Skip to content

Commit

Permalink
Run CentOS 7 Docker container with non root user (#1450)
Browse files Browse the repository at this point in the history 
* Update install_centos_dependencies_build.sh attempt to fix docker issue

* Update main.yml to run centos 7 container with privileged

* Update main.yml to user runner as user

* Update main.yml

* Update main.yml

* Update install_centos_dependencies_build.sh

* Update main.yml

* run centos 7 container as step with non root user

* added workspace

* verbosity

* corrected the path

* clean up

* clean up

---------

Co-authored-by: ravic-rs <[email protected]>
  • Loading branch information
@nadeemyaseen-rs @ravic-rs
nadeemyaseen-rs and ravic-rs authored Jan 16, 2024
1 parent 26e3f51 commit 78bd37e
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 51 deletions.
19 changes: 19 additions & 0 deletions .github/workflows/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM centos:7
COPY .github/workflows/install_centos_dependencies_build.sh .
RUN chmod +x install_centos_dependencies_build.sh
RUN ls -la && bash install_centos_dependencies_build.sh
RUN yum clean all
ENV CC=/opt/rh/devtoolset-11/root/usr/bin/gcc
ENV CXX=/opt/rh/devtoolset-11/root/usr/bin/g++
ENV QMAKE_CC='/opt/rh/devtoolset-11/root/usr/bin/gcc'
ENV QMAKE_CXX='/opt/rh/devtoolset-11/root/usr/bin/g++'
ENV PATH="/usr/local/Qt6.2.4/bin:/usr/lib/ccache:$PATH"
ENV PREFIX=/tmp/foedag-install
ENV ADDITIONAL_CMAKE_OPTIONS='-DMY_CXX_WARNING_FLAGS="-W -Wall -Wextra -Wno-unused-parameter -Wno-unused-variable -Werror -UNDEBUG"'
ENV RULE_MESSAGES=off
ENV LC_ALL=en_US.utf-8
ENV LANG=en_US.utf-8
ENV PRODUCTION_DEVICES=""
RUN useradd -m -d /home/runner -u 1001 -s /bin/bash -p $(openssl passwd -1 "$pass") runner
USER runner
ENTRYPOINT ["/bin/bash"]
46 changes: 46 additions & 0 deletions .github/workflows/build_centos_image.yml.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Create and publish a CentOS 7 Docker image
on:
push:
paths:
- .github/workflows/install_centos_dependencies_build.sh
- .github/workflows/Dockerfile
- .github/workflows/build_centos_image.yml
env:
REGISTRY: ghcr.io
IMAGE_NAME: os-fpga/foedag

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:

- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/[email protected]
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
uses: docker/[email protected]
with:
context: .
file: .github/workflows/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:centos7latest
labels: ${{ steps.meta.outputs.labels }}


12 changes: 8 additions & 4 deletions .github/workflows/install_centos_dependencies_build.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
# Install required dependencies for CentOS systems
yum update -y
yum group install -y "Development Tools"
yum remove -y git*
yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm
yum install -y git wget
yum install -y epel-release
curl -C - -O https://cmake.org/files/v3.24/cmake-3.24.4-linux-x86_64.tar.gz
tar xzf cmake-3.24.4-linux-x86_64.tar.gz
Expand All @@ -27,11 +30,12 @@ yum install -y gtk3-devel zip unzip
yum install -y libusbx-devel libusb-devel
yum install -y pkgconfig
yum install -y perl-IPC-Cmd
yum install -y alsa-lib
yum install -y alsa-lib mesa-dri-drivers openssl openssl-devel sudo
ln -s $PWD/cmake-3.24.4-linux-x86_64/bin/ctest /usr/bin/ctest
echo 'QMAKE_CC=/opt/rh/devtoolset-11/root/usr/bin/gcc' >> $GITHUB_ENV
echo 'QMAKE_CXX=/opt/rh/devtoolset-11/root/usr/bin/g++' >> $GITHUB_ENV
echo 'PATH=/usr/local/Qt-6.5.1/bin:/usr/lib/ccache:'"$PATH" >> $GITHUB_ENV

# downloads the Qt6 artifact from a specific URL
# saves it as 'buildqt6-centos7-gcc.tar.gz.'
wget https://github.com/RapidSilicon/post_build_artifacts/releases/download/v0.2/qt6.2.4_withopensslWebEngine.tar.gz -O buildqt6-centos7-gcc.tar.gz

if [ -f buildqt6-centos7-gcc.tar.gz ]
then
Expand Down
92 changes: 45 additions & 47 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,9 +144,7 @@ jobs:
centos7-gcc:
name: centos-${{ matrix.mode }}

runs-on: ubuntu-20.04
container:
image: centos:7
runs-on: ubuntu-latest
defaults:
run:
shell: bash
Expand All @@ -165,65 +163,65 @@ jobs:
uses: styfle/[email protected]
with:
access_token: ${{ github.token }}

- name: update Git
run: |
yum remove -y git*
yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm
yum install -y git wget

- name: Log in to the Container registry
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: pull the CentOS image
run: docker pull ghcr.io/os-fpga/foedag:centos7latest

- name: Checkout code
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0

# downloads the Qt6 artifact from a specific URL
# saves it as 'buildqt6-centos7-gcc.tar.gz.'

- name: Download Qt6 artifact
run: |
wget https://github.com/RapidSilicon/post_build_artifacts/releases/download/v0.2/qt6.2.4_withopensslWebEngine.tar.gz -O buildqt6-centos7-gcc.tar.gz
# runs a script to install the required dependencies
# Qt6 using the CentOS-specific installation script

- name: Install dependencies and build QT
run: |
bash .github/workflows/install_centos_dependencies_build.sh
- name: Use ccache
uses: hendrikmuhs/[email protected]
with:
key: linux-${{ matrix.mode }}

- name: Show shell configuration
run: |
env
source /opt/rh/devtoolset-11/enable
which gcc
which g++
- name: Configure shell
run: |
source /opt/rh/devtoolset-11/enable
echo 'CC=/opt/rh/devtoolset-11/root/usr/bin/gcc' >> $GITHUB_ENV
echo 'CXX=/opt/rh/devtoolset-11/root/usr/bin/g++' >> $GITHUB_ENV
echo 'PATH=/usr/local/Qt6.2.4/bin:/usr/lib/ccache:'"$PATH" >> $GITHUB_ENV
echo 'PREFIX=/tmp/foedag-install' >> $GITHUB_ENV
echo "$PREFIX" >> $GITHUB_PATH
echo "ADDITIONAL_CMAKE_OPTIONS='-DMY_CXX_WARNING_FLAGS="-W -Wall -Wextra -Wno-unused-parameter -Wno-unused-variable -Werror -UNDEBUG"'" >> $GITHUB_ENV
echo 'RULE_MESSAGES=off' >> $GITHUB_ENV
uses: addnab/docker-run-action@v3
with:
shell: bash
image: ghcr.io/os-fpga/foedag:centos7latest
run: |
env
source /opt/rh/devtoolset-11/enable
which gcc
which g++
- name: Test/batch
if: matrix.mode == 'test/batch'
run: |
export LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/dbuild/bin/gtkwave/lib:${GITHUB_WORKSPACE}/third_party/openssl:$LD_LIBRARY_PATH
make MONACO_EDITOR=1 debug test/unittest-d
make MONACO_EDITOR=1 release test/batch
uses: addnab/docker-run-action@v3
with:
shell: bash
image: ghcr.io/os-fpga/foedag:centos7latest
options: -v ${{ github.workspace }}:/home/runner
run: |
cd $HOME
export LD_LIBRARY_PATH=$HOME/dbuild/bin/gtkwave/lib:$HOME/third_party/openssl:$LD_LIBRARY_PATH
make debug test/unittest-d
make release test/batch
- name: Test/gui
if: matrix.mode == 'test/gui'
run: |
export LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/dbuild/bin/gtkwave/lib:${GITHUB_WORKSPACE}/third_party/openssl:$LD_LIBRARY_PATH
make MONACO_EDITOR=1 debug
make MONACO_EDITOR=1 test/gui
make MONACO_EDITOR=1 regression
uses: addnab/docker-run-action@v3
with:
shell: bash
image: ghcr.io/os-fpga/foedag:centos7latest
options: -v ${{ github.workspace }}:/home/runner
run: |
cd $HOME
export LD_LIBRARY_PATH=$HOME/dbuild/bin/gtkwave/lib:$HOME/third_party/openssl:$LD_LIBRARY_PATH
make debug
make test/gui
make regression
- name: show space after build & test
if: always ()
Expand Down

0 comments on commit 78bd37e

Please sign in to comment.