --nodebuginfo nginx*.rpm \
&& cp /root/rpmbuild/RPMS/$(arch)/* /nginx/

FROM scratch AS final
COPY --link --from=rpm-build /nginx /

0 comments on commit 233c8b2

Please sign in to comment.