diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml new file mode 100644 index 000000000000..0de2665dc974 --- /dev/null +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -0,0 +1,116 @@ +name: CI | Build kata-static tarball for ppc64le +on: + workflow_call: + inputs: + stage: + required: false + type: string + default: test + tarball-suffix: + required: false + type: string + push-to-registry: + required: false + type: string + default: no + commit-hash: + required: false + type: string + target-branch: + required: false + type: string + default: "" + +jobs: + build-asset: + runs-on: ppc64le + strategy: + matrix: + asset: + - kernel + - qemu + - rootfs-initrd + - shim-v2 + - virtiofsd + stage: + - ${{ inputs.stage }} + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - name: Login to Kata Containers quay.io + if: ${{ inputs.push-to-registry == 'yes' }} + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 # This is needed in order to keep the commit ids history + + # - name: Rebase atop of the latest target branch + # run: | + # ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + # env: + # TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Build ${{ matrix.asset }} + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + sudo cp -r "${build_dir}" "kata-build" + sudo chown -R $(id -u):$(id -g) "kata-build" + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} + ARTEFACT_REGISTRY: ghcr.io + ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} + ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v3 + with: + name: kata-artifacts-ppc64le${{ inputs.tarball-suffix }} + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: ubuntu-latest + needs: build-asset + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 + # - name: Rebase atop of the latest target branch + # run: | + # ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + # env: + # TARGET_BRANCH: ${{ inputs.target-branch }} + - name: get-artifacts + uses: actions/download-artifact@v3 + with: + name: kata-artifacts-ppc64le${{ inputs.tarball-suffix }} + path: kata-artifacts + - name: merge-artifacts + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml + - name: store-artifacts + uses: actions/upload-artifact@v3 + with: + name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} + path: kata-static.tar.xz + retention-days: 1 + if-no-files-found: error diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index bcc2aa7a0390..faa35a613dae 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -1,6 +1,6 @@ name: CI | Publish Kata Containers payload on: - push: + pull_request: branches: - main - stable-* @@ -34,6 +34,14 @@ jobs: push-to-registry: yes target-branch: ${{ github.ref_name }} secrets: inherit + + build-assets-ppc64le: + uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml + with: + commit-hash: ${{ github.sha }} + push-to-registry: yes + target-branch: ${{ github.ref_name }} + secrets: inherit publish-kata-deploy-payload-amd64: needs: build-assets-amd64 @@ -68,9 +76,20 @@ jobs: target-branch: ${{ github.ref_name }} secrets: inherit + publish-kata-deploy-payload-ppc64le: + needs: build-assets-ppc64le + uses: ./.github/workflows/publish-kata-deploy-payload-ppc64le.yaml + with: + commit-hash: ${{ github.sha }} + registry: quay.io + repo: kata-containers/kata-deploy-ci + tag: kata-containers-ppc64le + target-branch: ${{ github.ref_name }} + secrets: inherit + publish-manifest: runs-on: ubuntu-latest - needs: [publish-kata-deploy-payload-amd64, publish-kata-deploy-payload-arm64, publish-kata-deploy-payload-s390x] + needs: [publish-kata-deploy-payload-amd64, publish-kata-deploy-payload-arm64, publish-kata-deploy-payload-s390x, publish-kata-deploy-payload-ppc64le] steps: - name: Checkout repository uses: actions/checkout@v3 @@ -87,5 +106,6 @@ jobs: docker manifest create quay.io/kata-containers/kata-deploy-ci:kata-containers-latest \ --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-amd64 \ --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-arm64 \ - --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-s390x + --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-s390x \ + --amend quay.io/kata-containers/kata-deploy-ci:kata-containers-ppc64le docker manifest push quay.io/kata-containers/kata-deploy-ci:kata-containers-latest diff --git a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml new file mode 100644 index 000000000000..555f70145c69 --- /dev/null +++ b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml @@ -0,0 +1,70 @@ +name: CI | Publish kata-deploy payload for ppc64le +on: + workflow_call: + inputs: + tarball-suffix: + required: false + type: string + registry: + required: true + type: string + repo: + required: true + type: string + tag: + required: true + type: string + commit-hash: + required: false + type: string + target-branch: + required: false + type: string + default: "" + +jobs: + kata-payload: + runs-on: ppc64le + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE + + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 + + # - name: Rebase atop of the latest target branch + # run: | + # ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + # env: + # TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} + + - name: Login to Kata Containers quay.io + if: ${{ inputs.registry == 'quay.io' }} + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - name: Login to Kata Containers ghcr.io + if: ${{ inputs.registry == 'ghcr.io' }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: build-and-push-kata-payload + id: build-and-push-kata-payload + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz \ + ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml new file mode 100644 index 000000000000..c0476178230d --- /dev/null +++ b/.github/workflows/release-ppc64le.yaml @@ -0,0 +1,53 @@ +name: Publish Kata release artifacts for ppc64le +on: + workflow_call: + inputs: + target-arch: + required: true + type: string + +jobs: + build-kata-static-tarball-ppc64le: + uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml + with: + stage: release + + kata-deploy: + needs: build-kata-static-tarball-ppc64le + runs-on: ppc64le + steps: + - name: Login to Kata Containers docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to Kata Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v3 + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball-ppc64le + + - name: build-and-push-kata-deploy-ci-ppc64le + id: build-and-push-kata-deploy-ci-ppc64le + run: | + # We need to do such trick here as the format of the $GITHUB_REF + # is "refs/tags/" + tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tags=($tag) + tags+=($([[ "$tag" =~ "alpha"|"rc" ]] && echo "latest" || echo "stable")) + for tag in ${tags[@]}; do + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ + "${tag}-${{ inputs.target-arch }}" true ${{ inputs.target-arch }} + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ + $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ + "${tag}-${{ inputs.target-arch }}" + done diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d732a6723119..2b0a3ce3469b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,10 +26,16 @@ jobs: with: target-arch: s390x secrets: inherit + + build-and-push-assets-ppc64le: + uses: ./.github/workflows/release-ppc64le.yaml + with: + target-arch: ppc64le + secrets: inherit publish-multi-arch-images: runs-on: ubuntu-latest - needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x] + needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le] steps: - name: Checkout repository uses: actions/checkout@v3 @@ -58,12 +64,14 @@ jobs: docker manifest create quay.io/kata-containers/kata-deploy:${tag} \ --amend quay.io/kata-containers/kata-deploy:${tag}-amd64 \ --amend quay.io/kata-containers/kata-deploy:${tag}-arm64 \ - --amend quay.io/kata-containers/kata-deploy:${tag}-s390x + --amend quay.io/kata-containers/kata-deploy:${tag}-s390x \ + --amend quay.io/kata-containers/kata-deploy:${tag}-ppc64le docker manifest create docker.io/katadocker/kata-deploy:${tag} \ --amend docker.io/katadocker/kata-deploy:${tag}-amd64 \ --amend docker.io/katadocker/kata-deploy:${tag}-arm64 \ - --amend docker.io/katadocker/kata-deploy:${tag}-s390x + --amend docker.io/katadocker/kata-deploy:${tag}-s390x \ + --amend docker.io/katadocker/kata-deploy:${tag}-ppc64le docker manifest push quay.io/kata-containers/kata-deploy:${tag} docker manifest push docker.io/katadocker/kata-deploy:${tag} @@ -120,6 +128,20 @@ jobs: echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd + + - name: download-artifacts-s390x + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball-s390x + - name: push ppc64le static tarball to github + run: | + tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tarball="kata-static-$tag-ppc64le.tar.xz" + mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" + pushd $GITHUB_WORKSPACE + echo "uploading asset '${tarball}' for tag: ${tag}" + GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" + popd upload-versions-yaml: runs-on: ubuntu-latest diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile index a29514968b2e..6b99f6cf107b 100644 --- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile +++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile @@ -11,6 +11,19 @@ COPY install_oras.sh /usr/bin/install_oras.sh SHELL ["/bin/bash", "-o", "pipefail", "-c"] +#FIXME: gcc is required as agent is build out of a container build. +RUN apt-get update && \ + apt-get install --no-install-recommends -y \ + build-essential \ + cpio \ + gcc \ + git \ + make \ + unzip \ + wget \ + xz-utils && \ + apt-get clean && rm -rf /var/lib/apt/lists + # Install yq, oras, and docker RUN apt-get update && \ apt-get install -y --no-install-recommends \ @@ -37,18 +50,6 @@ RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then groupadd - RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then usermod -a -G docker_on_host ${IMG_USER};fi RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers" -#FIXME: gcc is required as agent is build out of a container build. -RUN apt-get update && \ - apt-get install --no-install-recommends -y \ - build-essential \ - cpio \ - gcc \ - git \ - make \ - unzip \ - wget \ - xz-utils && \ - apt-get clean && rm -rf /var/lib/apt/lists ENV USER ${IMG_USER} USER ${IMG_USER} diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/install_oras.sh b/tools/packaging/kata-deploy/local-build/dockerbuild/install_oras.sh index 973a10205075..cf7eb4c45205 100755 --- a/tools/packaging/kata-deploy/local-build/dockerbuild/install_oras.sh +++ b/tools/packaging/kata-deploy/local-build/dockerbuild/install_oras.sh @@ -29,7 +29,17 @@ fi arch=$(uname -m) if [ "${arch}" = "ppc64le" ]; then - echo "An ORAS release for ppc64le is not available yet." + echo "Using oras from native builds" + #install go first + wget https://go.dev/dl/go1.21.1.linux-ppc64le.tar.gz + rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.1.linux-ppc64le.tar.gz + export PATH=$PATH:/usr/local/go/bin + go version + + git clone https://github.com/oras-project/oras.git + cd oras && make build-linux-ppc64le + cp bin/linux/ppc64le/oras ${install_dest} + make exit 0 fi if [ "${arch}" = "x86_64" ]; then diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh index 47cf2dd1ddb7..be6603b56365 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh @@ -120,7 +120,7 @@ docker run \ --env ARCH="${ARCH}" \ --rm \ -w ${script_dir} \ - build-kata-deploy "${kata_deploy_create}" $@ + build-kata-deploy bash -x "${kata_deploy_create}" $@ if [ $remove_dot_docker_dir == true ]; then rm -rf "$HOME/.docker" diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 15a674f39f41..0e23e1df7acb 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -735,7 +735,7 @@ handle_build() { echo "${ARTEFACT_REGISTRY_PASSWORD}" | sudo oras login "${ARTEFACT_REGISTRY}" -u "${ARTEFACT_REGISTRY_USERNAME}" --password-stdin - sudo oras push ${ARTEFACT_REGISTRY}/kata-containers/cached-artefacts/${build_target}:latest-${TARGET_BRANCH}-$(uname -m) ${final_tarball_name} ${build_target}-version ${build_target}-builder-image-version ${build_target}-sha256sum + sudo oras push ${ARTEFACT_REGISTRY}/amulyam24/cached-artefacts/${build_target}:latest-main-$(uname -m) ${final_tarball_name} ${build_target}-version ${build_target}-builder-image-version ${build_target}-sha256sum sudo oras logout "${ARTEFACT_REGISTRY}" fi diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh index af746e79c5ba..3d091136cf01 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh @@ -13,7 +13,7 @@ set -o errtrace KATA_DEPLOY_DIR="`dirname ${0}`/../../kata-deploy" KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.xz"}" -REGISTRY="${2:-"quay.io/kata-containers/kata-deploy"}" +REGISTRY="quay.io/ameka/kata-deploy" TAG="${3:-}" echo "Copying ${KATA_DEPLOY_ARTIFACT} to ${KATA_DEPLOY_DIR}" diff --git a/tools/packaging/scripts/lib.sh b/tools/packaging/scripts/lib.sh index e7a6fc987d21..bd96de337870 100644 --- a/tools/packaging/scripts/lib.sh +++ b/tools/packaging/scripts/lib.sh @@ -8,7 +8,7 @@ export GOPATH=${GOPATH:-${HOME}/go} export tests_repo="${tests_repo:-github.com/kata-containers/tests}" export tests_repo_dir="$GOPATH/src/$tests_repo" -export BUILDER_REGISTRY="${BUILDER_REGISTRY:-quay.io/kata-containers/builders}" +export BUILDER_REGISTRY="${BUILDER_REGISTRY:-quay.io/ameka/builders}" export PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}" this_script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" diff --git a/tools/packaging/static-build/qemu/Dockerfile b/tools/packaging/static-build/qemu/Dockerfile index f5e812c915af..5ed2d1ad9bbe 100644 --- a/tools/packaging/static-build/qemu/Dockerfile +++ b/tools/packaging/static-build/qemu/Dockerfile @@ -63,6 +63,7 @@ RUN apt-get update && apt-get upgrade -y && \ rsync \ zlib1g-dev${DPKG_ARCH} && \ if [ "${ARCH}" != s390x ]; then apt-get install -y --no-install-recommends libpmem-dev${DPKG_ARCH}; fi && \ + if [ "${ARCH}" == ppc64le ]; then apt-get install -y --no-install-recommends librados-dev librbd-dev; fi && \ GCC_ARCH="${ARCH}" && if [ "${ARCH}" = "ppc64le" ]; then GCC_ARCH="powerpc64le"; fi && \ if [ "${ARCH}" != "$(uname -m)" ]; then apt-get install --no-install-recommends -y gcc-"${GCC_ARCH}"-linux-gnu; fi && \ apt-get clean && rm -rf /var/lib/apt/lists/ diff --git a/tools/packaging/static-build/qemu/build-qemu.sh b/tools/packaging/static-build/qemu/build-qemu.sh index cab5f251b1f7..50a4b4c2f3c0 100755 --- a/tools/packaging/static-build/qemu/build-qemu.sh +++ b/tools/packaging/static-build/qemu/build-qemu.sh @@ -24,6 +24,8 @@ scripts/git-submodule.sh update meson capstone ${kata_packaging_scripts}/patch_qemu.sh "${QEMU_VERSION_NUM}" "${kata_packaging_dir}/qemu/patches" if [ "$(uname -m)" != "${ARCH}" ] && [ "${ARCH}" == "s390x" ]; then PREFIX="${PREFIX}" ${kata_packaging_scripts}/configure-hypervisor.sh -s "${HYPERVISOR_NAME}" "${ARCH}" | xargs ./configure --with-pkgversion="${PKGVERSION}" --cc=s390x-linux-gnu-gcc --cross-prefix=s390x-linux-gnu- --prefix="${PREFIX}" --target-list=s390x-softmmu +elif [ "${ARCH}" == "ppc64le" ]; then + PREFIX="${PREFIX}" ${kata_packaging_scripts}/configure-hypervisor.sh "${HYPERVISOR_NAME}" "${ARCH}" | xargs ./configure --with-pkgversion="${PKGVERSION}" else PREFIX="${PREFIX}" ${kata_packaging_scripts}/configure-hypervisor.sh -s "${HYPERVISOR_NAME}" "${ARCH}" | xargs ./configure --with-pkgversion="${PKGVERSION}" fi diff --git a/tools/packaging/static-build/shim-v2/build.sh b/tools/packaging/static-build/shim-v2/build.sh index aeb48f2da8c9..4fe5b1d5ec5f 100755 --- a/tools/packaging/static-build/shim-v2/build.sh +++ b/tools/packaging/static-build/shim-v2/build.sh @@ -73,8 +73,10 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ for vmm in ${VMM_CONFIGS}; do config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml" - if [ -f ${config_file} ]; then + if [ -f ${config_file} ] && [ ${ARCH} != "ppc64le" ]; then sudo sed -i -e '/^initrd =/d' ${config_file} + else + sudo sed -i -e '/^image =/d' ${config_file} fi done