Skip to content

Build and test container images #910

Build and test container images

Build and test container images #910

name: Build and test container images
on:
push:
pull_request:
repository_dispatch:
types:
- dispatch-build
workflow_dispatch:
jobs:
build-images:
runs-on: ubuntu-22.04
# Continue to the push/tag step even if some build matrix combos fail
# Check that all arch artifacts are present in the push/tag step
continue-on-error: true
strategy:
fail-fast: false
matrix:
os: ['el9', 'cuda_11_8_0']
osg_series: ['23']
repo: ['development', 'testing', 'release']
platform: ['linux/amd64','linux/arm64']
exclude:
# cuda builds take a super long time; only do one of them
- os: cuda_11_8_0
repo: development
- os: cuda_11_8_0
repo: testing
steps:
- uses: actions/checkout@v3
- id: custom-image-name
env:
SERIES: ${{ matrix.osg_series }}
REPO: ${{ matrix.repo }}
OS: ${{ matrix.os }}
run: |
PREFIX="output_image=${GITHUB_REPOSITORY}:${SERIES}"
TIMESTAMP=$(date +%Y%m%d-%H%M)
echo "${PREFIX}-${OS}-${REPO}" >> ${GITHUB_OUTPUT}
echo "base_tag=${SERIES}-${OS}-${REPO}" >> ${GITHUB_OUTPUT}
echo "timestamp=$TIMESTAMP" >> ${GITHUB_OUTPUT}
- id: build-image
name: Local image build
uses: opensciencegrid/build-container-action@HEAD
with:
registry_url: hub.opensciencegrid.org
osg_series: ${{ matrix.osg_series }}
osg_repo: ${{ matrix.repo }}
base_os: ${{ matrix.os }}
platform: ${{ matrix.platform }}
output_image: ${{ steps.custom-image-name.outputs.output_image }}
timestamp: ${{ steps.custom-image-name.outputs.timestamp }}
- name: Prepare CVMFS
# TODO: For all tests, GHA currently only supports amd64 runners. We will need
# to re-enable tests on arm64 when ARM runners become available.
if: ${{ matrix.platform == 'linux/amd64' }}
run: |
sudo ./tests/setup_cvmfs.sh
- name: Docker + CVMFS bindmount
if: ${{ matrix.platform == 'linux/amd64' }}
id: test-docker-cvmfs
env:
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }}
run: |
sudo ./tests/test_inside_gha.sh docker \
bindmount \
"$CONTAINER_IMAGE"
- name: Docker + cvmfsexec
if: ${{ matrix.platform == 'linux/amd64' }}
id: test-docker-cvmfsexec
env:
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }}
run: |
sudo ./tests/test_inside_gha.sh docker \
cvmfsexec \
"$CONTAINER_IMAGE"
- name: Singularity + CVMFS bindmount
if: ${{ matrix.platform == 'linux/amd64' }}
id: test-singularity-cvmfs
env:
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }}
run: |
if [[ $CONTAINER_IMAGE == *cuda* ]]; then
echo >&2 "Skipping test: \$APPTAINER_TMPDIR (${APPTAINER_TMPDIR:-/tmp}) too small for cuda-based images"
exit 0
else
sudo ./tests/test_inside_gha.sh singularity \
bindmount \
"$CONTAINER_IMAGE"
fi
- id: upload-by-digest-harbor
if: >-
github.ref == 'refs/heads/master' &&
github.event_name != 'pull_request' &&
github.repository_owner == 'opensciencegrid'
name: Upload By Digest to Harbor
uses: ./.github/actions/push-digest-local
with:
registry: hub.opensciencegrid.org
username: ${{ secrets.OSG_HARBOR_ROBOT_USER }}
password: ${{ secrets.OSG_HARBOR_ROBOT_PASSWORD }}
osg_series: ${{ matrix.osg_series }}
osg_repo: ${{ matrix.repo }}
base_os: ${{ matrix.os }}
platform: ${{ matrix.platform }}
base_tag: ${{ steps.custom-image-name.outputs.base_tag }}
timestamp: ${{ steps.custom-image-name.outputs.timestamp }}
output_image: ${{ steps.custom-image-name.outputs.output_image }}
# TODO: these artifacts will only be tagged if the build succeeds for every arch,
# and will remain as cruft in harbor unlesss manually removed in the case that
# some arch fails. Handling this scenario is future work:
# https://opensciencegrid.atlassian.net/browse/SOFTWARE-6010
- id: upload-by-digest-dockerhub
if: >-
github.ref == 'refs/heads/master' &&
github.event_name != 'pull_request' &&
github.repository_owner == 'opensciencegrid'
name: Upload By Digest to Docker Hub
uses: ./.github/actions/push-digest-local
with:
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
osg_series: ${{ matrix.osg_series }}
osg_repo: ${{ matrix.repo }}
base_os: ${{ matrix.os }}
platform: ${{ matrix.platform }}
base_tag: ${{ steps.custom-image-name.outputs.base_tag }}
timestamp: ${{ steps.custom-image-name.outputs.timestamp }}
output_image: ${{ steps.custom-image-name.outputs.output_image }}
merge-manifests:
runs-on: ubuntu-22.04
if: >-
github.ref == 'refs/heads/master' &&
github.event_name != 'pull_request' &&
github.repository_owner == 'opensciencegrid'
needs:
- build-images
strategy:
fail-fast: false
matrix:
os: ['el9', 'cuda_11_8_0']
osg_series: ['23']
repo: ['development', 'testing', 'release']
registry: [
{
url: hub.opensciencegrid.org,
username: OSG_HARBOR_ROBOT_USER,
password: OSG_HARBOR_ROBOT_PASSWORD
},
{
url: docker.io,
username: DOCKER_USERNAME,
password: DOCKER_PASSWORD
}
]
exclude:
# cuda builds take a super long time; only do one of them
- os: cuda_11_8_0
repo: development
- os: cuda_11_8_0
repo: testing
steps:
- id: base-tag
env:
SERIES: ${{ matrix.osg_series }}
REPO: ${{ matrix.repo }}
OS: ${{ matrix.os }}
run: |
echo "base_tag=${SERIES}-${OS}-${REPO}" >> ${GITHUB_OUTPUT}
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/${{ matrix.registry.url }}/digests
pattern: digests-${{ matrix.registry.url }}-${{ steps.base-tag.outputs.base_tag }}-*
merge-multiple: true
- name: Download tags
uses: actions/download-artifact@v4
with:
path: /tmp/${{ matrix.registry.url }}/tags
pattern: tags-${{ matrix.registry.url }}-${{ steps.base-tag.outputs.base_tag }}-*
merge-multiple: true
- name: Check Artifact Count
env:
EXPECTED: 2 # One per build arch
working-directory: /tmp/${{ matrix.registry.url }}
run: |
for dir in tags digests; do
artifact_count=$(ls $dir -1q | wc -l)
if [[ $artifact_count != $EXPECTED ]]; then
echo "Expected $EXPECTED artifacts in $dir; got $artifact_count"
exit 1
fi
done
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Registry login
uses: docker/login-action@v2
with:
registry: ${{ matrix.registry.url }}
username: ${{ secrets[matrix.registry.username] }}
password: ${{ secrets[matrix.registry.password] }}
- name: Merge Artifacts
working-directory: /tmp/${{ matrix.registry.url }}
env:
DEFAULT_OS: el9
run: |
BASE_IMG=${{ matrix.registry.url }}/opensciencegrid/osgvo-docker-pilot
DIGESTS=$(for digest in $(ls digests/); do echo $BASE_IMG@sha256:$digest; done)
TAGS=$(cat tags/*-amd64)
for tag in ${TAGS//,/ }; do
docker buildx imagetools create --tag $tag $DIGESTS;
# Also tag the image for the default OS as the OS-less tag
# (i.e. 23-el9-release -> 23-release)
tag2=${tag/-${DEFAULT_OS}-/-} # bash syntax for search-and-replace
if [[ $tag2 != $tag ]]; then
docker buildx imagetools create --tag $tag2 $DIGESTS;
fi
done