diff options
Diffstat (limited to '.github/workflows/build.yaml')
| -rw-r--r-- | .github/workflows/build.yaml | 299 |
1 files changed, 42 insertions, 257 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d1ea842..c80ab65 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,4 @@ -name: Build Images +name: Build images on: push: @@ -14,104 +14,27 @@ env: jobs: akmods: name: Akmods Image - runs-on: ubuntu-latest permissions: contents: read id-token: write packages: write - env: - IMAGE_NAME: akmods - FEDORA_VERSION: 39 - NVIDIA_VERSION: 535 - - steps: - - uses: actions/checkout@v4 - - - name: Extract metadata - id: metadata - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.IMAGE_NAME }} - tags: | - type=sha - type=ref,event=branch - type=ref,event=pr - type=schedule,pattern={{date 'YYYYMMDD'}} - - - name: Generate extra tags - id: extra-tags - run: | - timestamp="$(date +%Y%m%d)" - tag="$IMAGE_NAME:$FEDORA_VERSION-$NVIDIA_VERSION" - tags=("$tag" "$tag-$timestamp") - echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT" - - - name: Get akmods signing key - if: github.event_name != 'pull_request' - env: - AKMODS_KEY: ${{ secrets.AKMODS_KEY }} - run: | - echo "$AKMODS_KEY" > akmods/certs/private_key.priv - - - name: Build image - id: build - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./akmods/Containerfile - image: ${{ env.IMAGE_NAME }} - context: ./akmods - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ steps.extra-tags.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - build-args: | - FEDORA_VERSION=${{ env.FEDORA_VERSION }} - NVIDIA_VERSION=${{ env.NVIDIA_VERSION }} - - - name: Push to registry - id: push - if: github.event_name != 'pull_request' - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build.outputs.image }} - tags: ${{ steps.build.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - extra-args: | - --disable-content-trust - - - name: Login to registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Install cosign - if: github.event_name == 'pull_request' - uses: sigstore/cosign-installer@v3 - - - name: Sign image - if: github.event_name == 'pull_request' - env: - DIGEST: ${{ steps.push.outputs.digest }} - TAGS: ${{ steps.build.outputs.tags }} - run: | - images=() - for tag in "${TAGS[@]}"; do - images+=("$tag@$DIGEST") - done - cosign sign --yes "${images[@]}" + uses: ./.github/workflows/build-image.yaml + with: + image_name: akmods + containerfile: ./akmods/Containerfile + context: ./akmods + extra_tags: | + 39-535 + build_args: | + FEDORA_VERSION=39 + NVIDIA_VERSION=535 + secrets: + akmods_key: ${{ secrets.AKMODS_KEY }} base: - name: Base Image - runs-on: ubuntu-latest + name: Base Images permissions: contents: read @@ -126,180 +49,42 @@ jobs: fedora_version: 39 image_flavor: silverblue - steps: - - uses: actions/checkout@v4 - - - name: Extract metadata - id: metadata - uses: docker/metadata-action@v5 - with: - images: | - ${{ matrix.image_name }} - tags: | - type=sha - type=ref,event=branch - type=ref,event=pr - type=schedule,pattern={{date 'YYYYMMDD'}} - - - name: Generate extra tags - id: extra-tags - env: - IMAGE_NAME: ${{ matrix.image_name }} - FEDORA_VERSION: ${{ matrix.fedora_version }} - run: | - timestamp="$(date +%Y%m%d)" - tag="$IMAGE_NAME:$FEDORA_VERSION" - tags=("$tag" "$tag-$timestamp") - echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT" - - - name: Build image - id: build - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ matrix.image_name }} - context: . - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ steps.extra-tags.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - build-args: | - FEDORA_VERSION=${{ matrix.fedora_version }} - IMAGE_FLAVOR=${{ matrix.image_flavor }} - - - name: Push to registry - id: push - if: github.event_name != 'pull_request' - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build.outputs.image }} - tags: ${{ steps.build.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - extra-args: | - --disable-content-trust - - - name: Login to registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Install cosign - if: github.event_name == 'pull_request' - uses: sigstore/cosign-installer@v3 - - - name: Sign image - if: github.event_name == 'pull_request' - env: - DIGEST: ${{ steps.push.outputs.digest }} - TAGS: ${{ steps.build.outputs.tags }} - run: | - images=() - for tag in "${TAGS[@]}"; do - images+=("$tag@$DIGEST") - done - cosign sign --yes "${images[@]}" + uses: ./.github/workflows/build-image.yaml + with: + image_name: ${{ matrix.image_name }} + containerfile: ./Containerfile + context: . + extra_tags: | + ${{ matrix.fedora_version }} + build_args: | + FEDORA_VERSION=${{ matrix.fedora_version }} + IMAGE_FLAVOR=${{ matrix.image_flavor }} nvidia: - name: NVIDIA Image - runs-on: ubuntu-latest + name: NVIDIA Images needs: [akmods, base] + permissions: + contents: read + id-token: write + packages: write + strategy: fail-fast: false matrix: include: - - image_name: getchblue-nvidia + - image_flavor: getchblue fedora_version: 39 - image_flavor: getchblue nvidia_version: 535 - permissions: - contents: read - id-token: write - packages: write - - steps: - - uses: actions/checkout@v4 - - - name: Extract metadata - id: metadata - uses: docker/metadata-action@v5 - with: - images: | - ${{ matrix.image_name }} - tags: | - type=sha - type=ref,event=branch - type=ref,event=pr - type=schedule,pattern={{date 'YYYYMMDD'}} - - - name: Generate extra tags - id: extra-tags - env: - IMAGE_NAME: ${{ matrix.image_name }} - FEDORA_VERSION: ${{ matrix.fedora_version }} - NVIDIA_VERSION: ${{ matrix.nvidia_version }} - run: | - timestamp="$(date +%Y%m%d)" - tag="$IMAGE_NAME:$FEDORA_VERSION-$NVIDIA_VERSION" - tags=("$tag" "$tag-$timestamp") - echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT" - - - name: Build image - id: build - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./nvidia/Containerfile - image: ${{ matrix.image_name }} - context: ./nvidia - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ steps.extra-tags.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - build-args: | - FEDORA_VERSION=${{ matrix.fedora_version }} - IMAGE_FLAVOR=${{ matrix.image_flavor }} - - - name: Push to registry - id: push - if: github.event_name != 'pull_request' - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build.outputs.image }} - tags: ${{ steps.build.outputs.tags }} - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - extra-args: | - --disable-content-trust - - - name: Login to registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Install cosign - if: github.event_name == 'pull_request' - uses: sigstore/cosign-installer@v3 - - - name: Sign image - if: github.event_name == 'pull_request' - env: - DIGEST: ${{ steps.push.outputs.digest }} - TAGS: ${{ steps.build.outputs.tags }} - run: | - images=() - for tag in "${TAGS[@]}"; do - images+=("$tag@$DIGEST") - done - cosign sign --yes "${images[@]}" + uses: ./.github/workflows/build-image.yaml + with: + image_name: ${{ matrix.image_flavor }}-nvidia + containerfile: ./nvidia/Containerfile + context: ./nvidia + extra_tags: | + ${{ matrix.fedora_version }}-${{ matrix.nvidia_version }} + build_args: | + FEDORA_VERSION=${{ matrix.fedora_version }} + IMAGE_FLAVOR=${{ matrix.image_flavor }} + NVIDIA_VERSION=${{ matrix.nvidia_version }} |