Build and test container images #910
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and test container images | |
on: | |
push: | |
pull_request: | |
repository_dispatch: | |
types: | |
- dispatch-build | |
workflow_dispatch: | |
jobs: | |
build-images: | |
runs-on: ubuntu-22.04 | |
# Continue to the push/tag step even if some build matrix combos fail | |
# Check that all arch artifacts are present in the push/tag step | |
continue-on-error: true | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ['el9', 'cuda_11_8_0'] | |
osg_series: ['23'] | |
repo: ['development', 'testing', 'release'] | |
platform: ['linux/amd64','linux/arm64'] | |
exclude: | |
# cuda builds take a super long time; only do one of them | |
- os: cuda_11_8_0 | |
repo: development | |
- os: cuda_11_8_0 | |
repo: testing | |
steps: | |
- uses: actions/checkout@v3 | |
- id: custom-image-name | |
env: | |
SERIES: ${{ matrix.osg_series }} | |
REPO: ${{ matrix.repo }} | |
OS: ${{ matrix.os }} | |
run: | | |
PREFIX="output_image=${GITHUB_REPOSITORY}:${SERIES}" | |
TIMESTAMP=$(date +%Y%m%d-%H%M) | |
echo "${PREFIX}-${OS}-${REPO}" >> ${GITHUB_OUTPUT} | |
echo "base_tag=${SERIES}-${OS}-${REPO}" >> ${GITHUB_OUTPUT} | |
echo "timestamp=$TIMESTAMP" >> ${GITHUB_OUTPUT} | |
- id: build-image | |
name: Local image build | |
uses: opensciencegrid/build-container-action@HEAD | |
with: | |
registry_url: hub.opensciencegrid.org | |
osg_series: ${{ matrix.osg_series }} | |
osg_repo: ${{ matrix.repo }} | |
base_os: ${{ matrix.os }} | |
platform: ${{ matrix.platform }} | |
output_image: ${{ steps.custom-image-name.outputs.output_image }} | |
timestamp: ${{ steps.custom-image-name.outputs.timestamp }} | |
- name: Prepare CVMFS | |
# TODO: For all tests, GHA currently only supports amd64 runners. We will need | |
# to re-enable tests on arm64 when ARM runners become available. | |
if: ${{ matrix.platform == 'linux/amd64' }} | |
run: | | |
sudo ./tests/setup_cvmfs.sh | |
- name: Docker + CVMFS bindmount | |
if: ${{ matrix.platform == 'linux/amd64' }} | |
id: test-docker-cvmfs | |
env: | |
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }} | |
run: | | |
sudo ./tests/test_inside_gha.sh docker \ | |
bindmount \ | |
"$CONTAINER_IMAGE" | |
- name: Docker + cvmfsexec | |
if: ${{ matrix.platform == 'linux/amd64' }} | |
id: test-docker-cvmfsexec | |
env: | |
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }} | |
run: | | |
sudo ./tests/test_inside_gha.sh docker \ | |
cvmfsexec \ | |
"$CONTAINER_IMAGE" | |
- name: Singularity + CVMFS bindmount | |
if: ${{ matrix.platform == 'linux/amd64' }} | |
id: test-singularity-cvmfs | |
env: | |
CONTAINER_IMAGE: ${{ steps.build-image.outputs.timestamp-image }} | |
run: | | |
if [[ $CONTAINER_IMAGE == *cuda* ]]; then | |
echo >&2 "Skipping test: \$APPTAINER_TMPDIR (${APPTAINER_TMPDIR:-/tmp}) too small for cuda-based images" | |
exit 0 | |
else | |
sudo ./tests/test_inside_gha.sh singularity \ | |
bindmount \ | |
"$CONTAINER_IMAGE" | |
fi | |
- id: upload-by-digest-harbor | |
if: >- | |
github.ref == 'refs/heads/master' && | |
github.event_name != 'pull_request' && | |
github.repository_owner == 'opensciencegrid' | |
name: Upload By Digest to Harbor | |
uses: ./.github/actions/push-digest-local | |
with: | |
registry: hub.opensciencegrid.org | |
username: ${{ secrets.OSG_HARBOR_ROBOT_USER }} | |
password: ${{ secrets.OSG_HARBOR_ROBOT_PASSWORD }} | |
osg_series: ${{ matrix.osg_series }} | |
osg_repo: ${{ matrix.repo }} | |
base_os: ${{ matrix.os }} | |
platform: ${{ matrix.platform }} | |
base_tag: ${{ steps.custom-image-name.outputs.base_tag }} | |
timestamp: ${{ steps.custom-image-name.outputs.timestamp }} | |
output_image: ${{ steps.custom-image-name.outputs.output_image }} | |
# TODO: these artifacts will only be tagged if the build succeeds for every arch, | |
# and will remain as cruft in harbor unlesss manually removed in the case that | |
# some arch fails. Handling this scenario is future work: | |
# https://opensciencegrid.atlassian.net/browse/SOFTWARE-6010 | |
- id: upload-by-digest-dockerhub | |
if: >- | |
github.ref == 'refs/heads/master' && | |
github.event_name != 'pull_request' && | |
github.repository_owner == 'opensciencegrid' | |
name: Upload By Digest to Docker Hub | |
uses: ./.github/actions/push-digest-local | |
with: | |
registry: docker.io | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
osg_series: ${{ matrix.osg_series }} | |
osg_repo: ${{ matrix.repo }} | |
base_os: ${{ matrix.os }} | |
platform: ${{ matrix.platform }} | |
base_tag: ${{ steps.custom-image-name.outputs.base_tag }} | |
timestamp: ${{ steps.custom-image-name.outputs.timestamp }} | |
output_image: ${{ steps.custom-image-name.outputs.output_image }} | |
merge-manifests: | |
runs-on: ubuntu-22.04 | |
if: >- | |
github.ref == 'refs/heads/master' && | |
github.event_name != 'pull_request' && | |
github.repository_owner == 'opensciencegrid' | |
needs: | |
- build-images | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ['el9', 'cuda_11_8_0'] | |
osg_series: ['23'] | |
repo: ['development', 'testing', 'release'] | |
registry: [ | |
{ | |
url: hub.opensciencegrid.org, | |
username: OSG_HARBOR_ROBOT_USER, | |
password: OSG_HARBOR_ROBOT_PASSWORD | |
}, | |
{ | |
url: docker.io, | |
username: DOCKER_USERNAME, | |
password: DOCKER_PASSWORD | |
} | |
] | |
exclude: | |
# cuda builds take a super long time; only do one of them | |
- os: cuda_11_8_0 | |
repo: development | |
- os: cuda_11_8_0 | |
repo: testing | |
steps: | |
- id: base-tag | |
env: | |
SERIES: ${{ matrix.osg_series }} | |
REPO: ${{ matrix.repo }} | |
OS: ${{ matrix.os }} | |
run: | | |
echo "base_tag=${SERIES}-${OS}-${REPO}" >> ${GITHUB_OUTPUT} | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/${{ matrix.registry.url }}/digests | |
pattern: digests-${{ matrix.registry.url }}-${{ steps.base-tag.outputs.base_tag }}-* | |
merge-multiple: true | |
- name: Download tags | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/${{ matrix.registry.url }}/tags | |
pattern: tags-${{ matrix.registry.url }}-${{ steps.base-tag.outputs.base_tag }}-* | |
merge-multiple: true | |
- name: Check Artifact Count | |
env: | |
EXPECTED: 2 # One per build arch | |
working-directory: /tmp/${{ matrix.registry.url }} | |
run: | | |
for dir in tags digests; do | |
artifact_count=$(ls $dir -1q | wc -l) | |
if [[ $artifact_count != $EXPECTED ]]; then | |
echo "Expected $EXPECTED artifacts in $dir; got $artifact_count" | |
exit 1 | |
fi | |
done | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Registry login | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ matrix.registry.url }} | |
username: ${{ secrets[matrix.registry.username] }} | |
password: ${{ secrets[matrix.registry.password] }} | |
- name: Merge Artifacts | |
working-directory: /tmp/${{ matrix.registry.url }} | |
env: | |
DEFAULT_OS: el9 | |
run: | | |
BASE_IMG=${{ matrix.registry.url }}/opensciencegrid/osgvo-docker-pilot | |
DIGESTS=$(for digest in $(ls digests/); do echo $BASE_IMG@sha256:$digest; done) | |
TAGS=$(cat tags/*-amd64) | |
for tag in ${TAGS//,/ }; do | |
docker buildx imagetools create --tag $tag $DIGESTS; | |
# Also tag the image for the default OS as the OS-less tag | |
# (i.e. 23-el9-release -> 23-release) | |
tag2=${tag/-${DEFAULT_OS}-/-} # bash syntax for search-and-replace | |
if [[ $tag2 != $tag ]]; then | |
docker buildx imagetools create --tag $tag2 $DIGESTS; | |
fi | |
done | |