-
Notifications
You must be signed in to change notification settings - Fork 41
223 lines (202 loc) · 8.18 KB
/
images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
name: Rebuild Bowtie Images
on:
workflow_dispatch:
inputs:
implementation:
description: The name of an implementation.
required: false
type: string
version:
description: >
A specific version of the implementation you want to build.
If the implementation has historical version support (i.e. a `matrix-versions.json` file)
and your specified version is included in that file then only that version of the implementation
will be built and if you don't specify any version over here then all of its versions from that
file will be built.
If no file is found then just the latest version of the implementation will be built.
required: false
type: string
pull_request:
paths:
- "implementations/**"
- ".github/workflows/images.yml"
push:
branches-ignore:
- "wip*"
paths:
- "implementations/**"
- ".github/workflows/images.yml"
tags:
- "v*"
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
concurrency:
group: images-${{ github.ref }}
cancel-in-progress: true
jobs:
list:
runs-on: ubuntu-latest
outputs:
images: ${{ steps.images-matrix.outputs.images }}
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
enable-cache: true
- name: Calculate which impages to build
id: images-matrix
run: |
implementation=${{ inputs.implementation }}
version=${{ inputs.version }}
matrix_versions_file="implementations/$implementation/matrix-versions.json"
IMPLEMENTATIONS=$(uvx --from . --python 3.13 bowtie filter-implementations --format json)
MATRIX="[]"
if [ -n "$implementation" ]; then
if echo "$IMPLEMENTATIONS" | jq -e --arg impl "$implementation" 'index($impl) != null' > /dev/null; then
if [ -f "$matrix_versions_file" ]; then
versions=$(cat "$matrix_versions_file" | jq -c)
if [ -n "$version" ]; then
if echo "$versions" | jq -e --arg version "$version" 'index($version) != null' > /dev/null; then
MATRIX=$(echo $MATRIX | jq --arg impl "$implementation" --arg ver "$version" '. + [{"image": $impl, "version": $ver}]')
else
echo "No such version ('$version') found in the \`matrix-versions.json\` file of $implementation. Please provide a correct version."
exit 1
fi
else
MATRIX=$(echo $MATRIX | jq --arg impl "$implementation" --argjson vers "$versions" '. + [{"image": $impl, "version": $vers[]}]')
fi
else
MATRIX=$(echo $MATRIX | jq --arg impl "$implementation" '. + [{"image": $impl, "version": "latest"}]')
fi
else
echo "No such implementation ('$implementation') found. Please provide a correct implementation name."
echo "To see a list of all Bowtie supported implementations, run \`bowtie filter-implementations\`."
exit 1
fi
else
if [ -n "$version" ]; then
echo "Please also input an implementation name along with the version that you've provided."
exit 1
else
for impl in $(echo "$IMPLEMENTATIONS" | jq -r '.[]'); do
MATRIX=$(echo $MATRIX | jq --arg impl "$impl" '. + [{"image": $impl, "version": "latest"}]')
done
fi
fi
echo "images=$(echo $MATRIX | jq -c .)" >> $GITHUB_OUTPUT
build:
needs: list
# Particularly for .NET (which we special case below),
# we need a newer buildah than what's in 22.04 (which is buildah 1.23.1)
# so that it properly sets TARGETARCH and therefore multi-architecture
# container image builds know which architecture we're building for.
# See https://github.com/containers/buildah/pull/4295.
runs-on: ubuntu-24.04
permissions:
id-token: write
contents: read
attestations: write
packages: write
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.list.outputs.images) }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
impl:
- added|modified: 'implementations/${{ matrix.image }}/**'
if: ${{ !inputs.implementation }}
- name: Install qemu
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static
if: |
(
(steps.changes.outputs.impl == 'true')
|| (github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)
&& !startsWith(matrix.image, 'dotnet-')
# See https://devblogs.microsoft.com/dotnet/improving-multiplatform-container-support/ for why not .NET
- name: Build
id: build_image
uses: redhat-actions/buildah-build@v2
with:
context: implementations/${{ matrix.image }}
containerfiles: |
implementations/${{ matrix.image }}/Dockerfile
image: ${{ matrix.image }}
tags: ${{ matrix.version }} ${{ github.sha }}
archs: amd64, arm64
build-args: |
${{ inputs.implementation && format('IMPLEMENTATION_VERSION={0}', matrix.version) || '' }}
if: |
(
(steps.changes.outputs.impl == 'true')
|| (github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)
- name: Set DOCKER_HOST so podman-built images are findable
run: |
systemctl --user enable --now podman.socket
sudo loginctl enable-linger $USER
podman --remote info
echo "DOCKER_HOST=unix://$(podman info --format '{{.Host.RemoteSocket.Path}}')" >> $GITHUB_ENV
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
enable-cache: true
- name: Smoke Test
run: |
uvx --from . --python 3.13 bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format json
uvx --from . --python 3.13 bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format markdown >> $GITHUB_STEP_SUMMARY
# We special case python-fastjsonschema, which unfortunately does not
# pass the smoke test, as it has multiple issues handling simple
# schemas using the `not` keyword.
# See e.g. horejsek/python-fastjsonschema#181
continue-on-error: ${{ matrix.image == 'python-fastjsonschema' }}
if: |
(
(steps.changes.outputs.impl == 'true')
|| (github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)
- name: Log in to ghcr.io
uses: redhat-actions/podman-login@v1
with:
username: ${{ github.actor }}
password: ${{ github.token }}
registry: ${{ env.IMAGE_REGISTRY }}
if: |
(
(github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)
- name: Publish
id: push
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
if: |
(
(github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)
- name: Generate attestation for images
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
if: |
(
(github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags'))
|| (inputs.implementation)
)