Skip to content

Release or update docker image for a released mbed-os version #175

Release or update docker image for a released mbed-os version

Release or update docker image for a released mbed-os version #175

name: Release or update docker image for a released mbed-os version
# Design doc: https://github.com/ARMmbed/mbed-os/blob/master/docs/design-documents/docker_management
on:
push:
tags:
- mbed-os-6.[0-9]+.[0-9]+
schedule:
- cron: '15 4 * * 6'
workflow_dispatch:
inputs:
mbed_os_release_version:
description: 'mbed-os release version for which you want to update docker image.'
required: true
jobs:
# this job finds the necessary tags to be applied to docker image
prepare-tags:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
-
# if manually triggered makes sure that input tag exists on the branch selected
# this is to avoid silly mistakes, for example: mbed-os-7.0.16-latest docker image
# getting released on mbed-os-6 branch
if: ${{ github.event_name == 'workflow_dispatch' }}
name: Sanity check tag of manual trigger
shell: bash
run: |
if [ -z $(git tag --merged ${GITHUB_REF} ${{ github.event.inputs.mbed_os_release_version }}) ]; then
echo "Check the tag name ${{ github.event.inputs.mbed_os_release_version }} is not found on branch ${GITHUB_REF}"
exit 1
fi
-
name: Set UUID
id: generate-uuid
uses: filipstefansson/uuid-action@v1
-
# set docker tags we are building, and intending to release
# this workflow can be executed when a tag is pushed, scheduled, or manual trigger
# depending on the trigger cache source and version of mbed-os will change
#
# when trigger is due to tag pushed (ie, a new mbed-os release is made),
# we are targeting to build docker image for the tag
# when trigger is manual
# we are targeting to build docker image for the input tag in workflow
# when trigger is scheduled
# we are targeting to build docker image for the last tag on the branch
name: Get build information
shell: bash
run: |
mkdir -p build_info
date=$(date +"%Y.%m.%dT%H.%M.%S")
if [ "push" == "${{github.event_name}}" ];then
version=${GITHUB_REF#refs/tags/}
elif [ "workflow_dispatch" == "${{github.event_name}}" ];then
version=${{ github.event.inputs.mbed_os_release_version }}
else
version=`git describe --tags --abbrev=0 --match mbed-os-[0-9]*.[0-9]*.[0-9]*`
fi
echo dev-${version}-${date}-${version} > build_info/dev_tag
echo ${version}-${date} > build_info/prod_tag_dated
echo ${version} > build_info/mbed_os_version
echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]' > build_info/repository_owner
-
name: Archive information
uses: actions/upload-artifact@v2
with:
name: build-info
path: build_info
build-container:
runs-on: ubuntu-latest
needs: prepare-tags
outputs:
DEV_DIGEST: ${{ steps.docker_info_dev.outputs.DIGEST }}
PROD_DIGEST: ${{ steps.docker_info_prod.outputs.DIGEST }}
REPO_FILE_CHECK: ${{steps.repo_status.outcome}}
steps:
-
name: unarchive artefacts
uses: actions/download-artifact@v2
with:
name: build-info
# DOCKER_DEV_TAG is temporary image name.
# DOCKER_PROD_TAG_DATED is fixed tag
# prod-tag-latest could be used by customers, CI etc for keeping up to date
-
name: Get build info from archive
shell: bash
id: build_info
run: |
value=`cat dev_tag`
echo "TAG is $value"
echo "DOCKER_DEV_TAG=$value" >> "$GITHUB_OUTPUT"
value=`cat prod_tag_dated`
echo "TAG is $value"
echo "DOCKER_PROD_TAG_DATED=$value" >> "$GITHUB_OUTPUT"
value=`cat mbed_os_version`
echo "MBED_OS_VERSION=$value" >> "$GITHUB_OUTPUT"
value=`cat repository_owner`
echo "REPO_OWNER=$value" >> "$GITHUB_OUTPUT"
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Login to ghcr.io
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@v3
with:
ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
# if we are trying to build docker image for an earlier version of mbed-os, either scheduled
# or manually, dockerfile will not exist. Then, skip the workflow
-
name: Skip the workflow if Dockerfile doesn't exist
id: repo_status
run: |
if [ ! -f "./docker_images/mbed-os-env/Dockerfile" ]; then
echo "Dockerfile doesn't in this repo."
exit 1
fi
continue-on-error: true
-
name: Build docker containers
if: steps.repo_status.outcome == 'success'
uses: docker/build-push-action@v2
id: docker_build_dev
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
file: ./docker_images/mbed-os-env/Dockerfile
tags: ghcr.io/${{ steps.build_info.outputs.REPO_OWNER }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
test-container:
runs-on: ubuntu-latest
needs: build-container
if: needs.build-container.outputs.REPO_FILE_CHECK=='success'
strategy:
matrix:
platform: [linux/amd64, linux/arm64]
steps:
-
name: unarchive artefacts
uses: actions/download-artifact@v2
with:
name: build-info
-
name: Get build info from archive
shell: bash
id: build_info
run: |
value=`cat dev_tag`
echo "TAG is $value"
echo "DOCKER_DEV_TAG=$value" >> "$GITHUB_OUTPUT"
value=`cat prod_tag_dated`
echo "TAG is $value"
echo "DOCKER_PROD_TAG_DATED=$value" >> "$GITHUB_OUTPUT"
value=`cat mbed_os_version`
echo "MBED_OS_VERSION=$value" >> "$GITHUB_OUTPUT"
value=`cat repository_owner`
echo "REPO_OWNER=$value" >> "$GITHUB_OUTPUT"
# as the dev images are created only for master branch, run test against
# development branch of blinky
-
name: Checkout example blinky
uses: actions/checkout@v3
with:
repository: ARMmbed/mbed-os-example-blinky
path: mbed-os-example-blinky
fetch-depth: 0
-
name: update the example application version to test against correct version
# When mbed-os tag is applied, and workflow is triggered to build RELEASE image, example application with same tag will be available yet.
# use release candidate branch to test the image in that case.
# When RELEASE image is passively checked, tag should be available in example application repo, then use it.
shell: bash
id: example_app_info
run: |
cd mbed-os-example-blinky
EXAMPLE_VERSION="release_candidate"
MBED_OS_VERSION=${{ steps.build_info.outputs.MBED_OS_VERSION }}
# if tag is present in example repo, use the tag
if git rev-parse "$MBED_OS_VERSION" >/dev/null 2>&1; then
EXAMPLE_VERSION=$MBED_OS_VERSION
fi
git checkout ${EXAMPLE_VERSION}
-
name: Checkout
uses: actions/checkout@v3
with:
ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
path: mbed-os-example-blinky/mbed-os
-
name: Find DEV DOCKER DIGEST
id: docker_info
run: |
cd mbed-os-example-blinky/mbed-os
DIGEST=$(python ./.github/workflows/ci_scripts/ghcr_utils.py -u ${{ steps.build_info.outputs.REPO_OWNER }} -p ${{ secrets.GITHUB_TOKEN }} get-digest -r mbed-os-env-tmp -t ${{ steps.build_info.outputs.DOCKER_DEV_TAG }} -p ${{ matrix.platform }} )
echo "DIGEST=$DIGEST" >> "$GITHUB_OUTPUT"
echo "Docker DIGEST: $DIGEST"
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: test the container
id: test
uses: addnab/docker-run-action@v3
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
options: -v ${{ github.workspace }}:/work -w=/work
image: ghcr.io/${{ steps.build_info.outputs.REPO_OWNER }}/mbed-os-env-tmp@${{ steps.docker_info.outputs.DIGEST }}
shell: bash
run: |
uname -m
cd mbed-os-example-blinky
# build using CLI1
mbed compile -m K64F -t GCC_ARM
# build using CLI2
mbed-tools compile -m K64F -t GCC_ARM
deploy-container:
runs-on: ubuntu-latest
needs: test-container
steps:
-
name: unarchive artefacts
uses: actions/download-artifact@v2
with:
name: build-info
-
name: Get build info from archive
shell: bash
id: build_info
run: |
value=`cat dev_tag`
echo "DEV TAG is $value"
echo "DOCKER_DEV_TAG=$value" >> "$GITHUB_OUTPUT"
value=`cat prod_tag_dated`
echo "DATED PROD TAG is $value"
echo "DOCKER_PROD_TAG_DATED=$value" >> "$GITHUB_OUTPUT"
value=`cat mbed_os_version`
echo "MBED OS VERSION is $value"
echo "MBED_OS_VERSION=$value" >> "$GITHUB_OUTPUT"
value=`cat repository_owner`
echo "REPO_OWNER=$value" >> "$GITHUB_OUTPUT"
-
name: copy dev tag to prod tags
run: |
set -x
echo ${{ needs.test-container.result }}
REPO_OWNER=${{ steps.build_info.outputs.REPO_OWNER }}
upto_patch_version=${{ steps.build_info.outputs.MBED_OS_VERSION }}-latest
upto_min_version=${upto_patch_version%.[0-9]*}-latest
upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
docker run quay.io/skopeo/stable:v1.4.1 copy --src-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --all docker://ghcr.io/${REPO_OWNER}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} docker://ghcr.io/${REPO_OWNER}/mbed-os-env:${upto_patch_version}
docker run quay.io/skopeo/stable:v1.4.1 copy --src-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --all docker://ghcr.io/${REPO_OWNER}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} docker://ghcr.io/${REPO_OWNER}/mbed-os-env:${upto_min_version}
docker run quay.io/skopeo/stable:v1.4.1 copy --src-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --all docker://ghcr.io/${REPO_OWNER}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} docker://ghcr.io/${REPO_OWNER}/mbed-os-env:${upto_major_version}
# copy to fixed tag
docker run quay.io/skopeo/stable:v1.4.1 copy --src-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }} --all docker://ghcr.io/${REPO_OWNER}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} docker://ghcr.io/${REPO_OWNER}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}