Add new gitpod-dev image (#1113) #290
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build from Main | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
# Build images using artifactory as image registry. | |
# To implement manual approvals, the workflow uses an Environment. | |
# | |
# From your GitHub repo clock Settings. In the left menu, click Environments. | |
# Click New environment, set the name production, and click Configure environment. | |
# Check the "Required reviewers" box and enter at least one user or team name. | |
sync: | |
runs-on: ubuntu-latest | |
environment: "production" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
env: | |
WORKLOAD_IDENTITY_POOL_ID: projects/665270063338/locations/global/workloadIdentityPools/workspace-images-github-actions/providers/workspace-images-gha-provider | |
GAR_IMAGE_REGISTRY: europe-docker.pkg.dev | |
DH_IMAGE_REGISTRY: registry.hub.docker.com | |
IAM_SERVICE_ACCOUNT: workspace-images-gha-sa@gitpod-artifacts.iam.gserviceaccount.com | |
DAZZLE_VERSION: 0.1.17 | |
BUILDKIT_VERSION: 0.11.6 | |
steps: | |
- name: π₯ Checkout workspace-images | |
uses: actions/checkout@v3 | |
with: | |
repository: gitpod-io/workspace-images | |
- name: π§ Setup tools | |
run: | | |
sudo apt-get install python3-pip shellcheck | |
curl -sSL https://github.com/mvdan/sh/releases/download/v3.5.0/shfmt_v3.5.0_linux_amd64 -o shfmt | |
sudo mv shfmt /usr/local/bin/shfmt && sudo chmod +x /usr/local/bin/shfmt | |
sudo pip3 install pre-commit | |
- name: π€ Run pre-commit | |
run: | | |
pre-commit run --all-files | |
- name: π Install dazzle | |
run: | | |
curl -sSL https://github.com/gitpod-io/dazzle/releases/download/v${{env.DAZZLE_VERSION}}/dazzle_${{env.DAZZLE_VERSION}}_Linux_x86_64.tar.gz | sudo tar -xvz -C /usr/local/bin | |
- name: π Install skopeo | |
run: | | |
. /etc/os-release | |
# Update ca-certificates to avoid issues with letsencrypt SSL certificates | |
sudo apt update && sudo apt --only-upgrade install ca-certificates -y | |
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add - | |
sudo apt update && sudo apt install -y skopeo | |
- name: ποΈ Setup buildkit | |
run: | | |
curl -sSL https://github.com/moby/buildkit/releases/download/v${{env.BUILDKIT_VERSION}}/buildkit-v${{env.BUILDKIT_VERSION}}.linux-amd64.tar.gz | sudo tar xvz -C /usr | |
sudo buildkitd --oci-worker=true --oci-worker-net=host --debug --group docker & | |
sudo su -c "while ! test -S /run/buildkit/buildkitd.sock; do sleep 0.1; done" | |
sudo chmod +777 /run/buildkit/buildkitd.sock | |
- name: βοΈ Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1.1.1 | |
with: | |
version: 393.0.0 | |
- name: π Authenticate to Google Cloud | |
id: "auth" | |
uses: google-github-actions/auth@v1.1.1 | |
with: | |
token_format: "access_token" | |
access_token_lifetime: "43200s" | |
workload_identity_provider: ${{env.WORKLOAD_IDENTITY_POOL_ID}} | |
service_account: ${{env.IAM_SERVICE_ACCOUNT}} | |
- name: βπ½ Login to GAR using skopeo | |
run: | | |
sudo skopeo login -u oauth2accesstoken --password=${{ steps.auth.outputs.access_token }} ${{env.GAR_IMAGE_REGISTRY}} | |
- name: βπ½ Login to GAR using docker cli | |
run: | | |
docker login -u oauth2accesstoken --password=${{ steps.auth.outputs.access_token }} ${{env.GAR_IMAGE_REGISTRY}} | |
- name: π¨ Dazzle build | |
run: | | |
dazzle build ${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-base-images --chunked-without-hash | |
dazzle build ${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-base-images | |
- name: ποΈ Dazzle combine | |
run: | | |
dazzle combine ${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-base-images --all | |
- name: π°οΈ Create timestamp tag | |
id: create-timestamp-tag | |
run: | | |
echo "TIMESTAMP_TAG=$(date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV | |
- name: π§ Setup copy tools | |
run: | | |
sudo pip3 install yq | |
- name: π Copy images with tag in the Artifact Registry | |
run: | | |
upload_image() { | |
local IMAGE_TAG=$1 | |
(sudo skopeo copy --format=oci --dest-oci-accept-uncompressed-layers --retry-times=2 \ | |
docker://${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-base-images:$IMAGE_TAG \ | |
docker://${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-$IMAGE_TAG:${{ env.TIMESTAMP_TAG }} &) | |
(sudo skopeo copy --format=oci --dest-oci-accept-uncompressed-layers --retry-times=2 \ | |
docker://${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-base-images:$IMAGE_TAG \ | |
docker://${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/workspace-$IMAGE_TAG:latest &) | |
wait | |
} | |
MAX_PARALLEL=10 | |
declare -a UPLOAD_PIDS=() | |
IMAGE_TAGS=$(cat .github/sync-containers.yml | yq '.sync.images."workspace-base-images"|join(" ")' -r) | |
for image_tag in "${IMAGE_TAGS[@]}"; do | |
upload_image "$image_tag" & | |
UPLOAD_PIDS+=($!) | |
if [ ${#UPLOAD_PIDS[@]} -eq $MAX_PARALLEL ]; then | |
# Wait for the first background process in the array | |
wait "${UPLOAD_PIDS[0]}" | |
# Remove the first element from the array | |
UPLOAD_PIDS=("${UPLOAD_PIDS[@]:1}") | |
fi | |
done | |
- name: βπ½ Login to Docker Hub using skopeo | |
env: | |
docker_user: ${{ secrets.DOCKERHUB_USER_NAME }} | |
docker_password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
run: | | |
sudo skopeo login -u ${{ env.docker_user }} --password=${{ env.docker_password }} ${{ env.DH_IMAGE_REGISTRY }} | |
- name: π³ Sync images with specific tags to Docker Hub | |
run: | | |
sudo skopeo sync \ | |
--src yaml \ | |
--dest docker \ | |
.github/promote-images.yml ${{ env.DH_IMAGE_REGISTRY }}/gitpod |