Skip to content

Commit

Permalink
chore(ci): retry occasionally spurious steps (#132)
Browse files Browse the repository at this point in the history 
These steps are known to potentially fail due to
environmental/infrastructure reasons.

Retries helps builds succeed despite that.

Relates: ublue-os/main#502
  • Loading branch information
@bsherman
bsherman authored Feb 23, 2024
1 parent bef7821 commit 50bedce
Showing 1 changed file with 45 additions and 18 deletions.
63 changes: 45 additions & 18 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ env:

jobs:
push-ghcr:
name: akmods image
name: akmods
runs-on: ubuntu-22.04
permissions:
contents: read
Expand Down Expand Up @@ -102,14 +102,27 @@ jobs:
# DEBUG: get character count of key
wc -c certs/private_key.priv
- name: Get current versions
- name: Get current version
id: labels
run: |
skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} > inspect.json
version=$(jq -r '.Labels["org.opencontainers.image.version"]' inspect.json)
linux=$(jq -r '.Labels["ostree.linux"]' inspect.json)
echo "VERSION=$version" >> $GITHUB_OUTPUT
echo "LINUX=$linux" >> $GITHUB_OUTPUT
uses: Wandalen/wretry.action@v1.4.4
with:
attempt_limit: 3
attempt_delay: 15000
command: |
set -eo pipefail
skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} > inspect.json
ver=$(jq -r '.Labels["org.opencontainers.image.version"]' inspect.json)
linux=$(jq -r '.Labels["ostree.linux"]' inspect.json)
if [ -z "$ver" ] || [ "null" = "$ver" ]; then
echo "inspected image version must not be empty or null"
exit 1
fi
if [ -z "$linux" ] || [ "null" = "$linux" ]; then
echo "inspected image linux version must not be empty or null"
exit 1
fi
echo "VERSION=$ver" >> $GITHUB_OUTPUT
echo "LINUX=$linux" >> $GITHUB_OUTPUT
# Build metadata
- name: Image Metadata
Expand All @@ -126,6 +139,16 @@ jobs:
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4
- name: Pull build image
uses: Wandalen/wretry.action@v1.4.4
with:
attempt_limit: 3
attempt_delay: 15000
command: |
# pull the base image used for FROM in containerfile so
# we can retry on that unfortunately common failure case
podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }}
# Build image using Buildah action
- name: Build Image
id: build_image
Expand Down Expand Up @@ -154,22 +177,26 @@ jobs:
with:
string: ${{ env.IMAGE_REGISTRY }}

# Push the image to GHCR (Image Registry)

- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
uses: Wandalen/wretry.action@v1.4.4
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
action: redhat-actions/push-to-registry@v2
attempt_limit: 3
attempt_delay: 15000
with: |
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
Expand All @@ -188,7 +215,7 @@ jobs:
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

Expand Down

0 comments on commit 50bedce

Please sign in to comment.