build(deps): bump github.com/docker/docker from 24.0.7+incompatible to 25.0.6+incompatible in /tools/dockerfile-add-scanner #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: PR build | |
on: # yamllint disable-line rule:truthy | |
pull_request: | |
branches: | |
- "master" | |
- "[0-9]+.[0-9]+" | |
- "[0-9]+.[0-9]+-stable" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
cancel-in-progress: true | |
jobs: | |
packages: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: buildjet-4vcpu-ubuntu-2204-arm | |
arch: arm64 | |
- os: buildjet-4vcpu-ubuntu-2004 | |
arch: amd64 | |
- os: buildjet-4vcpu-ubuntu-2004 | |
arch: riscv64 | |
steps: | |
- name: Starting Report | |
run: | | |
echo Git Ref: ${{ github.ref }} | |
echo GitHub Event: ${{ github.event_name }} | |
echo Disk usage | |
df -h | |
echo Memory | |
free -m | |
- name: Clear repository | |
run: | | |
sudo rm -fr "$GITHUB_WORKSPACE" && mkdir "$GITHUB_WORKSPACE" | |
rm -fr ~/.linuxkit | |
docker system prune --all --force --volumes | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: ensure zstd for cache # this should be removed once the arm64 VM includes zstd | |
if: ${{ matrix.os == 'buildjet-4vcpu-ubuntu-2204-arm' || matrix.os == 'arm64-secure' }} | |
run: | | |
sudo apt install -y zstd | |
- name: ensure packages for cross-arch build | |
if: ${{ matrix.arch == 'riscv64' }} | |
run: | | |
APT_INSTALL="sudo apt install -y binfmt-support qemu-user-static" | |
# the following weird statement is here to speed up the happy path | |
# if the default server is responding -- we can skip apt update | |
$APT_INSTALL || { sudo apt update && $APT_INSTALL ; } | |
- name: update linuxkit cache if available | |
uses: actions/cache@v3 | |
with: | |
path: ~/.linuxkit/cache | |
key: linuxkit-${{ matrix.arch }}-${{ github.sha }} | |
- name: Build packages | |
run: | | |
make V=1 PRUNE=1 ZARCH=${{ matrix.arch }} pkgs | |
- name: Post package report | |
run: | | |
echo Disk usage | |
df -h | |
echo Memory | |
free -m | |
docker system df | |
docker system df -v | |
eve: | |
needs: packages # all packages for all platforms must be built first | |
runs-on: buildjet-4vcpu-ubuntu-2004 | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [arm64, amd64] | |
hv: [xen, kvm] | |
include: | |
- arch: riscv64 | |
hv: mini | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# the next three steps - cache_for_docker, load images, and cache_for_packages - | |
# having nothing to do with the content of the final eve image. Instead, it is because we are running | |
# on amd64, and we need some of the tools in order to compose the final eve image for the target arch. | |
# These tools are in pkg/, and therefore are part of packages, and we need them in docker. | |
# Rather than build them again, we just restore the cache for our runner architecture, | |
# load them into docker, and then clear the cache so we can load the cache for the target arch. | |
- name: update linuxkit cache for runner arch so we can get desired images | |
id: cache_for_docker | |
uses: actions/cache/restore@v3 | |
with: | |
path: ~/.linuxkit/cache | |
key: linuxkit-amd64-${{ github.sha }} | |
fail-on-cache-miss: true | |
- name: load images we need from linuxkit cache into docker | |
run: | | |
make cache-export-docker-load-all | |
- name: clear linuxkit cache so we can load for target arch | |
if: ${{ matrix.arch != 'amd64' }} # because our runner arch is amd64; if that changes, this will have to change | |
run: | | |
rm -rf ~/.linuxkit | |
# With the "load into docker" complete, now we can restore the packages into the cache for the target arch (as opposed to the runner arch) | |
- name: update linuxkit cache for our arch | |
id: cache_for_packages | |
if: ${{ matrix.arch != 'amd64' }} # because our runner arch is amd64; if that changes, this will have to change | |
uses: actions/cache/restore@v3 | |
with: | |
path: ~/.linuxkit/cache | |
key: linuxkit-${{ matrix.arch }}-${{ github.sha }} | |
fail-on-cache-miss: true | |
- name: set environment | |
env: | |
PR_ID: ${{ github.event.pull_request.number }} | |
run: | | |
COMMIT_ID=$(git describe --abbrev=8 --always) | |
echo "VERSION=0.0.0-pr$PR_ID-$COMMIT_ID" >> $GITHUB_ENV | |
echo "TAG=evebuild/danger:pr$PR_ID" >> $GITHUB_ENV | |
echo "ARCH=${{ matrix.arch }}" >> "$GITHUB_ENV" | |
- name: Build EVE ${{ matrix.hv }}-${{ matrix.arch }} | |
run: | | |
make V=1 ROOTFS_VERSION="$VERSION" HV=${{ matrix.hv }} ZARCH=${{ matrix.arch }} eve # note that this already loads it into docker | |
- name: Post eve build report | |
run: | | |
echo Disk usage | |
df -h | |
echo Memory | |
free -m | |
docker system df | |
docker system df -v | |
- name: Export docker container | |
run: | | |
make cache-export ZARCH=${{ matrix.arch }} IMAGE=lfedge/eve:$VERSION-${{ matrix.hv }} OUTFILE=eve-${{ matrix.hv }}-${{ matrix.arch }}.tar IMAGE_NAME=$TAG-${{ matrix.hv }}-${{ matrix.arch }} | |
- name: Upload EVE ${{ matrix.hv }}-${{ matrix.arch }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: eve-${{ matrix.hv }}-${{ matrix.arch }} | |
path: eve-${{ matrix.hv }}-${{ matrix.arch }}.tar | |
- name: Clean EVE ${{ matrix.hv }}-${{ matrix.arch }} | |
run: | | |
make clean | |
docker rmi "$TAG-${{ matrix.hv }}-${{ matrix.arch }}" "lfedge/eve:$VERSION-${{ matrix.hv }}" "lfedge/eve:$VERSION-${{ matrix.hv }}-${{ matrix.arch }}" ||: | |
- name: Post clean eve ${{ matrix.hv }}-${{ matrix.arch }} report | |
run: | | |
echo Disk usage | |
df -h | |
echo Memory | |
free -m | |
docker system df | |
docker system df -v | |
- name: Clean | |
if: ${{ always() }} | |
run: | | |
make clean | |
docker system prune -f -a --volumes | |
rm -rf ~/.linuxkit |