Skip to content
.github/workflows/collector-builder.yml

Initial attempt at native s390x builds #1

Sign in to view logs

Initial attempt at native s390x builds

Initial attempt at native s390x builds #1

Workflow file for this run

.github/workflows/collector-builder.yml at b9a931c
name: Collector builder image build
on:
workflow_call:
inputs:
collector-tag:
type: string
required: true
description: |
The tag used to build the collector image
outputs:
collector-builder-tag:
description: The builder tag used by the build
value: ${{ jobs.build-builder-image.outputs.collector-builder-tag || '3.16.x-195-g8f32e71fad' }}
env:
COLLECTOR_TAG: ${{ inputs.collector-tag }}
DEFAULT_BUILDER_TAG: 3.16.x-195-g8f32e71fad
jobs:
builder-needs-rebuilding:
name: Determine if builder image needs to be built
runs-on: ubuntu-latest
outputs:
build-image: ${{ steps.changed.outputs.builder-changed }}
steps:
- uses: actions/checkout@v3
- uses: dorny/paths-filter@v2
id: changed
with:
filters: |
builder-changed:
- builder/install/**
- builder/third_party/**
- builder/Dockerfile
- .github/workflows/collector-builder.yml
create-s390x-build-vms:
if: needs.builder-needs-rebuilding.outputs.build-image == 'true' ||
(github.event_name == 'push' && (
github.ref_type == 'tag' || startsWith(github.ref_name, 'release-')
)) ||
contains(github.event.pull_request.labels.*.name, 'build-builder-image')
needs:
- builder-needs-rebuilding
uses: ./.github/workflows/vms/create-vms.yml

Check failure on line 48 in .github/workflows/collector-builder.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/collector-builder.yml

Invalid workflow file 

invalid value workflow reference: workflows must be defined at the top level of the .github/workflows/ directory
with:
vm_type: rhel-s390x
job-tag: builder
kind: build
build-builder-image:
name: Build the builder image
runs-on: ubuntu-latest
# Multiarch builds sometimes take for eeeeeeeeeever
timeout-minutes: 480
needs:
- builder-needs-rebuilding
- create-s390x-build-vms
if: |
needs.builder-needs-rebuilding.outputs.build-image == 'true' ||
(github.event_name == 'push' && (
github.ref_type == 'tag' || startsWith(github.ref_name, 'release-')
)) ||
contains(github.event.pull_request.labels.*.name, 'build-builder-image')
outputs:
collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag }}
strategy:
fail-fast: false
matrix:
arch: [amd64, ppc64le, s390x, arm64]
env:
PLATFORM: linux/${{ matrix.arch }}
BUILD_TYPE: ci
JOB_ID: ${{ needs.create-s390x-build-vms.outputs.job-id }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Define builder tag
id: builder-tag
run: |
COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}"
if [[ "${{ github.event_name }}" == 'pull_request' || \
"${{ github.ref_type }}" == 'tag' || \
"${{ github.ref_name }}" =~ ^release- ]]; then
COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}"
fi
echo "COLLECTOR_BUILDER_TAG=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_ENV"
echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT"
- name: Create secrets.yml
run: |
{
echo "---"
echo "stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}"
echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}"
echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}"
echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}"
} > ${{ github.workspace }}/ansible/secrets.yml
- uses: ./.github/actions/setup-vm-creds
with:
gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
s390x-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }}
ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }}
- name: Download inventory
if: matrix.arch == 's390x'
uses: actions/download-artifact@v3
with:
name: ${{ needs.create-s390x-build-vms.outputs.inventory }}
- name: Install ansible dependencies
run: |
ls -lah .
ls -lah ansible
ls -lah ansible/ci
ansible-galaxy install -r ansible/requirements.yml
- name: Build images
if: |
github.event_name == 'push' ||
matrix.arch == 'amd64' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
timeout-minutes: 480
run: |
ansible-playbook \
--connection local \
-i localhost, \
--limit localhost \
-e arch='${{ matrix.arch }}' \
-e collector_builder_tag='${{ env.COLLECTOR_BUILDER_TAG }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-builder.yml
- name: Build s390x images
if: |
github.event_name == 'push' ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x')
timeout-minutes: 480
run: |
ansible-playbook \
-i ansible/ci \
-e arch='${{ matrix.arch }}' \
-e collector_builder_tag='${{ env.COLLECTOR_BUILDER_TAG }}' \
-e collector_git_ref='${{ github.sha }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-builder.yml
- name: Destroy VMs
if: always()
run: |
make -C ansible destroy-vms
create-multiarch-manifest:
needs:
- build-builder-image
name: Create Multiarch manifest
runs-on: ubuntu-latest
if: |
github.event_name == 'push' ||
(needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
env:
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
ARCHS: amd64 ppc64le s390x arm64
steps:
- uses: actions/checkout@v3
- name: Login to quay.io/stackrox-io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
- name: Create and push multiarch manifest for builder to stackrox-io
uses: ./.github/actions/create-multiarch-manifest
with:
base-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
archs: ${{ env.ARCHS }}
- name: Login to quay.io/rhacs-eng
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
- name: Create and push multiarch manifest for builder to rhacs-eng
uses: ./.github/actions/create-multiarch-manifest
with:
base-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
archs: ${{ env.ARCHS }}
retag-x86-image:
needs:
- build-builder-image
name: Retag x86 builder image
runs-on: ubuntu-latest
if: |
github.event_name == 'pull_request' &&
needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
!contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
env:
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
steps:
- name: Pull image to retag
run: |
docker pull "quay.io/stackrox-io/collector-builder:${COLLECTOR_BUILDER_TAG}-amd64"
- name: Retag and push stackrox-io
uses: stackrox/actions/images/retag-and-push@v1
with:
src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64
dst-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
- name: Retag and push rhacs-eng
uses: stackrox/actions/images/retag-and-push@v1
with:
src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64
dst-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}