Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split slim builds in local gha runner and remote vm #1585

Merged
merged 4 commits into from
Mar 14, 2024
Merged

Split slim builds in local gha runner and remote vm #1585

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6bcdf06
Split slim builds in local gha runner and remote vm
Molter73 Mar 4, 2024
6614434
Use cat for multiline files
Molter73 Mar 4, 2024
ceabb7e
Minor simplification
Molter73 Mar 11, 2024
437d365
Simplify environment setup
Molter73 Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
159 changes: 98 additions & 61 deletions .github/workflows/collector-slim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,41 @@ env:
ANSIBLE_CONFIG: ${{ github.workspace }}/ansible/ansible.cfg

jobs:
setup-environment:
name: Setup environment
runs-on: ubuntu-latest
outputs:
collector-append-cid: ${{ steps.vars.outputs.collector-append-cid || false }}
trace-sinsp-events: ${{ steps.vars.outputs.trace-sinsp-events || false }}
address-sanitizer: ${{ steps.vars.outputs.address-sanitizer || false }}
steps:
- name: Checks PR, main and release branches
id: vars
run: |
if [[ "${{ github.event_name }}" == 'pull_request' ]]; then
echo "collector-append-cid=true" >> "$GITHUB_OUTPUT"
echo "trace-sinsp-events=1" >> "$GITHUB_OUTPUT"

if [[ "${{ contains(github.event.pull_request.labels.*.name, 'address-sanitizer') }}" == "true" ]]; then
echo "address-sanitizer=true" >> "$GITHUB_OUTPUT"
fi
fi

Molter73 marked this conversation as resolved.
Show resolved Hide resolved
build-collector-image:
name: Build the collector slim image
runs-on: ubuntu-latest
needs:
- setup-environment
strategy:
fail-fast: false
matrix:
arch: [amd64, ppc64le, s390x, arm64]
arch: [amd64, ppc64le, arm64]

env:
PLATFORM: linux/${{ matrix.arch }}
COLLECTOR_APPEND_CID: ${{ needs.setup-environment.outputs.collector-append-cid }}
TRACE_SINSP_EVENTS: ${{ needs.setup-environment.outputs.trace-sinsp-events }}
ADDRESS_SANITIZER: ${{ needs.setup-environment.outputs.address-sanitizer }}

steps:
- uses: actions/checkout@v4
Expand All @@ -48,6 +73,58 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Create ansible vars
run: |
cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
---
stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
collector_git_ref: ${{ github.ref }}
collector_git_sha: ${{ github.sha }}
collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}
rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}
collector_image: ${{ inputs.collector-image }}
collector_tag: ${{ inputs.collector-tag }}
EOF

- name: Build images
if: |
github.event_name == 'push' ||
matrix.arch == 'amd64' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
timeout-minutes: 480
run: |
ansible-playbook \
--connection local \
-i localhost, \
--limit localhost \
-e arch='${{ matrix.arch }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-collector.yml

build-collector-image-remote-vm:
name: Build the collector slim image on a remote VM
runs-on: ubuntu-latest
if: github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
needs:
- setup-environment
strategy:
fail-fast: false
matrix:
arch: [s390x]

env:
PLATFORM: linux/${{ matrix.arch }}
COLLECTOR_APPEND_CID: ${{ needs.setup-environment.outputs.collector-append-cid }}
TRACE_SINSP_EVENTS: ${{ needs.setup-environment.outputs.trace-sinsp-events }}
ADDRESS_SANITIZER: ${{ needs.setup-environment.outputs.address-sanitizer }}

steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
with:
python-version: "3.10"
Expand All @@ -69,71 +146,31 @@ jobs:
ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }}
redhat-username: ${{ secrets.REDHAT_USERNAME }}
redhat-password: ${{ secrets.REDHAT_PASSWORD }}
vm-type: all
vm-type: rhel-${{ matrix.arch }}
job-tag: builder

- name: Create Build VMs
if: |
matrix.arch == 's390x' &&
(github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
run: |
make -C "${{ github.workspace }}/ansible" create-build-vms

- name: Checks PR, main and release branches
run: |
if [[ "${{ github.event_name }}" == 'pull_request' ]]; then
echo "COLLECTOR_APPEND_CID=true" >> "$GITHUB_ENV"
echo "TRACE_SINSP_EVENTS=1" >> "$GITHUB_ENV"

if [[ "${{ contains(github.event.pull_request.labels.*.name, 'address-sanitizer') }}" == "true" ]]; then
echo "ADDRESS_SANITIZER=true" >> "$GITHUB_ENV"
fi
fi

- name: Create ansible vars
run: |
{
echo "---"
echo "stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}"
echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}"
echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}"
echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}"
echo "collector_git_ref: ${{ github.ref }}"
echo "collector_git_sha: ${{ github.sha }}"
echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}"
echo "disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}"
echo "rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}"
echo "collector_image: ${{ inputs.collector-image }}"
echo "collector_tag: ${{ inputs.collector-tag }}"
} > ${{ github.workspace }}/ansible/secrets.yml

- name: Authenticate with GCP
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}'

- name: Setup GCP
uses: 'google-github-actions/setup-gcloud@v2'

- name: Build images
if: |
(github.event_name == 'push' && matrix.arch != 's390x') ||
matrix.arch == 'amd64' ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x')
timeout-minutes: 480
run: |
ansible-playbook \
--connection local \
-i localhost, \
--limit localhost \
-e arch='${{ matrix.arch }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-collector.yml

- name: Build s390x image
if: |
(github.event_name == 'push' && matrix.arch == 's390x') ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x')
cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
Molter73 marked this conversation as resolved.
Show resolved Hide resolved
---
stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
collector_git_ref: ${{ github.ref }}
collector_git_sha: ${{ github.sha }}
collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}
rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}
collector_image: ${{ inputs.collector-image }}
collector_tag: ${{ inputs.collector-tag }}
EOF

- name: Build ${{ matrix.arch }} image
timeout-minutes: 480
run: |
ansible-playbook \
Expand All @@ -142,17 +179,17 @@ jobs:
-e build_hosts='job_id_${{ env.JOB_ID }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-collector.yml
env:
VM_TYPE: rhel-s390x

- name: Destroy Build VMs
if: always() && matrix.arch == 's390x'
if: always()
run: |
make -C ansible destroy-vms


create-multiarch-manifest:
needs:
- build-collector-image
- build-collector-image-remote-vm
name: Create Multiarch manifest
runs-on: ubuntu-latest
if: |
Expand Down
Loading