Base: Update to Debian 12.5 #137
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build & Push: base-glibc-busybox-bash' | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- images/base-glibc-busybox-bash/* | |
- .github/workflows/base-glibc-busybox-bash.yaml | |
pull_request: | |
paths: | |
- images/base-glibc-busybox-bash/* | |
- .github/workflows/base-glibc-busybox-bash.yaml | |
jobs: | |
build: | |
name: Build & Push | |
runs-on: ubuntu-24.04 | |
container: | |
# travier/podman-action contains newer podman/buildah versions. | |
image: quay.io/travier/podman-action | |
options: --privileged | |
env: | |
# The base image is not intended to change often and should be used with | |
# version tags or checksum IDs, but not via "latest". | |
MAJOR_VERSION: 3 | |
MINOR_VERSION: 1 | |
IMAGE_NAME: base-glibc-busybox-bash | |
BUSYBOX_VERSION: '1.36.1' | |
DEBIAN_VERSION: '12.5' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up QEMU | |
run: | | |
podman run --rm --privileged \ | |
docker.io/tonistiigi/binfmt --install arm64 | |
- name: Install Tools | |
run: | | |
set -eu | |
# jq is not installed in travier/podman-action | |
dnf install -qy \ | |
jq | |
rpm -q \ | |
buildah podman \ | |
coreutils findutils sed \ | |
curl jq \ | |
| ( | |
while read -r line ; do | |
printf %s\\n "${line}" | |
case "${line}" in (*' not installed'*) | |
err=1 ;; | |
esac | |
done | |
exit "${err-0}" | |
) | |
- name: Build | |
id: build | |
run: | | |
set -xeu | |
cd 'images/${{ env.IMAGE_NAME }}' | |
image_name='${{ env.IMAGE_NAME }}' | |
tags=' | |
${{ env.MAJOR_VERSION }} | |
${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} | |
latest | |
' | |
printf %s\\n \ | |
"image=${image_name}" \ | |
"tags=$( echo ${tags} )" \ | |
>> $GITHUB_OUTPUT | |
for tag in ${tags} ; do | |
buildah manifest create "${image_name}:${tag}" | |
done | |
iidfile="$( mktemp )" | |
buildah bud \ | |
--iidfile="${iidfile}" \ | |
--build-arg=busybox_version='${{ env.BUSYBOX_VERSION }}' \ | |
--file=Dockerfile.busybox | |
busybox_image="$( cat "${iidfile}" )" | |
rm "${iidfile}" | |
for arch in amd64 arm64 ; do | |
iidfile="$( mktemp )" | |
buildah bud \ | |
--arch="${arch}" \ | |
--iidfile="${iidfile}" \ | |
--build-arg=busybox_image="${busybox_image}" \ | |
--build-arg=debian_version='${{ env.DEBIAN_VERSION }}' | |
image_id="$( cat "${iidfile}" )" | |
rm "${iidfile}" | |
container="$( buildah from "${image_id}" )" | |
run() { buildah run "${container}" "${@}" ; } | |
deb_list="$( run cat /.deb.lst | tr '\n' '|' | sed 's/|$//' )" | |
pkg_list="$( run cat /.pkg.lst | tr '\n' '|' | sed 's/|$//' )" | |
glibc="$( run sh -c 'exec "$( find -xdev -name libc.so.6 -print -quit )"' | sed '1!d' )" | |
busybox="$( run busybox | sed '1!d' )" | |
bash="$( run bash --version | sed '1!d' )" | |
buildah rm "${container}" | |
container="$( buildah from "${image_id}" )" | |
buildah config \ | |
--label=glibc="${glibc}" \ | |
--label=busybox="${busybox}" \ | |
--label=bash="${bash}" \ | |
--label=deb-list="${deb_list}" \ | |
--label=pkg-list="${pkg_list}" \ | |
"${container}" | |
image_id="$( buildah commit "${container}" )" | |
buildah rm "${container}" | |
for tag in ${tags} ; do | |
buildah tag \ | |
"${image_id}" \ | |
"${image_name}:${tag}-${arch}" | |
buildah manifest add \ | |
"${image_name}:${tag}" \ | |
"${image_id}" | |
done | |
done | |
- name: Test | |
run: | | |
image='${{ steps.build.outputs.image }}' | |
ids="$( | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
buildah manifest inspect "${image}:${tag}" \ | |
| jq -r '.manifests[]|.digest' \ | |
| while read id ; do | |
buildah images --format '{{.ID}}{{.Digest}}' \ | |
| sed -n "s/${id}//p" | |
done | |
done | |
)" | |
ids="$( printf %s "${ids}" | sort -u )" | |
for id in ${ids} ; do | |
podman history "${id}" | |
buildah bud \ | |
--build-arg=base="${id}" \ | |
--file=Dockerfile.test \ | |
"images/${image}" | |
done | |
buildah rmi --prune || true | |
- name: Check Tags | |
run: | | |
# FIX upstream: Quay.io does not support immutable images currently. | |
# => Try to use the REST API to check for duplicate tags. | |
response="$( | |
curl -sL \ | |
'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/tag/' | |
)" | |
existing_tags="$( | |
printf %s "${response}" \ | |
| jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name' | |
)" \ | |
|| { | |
printf %s\\n \ | |
'Could not get list of image tags.' \ | |
'Does the repository exist on Quay.io?' \ | |
'Quay.io REST API response was:' \ | |
"${response}" | |
exit 1 | |
} | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
case "${tag}" in | |
latest | '${{ env.MAJOR_VERSION }}' ) ;; | |
* ) | |
if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then | |
printf 'Tag %s already exists!\n' "${tag}" | |
exit 1 | |
fi | |
esac | |
done | |
- if: ${{ github.ref == 'refs/heads/main' }} | |
name: Push | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build.outputs.image }} | |
tags: ${{ steps.build.outputs.tags }} | |
registry: ${{ secrets.QUAY_BIOCONDA_REPO }} | |
username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} | |
password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} | |
- if: ${{ github.ref == 'refs/heads/main' }} | |
name: Test Pushed | |
run: | | |
image='${{ env.IMAGE_NAME }}' | |
ids="$( | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
buildah manifest inspect "${image}:${tag}" \ | |
| jq -r '.manifests[]|.digest' \ | |
| while read id ; do | |
buildah images --format '{{.ID}}{{.Digest}}' \ | |
| sed -n "s/${id}//p" | |
done | |
done | |
)" | |
ids="$( printf %s "${ids}" | sort -u )" | |
for id in ${ids} ; do | |
podman history "${id}" | |
buildah bud \ | |
--build-arg=base="${id}" \ | |
--file=Dockerfile.test \ | |
"images/${image}" | |
done | |
buildah rmi --prune || true |