ipng/gitea-debian-runner
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use buildah instead of buildx (#103)

Browse Source 
- fix the build script to no longer continue on error
- no longer needs a local registry
- runs rootless
- no need to generate a dockerfile for added the /etc/environment file as metadata
This commit is contained in:
ChristopherHX
2023-08-15 00:07:44 +02:00
committed by GitHub
parent 3feffe9098
commit a6297292be
2 changed files with 112 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build-ubuntu.yml
+57 -87
View File
@@ -23,6 +23,9 @@ env:
NODE: '16 18' NODE: '16 18'
BUILD_REF: ${{ github.sha }} BUILD_REF: ${{ github.sha }}
SKIP_TEST: false SKIP_TEST: false
PUSH_GHCR: ${{ github.repository == (github.event.pull_request.head.repo.full_name || github.repository) && '1' || '' }}
PUSH_QUAY: ${{ secrets.QUAY_USER && secrets.QUAY_TOKEN && '1' || '' }}
PUSH_DOCKER_HUB: ${{ secrets.DOCKER_USER && secrets.DOCKER_TOKEN && '1' || '' }}
defaults: defaults:
run: run:
@@ -39,37 +42,30 @@ jobs:
max-parallel: 4 max-parallel: 4
matrix: matrix:
PLATFORMS: PLATFORMS:
- linux/amd64,linux/arm64,linux/armhf - linux/amd64,linux/arm64,linux/arm/v7
TAG: TAG:
- latest - latest
- 22.04 - 22.04
- 20.04 - 20.04
steps: steps:
- name: Login to GitHub Container Registry - name: Force SLUG to lowercase
if: ${{ github.repository_owner == github.actor }} uses: actions/github-script@v6
id: ghcr
uses: docker/login-action@v2
with: with:
registry: ghcr.io github-token: n/a
username: ${{ github.repository_owner }} script: |
password: ${{ secrets.GITHUB_TOKEN }} core.exportVariable('SLUG', process.env.SLUG.toLowerCase());
- name: Login to GitHub Container Registry
if: env.PUSH_GHCR
run: exec buildah login -u ${{ github.actor }} -p ${{ github.token }} ghcr.io
- name: Login to Quay - name: Login to Quay
if: ${{ github.repository_owner == github.actor }} if: env.PUSH_QUAY
id: quay run: exec buildah login -u ${{ secrets.QUAY_USER }} -p ${{ secrets.QUAY_TOKEN }} quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Login to Docker Hub - name: Login to Docker Hub
if: ${{ github.repository_owner == github.actor }} if: env.PUSH_DOCKER_HUB
id: dckr run: exec buildah login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_TOKEN }} docker.io
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Print tag - name: Print tag
run: | run: |
@@ -90,20 +86,10 @@ jobs:
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
# setup buildkit ourselves so it doesn't create a new one each time act is executed
- run: |
docker buildx create \
--use \
--name image-builder \
--buildkitd-flags '--allow-insecure-entitlement network.host' \
--driver docker-container \
--driver-opt "env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000" \
--platform "${{ env.PLATFORMS }}"
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
shell: pwsh shell: buildah unshare pwsh "{0}"
env: env:
RUNNER: root RUNNER: root
TAG: act-${{ matrix.TAG }}-${{ env.PART_TAG }} TAG: act-${{ matrix.TAG }}-${{ env.PART_TAG }}
@@ -116,13 +102,13 @@ jobs:
./build.ps1 ` ./build.ps1 `
-push ` -push `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
shell: pwsh shell: buildah unshare pwsh "{0}"
env: env:
RUNNER: runner RUNNER: runner
TAG: runner-${{ matrix.TAG }}-${{ env.PART_TAG }} TAG: runner-${{ matrix.TAG }}-${{ env.PART_TAG }}
@@ -135,13 +121,13 @@ jobs:
./build.ps1 ` ./build.ps1 `
-push ` -push `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
- if: ${{ !env.SKIP_TEST }} - if: ${{ !env.SKIP_TEST }}
uses: actions/setup-go@v4 uses: actions/setup-go@v3
with: with:
go-version: '^1.16' go-version: '^1.16'
@@ -160,7 +146,7 @@ jobs:
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }} if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }}
shell: pwsh shell: buildah unshare pwsh "{0}"
env: env:
TAG: act-${{ matrix.TAG }} TAG: act-${{ matrix.TAG }}
TYPE: act TYPE: act
@@ -170,16 +156,16 @@ jobs:
BUILD_TAG: act-${{ matrix.TAG }} BUILD_TAG: act-${{ matrix.TAG }}
run: | run: |
./build.ps1 ` ./build.ps1 `
-push ` ${{ '-push' || '' }} `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }} if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }}
shell: pwsh shell: buildah unshare pwsh "{0}"
env: env:
RUNNER: runner RUNNER: runner
TAG: runner-${{ matrix.TAG }} TAG: runner-${{ matrix.TAG }}
@@ -192,9 +178,9 @@ jobs:
./build.ps1 ` ./build.ps1 `
-push ` -push `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
build-flavours: build-flavours:
@@ -223,31 +209,24 @@ jobs:
- dotnet - dotnet
- custom - custom
steps: steps:
- name: Login to GitHub Container Registry - name: Force SLUG to lowercase
if: ${{ github.repository_owner == github.actor }} uses: actions/github-script@v6
id: ghcr
uses: docker/login-action@v2
with: with:
registry: ghcr.io github-token: n/a
username: ${{ github.repository_owner }} script: |
password: ${{ secrets.GITHUB_TOKEN }} core.exportVariable('SLUG', process.env.SLUG.toLowerCase());
- name: Login to GitHub Container Registry
if: env.PUSH_GHCR
run: exec buildah login -u ${{ github.actor }} -p ${{ github.token }} ghcr.io
- name: Login to Quay - name: Login to Quay
if: ${{ github.repository_owner == github.actor }} if: env.PUSH_QUAY
id: quay run: exec buildah login -u ${{ secrets.QUAY_USER }} -p ${{ secrets.QUAY_TOKEN }} quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Login to Docker Hub - name: Login to Docker Hub
if: ${{ github.repository_owner == github.actor }} if: env.PUSH_DOCKER_HUB
id: dckr run: exec buildah login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_TOKEN }} docker.io
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Print tag - name: Print tag
run: | run: |
@@ -268,19 +247,10 @@ jobs:
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
- run: |
docker buildx create \
--use \
--name image-builder \
--buildkitd-flags '--allow-insecure-entitlement network.host' \
--driver docker-container \
--driver-opt "env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000" \
--platform "${{ env.PLATFORMS }}"
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
shell: pwsh shell: buildah unshare pwsh "{0}"
env: env:
TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }}-${{ env.PART_TAG }} TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }}-${{ env.PART_TAG }}
FROM_IMAGE: ghcr.io/${{ env.SLUG }} FROM_IMAGE: ghcr.io/${{ env.SLUG }}
@@ -290,13 +260,13 @@ jobs:
./build.ps1 ` ./build.ps1 `
-push ` -push `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
- name: Build and push ${{ env.DISTRO }}:${{ env.TAG }} - name: Build and push ${{ env.DISTRO }}:${{ env.TAG }}
shell: pwsh shell: buildah unshare pwsh "{0}"
if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }} if: ${{ ( github.event_name != 'pull_request' && github.event_name != 'push' && !env.ACT ) }}
env: env:
TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }} TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }}
@@ -307,7 +277,7 @@ jobs:
./build.ps1 ` ./build.ps1 `
-push ` -push `
-tags @( -tags @(
'ghcr.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_GHCR && format('''ghcr.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_QUAY || env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'quay.io/${{ env.SLUG }}:${{ env.TAG }}', ${{ env.PUSH_QUAY && format('''quay.io/{0}:{1}''{2}', env.SLUG, env.TAG, (env.PUSH_DOCKER_HUB) && ',' || '') || '' }}
'docker.io/${{ env.SLUG }}:${{ env.TAG }}' ${{ env.PUSH_DOCKER_HUB && format('''docker.io/{0}:{1}''{2}', env.SLUG, env.TAG, ('') && ',' || '') || '' }}
) )
build.ps1
+55 -57
View File
@@ -37,22 +37,40 @@ param(
[switch]$push [switch]$push
) )
$basetags = @() # https://stackoverflow.com/a/33545660
function Flatten-Array{
$input | ForEach-Object{
if (($_ -is [array]) -and (-not ($_ -is [string])) ){$_ | Flatten-Array}else{$_}
} | Where-Object{![string]::IsNullorEmpty($_)}
}
$regstryid = $(& (Get-Command 'docker').source run --rm -d -p 8192:5000 registry:2) function exec() {
$path, $myargs = $args | Flatten-Array
& "$path" $myargs
if($LASTEXITCODE -ne 0) {
throw "$($args | Flatten-Array) failed with exit code $LASTEXITCODE"
}
}
function exec_out() {
$path, $myargs = $args | Flatten-Array
$stdout = "$(& "$path" $myargs)"
if($LASTEXITCODE -ne 0) {
throw "$($args | Flatten-Array) failed with exit code $LASTEXITCODE, error: $stdout"
}
return "$stdout"
}
$manifest = "$(New-Guid)-manifest:latest"
exec buildah manifest create "$manifest"
ForEach($platform in $platforms.Split(",")) { ForEach($platform in $platforms.Split(",")) {
$intermediatetag = "$(New-Guid)-intermediate:latest"
$arguments = @( $arguments = @(
'buildx', "buildah",
'build' "build",
) "--platform=${platform}",
$arguments += $progress -ne '' ? @("--progress=$progress") : @("--progress=plain")
$intermediatetag = "localhost:8192/intermediate:$($platform.Replace("/", "-"))"
$arguments += @(
"--tag=${intermediatetag}",
"--build-arg=NODE_VERSION=${node}", "--build-arg=NODE_VERSION=${node}",
"--build-arg=DISTRO=${distro}", "--build-arg=DISTRO=${distro}",
"--build-arg=TYPE=${type}", "--build-arg=TYPE=${type}",
@@ -67,55 +85,35 @@ ForEach($platform in $platforms.Split(",")) {
"--build-arg=FROM_IMAGE=${from_image}", "--build-arg=FROM_IMAGE=${from_image}",
"--build-arg=FROM_TAG=${from_tag}", "--build-arg=FROM_TAG=${from_tag}",
"--file=./linux/${image}/Dockerfile", "--file=./linux/${image}/Dockerfile",
"--platform=${platform}",
"--load",
'.'
)
& (Get-Command 'docker').source $arguments
# Not using buildx here, because buildx doesn't like a localhost registry
$arguments = @(
'build'
)
$arguments += $progress -ne '' ? @("--progress=$progress") : @("--progress=plain")
$imageid = $(& (Get-Command 'docker').source create "${intermediatetag}")
$envfileContent = $(& (Get-Command 'docker').source cp "${imageid}:/etc/environment" - | tar x --to-stdout)
& (Get-Command 'docker').source rm "${imageid}"
echo "FROM ${intermediatetag}" > Dockerfile.tmp
ForEach($envline in $envfileContent.Split("\n")) {
echo "ENV $envline" >> Dockerfile.tmp
}
$arguments += @(
"--tag=${intermediatetag}", "--tag=${intermediatetag}",
"--file=./Dockerfile.tmp", "--format=docker",
'.' '.'
) )
& (Get-Command 'docker').source $arguments exec $arguments
$containerName = New-Guid
& (Get-Command 'docker').source push ${intermediatetag} # buildah bug: https://github.com/containers/buildah/commit/4b7d3555bfa4440c3c5264ae44b93822e10deec0
# The arm variant is dropped in the previous step this causes a failure here
$basetags += @("${intermediatetag}") $plat = $platform.Split("/")
exec buildah from --format=docker --name "$containerName-container" --platform "$($plat[0])/$($plat[1])" "$intermediatetag"
$containerpath = exec_out buildah mount "$containerName-container"
$envfileContent = Get-Content "$containerpath/etc/environment"
$arguments = @(
"buildah",
"config"
)
ForEach($envline in $envfileContent) {
$arguments += "--env","$envline"
}
$arguments += @("$containerName-container")
exec $arguments
exec buildah unmount "$containerName-container"
exec buildah commit --format=docker "$containerName-container" "$containerName-image"
exec buildah manifest add "$manifest" "$containerName-image"
} }
$arguments = @() if($push -eq $true) {
ForEach($t in ($tags + ($tag -ne '' ? @("$tag") : @()))) {
if($push -ne $true) { exec buildah manifest push --all "$manifest" "docker://$t"
$arguments += @("--dry-run") }
} }
$tags.Count -ne 0 ? ($tags | ForEach-Object { $arguments += @("--tag=$_") }) : ""
$arguments += $tag -ne '' ? @("--tag=$tag") : @()
& (Get-Command 'docker').source buildx imagetools create $arguments $basetags
& (Get-Command 'docker').source stop $regstryid