|
| 1 | +name: 'Build & Push: base-glibc-busybox-bash' |
| 2 | +on: |
| 3 | + push: |
| 4 | + branches: |
| 5 | + - master |
| 6 | + paths: |
| 7 | + - images/base-glibc-busybox-bash/* |
| 8 | + - .github/workflows/base-glibc-busybox-bash.yaml |
| 9 | + pull_request: |
| 10 | + paths: |
| 11 | + - images/base-glibc-busybox-bash/* |
| 12 | + - .github/workflows/base-glibc-busybox-bash.yaml |
| 13 | + |
| 14 | +jobs: |
| 15 | + build: |
| 16 | + name: Build & Push |
| 17 | + runs-on: ubuntu-24.04 |
| 18 | + container: |
| 19 | + # travier/podman-action contains newer podman/buildah versions. |
| 20 | + image: quay.io/travier/podman-action |
| 21 | + options: --privileged |
| 22 | + env: |
| 23 | + # The base image is not intended to change often and should be used with |
| 24 | + # version tags or checksum IDs, but not via "latest". |
| 25 | + MAJOR_VERSION: 3 |
| 26 | + MINOR_VERSION: 1 |
| 27 | + IMAGE_NAME: base-glibc-busybox-bash |
| 28 | + BUSYBOX_VERSION: '1.36.1' |
| 29 | + DEBIAN_VERSION: '12.5' |
| 30 | + |
| 31 | + steps: |
| 32 | + - uses: actions/checkout@v4 |
| 33 | + |
| 34 | + - name: Set up QEMU |
| 35 | + run: | |
| 36 | + podman run --rm --privileged \ |
| 37 | + docker.io/tonistiigi/binfmt --install arm64 |
| 38 | +
|
| 39 | + - name: Install Tools |
| 40 | + run: | |
| 41 | + set -eu |
| 42 | + # jq is not installed in travier/podman-action |
| 43 | + dnf install -qy \ |
| 44 | + jq |
| 45 | + rpm -q \ |
| 46 | + buildah podman \ |
| 47 | + coreutils findutils sed \ |
| 48 | + curl jq \ |
| 49 | + | ( |
| 50 | + while read -r line ; do |
| 51 | + printf %s\\n "${line}" |
| 52 | + case "${line}" in (*' not installed'*) |
| 53 | + err=1 ;; |
| 54 | + esac |
| 55 | + done |
| 56 | + exit "${err-0}" |
| 57 | + ) |
| 58 | +
|
| 59 | + - name: Build |
| 60 | + id: build |
| 61 | + run: | |
| 62 | + set -xeu |
| 63 | + cd 'images/${{ env.IMAGE_NAME }}' |
| 64 | +
|
| 65 | + image_name='${{ env.IMAGE_NAME }}' |
| 66 | + tags=' |
| 67 | + ${{ env.MAJOR_VERSION }} |
| 68 | + ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} |
| 69 | + latest |
| 70 | + ' |
| 71 | + printf %s\\n \ |
| 72 | + "image=${image_name}" \ |
| 73 | + "tags=$( echo ${tags} )" \ |
| 74 | + >> $GITHUB_OUTPUT |
| 75 | +
|
| 76 | + for tag in ${tags} ; do |
| 77 | + buildah manifest create "${image_name}:${tag}" |
| 78 | + done |
| 79 | +
|
| 80 | + iidfile="$( mktemp )" |
| 81 | + buildah bud \ |
| 82 | + --iidfile="${iidfile}" \ |
| 83 | + --build-arg=busybox_version='${{ env.BUSYBOX_VERSION }}' \ |
| 84 | + --file=Dockerfile.busybox |
| 85 | + busybox_image="$( cat "${iidfile}" )" |
| 86 | + rm "${iidfile}" |
| 87 | +
|
| 88 | + for arch in amd64 arm64 ; do |
| 89 | + iidfile="$( mktemp )" |
| 90 | + buildah bud \ |
| 91 | + --arch="${arch}" \ |
| 92 | + --iidfile="${iidfile}" \ |
| 93 | + --build-arg=busybox_image="${busybox_image}" \ |
| 94 | + --build-arg=debian_version='${{ env.DEBIAN_VERSION }}' |
| 95 | + image_id="$( cat "${iidfile}" )" |
| 96 | + rm "${iidfile}" |
| 97 | +
|
| 98 | + container="$( buildah from "${image_id}" )" |
| 99 | + run() { buildah run "${container}" "${@}" ; } |
| 100 | + deb_list="$( run cat /.deb.lst | tr '\n' '|' | sed 's/|$//' )" |
| 101 | + pkg_list="$( run cat /.pkg.lst | tr '\n' '|' | sed 's/|$//' )" |
| 102 | + glibc="$( run sh -c 'exec "$( find -xdev -name libc.so.6 -print -quit )"' | sed '1!d' )" |
| 103 | + busybox="$( run busybox | sed '1!d' )" |
| 104 | + bash="$( run bash --version | sed '1!d' )" |
| 105 | + buildah rm "${container}" |
| 106 | +
|
| 107 | + container="$( buildah from "${image_id}" )" |
| 108 | + buildah config \ |
| 109 | + --label=glibc="${glibc}" \ |
| 110 | + --label=busybox="${busybox}" \ |
| 111 | + --label=bash="${bash}" \ |
| 112 | + --label=deb-list="${deb_list}" \ |
| 113 | + --label=pkg-list="${pkg_list}" \ |
| 114 | + "${container}" |
| 115 | +
|
| 116 | + image_id="$( buildah commit "${container}" )" |
| 117 | + buildah rm "${container}" |
| 118 | + for tag in ${tags} ; do |
| 119 | + buildah tag \ |
| 120 | + "${image_id}" \ |
| 121 | + "${image_name}:${tag}-${arch}" |
| 122 | + buildah manifest add \ |
| 123 | + "${image_name}:${tag}" \ |
| 124 | + "${image_id}" |
| 125 | + done |
| 126 | + done |
| 127 | +
|
| 128 | + - name: Test |
| 129 | + run: | |
| 130 | + image='${{ steps.build.outputs.image }}' |
| 131 | + ids="$( |
| 132 | + for tag in ${{ steps.build.outputs.tags }} ; do |
| 133 | + buildah manifest inspect "${image}:${tag}" \ |
| 134 | + | jq -r '.manifests[]|.digest' \ |
| 135 | + | while read id ; do |
| 136 | + buildah images --format '{{.ID}}{{.Digest}}' \ |
| 137 | + | sed -n "s/${id}//p" |
| 138 | + done |
| 139 | + done |
| 140 | + )" |
| 141 | + ids="$( printf %s "${ids}" | sort -u )" |
| 142 | + for id in ${ids} ; do |
| 143 | + podman history "${id}" |
| 144 | + buildah bud \ |
| 145 | + --build-arg=base="${id}" \ |
| 146 | + --file=Dockerfile.test \ |
| 147 | + "images/${image}" |
| 148 | + done |
| 149 | + buildah rmi --prune || true |
| 150 | +
|
| 151 | + - name: Check Tags |
| 152 | + run: | |
| 153 | + # FIX upstream: Quay.io does not support immutable images currently. |
| 154 | + # => Try to use the REST API to check for duplicate tags. |
| 155 | + response="$( |
| 156 | + curl -sL \ |
| 157 | + 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/tag/' |
| 158 | + )" |
| 159 | +
|
| 160 | + existing_tags="$( |
| 161 | + printf %s "${response}" \ |
| 162 | + | jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name' |
| 163 | + )" \ |
| 164 | + || { |
| 165 | + printf %s\\n \ |
| 166 | + 'Could not get list of image tags.' \ |
| 167 | + 'Does the repository exist on Quay.io?' \ |
| 168 | + 'Quay.io REST API response was:' \ |
| 169 | + "${response}" |
| 170 | + exit 1 |
| 171 | + } |
| 172 | + for tag in ${{ steps.build.outputs.tags }} ; do |
| 173 | + case "${tag}" in |
| 174 | + latest | '${{ env.MAJOR_VERSION }}' ) ;; |
| 175 | + * ) |
| 176 | + if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then |
| 177 | + printf 'Tag %s already exists!\n' "${tag}" |
| 178 | + exit 1 |
| 179 | + fi |
| 180 | + esac |
| 181 | + done |
| 182 | +
|
| 183 | + - if: ${{ github.ref == 'refs/heads/master' }} |
| 184 | + name: Push |
| 185 | + uses: redhat-actions/push-to-registry@v2 |
| 186 | + with: |
| 187 | + image: ${{ steps.build.outputs.image }} |
| 188 | + tags: ${{ steps.build.outputs.tags }} |
| 189 | + registry: ${{ secrets.QUAY_BIOCONDA_REPO }} |
| 190 | + username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} |
| 191 | + password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} |
| 192 | + |
| 193 | + - if: ${{ github.ref == 'refs/heads/master' }} |
| 194 | + name: Test Pushed |
| 195 | + run: | |
| 196 | + image='${{ env.IMAGE_NAME }}' |
| 197 | + ids="$( |
| 198 | + for tag in ${{ steps.build.outputs.tags }} ; do |
| 199 | + buildah manifest inspect "${image}:${tag}" \ |
| 200 | + | jq -r '.manifests[]|.digest' \ |
| 201 | + | while read id ; do |
| 202 | + buildah images --format '{{.ID}}{{.Digest}}' \ |
| 203 | + | sed -n "s/${id}//p" |
| 204 | + done |
| 205 | + done |
| 206 | + )" |
| 207 | + ids="$( printf %s "${ids}" | sort -u )" |
| 208 | + for id in ${ids} ; do |
| 209 | + podman history "${id}" |
| 210 | + buildah bud \ |
| 211 | + --build-arg=base="${id}" \ |
| 212 | + --file=Dockerfile.test \ |
| 213 | + "images/${image}" |
| 214 | + done |
| 215 | + buildah rmi --prune || true |
0 commit comments