Skip to content

Build, Test, Push

Build, Test, Push #51

Workflow file for this run

name: Build, Test, Push
on:
schedule:
- cron: "0 10 * * 0" # Every Sunday at 10AM
push:
branches:
- master
- develop
- feature/*
tags:
- "v*.*.*"
workflow_dispatch: # Allow manually triggering a build
defaults:
run:
shell: bash
env:
IMAGE: docksal/mariadb
#DOCKSAL_VERSION: develop
jobs:
build:
name: "Build: ${{ matrix.version }}/${{ matrix.arch }}"
runs-on: ubuntu-20.04
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
include:
-
arch: amd64
version: "10.4"
-
arch: arm64
version: "10.4"
-
arch: amd64
version: "10.5"
-
arch: arm64
version: "10.5"
-
arch: amd64
version: "10.6"
-
arch: arm64
version: "10.6"
env:
ARCH: ${{ matrix.arch }}
VERSION_PREFIX: ""
VERSION: ${{ matrix.version }}
UPSTREAM_IMAGE: mariadb:${{ matrix.version }}
BUILD_DIR: "."
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Environment variables
run: |
# Export variables for further steps
echo GIT_SHA7="${GITHUB_SHA:0:7}" | tee -a ${GITHUB_ENV}
echo BUILD_IMAGE_TAG="${IMAGE}:${VERSION_PREFIX}${VERSION}-build" | tee -a ${GITHUB_ENV}
# Pull the host public SSH key at runtime instead of relying on a static value stored in secrets.
echo ARM64_HOST_SSH_CERT="$(ssh-keyscan -t rsa ${{ secrets.ARM64_HOST }} 2>/dev/null)" | tee -a ${GITHUB_ENV}
# -
# # Switch docker context to a remote arm64 host
# # Used for building heavy images that take too long to build using QEMU + for native arm64 testing.
# name: Switch to arm64 builder host
# if: ${{ env.ARCH == 'arm64' }}
# uses: arwynfr/actions-docker-context@v2
# with:
# docker_host: "ssh://ubuntu@${{ secrets.ARM64_HOST }}"
# context_name: arm64-host
# ssh_key: "${{ secrets.ARM64_HOST_SSH_KEY }}"
# ssh_cert: "${{ env.ARM64_HOST_SSH_CERT }}"
# use_context: true
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Check Docker
run: |
docker version
docker info
-
name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
# Build and cache image in the registry
name: Build image
uses: docker/build-push-action@v2
with:
context: ${{ env.BUILD_DIR }}
file: ${{ env.BUILD_DIR }}/Dockerfile
build-args: |
UPSTREAM_IMAGE=${{ env.UPSTREAM_IMAGE }}
VERSION=${{ env.VERSION }}
platforms: linux/${{ env.ARCH }}
# Push intermediate arch-specific build tag to repo
tags: ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-${{ env.ARCH }}
push: ${{ github.event_name != 'pull_request' }} # Don't push for PRs
# BUILD_IMAGE_TAG - persistent multi-arch tag, updated at the end of the build (success or failure)
cache-from: type=registry,ref=${{ env.BUILD_IMAGE_TAG }}
cache-to: type=inline # Write the cache metadata into the image configuration
test:
name: "Test: ${{ matrix.version }}/${{ matrix.arch }}"
runs-on: ubuntu-20.04
needs: build
strategy:
fail-fast: false # Don't cancel other jobs if one fails
matrix:
include:
# Disabled arm64 tests.
# TODO: Refactor tests to be compatible with a remote host test runner.
# TODO: Remember to re-enabled the test results check in "push".
-
arch: amd64
version: "10.4"
# -
# arch: arm64
# version: "10.4"
-
arch: amd64
version: "10.5"
# -
# arch: arm64
# version: "10.5"
-
arch: amd64
version: "10.6"
# -
# arch: arm64
# version: "10.6"
env:
ARCH: ${{ matrix.arch }}
VERSION_PREFIX: ""
VERSION: ${{ matrix.version }}
steps:
-
name: Setup Bats
uses: mig4/setup-bats@v1
with:
bats-version: "1.3.0"
-
name: Checkout
uses: actions/checkout@v2
-
name: Environment variables
run: |
# Export variables for further steps
echo GIT_SHA7="${GITHUB_SHA:0:7}" | tee -a ${GITHUB_ENV}
echo BUILD_IMAGE_TAG="${IMAGE}:${VERSION_PREFIX}${VERSION}-build" | tee -a ${GITHUB_ENV}
# Pull the host public SSH key at runtime instead of relying on a static value stored in secrets.
echo ARM64_HOST_SSH_CERT="$(ssh-keyscan -t rsa ${{ secrets.ARM64_HOST }} 2>/dev/null)" | tee -a ${GITHUB_ENV}
-
# Switch docker context to a remote arm64 host
# Used for building heavy images that take too long to build using QEMU + for native arm64 testing.
name: Switch to arm64 builder host
if: ${{ env.ARCH == 'arm64' }}
uses: arwynfr/actions-docker-context@v2
with:
docker_host: "ssh://ubuntu@${{ secrets.ARM64_HOST }}"
context_name: arm64-host
ssh_key: "${{ secrets.ARM64_HOST_SSH_KEY }}"
ssh_cert: "${{ env.ARM64_HOST_SSH_CERT }}"
use_context: true
-
name: Check Docker
run: |
docker version
docker info
# -
# name: Test preparations
# working-directory: ${{ env.BUILD_CONTEXT }}
# env:
# BUILD_IMAGE_TAG: ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-${{ env.ARCH }}
# run: |
# # Install Docksal using the passed DOCKSAL_VERSION value
# curl -sSL http://get.docksal.io | bash
# # Start the service using the build image tag
# make start
-
# Run tests
name: Test
id: tests
working-directory: ${{ env.BUILD_DIR }}
env:
BUILD_IMAGE_TAG: ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-${{ env.ARCH }}
VERSION: ${{ env.VERSION }}
run: |
make test
([[ $? == 0 ]] && echo "pass" || echo "fail") | tee ${{ github.workspace }}/test-results-${VERSION_PREFIX}${VERSION}-${ARCH}.txt
# Store tests results as an artifact (used by downstream jobs)
# Note: Cannot use "::set-output name=var_name::var_value" as var_name would need to be dynamic here.
# Dynamic variable names cannot be used when mapping step outputs to job outputs.
# Step outputs cannot be accessed directly from other jobs. Dead end.
- name: Store test results
uses: actions/upload-artifact@v2
with:
name: test-results
path: ${{ github.workspace }}/test-results-*.txt
push:
name: "Push: ${{ matrix.version }}/multi"
runs-on: ubuntu-20.04
# Wait for test to either succeed or fail
needs: test
if: always()
strategy:
matrix:
version:
- "10.4"
- "10.5"
- "10.6"
env:
VERSION_PREFIX: ""
VERSION: ${{ matrix.version }}
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Environment variables
run: |
# Export variables for further steps
echo GIT_SHA7="${GITHUB_SHA:0:7}" | tee -a ${GITHUB_ENV}
echo BUILD_IMAGE_TAG="${IMAGE}:${VERSION_PREFIX}${VERSION}-build" | tee -a ${GITHUB_ENV}
# Pull the host public SSH key at runtime instead of relying on a static value stored in secrets.
echo ARM64_HOST_SSH_CERT="$(ssh-keyscan -t rsa ${{ secrets.ARM64_HOST }} 2>/dev/null)" | tee -a ${GITHUB_ENV}
-
# Login to Docker Hub
name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Retrieve test results
uses: actions/download-artifact@v2
with:
name: test-results
-
# Generate persistent tags (edge, stable, release)
name: Docker image tags
id: docker_tags
# Don't push broken builds to persistent tags (both amd64 and arm64 tests must pass)
# TODO: re-enable the arm64 test results check once those tests are re-enabled
run: |
amd64_tests=$(cat test-results-${VERSION_PREFIX}${VERSION}-amd64.txt)
#arm64_tests=$(cat test-results-${VERSION_PREFIX}${VERSION}-arm64.txt)
# && [[ "${arm64_tests}" == "pass" ]]
if [[ "${amd64_tests}" == "pass" ]]; then
.github/scripts/docker-tags.sh
fi
-
# Create and push multi-arch image manifests
name: Push multi-arch images
env:
# build tags are always pushed (build caching, debugging needs)
# edge, stage, release are only pushed if tests were successful (see docker_tags step)
TAGS: |
${{ env.BUILD_IMAGE_TAG }}
${{ steps.docker_tags.outputs.tags }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} # Needed for docker-tag-delete.sh
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} # Needed for docker-tag-delete.sh
run: |
set -xeuo pipefail
IFS="${IFS}," # Also split strings by comma (in case list of tag is comma-separated)
for tag in ${TAGS}; do
if [[ "${tag}" == "" ]]; then continue; fi
docker manifest create --amend ${tag} \
${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-amd64 \
${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-arm64
docker manifest inspect ${tag}
docker manifest push ${tag}
done
# Clean up intermediate arch-specific image tags (DockerHub only)
.github/scripts/docker-tag-delete.sh ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-amd64
.github/scripts/docker-tag-delete.sh ${{ env.BUILD_IMAGE_TAG }}-${{ env.GIT_SHA7 }}-arm64