From 20068a202923b9c55aeb7eb17c49a0d4f889c547 Mon Sep 17 00:00:00 2001 From: "K. Shankari" Date: Thu, 14 Nov 2024 11:59:59 -0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7Initial=20workflow=20to=20checkout?= =?UTF-8?q?=20and=20build=20the=20CSMS=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 👷Initial workflow to checkout and build the CSMS This can definitely be polished, but it works now so can unblock https://github.com/EVerest/everest-demo/issues/78 Changes: - Add a new workflow - Configure it with a hardcoded set of images to build for maeve - Apply compile-time patches - Build and push, similar to the original `cicd` workflow ----- full list of changes ----- * Build on pull requests to upgrade branches as well * Handle the two directories correctly Need to explicitly `cd` into `everest-demo` And apply patches from there * Fix repo format * Fix checked out directory format * Again change directory properly before building * Now that build works, re-tag and push * Fix invalid workflow format * Really fix the format * read the env properly (from within the demo) * Login before pushing * Switch to the build-push-action so that push to packages works https://github.com/EVerest/everest-demo/issues/78#issuecomment-2477073447 * Actually push the values * Give more permissions to the token To be consistent with https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions * Change the permission to "admin" So that we can really really push?! * Temporarily switch to US-JOET so we can verify that it works * Split the maeve patches into compile time and runtime And apply only the compile time patch while building the image Signed-off-by: Shankari --- .github/workflows/build_and_push_csms.yml | 161 ++++++++++++++++++ maeve/apply-compile-patches.sh | 8 + ...ly-patches.sh => apply-runtime-patches.sh} | 3 - 3 files changed, 169 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/build_and_push_csms.yml create mode 100644 maeve/apply-compile-patches.sh rename maeve/{apply-patches.sh => apply-runtime-patches.sh} (79%) diff --git a/.github/workflows/build_and_push_csms.yml b/.github/workflows/build_and_push_csms.yml new file mode 100644 index 00000000..45a57ddc --- /dev/null +++ b/.github/workflows/build_and_push_csms.yml @@ -0,0 +1,161 @@ +name: build_and_push_csms + +on: + pull_request: + branches: + - main + - upgrade_** + push: + branches: + - main + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + docker-build-and-push-images: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + strategy: + matrix: + include: + - csms: maeve + csms_repo: louisg1337/maeve-csms + csms_branch: set_charging_profile + image_name: manager + context: ./maeve-csms/manager + host_namespace: ghcr.io/US-JOET/everest-demo + - csms: maeve + csms_repo: louisg1337/maeve-csms + csms_branch: set_charging_profile + image_name: gateway + context: ./maeve-csms/gateway + host_namespace: ghcr.io/US-JOET/everest-demo +# - csms_dir: citrineos +# csms_repo: https://github.com/citrineos/citrineos-core.git +# csms_branch: feature/everest-demo + + steps: + - name: Checkout this repo + uses: actions/checkout@v4 + with: + path: everest-demo + + - name: Ensure Docker image version is not referencing an existing release + id: docker-image-version-check + shell: bash + run: | + cd everest-demo + if ! [[ -s '.env' ]]; then + echo 'Error: No .env file found.' + exit 1 + fi + + if ! grep -qE '^TAG=' .env; then + echo 'Error: .env must contain a TAG variable.' + exit 1 + fi + + source .env + + # Fail if any previous Docker image version value matches the one in + # this PR (excluding the current image version). + for commit in $(git --no-pager log --first-parent --format=%H -- .env | tail -n +2); do + if git --no-pager grep -hF "${TAG}" $commit -- .env | grep -qx ${TAG}; then + echo 'Error: The version in .env matches an' + echo ' earlier version on main. Please update the value in' + echo ' .env to a new version.' + exit 1 + fi + done + + if git show-ref --tags --verify --quiet "refs/tags/v${TAG}"; then + echo "Error: The tag 'v${TAG}' is already a GitHub release." + echo ' Please update the version in .env' + exit 1 + else + echo "TAG=${TAG}" >> "${GITHUB_OUTPUT}" + fi + + - name: Checkout the CSMS repo + uses: actions/checkout@v4 + with: + repository: ${{ matrix.csms_repo }} + ref: ${{ matrix.csms_branch }} + path: ${{ matrix.csms }}-csms + + - name: Configure CSMS + id: configure-csms + shell: bash + run: | + pushd ${{ matrix.csms }}-csms + bash ../everest-demo/${{ matrix.csms }}/apply-compile-patches.sh + +# - name: Build using docker compose +# id: build-using-docker-compose +# shell: bash +# run: | +# source everest-demo/.env +# echo "Using docker-compose instead of the build-and-push action since we don't have to duplicate the set of services in that case" +# pushd ${{ matrix.csms }}-csms +# docker compose build +# +# - name: List, tag and push newly built images +# id: list-tag-and-push-newly-built-images +# shell: bash +# run: | +# source everest-demo/.env +# echo "Before retagging, image list is" +# docker image list +# # hardcoding the list of containers for now +# echo "Retagging {{ $matrix.csms }}-csms-gateway:latest to " +# docker tag ${{ matrix.csms }}-csms-gateway:latest ghcr.io/everest/everest-demo/${{ matrix.csms }}-csms-gateway:"${TAG}" +# docker tag ${{ matrix.csms }}-csms-manager:latest ghcr.io/everest/everest-demo/${{ matrix.csms }}-csms-manager:"${TAG}" +# echo "After retagging, image list is" +# docker image list +# + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set Docker image metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ matrix.host_namespace }}/${{ matrix.image_name }} + tags: | + type=semver,pattern={{version}},value=v${{ steps.docker-image-version-check.outputs.TAG }} + + - name: Log into GitHub container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + +# - name: Push the images as packages +# id: push-the-images-as-packages +# shell: bash +# run: | +# source everest-demo/.env +# docker push ghcr.io/everest/everest-demo/${{ matrix.csms }}-csms-gateway:"${TAG}" +# docker push ghcr.io/everest/everest-demo/${{ matrix.csms }}-csms-manager:"${TAG}" +# + + - name: Build and export to Docker + uses: docker/build-push-action@v6 + with: + load: true + context: ${{ matrix.context }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha,scope=${{ matrix.image_name }} + cache-to: type=gha,mode=max,scope=${{ matrix.image_name }} diff --git a/maeve/apply-compile-patches.sh b/maeve/apply-compile-patches.sh new file mode 100644 index 00000000..3fe85966 --- /dev/null +++ b/maeve/apply-compile-patches.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# This is a patch to the source code, so we need to apply it +# before we build. +# And there is no harm in turning off OCSP completely + +echo "Patching the CSMS to enable local mo root" +patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch diff --git a/maeve/apply-patches.sh b/maeve/apply-runtime-patches.sh similarity index 79% rename from maeve/apply-patches.sh rename to maeve/apply-runtime-patches.sh index aa984d87..f7e40e00 100644 --- a/maeve/apply-patches.sh +++ b/maeve/apply-runtime-patches.sh @@ -7,9 +7,6 @@ echo "Patching the CSMS to enable local mo root" patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch - echo "Patching the CSMS to enable local mo root" - patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch - else echo "Patching the CSMS to disable WSS" patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch