Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Codify the creation of test containers #16

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

portersrc
Copy link
Member

@portersrc portersrc commented Oct 4, 2024

Not ready for review.

Meant as a starting point to address:
kata-containers/kata-containers#9360

Open topics for this draft:

  • The ssh-demo is here and here. This PR codifies/automates parts of that. We should probably update those places with at least a pointer to this new infra code, right?
  • We are checking in keys. How are those keys made? Some notes that I made while doing this are incorporated into the PR as a README. Is this the best place for that?

Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Triggering suggestion

@@ -0,0 +1,55 @@
name: Build Test Containers
run-name: Build Test Containers
on: [push]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add the option to manually trigger them? e.g. if we might want to re-gen them to check the e2e process is still working? Also we might only want to run this automatically if a related file changes if we end up using this repo for other thing?

Suggested change
on: [push]
on:
workflow_dispatch:
push:
branches:
- 'main'
paths:
- 'container-images'
- '.github/workflows/build-test-containers.yaml'

@portersrc portersrc force-pushed the codify-creation-of-test-containers branch 2 times, most recently from 7daf8e0 to e395f98 Compare October 23, 2024 12:38
@portersrc
Copy link
Member Author

Logging some conclusions from our CI meeting on Oct 16:

  1. Do we really (really) want to put this in operator, or is infra ok? --infra is fine, at least for now; kata may duplicate or otherwise use this code, too at some point
  2. CoCo packages is not well organized. Can we have a naming scheme for these new images? It would also help avoid collisions while we work through all existing test cases that use these images. --still up for discussion; but at least the new packages are intended to be something like "test-containers/" as a prefix.

@portersrc portersrc force-pushed the codify-creation-of-test-containers branch from e395f98 to c81c9e6 Compare October 23, 2024 13:57
@portersrc portersrc force-pushed the codify-creation-of-test-containers branch from c81c9e6 to 0db0a48 Compare October 23, 2024 14:24
@BbolroC
Copy link
Member

BbolroC commented Oct 31, 2024

Hi, here are the code changes for building and pushing an image for amd64 and s390x:

diff --git a/.github/workflows/build-test-containers.yaml b/.github/workflows/build-test-containers.yaml
index 16474c0..bfd5bdc 100644
--- a/.github/workflows/build-test-containers.yaml
+++ b/.github/workflows/build-test-containers.yaml
@@ -13,6 +13,12 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Check out guest-components
         uses: actions/checkout@v4
         with:
diff --git a/container-images/Makefile b/container-images/Makefile
index fb0b10b..2b1f089 100644
--- a/container-images/Makefile
+++ b/container-images/Makefile
@@ -19,6 +19,22 @@ busybox

 SHELL=/bin/bash

+PLATFORMS := linux/amd64 linux/s390x
+
+define build_and_push_image
+       @for platform in $(PLATFORMS); do \
+               image_name="$(1)"; \
+               if [ "$$platform" = "linux/s390x" ]; then \
+                       image_name="$(1)-s390x"; \
+               fi; \
+               echo "Building for $$platform with image name $$image_name..."; \
+               docker buildx build \
+                 -t $$image_name \
+                 -f $(2) \
+                 --platform $$platform --provenance=false --load $(3); \
+               docker push $$image_name; \
+       done
+endef

 # FIXME need to choose sane package URLs/names/tags
 COCO_PKG=bbolroc/test-container
@@ -39,19 +55,11 @@ all: \


 unsig:
-       docker build \
-         -t ghcr.io/$(COCO_PKG):unsig \
-         -f dockerfiles/alpine-with-sshd/Dockerfile \
-         .
-       docker push ghcr.io/$(COCO_PKG):unsig
+       $(call build_and_push_image,ghcr.io/$(COCO_PKG):unsig,dockerfiles/alpine-with-sshd/Dockerfile,.)


 cosign-sig:
 -       docker build \
-         -t ghcr.io/$(COCO_PKG):cosign-sig \
-         -f dockerfiles/alpine-with-sshd/Dockerfile \
-         .
-       docker push ghcr.io/$(COCO_PKG):cosign-sig
+       $(call build_and_push_image,ghcr.io/$(COCO_PKG):cosign-sig,dockerfiles/alpine-with-sshd/Dockerfile,.)
        # FIXME Replace expect script with something better
        ${CURDIR}/scripts/make-cosign-sig.exp $(COCO_PKG) cosign-sig

@@ -96,11 +104,7 @@ enc-cosign-sig: cosign-sig


 test-container-unencrypted:
-       docker build \
-         -t ghcr.io/$(COCO_PKG):unencrypted \
-         -f dockerfiles/alpine-with-sshd/Dockerfile \
-         .
-       docker push ghcr.io/$(COCO_PKG):unencrypted
+       $(call build_and_push_image,ghcr.io/$(COCO_PKG):unencrypted,dockerfiles/alpine-with-sshd/Dockerfile,.)


 # NOTE: see enc-unsig about coco-keyprovider
@@ -114,5 +118,4 @@ test-container-encrypted: test-container-unencrypted


 busybox:
-       docker build -t ghcr.io/$(COCO_PKG_IMGRS):busybox dockerfiles/busybox
-       docker push ghcr.io/$(COCO_PKG_IMGRS):busybox
+       $(call build_and_push_image,ghcr.io/$(COCO_PKG_IMGRS):busybox,dockerfiles/busybox/Dockerfile,dockerfiles/busybox)

The workflow has been verified at https://github.com/BbolroC/coco-infra/actions/runs/11611371527

Feel free to make changes as needed. Thanks!

@BbolroC
Copy link
Member

BbolroC commented Nov 3, 2024

Oh, I have realized that I missed building a s390x rust binary. I will update that part soon. Thanks!


My bad. It does not look to build a coco-keyprovider for s390x. Sorry for the confusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants