forked from confidential-containers/trustee
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gha: Add image build check for s390x
Issue confidential-containers#568 highlights the need for an image build check for s390x, similar to what we have for x86_64. This commit addresses the need by: - Extracting the image build steps from the push-{kbs,as}-image-to-ghcr workflow into separate workflows - Configuring these workflows to run on PR events or after merging a PR Notable change: - On merge, the workflow now pushes `ghcr.io/confidential-containers/staged-images/rhel-ubi` Signed-off-by: Hyounggyu Choi <[email protected]>
- Loading branch information
Showing
6 changed files
with
172 additions
and
160 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
name: Build CoCo AS/RVPS Image | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
build_option: | ||
description: 'Build option for the image' | ||
type: string | ||
|
||
jobs: | ||
build_as_image: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
instance: | ||
- ubuntu-latest | ||
- s390x | ||
tag: | ||
- coco-as-grpc | ||
- coco-as-restful | ||
- rvps | ||
verifier: | ||
- all-verifier | ||
- se-verifier | ||
include: | ||
- docker_file: attestation-service/docker/as-grpc/Dockerfile | ||
tag: coco-as-grpc | ||
name: gRPC CoCo-AS | ||
verifier: all-verifier | ||
instance: ubuntu-latest | ||
- docker_file: attestation-service/docker/as-grpc/Dockerfile | ||
tag: coco-as-grpc | ||
name: gRPC CoCo-AS (IBM SE) | ||
verifier: se-verifier | ||
instance: s390x | ||
- docker_file: attestation-service/docker/as-restful/Dockerfile | ||
tag: coco-as-restful | ||
name: RESTful CoCo-AS | ||
verifier: all-verifier | ||
instance: ubuntu-latest | ||
- docker_file: attestation-service/docker/as-restful/Dockerfile | ||
tag: coco-as-restful | ||
name: RESTful CoCo-AS (IBM SE) | ||
verifier: se-verifier | ||
instance: s390x | ||
- docker_file: rvps/docker/Dockerfile | ||
tag: rvps | ||
name: RVPS | ||
verifier: all-verifier | ||
instance: ubuntu-latest | ||
- docker_file: rvps/docker/Dockerfile | ||
tag: rvps | ||
name: RVPS | ||
verifier: se-verifier | ||
instance: s390x | ||
exclude: | ||
- instance: ubuntu-latest | ||
verifier: se-verifier | ||
- instance: s390x | ||
verifier: all-verifier | ||
runs-on: ${{ matrix.instance }} | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to GHCR Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build ${{ matrix.name }} Container Image | ||
run: | | ||
commit_sha=${{ github.sha }} | ||
arch=$(uname -m) | ||
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" ${{ inputs.build_option }} --build-arg ARCH="${arch}" \ | ||
--build-arg VERIFIER="${{ matrix.verifier }}" \ | ||
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \ | ||
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
name: Build KBS Image | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
build_option: | ||
description: 'Build option for the image' | ||
type: string | ||
|
||
jobs: | ||
build_kbs_image: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
instance: | ||
- ubuntu-latest | ||
- s390x | ||
tag: | ||
- kbs | ||
- kbs-grpc-as | ||
- kbs-ita-as | ||
- rhel-ubi | ||
exclude: | ||
- instance: s390x | ||
tag: kbs-ita-as | ||
- instance: s390x | ||
tag: rhel-ubi | ||
include: | ||
- tag: kbs | ||
docker_file: kbs/docker/Dockerfile | ||
name: build-in AS | ||
- tag: kbs-grpc-as | ||
docker_file: kbs/docker/coco-as-grpc/Dockerfile | ||
name: gRPC AS | ||
- tag: kbs-ita-as | ||
docker_file: kbs/docker/intel-trust-authority/Dockerfile | ||
name: Intel Trust Authority AS | ||
- tag: rhel-ubi | ||
docker_file: kbs/docker/rhel-ubi/Dockerfile | ||
name: RHEL UBI AS | ||
|
||
runs-on: ${{ matrix.instance }} | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to GHCR Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build Container Image KBS (${{ matrix.name }}) | ||
run: | | ||
commit_sha=${{ github.sha }} | ||
arch=$(uname -m) | ||
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" ${{ inputs.build_option }} \ | ||
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \ | ||
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" \ | ||
--build-arg ARCH="${arch}" . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters