Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag component caches #9550

Merged
merged 4 commits into from
May 16, 2024
Merged

Tag component caches #9550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d93156d
gha: release: Push artifacts to registry on release
stevenhorsman Apr 17, 2024
040e6cd
gha: release: Set RELEASE env
stevenhorsman Apr 25, 2024
9999971
release: Move component's don't ship logic
stevenhorsman Apr 17, 2024
7f41329
ci: cache: Optional tag components with tags
stevenhorsman Apr 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions .github/workflows/build-kata-static-tarball-amd64.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,8 @@ jobs:
stage:
wainersm marked this conversation as resolved.
Show resolved Hide resolved
- ${{ inputs.stage }}
exclude:
- asset: agent
stage: release
- asset: cloud-hypervisor-glibc
stage: release
- asset: pause-image
stage: release
- asset: coco-guest-components
stage: release
steps:
- name: Login to Kata Containers quay.io
if: ${{ inputs.push-to-registry == 'yes' }}
Expand Down Expand Up @@ -102,8 +96,10 @@ jobs:
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
TARGET_BRANCH: ${{ inputs.target-branch }}
RELEASE: ${{ if inputs.stage == 'release' && 'yes' || 'no' }}

- name: store-artifact ${{ matrix.asset }}
if: ${{ matrix.stage != 'release' || (matrix.component != 'agent' && matrix.component != 'coco-guest-components' && matrix.component != 'pause-image') }}
uses: actions/upload-artifact@v4
with:
name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-kata-static-tarball-arm64.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,6 @@ jobs:
- rootfs-initrd
- shim-v2
- virtiofsd
stage:
- ${{ inputs.stage }}
steps:
- name: Adjust a permission for repo
run: |
Expand Down Expand Up @@ -79,8 +77,10 @@ jobs:
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
TARGET_BRANCH: ${{ inputs.target-branch }}
RELEASE: ${{ if inputs.stage == 'release' && 'yes' || 'no' }}

- name: store-artifact ${{ matrix.asset }}
if: ${{ inputs.stage != 'release' || matrix.component != 'agent' }}
uses: actions/upload-artifact@v4
with:
name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/build-kata-static-tarball-ppc64le.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,10 @@ jobs:
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
TARGET_BRANCH: ${{ inputs.target-branch }}
RELEASE: ${{ if inputs.stage == 'release' && 'yes' || 'no' }}

- name: store-artifact ${{ matrix.asset }}
if: ${{ input.stage != 'release' || matrix.component != 'agent' }}
uses: actions/upload-artifact@v4
with:
name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }}
Expand Down
9 changes: 2 additions & 7 deletions .github/workflows/build-kata-static-tarball-s390x.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,6 @@ jobs:
- rootfs-initrd-confidential
- shim-v2
- virtiofsd
stage:
- ${{ inputs.stage }}
exclude:
- asset: pause-image
stage: release
- asset: coco-guest-components
stage: release
steps:
- name: Take a pre-action for self-hosted runner
run: ${HOME}/script/pre_action.sh ubuntu-2204
Expand Down Expand Up @@ -84,8 +77,10 @@ jobs:
ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
TARGET_BRANCH: ${{ inputs.target-branch }}
RELEASE: ${{ if inputs.stage == 'release' && 'yes' || 'no' }}

- name: store-artifact ${{ matrix.asset }}
if: ${{ inputs.stage != 'release' || (matrix.component != 'agent' && matrix.component != 'coco-guest-components' && matrix.component != 'pause-image') }}
uses: actions/upload-artifact@v4
with:
name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }}
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release-amd64.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
build-kata-static-tarball-amd64:
uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
with:
push-to-registry: yes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @stevenhorsman !

In ./.github/workflows/build-kata-static-tarball-amd64.yaml with push-to-registry=yes it will log-in quay.io but push the image to ghcr.io. Unless I missed something, we should log-in the right registry :D (applies to the arm64, ppc64le and s390x workflows).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm... just realized that it"s passing ARTEFACT_REGISTRY_USERNAME and ARTEFACT_REGISTRY_PASSWORD variables. So likely internally, somewhere, it"s loging to ghcr.io

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah - I was puzzled by the ghcr.io login, but assumed it must been done auto-magically by github

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found it: https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh#L1092

stage: release

kata-deploy:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release-arm64.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
build-kata-static-tarball-arm64:
uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
with:
push-to-registry: yes
stage: release

kata-deploy:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release-ppc64le.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
build-kata-static-tarball-ppc64le:
uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml
with:
push-to-registry: yes
stage: release

kata-deploy:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/release-s390x.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
build-kata-static-tarball-s390x:
uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
with:
push-to-registry: yes
stage: release
secrets: inherit

Expand Down
40 changes: 37 additions & 3 deletions tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ ARTEFACT_REGISTRY_PASSWORD="${ARTEFACT_REGISTRY_PASSWORD:-}"
TARGET_BRANCH="${TARGET_BRANCH:-main}"
PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}"
KERNEL_HEADERS_PKG_TYPE="${KERNEL_HEADERS_PKG_TYPE:-deb}"
RELEASE="${RELEASE:-"no"}"

workdir="${WORKDIR:-$PWD}"

Expand Down Expand Up @@ -799,6 +800,7 @@ install_ovmf_sev() {

install_agent() {
latest_artefact="$(git log -1 --abbrev=9 --pretty=format:"%h" ${repo_root_dir}/src/agent)"
artefact_tag="$(git log -1 --abbrev=9 --pretty=format:"%h" ${repo_root_dir})"
latest_builder_image="$(get_agent_image_name)"

install_cached_tarball_component \
Expand All @@ -820,6 +822,7 @@ install_agent() {

install_coco_guest_components() {
latest_artefact="$(get_from_kata_deps "externals.coco-guest-components.version")-$(get_from_kata_deps "externals.coco-guest-components.toolchain")"
artefact_tag="$(get_from_kata_deps "externals.coco-guest-components.version")"
latest_builder_image="$(get_coco_guest_components_image_name)"

install_cached_tarball_component \
Expand All @@ -836,6 +839,7 @@ install_coco_guest_components() {

install_pause_image() {
latest_artefact="$(get_from_kata_deps "externals.pause.repo")-$(get_from_kata_deps "externals.pause.version")"
artefact_tag=${latest_artefact}
latest_builder_image="$(get_pause_image_name)"

install_cached_tarball_component \
Expand Down Expand Up @@ -1063,8 +1067,8 @@ handle_build() {

rootfs-nvidia-gpu-image) install_image_nvidia_gpu ;;

rootfs-nvidia-gpu-initrd) install_initrd_nvidia_gpu ;;
rootfs-nvidia-gpu-initrd) install_initrd_nvidia_gpu ;;

rootfs-nvidia-gpu-confidential-image) install_image_nvidia_gpu_confidential ;;

rootfs-nvidia-gpu-confidential-initrd) install_initrd_nvidia_gpu_confidential ;;
Expand Down Expand Up @@ -1092,7 +1096,7 @@ handle_build() {
kernel-nvidia-gpu*)
local kernel_headers_final_tarball_path="${workdir}/kata-static-${build_target}-headers.tar.xz"
if [ ! -f "${kernel_headers_final_tarball_path}" ]; then
local kernel_headers_dir
local kernel_headers_dir
kernel_headers_dir=$(get_kernel_headers_dir "${build_target}")

pushd "${kernel_headers_dir}"
Expand Down Expand Up @@ -1169,6 +1173,36 @@ handle_build() {
${build_target}-sha256sum
;;
esac

tags=(latest-${TARGET_BRANCH}-$(uname -m))
if [ -n "${artefact_tag}" ]; then
tags+=("${artefact_tag}")
fi
if [ "${RELEASE}" == "yes" ]; then
stevenhorsman marked this conversation as resolved.
Show resolved Hide resolved
tags+=("$(cat "${version_file}")")
fi

for tag in "${tags[@]}"; do
case ${build_target} in
kernel*-confidential)
sudo oras push \
${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \
"kata-static-${build_target}-modules.tar.xz" \
${build_target}-version \
${build_target}-builder-image-version \
${build_target}-sha256sum
;;
*)
sudo oras push \
${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:${tag} \
${final_tarball_name} \
${build_target}-version \
${build_target}-builder-image-version \
${build_target}-sha256sum
;;
esac
done
sudo oras logout "${ARTEFACT_REGISTRY}"
fi

Expand Down
Loading