Skip to content

Container Image

Container Image #35

name: Container Image
on:
workflow_dispatch:
inputs:
platforms:
description: "comma-separated list of platforms to build for, e.g. linux/amd64,linux/s390x,linux/ppc64le,linux/riscv64 (leave empty for defaults)"
default: ''
custom_tag:
description: optional custom tag on remote repo you want image to be tagged with
default: scratch
workflow_call:
inputs:
platforms:
required: false
default: ''
type: string
custom_tag:
required: false
default: ''
type: string
schedule:
# every Wednesday morning
- cron: 7 7 * * 3
push:
branches: [ master ]
tags:
- '*' # Push events to every tag not containing /
pull_request:
types: [opened, reopened, synchronize]
concurrency:
group: ci-container-build-${{ github.ref }}-1
cancel-in-progress: true
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# Sets permissions of the GITHUB_TOKEN to allow deployment to ghcr.io
permissions:
contents: read
packages: write
id-token: write
jobs:
buildah:
runs-on: ubuntu-latest
steps:
- name: Sanitize Platforms
id: platforms
run: |
platforms="${{ inputs.platforms == '' && 'linux/amd64,linux/arm64' || inputs.platforms }}"
archs="$( sed -e 's#linux/##g' <<< $platforms )"
echo "platforms=$platforms" >> $GITHUB_OUTPUT
echo "archs=$archs" >> $GITHUB_OUTPUT
# Allow multi-target builds
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ steps.platforms.outputs.archs }}
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: redhat-actions/podman-login@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=schedule
type=raw,value=latest,enable=${{ github.ref_name == 'master' }}
${{ github.ref_name == 'master' && 'type=raw,value=nightly' }}
type=ref,event=branch,enable=${{ github.ref_name != 'master' && inputs.custom_tag == '' }}
${{ inputs.custom_tag }}
type=ref,event=tag
type=ref,event=pr
# https://github.com/actions/checkout
- uses: actions/checkout@v4
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
tags: ${{ steps.meta.outputs.tags }}
platforms: ${{ steps.platforms.outputs.platforms }}
labels: ${{ steps.meta.outputs.labels }}
layers: false
oci: true
tls-verify: true
extra-args: |
--squash
--jobs=3
containerfiles: |
Dockerfile
- name: Echo Outputs
run: |
echo "Image: ${{ steps.build-image.outputs.image }}"
echo "Tags: ${{ steps.build-image.outputs.tags }}"
echo "Tagged Image: ${{ steps.build-image.outputs.image-with-tag }}"
- name: Check images created
run: buildah images
- name: Smoke test the images
run: |
set -ex
# accessing a mapped port from a container did not work so lets
# create a pod where both - server and client have same localhost
podman pod create > podid
platforms="${{ steps.platforms.outputs.platforms }}"
test_tag () {
podman run -d --pod-id-file=podid --name=listener -u 14:0 "${{ steps.build-image.outputs.image-with-tag }}$1" -s 0.0.0.0:1234
sleep 3
podman logs listener
podman run --pod-id-file=podid --rm -i "${{ steps.build-image.outputs.image-with-tag }}$1" ws://127.0.0.1:1234/ <<< "Test Message $1"
echo Expecting "\"Test Message $1\"" in listener log..
podman logs listener | tee /dev/stderr | grep -q "Test Message $1"
podman rm -f listener
}
if [ x$( sed -E -e 's#[^/]##g' <<< $platforms ) != "x/" ]; then
# if we are here, user has selected more than one build platform
arch_tags=$( tr ',' ' ' <<< $platforms | tr -d '/' )
# removed slashes to produce "linuxamd64 linuxs390x linuxppc64le"
for tag in $arch_tags; do test_tag -$tag; done
else
# if we are here, user has selected a single build platform
test_tag
fi
- name: Push To Container Registry
id: push-to-container-registry
uses: redhat-actions/push-to-registry@v2
if: github.event_name != 'pull_request'
with:
tags: ${{ steps.build-image.outputs.tags }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-to-container-registry.outputs.registry-paths }}"