More Amazon Q suggestions #19
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Spacktainers | |
on: [push] | |
jobs: | |
base-container-job: | |
runs-on: | |
- codebuild-spacktainers-${{ github.run_id }}-${{ github.run_attempt }} | |
- image:LINUX_CONTAINER-quay.io/buildah/stable:latest | |
steps: | |
- name: clone repo | |
uses: actions/checkout@v4 | |
- name: create builder | |
env: | |
AWS_REPO_URL: ${{ secrets.AWS_REPO_URL }} | |
AWS_BUILDER_REPO_URL: ${{ secrets.AWS_REPO_URL }}/spacktainers/builder | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
BUILDAH_EXTRA_ARGS: ( | |
'--label org.opencontainers.image.revision="$GITHUB_SHA"' | |
' --label org.opencontainers.image.authors="$GITHUB_TRIGGERING_ACTOR"' | |
' --label org.opencontainers.image.url="https://github.com/${GITHUB_REPOSITORY}"' | |
' --label org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"' | |
' --label ch.epfl.bbpgitlab.ci-pipeline-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"' | |
' --label ch.epfl.bbpgitlab.ci-commit-branch="$GITHUB_REF_NAME"' | |
'--build-arg SPACK_BRANCH=59179764d711a9a4e9e36b5b08a8587e2455a651') | |
# ' --label org.opencontainers.image.created="$CI_JOB_STARTED_AT"' | |
run: |- | |
echo "Creating builder" | |
yum install -y awscli | |
export STORAGE_DRIVER=vfs # allows to build inside containers without additional mounts | |
export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible | |
export REGISTRY_IMAGE_TAG=latest # for now | |
aws ecr get-login-password --region us-east-1 | buildah login --username AWS --password-stdin ${AWS_REPO_URL} | |
# This is written like that in case $BUILDAH_EXTRA_ARGS has args that require spaces, | |
# which is tricky with shell variable expansion. Similar to Kaniko, see also: | |
# https://github.com/GoogleContainerTools/kaniko/issues/1803 | |
export IFS='' | |
COMMAND="buildah bud --iidfile image_id ${BUILDAH_EXTRA_ARGS} builder" | |
eval "${COMMAND}" | |
# Sometimes buildah push fails on the first attempt | |
buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" || sleep 10; buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" | |
- name: create runtime | |
env: | |
AWS_REPO_URL: ${{ secrets.AWS_REPO_URL }} | |
AWS_BUILDER_REPO_URL: ${{ secrets.AWS_REPO_URL }}/spacktainers/runtime | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
BUILDAH_EXTRA_ARGS: ( | |
'--label org.opencontainers.image.revision="$GITHUB_SHA"' | |
' --label org.opencontainers.image.authors="$GITHUB_TRIGGERING_ACTOR"' | |
' --label org.opencontainers.image.url="https://github.com/${GITHUB_REPOSITORY}"' | |
' --label org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}"' | |
' --label ch.epfl.bbpgitlab.ci-pipeline-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"' | |
' --label ch.epfl.bbpgitlab.ci-commit-branch="$GITHUB_REF_NAME"' | |
'--build-arg SPACK_BRANCH=59179764d711a9a4e9e36b5b08a8587e2455a651') | |
# ' --label org.opencontainers.image.created="$CI_JOB_STARTED_AT"' | |
run: |- | |
# Holy code duplication, Batman! | |
echo "Creating runtime" | |
yum install -y awscli | |
export STORAGE_DRIVER=vfs # allows to build inside containers without additional mounts | |
export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible | |
export REGISTRY_IMAGE_TAG=latest # for now | |
aws ecr get-login-password --region us-east-1 | buildah login --username AWS --password-stdin ${AWS_REPO_URL} | |
# This is written like that in case $BUILDAH_EXTRA_ARGS has args that require spaces, | |
# which is tricky with shell variable expansion. Similar to Kaniko, see also: | |
# https://github.com/GoogleContainerTools/kaniko/issues/1803 | |
export IFS='' | |
COMMAND="buildah bud --iidfile image_id ${BUILDAH_EXTRA_ARGS} builder" | |
eval "${COMMAND}" | |
# Sometimes buildah push fails on the first attempt | |
buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" || sleep 10; buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" | |
spacktainer-build-job: | |
runs-on: | |
- codebuild-spacktainers-${{ github.run_id }}-${{ github.run_attempt }} | |
- image:ubuntu-6.0 | |
- instance-size:small | |
steps: | |
- name: configure-build-cache | |
env: | |
AWS_CACHE_ACCESS_KEY_ID: ${{ secrets.AWS_CACHE_ACCESS_KEY_ID }} | |
AWS_CACHE_SECRET_ACCESS_KEY: ${{ secrets.AWS_CACHE_SECRET_ACCESS_KEY }} | |
AWS_CACHE_BUCKET: ${{ secrets.AWS_CACHE_BUCKET }} | |
run: |- | |
echo "Configuring build cache" | |
/opt/spack/bin/spack config blame mirrors | |
/opt/spack/bin/spack mirror add --s3-access-key-id=${AWS_CACHE_ACCESS_KEY_ID} --s3-access-key-secret=${AWS_CACHE_SECRET_ACCESS_KEY} s3cache s3://${AWS_CACHE_BUCKET} | |
/opt/spack/bin/spack config blame mirrors | |
- name: second step | |
run: |- | |
/opt/spack/bin/spack config blame mirrors |