From 0f66a240ed79b4fccd93a3cf9a4b6d9e1efcb157 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 18 Mar 2022 20:46:52 -0400 Subject: [PATCH 1/2] Dockerfile.validate: minimize git install in builder Reduce overhead by pulling in fewer deps. --- Dockerfile.validate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.validate b/Dockerfile.validate index 1399ddb29..933b17031 100644 --- a/Dockerfile.validate +++ b/Dockerfile.validate @@ -1,5 +1,5 @@ FROM registry.fedoraproject.org/fedora:35 AS builder -RUN dnf install -y golang git +RUN dnf install -y golang git-core RUN mkdir /ignition-validate COPY . /ignition-validate WORKDIR /ignition-validate From 6e5de2dcc2fa15e898fe7929576c55c92b294695 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Mar 2022 02:39:55 -0400 Subject: [PATCH 2/2] workflows: build and push ignition-validate container from GH Actions Quay builds are amd64-only and haven't been especially reliable. Use GitHub Actions to build both amd64 and arm64 containers for the main branch and for tags, and push them to Quay. Continue building but not pushing containers on PR. Requires the QUAY_AUTH repo secret to be set to a Docker credential. Ideally we would cross-build the arm64 container by having the Dockerfile specify FROM --platform=$BUILDPLATFORM for the builder container and set GOARCH=$TARGETARCH. However, Buildah < 1.24.1 doesn't support --platform in FROM. Build in emulation for now, and skip arm64 in PRs to speed up CI. Fixes https://github.com/coreos/ignition/issues/1321. --- .github/workflows/container.yml | 15 +++++++++++++-- build_for_container | 1 - 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index a2d0f4728..ed90e3ed2 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -3,12 +3,17 @@ name: Container on: push: branches: [main] + tags: ["v*"] pull_request: branches: [main] permissions: contents: read +# avoid races when pushing containers built from main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + jobs: build-container: name: Build container image @@ -16,5 +21,11 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v2 - - name: Build container image - run: podman build -f Dockerfile.validate . + - name: Build and push container + uses: coreos/actions-lib/build-container@main + with: + credentials: ${{ secrets.QUAY_AUTH }} + file: Dockerfile.validate + push: quay.io/coreos/ignition-validate + # Speed up PR CI by skipping arm64 + pr-arches: amd64 diff --git a/build_for_container b/build_for_container index 02514c233..7ddfc55d4 100755 --- a/build_for_container +++ b/build_for_container @@ -27,6 +27,5 @@ export GO11MODULE=on export CGO_ENABLED=0 export GOFLAGS='-mod=vendor' export GOOS=linux -export GOARCH=amd64 go build -ldflags "${GLDFLAGS}" -o ${BIN_PATH}/ignition-validate ${REPO_PATH}/validate