Skip to content
Build and test FreeIPA containers

Run builds on both ubuntu-24.04 and ...-arm. #1

Sign in to view logs

Run builds on both ubuntu-24.04 and ...-arm.

Run builds on both ubuntu-24.04 and ...-arm. #1

Workflow file for this run

.github/workflows/build-test.yaml at 6657ac5
name: Build and test FreeIPA containers
on:
push:
pull_request:
workflow_dispatch:
schedule:
- cron: '15 4 * * 1,3,5'
jobs:
build:
name: Build image
runs-on: ${{ matrix.runs-on }}
strategy:
fail-fast: false
matrix:
runs-on: [ ubuntu-24.04, ubuntu-24.04-arm ]
os: [ fedora-rawhide, fedora-41, fedora-40, centos-9-stream, rocky-9, rocky-8, almalinux-9, almalinux-8 ]
docker: [ docker ]
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- name: Separate git work tree with just the files needed for build
run: git worktree add --no-checkout ../minimize-for-build
- name: Populate with the Dockerfile
run: cd ../minimize-for-build && git checkout HEAD Dockerfile.${{ matrix.os }}
- name: Populate with files referenced from the Dockerfile
run: cd ../minimize-for-build && awk '/^(ADD|COPY)/ { for (i = 2; i < NF; i++) print $i }' Dockerfile.${{ matrix.os }} | while read f ; do git checkout HEAD $f ; done
- name: Ensure docker images sees the named parent image
run: awk '$1 == "FROM" { print $2 ; exit }' ../minimize-for-build/Dockerfile.${{ matrix.os }} | xargs ${{ matrix.docker }} pull
- name: Build image
run: ${{ matrix.docker }} build -t localhost/freeipa-server:${{ matrix.os }} -f Dockerfile.${{ matrix.os }} ../minimize-for-build
- name: Label the built image
run: docker="${{ matrix.docker }}" ./ci/label-image.sh Dockerfile.${{ matrix.os }} localhost/freeipa-server:${{ matrix.os }} $( cd ../minimize-for-build && git write-tree ) "${{ github.server_url }}/${{ github.repository }}" "actions/runs/${{ github.run_id }}"
- name: File issue if building image failed
if: ${{ failure() && github.event_name == 'schedule' }}
run: |
curl -s '${{ github.api_url }}/repos/${{ github.repository }}/issues?labels=image-build-fail' | jq -r '.[0].state' | grep open \
|| curl -s -X POST \
--url ${{ github.api_url }}/repos/${{ github.repository }}/issues \
-H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
-H 'Accept: application/vnd.github.v3+json' \
-d '{
"title": "Image build for ${{ matrix.os }} failed on '$( date -I )'",
"body": "This issue was automatically created by GitHub Action\n\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}.\n",
"labels": ["image-build-fail" ]
}'
- name: Create directory for artifacts
run: mkdir freeipa-server-${{ matrix.os }}
- name: Save image
run: ${{ matrix.docker }} save localhost/freeipa-server:${{ matrix.os }} | gzip > freeipa-server-${{ matrix.os }}/freeipa-server-${{ matrix.os }}.tar.gz
- uses: actions/upload-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
path: freeipa-server-${{ matrix.os }}
retention-days: 1
- name: Check resulting labels
run: |
skopeo inspect docker-archive:freeipa-server-${{ matrix.os }}/freeipa-server-${{ matrix.os }}.tar.gz | jq '.Labels'
diff -u <( skopeo inspect docker://quay.io/freeipa/freeipa-server:${{ matrix.os }} | jq '.Labels' ) <( skopeo inspect docker-archive:freeipa-server-${{ matrix.os }}/freeipa-server-${{ matrix.os }}.tar.gz | jq '.Labels' ) || true
shell: bash
test-docker:
name: Run with docker
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-41
- os: fedora-41
readonly: --read-only
volume: freeipa-data
- os: fedora-41
readonly: --read-only
- os: fedora-rawhide
- os: fedora-rawhide
readonly: --read-only
ca: --external-ca
volume: freeipa-data
- os: centos-9-stream
- os: centos-9-stream
readonly: --read-only
volume: freeipa-data
- os: centos-9-stream
readonly: --read-only
ca: --external-ca
os: [ fedora-40, almalinux-9, rocky-8 ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: ./.github/actions/docker-cgroups-ubuntu-22
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
- run: docker volume create ${{ matrix.volume }}
if: ${{ matrix.volume }} == freeipa-data
- name: Run master and replica
run: readonly=${{ matrix.readonly }} ca=${{ matrix.ca }} VOLUME=${{ matrix.volume }} seccomp=${{ matrix.seccomp }} replica=${{ matrix.replica }} tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
- name: Show package difference
if: ${{ failure() }}
run: diff -U 0 <( docker run --rm --entrypoint rpm quay.io/freeipa/freeipa-server:${{ matrix.os }} -qa | sort ) <( docker run --rm --entrypoint rpm localhost/freeipa-server:${{ matrix.os }} -qa | sort ) || true
- name: Run partial tests
if: ${{ failure() }}
run: tests/run-partial-tests.sh Dockerfile.${{ matrix.os }}
test-rootless-docker:
name: Run with rootless docker
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-rawhide
readonly: --read-only
- os: fedora-41
readonly: --read-only
volume: freeipa-data
- os: rocky-9
readonly: --read-only
- os: almalinux-8
readonly: --read-only
volume: freeipa-data
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- run: sudo systemctl disable --now docker.service docker.socket
- run: |
cat <<EOT | sudo tee "/etc/apparmor.d/home.runner.bin.rootlesskit"
# ref: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
abi <abi/4.0>,
include <tunables/global>
/home/runner/bin/rootlesskit flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/home.runner.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service
- run: curl -fsSL https://get.docker.com/rootless | FORCE_ROOTLESS_INSTALL=1 sh
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
- run: docker volume create ${{ matrix.volume }}
if: ${{ matrix.volume }} == freeipa-data
- name: Run master and replica
run: readonly=${{ matrix.readonly }} ca=${{ matrix.ca }} VOLUME=${{ matrix.volume }} seccomp=${{ matrix.seccomp }} replica=${{ matrix.replica }} tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
- name: Run partial tests
if: ${{ failure() }}
run: tests/run-partial-tests.sh Dockerfile.${{ matrix.os }}
test-podman:
name: Run with sudo podman 4
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
os: [ fedora-41, centos-9-stream ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | sudo podman load
- name: Run master and replica
run: docker='sudo podman' tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
- name: Run partial tests
if: ${{ failure() }}
run: docker='sudo podman' tests/run-partial-tests.sh Dockerfile.${{ matrix.os }}
test-rootless-podman:
name: Run with rootless podman 4
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-41
readonly: --read-only
volume: freeipa-data
- os: almalinux-9
readonly: --read-only
volume: freeipa-data
- os: rocky-8
readonly: --read-only
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | podman load
- run: podman volume create ${{ matrix.volume }}
if: ${{ matrix.volume }} == freeipa-data
- name: Run master and replica
run: docker=podman VOLUME=${{ matrix.volume }} tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
- name: Run partial tests
if: ${{ failure() }}
run: docker=podman tests/run-partial-tests.sh Dockerfile.${{ matrix.os }}
test-rootless-podman-22-04:
name: Run with rootless podman 4 on Ubuntu 22.04
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-rawhide
readonly: --read-only
volume: freeipa-data
- os: almalinux-8
readonly: --read-only
volume: freeipa-data
- os: rocky-9
readonly: --read-only
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Install podman 4.*
uses: ./.github/actions/install-podman-4
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | podman load
- run: podman volume create ${{ matrix.volume }}
if: ${{ matrix.volume }} == freeipa-data
- name: Run master and replica
run: docker=podman VOLUME=${{ matrix.volume }} tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
- name: Run partial tests
if: ${{ failure() }}
run: docker=podman tests/run-partial-tests.sh Dockerfile.${{ matrix.os }}
test-upgrade:
name: Upgrade from older version or build
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-rawhide
data-from: fedora-41
- os: fedora-41
data-from: fedora-41
- os: fedora-41
data-from: fedora-40
- os: fedora-40
data-from: fedora-39
- os: rocky-8
data-from: centos-8-certs-updated-data
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: ./.github/actions/docker-cgroups-ubuntu-22
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
- name: Populate volume with data
run: docker volume create loaded-data && docker create --name loaded-data -v loaded-data:/data:z quay.io/freeipa/freeipa-server:data-${{ matrix.data-from }} noop && mkdir /tmp/freeipa-data && docker run --security-opt label=disable --volumes-from loaded-data -v /tmp/freeipa-data:/data-out:z --rm docker.io/library/busybox sh -c 'cd /data && cp -a . /data-out'
- name: Run master and replica
run: VOLUME=/tmp/freeipa-data tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
test-upgrade-podman:
name: Upgrade from older version with podman 4
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
include:
- os: fedora-41
data-from: fedora-40
- os: almalinux-8
data-from: centos-8-certs-updated-data
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | podman load
- name: Populate volume with data
run: podman volume create loaded-data && podman run --name loaded-data -v loaded-data:/data:z quay.io/freeipa/freeipa-server:data-${{ matrix.data-from }} noop || true
- name: Copy the content of the volume to directory
run: mkdir /tmp/freeipa-data && podman run --volumes-from loaded-data -v /tmp/freeipa-data:/data-out:z --rm docker.io/library/busybox sh -c 'cd /data && cp -a . /data-out'
- name: Run master and replica
run: docker=podman VOLUME=/tmp/freeipa-data tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}
test-k3s:
name: Run with K3s with docker
runs-on: ${{ matrix.runs-on }}
needs: [ build ]
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
os: [ fedora-rawhide, fedora-41, rocky-9, almalinux-8, centos-9-stream ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- uses: ./.github/actions/docker-cgroups-ubuntu-22
- uses: actions/download-artifact@v4
with:
name: freeipa-server-${{ matrix.os }}
- name: Load image
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
- name: Run K3s and master in it
run: tests/run-master-in-k3s.sh localhost/freeipa-server:${{ matrix.os }}
test-subscription:
# Workaround https://github.com/actions/runner/issues/1138
name: Prerequisite for RHEL builds
runs-on: ubuntu-latest
timeout-minutes: 1
outputs:
has_rhel_subscriptions: ${{ steps.check.outputs.has_rhel_subscriptions }}
steps:
- id: check
run: |
if [ -n "${{ secrets.REDHAT_ORG }}" -a -n "${{ secrets.REDHAT_ACTIVATIONKEY }}" ] ; then
echo "has_rhel_subscriptions=1" >> $GITHUB_OUTPUT
fi
build-test-rhel-podman:
name: Build and test RHEL image
runs-on: ${{ matrix.runs-on }}
needs: [ test-subscription ]
if: needs.test-subscription.outputs.has_rhel_subscriptions == 1
strategy:
fail-fast: false
matrix:
runs-on: [ubuntu-24.04, ubuntu-24.04-arm]
os: [ rhel-9, rhel-8 ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install-podman-arm
if: matrix.runs-on == 'ubuntu-24.04-arm'
- name: For RHEL builds, use entitlements
uses: ./.github/actions/podman-entitlement
with:
org: ${{ secrets.REDHAT_ORG }}
activationkey: ${{ secrets.REDHAT_ACTIVATIONKEY }}
- name: Build image
run: podman build -t localhost/freeipa-server:${{ matrix.os }} -f Dockerfile.${{ matrix.os }} .
- name: Run master
run: docker=podman tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }}