From 3b42fe45ea4dee6871dcbc96ad21ffb0f34271d5 Mon Sep 17 00:00:00 2001 From: Tejal Desai Date: Tue, 19 Oct 2021 18:58:02 -0700 Subject: [PATCH] chore: add release workflow on pr (#1785) * chore: add release workflow on pr * remove linux/s390x * use keys * set up platforms * cancel * update keys * add secrets to env * All platforms added for kaniko Co-authored-by: Kun-Lu * echi * add mt 1300, remove push * Remove * final change * break executor and executor-slim Co-authored-by: Kun-Lu --- .github/workflows/pr_release.yaml | 171 ++++++++++++++++++++++++++++++ .github/workflows/release.yaml | 82 +++++++++++--- deploy/Dockerfile | 4 +- deploy/Dockerfile_debug | 4 +- deploy/Dockerfile_warmer | 4 +- 5 files changed, 245 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/pr_release.yaml diff --git a/.github/workflows/pr_release.yaml b/.github/workflows/pr_release.yaml new file mode 100644 index 000000000..75f164c5f --- /dev/null +++ b/.github/workflows/pr_release.yaml @@ -0,0 +1,171 @@ +name: Build images on pull requests + +on: [pull_request] + +concurrency: + group: release-images-${{ github.head_ref }} + cancel-in-progress: true + +jobs: + build-executor-slim: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Get the tags + id: vars + run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_slim + platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-slim + + build-debug: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Get the tags + id: vars + run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_debug + platforms: linux/amd64,linux/arm64 + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-debug + + build-warmer: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Get the tags + id: vars + run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_warmer + platforms: linux/amd64,linux/arm64 + tags: | + gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }} + + build-executor: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64" + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Get the tags + id: vars + run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile + platforms: linux/amd64,linux/arm64 + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }} \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5d3187cc9..107b1de7f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,8 @@ jobs: env: GITHUB_SHA: ${{ github.sha }} GITHUB_REF: ${{ github.ref }} - PLATFORMS: "linux/amd64,linux/arm64,linux/s390x" + PLATFORMS: "linux/amd64,linux/arm64" + runs-on: ubuntu-latest steps: - name: Clone source code @@ -52,22 +53,11 @@ jobs: # via gcloud command-line tool. gcloud auth configure-docker - - uses: docker/build-push-action@v2 - with: - context: . - file: ./deploy/Dockerfile_slim - platforms: linux/amd64,linux/arm64,linux/s390x - push: true - tags: | - gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-slim - gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}-slim - gcr.io/kaniko-project/executor:slim - - uses: docker/build-push-action@v2 with: context: . file: ./deploy/Dockerfile - platforms: linux/amd64,linux/arm64,linux/s390x + platforms: linux/amd64,linux/arm64 push: true tags: | gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }} @@ -94,7 +84,7 @@ jobs: env: GITHUB_SHA: ${{ github.sha }} GITHUB_REF: ${{ github.ref }} - PLATFORMS: "linux/amd64,linux/arm64,linux/s390x" + PLATFORMS: "linux/amd64,linux/arm64" runs-on: ubuntu-latest steps: - name: Clone source code @@ -140,7 +130,7 @@ jobs: with: context: . file: ./deploy/Dockerfile_debug - platforms: linux/amd64,linux/arm64,linux/s390x + platforms: linux/amd64,linux/arm64 push: true tags: | gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-debug @@ -163,7 +153,7 @@ jobs: env: GITHUB_SHA: ${{ github.sha }} GITHUB_REF: ${{ github.ref }} - PLATFORMS: "linux/amd64,linux/arm64,linux/s390x" + PLATFORMS: "linux/amd64,linux/arm64" runs-on: ubuntu-latest steps: - name: Clone source code @@ -208,7 +198,7 @@ jobs: with: context: . file: ./deploy/Dockerfile_warmer - platforms: linux/amd64,linux/arm64,linux/s390x + platforms: linux/amd64,linux/arm64 push: true tags: | gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }} @@ -226,3 +216,61 @@ jobs: cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }} cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:${{ steps.vars.outputs.tag }} cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:latest + + build-slim: + env: + GITHUB_SHA: ${{ github.sha }} + GITHUB_REF: ${{ github.ref }} + PLATFORMS: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le" + + runs-on: ubuntu-latest + steps: + - name: Clone source code + uses: actions/checkout@v2 + + - name: Get the tags + id: vars + run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + version: latest + + - name: Setup gcloud CLI + uses: google-github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }} + project_id: kaniko-project + export_default_credentials: true + + # Configure docker to use the gcloud command-line tool as a credential helper + - run: | + # Set up docker to authenticate + # via gcloud command-line tool. + gcloud auth configure-docker + + - uses: docker/build-push-action@v2 + with: + context: . + file: ./deploy/Dockerfile_slim + platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le + push: true + tags: | + gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-slim + gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}-slim + gcr.io/kaniko-project/executor:slim diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 331b10622..8021977f9 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -33,7 +33,9 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go build -o /usr/local/bin/docker-credential-gcr main.go + go get -u -t ./... && \ + go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go + # Get Amazon ECR credential helper RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ diff --git a/deploy/Dockerfile_debug b/deploy/Dockerfile_debug index 25eb0cdcc..64833c79a 100644 --- a/deploy/Dockerfile_debug +++ b/deploy/Dockerfile_debug @@ -36,7 +36,9 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go build -o /usr/local/bin/docker-credential-gcr main.go + go get -u -t ./... && \ + go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go + # Get Amazon ECR credential helper RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \ diff --git a/deploy/Dockerfile_warmer b/deploy/Dockerfile_warmer index 42d411486..acb22fb2e 100644 --- a/deploy/Dockerfile_warmer +++ b/deploy/Dockerfile_warmer @@ -33,7 +33,9 @@ RUN GOARCH=$(cat /goarch) && CGO_ENABLED=0 && \ git clone https://github.com/GoogleCloudPlatform/docker-credential-gcr.git && \ cd /go/src/github.com/GoogleCloudPlatform/docker-credential-gcr && \ git checkout 4cdd60d0f2d8a69bc70933f4d7718f9c4e956ff8 && \ - go build -o /usr/local/bin/docker-credential-gcr main.go + go get -u -t ./... && \ + go build -ldflags "-linkmode external -extldflags -static" -i -o /usr/local/bin/docker-credential-gcr main.go + # Get Amazon ECR credential helper RUN GOARCH=$(cat /goarch) && go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login && \