Build images (RedHat) #164
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build images (RedHat) | |
| on: | |
| release: | |
| types: | |
| - published | |
| push: | |
| branches: | |
| - '5.0' | |
| - '6.0' | |
| - '6.4' | |
| paths: | |
| - '!**/README.md' | |
| - 'Dockerfiles/*/rhel/*' | |
| - '.github/workflows/images_build_rhel.yml' | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| LATEST_BRANCH: ${{ github.event.repository.default_branch }} | |
| BASE_BUILD_NAME: "build-base" | |
| REGISTRY: "quay.io" | |
| REGISTRY_NAMESPACE: "redhat-isv-containers" | |
| PFLT_LOGLEVEL: "warn" | |
| PFLT_ARTIFACTS: "/tmp/artifacts" | |
| jobs: | |
| init_build: | |
| name: Initialize build | |
| runs-on: [self-hosted, linux, X64] | |
| outputs: | |
| components: ${{ steps.components.outputs.list }} | |
| is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} | |
| current_branch: ${{ steps.branch_info.outputs.current_branch }} | |
| sha_short: ${{ steps.branch_info.outputs.sha_short }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Get branch info | |
| id: branch_info | |
| run: | | |
| github_ref="${{ github.ref }}" | |
| result=false | |
| if [[ "$github_ref" == "refs/tags/"* ]]; then | |
| github_ref=${github_ref%.*} | |
| fi | |
| github_ref=${github_ref##*/} | |
| if [[ "$github_ref" == "${{ env.LATEST_BRANCH }}" ]]; then | |
| result=true | |
| fi | |
| echo "is_default_branch=$result" >> $GITHUB_OUTPUT | |
| echo "current_branch=$github_ref" >> $GITHUB_OUTPUT | |
| echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Prepare Zabbix component list | |
| id: components | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ steps.branch_info.outputs.current_branch }}".components | keys | [ .[] | tostring ] | @json') | |
| echo "list=$component_list" >> $GITHUB_OUTPUT | |
| build_base: | |
| timeout-minutes: 30 | |
| name: Build ${{ matrix.build }} base on RHEL | |
| needs: ["init_build"] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ["build-base"] | |
| runs-on: [self-hosted, linux, X64] | |
| outputs: | |
| image: ${{ steps.build_image.outputs.image-with-tag }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: zabbix-${{ matrix.build }} | |
| tags: | | |
| type=sha | |
| - name: Build Zabbix Build Base | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile | |
| extra-args: | | |
| --pull | |
| build_base_database: | |
| timeout-minutes: 180 | |
| needs: [ "build_base", "init_build"] | |
| name: Build ${{ matrix.build }} base on RHEL | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ["mysql", "sqlite3"] | |
| runs-on: [self-hosted, linux, X64] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: zabbix-build-${{ matrix.build }} | |
| tags: | | |
| type=sha | |
| - name: Build ${{ matrix.build }} image | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/build-${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile | |
| build-args: BUILD_BASE_IMAGE=${{ needs.build_base.outputs.image }} | |
| build_images: | |
| timeout-minutes: 90 | |
| needs: [ "build_base_database", "init_build"] | |
| name: Build ${{ matrix.build }} image | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ${{ fromJson(needs.init_build.outputs.components) }} | |
| runs-on: [self-hosted, linux, X64] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Detect Build Base Image | |
| id: build_base_image | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base') | |
| echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT | |
| - name: Genarate image name | |
| id: image_name | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') | |
| echo "::add-mask::$IMAGE_NAME" | |
| echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| - name: Generate credentials | |
| id: login_credentials | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') | |
| REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret') | |
| echo "::add-mask::$IMAGE_NAME" | |
| echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" | |
| echo "::add-mask::$REGISTRY_PASSWORD" | |
| echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT | |
| - name: Log in to Quay.io | |
| uses: redhat-actions/podman-login@v1.5 | |
| env: | |
| LOGIN: ${{ steps.login_credentials.outputs.username }} | |
| PASSWORD: ${{ steps.login_credentials.outputs.password }} | |
| with: | |
| username: redhat-isv-containers+${{ env.LOGIN }}-robot | |
| password: ${{ env.PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} | |
| - name: Remove smartmontools | |
| if: ${{ matrix.build == 'agent2' }} | |
| run: | | |
| sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=sha | |
| flavor: | | |
| latest=${{ ( github.event_name == 'release' ) }} | |
| - name: Build ${{ matrix.build }} and push | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: | | |
| org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
| org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
| containerfiles: | | |
| ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile | |
| build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }} | |
| - name: Push to RedHat certification procedure | |
| id: push_to_registry | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Preflight | |
| env: | |
| PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} | |
| PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} | |
| PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} | |
| PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} | |
| PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} | |
| run: | | |
| mkdir -p $PFLT_ARTIFACTS | |
| podman run \ | |
| -it \ | |
| --rm \ | |
| --security-opt=label=disable \ | |
| --env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \ | |
| --env PFLT_ARTIFACTS=/artifacts \ | |
| --env PFLT_LOGFILE=/artifacts/preflight.log \ | |
| --env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \ | |
| --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \ | |
| --env PFLT_DOCKERCONFIG=/temp-authfile.json \ | |
| -v $PFLT_ARTIFACTS:/artifacts \ | |
| -v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \ | |
| quay.io/opdev/preflight:1.5.1 check container ${{ steps.build_image.outputs.image-with-tag }} --submit | |
| - name: Push to RedHat certification procedure | |
| id: push_to_registry_all_tags | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Cleanup | |
| run: | | |
| echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done | |
| rm -rf ${{ env.PFLT_ARTIFACTS }} | |
| build_base_arm: | |
| timeout-minutes: 30 | |
| name: Build ${{ matrix.build }} base on RHEL (ARM64) | |
| needs: ["init_build"] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ["build-base"] | |
| runs-on: [self-hosted, linux, ARM64] | |
| outputs: | |
| image: ${{ steps.build_image.outputs.image-with-tag }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: zabbix-${{ matrix.build }} | |
| tags: | | |
| type=sha | |
| flavor: | | |
| latest=false | |
| suffix=-arm64 | |
| - name: Build Zabbix Build Base | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile | |
| extra-args: | | |
| --pull | |
| build_base_database_arm: | |
| timeout-minutes: 180 | |
| needs: [ "build_base_arm", "init_build"] | |
| name: Build ${{ matrix.build }} base on RHEL (ARM64) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ["mysql", "sqlite3"] | |
| runs-on: [self-hosted, linux, ARM64] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: zabbix-build-${{ matrix.build }} | |
| tags: | | |
| type=sha | |
| flavor: | | |
| latest=false | |
| suffix=-arm64 | |
| - name: Build ${{ matrix.build }} image | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/build-${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile | |
| build-args: BUILD_BASE_IMAGE=${{ needs.build_base_arm.outputs.image }} | |
| build_images_arm: | |
| timeout-minutes: 90 | |
| needs: [ "build_base_database_arm", "init_build"] | |
| name: Build ${{ matrix.build }} image (ARM64) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: ${{ fromJson(needs.init_build.outputs.components) }} | |
| runs-on: [self-hosted, linux, ARM64] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Detect Build Base Image | |
| id: build_base_image | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base') | |
| echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT | |
| - name: Genarate image name | |
| id: image_name | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') | |
| echo "::add-mask::$IMAGE_NAME" | |
| echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| - name: Generate credentials | |
| id: login_credentials | |
| env: | |
| REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} | |
| run: | | |
| IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') | |
| REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret') | |
| echo "::add-mask::$IMAGE_NAME" | |
| echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" | |
| echo "::add-mask::$REGISTRY_PASSWORD" | |
| echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT | |
| - name: Log in to Quay.io | |
| uses: redhat-actions/podman-login@v1.5 | |
| env: | |
| LOGIN: ${{ steps.login_credentials.outputs.username }} | |
| PASSWORD: ${{ steps.login_credentials.outputs.password }} | |
| with: | |
| username: redhat-isv-containers+${{ env.LOGIN }}-robot | |
| password: ${{ env.PASSWORD }} | |
| registry: ${{ env.REGISTRY }} | |
| auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} | |
| - name: Remove smartmontools | |
| if: ${{ matrix.build == 'agent2' }} | |
| run: | | |
| sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile | |
| - name: Generate tags | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=sha | |
| flavor: | | |
| latest=${{ ( github.event_name == 'release' ) }} | |
| suffix=-arm64,onlatest=true | |
| - name: Build ${{ matrix.build }} and push | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: ./Dockerfiles/${{ matrix.build }}/rhel | |
| layers: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: | | |
| org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
| org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
| containerfiles: | | |
| ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile | |
| build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }}-arm64 | |
| - name: Push to RedHat certification procedure | |
| id: push_to_registry | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Preflight | |
| env: | |
| PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} | |
| PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} | |
| PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} | |
| PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} | |
| PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} | |
| run: | | |
| mkdir -p $PFLT_ARTIFACTS | |
| podman run \ | |
| -it \ | |
| --rm \ | |
| --security-opt=label=disable \ | |
| --env PFLT_LOGLEVEL=$PFLT_LOGLEVEL \ | |
| --env PFLT_ARTIFACTS=/artifacts \ | |
| --env PFLT_LOGFILE=/artifacts/preflight.log \ | |
| --env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \ | |
| --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \ | |
| --env PFLT_DOCKERCONFIG=/temp-authfile.json \ | |
| -v $PFLT_ARTIFACTS:/artifacts \ | |
| -v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \ | |
| quay.io/opdev/preflight:1.5.1 check container ${{ steps.build_image.outputs.image-with-tag }} --submit | |
| - name: Push to RedHat certification procedure | |
| id: push_to_registry_all_tags | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Cleanup | |
| run: | | |
| echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done | |
| rm -rf ${{ env.PFLT_ARTIFACTS }} |