Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a base multi-arch container image build and GH Actions #351

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add a base container image
  • Loading branch information
rpsene committed Dec 10, 2024
commit cf9b3490e6ab66ece42ba46712a11eb668d03219
50 changes: 50 additions & 0 deletions .github/workflows/base_container_img.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Container Img Weekly Build and Release

on:
schedule:
# This will run every week at 00:00 UTC on Monday
- cron: "0 0 * * 1"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment on tag/packages: if we stick with the current scheme, we only need to build this when bin/.container_tag changes.

workflow_dispatch:

jobs:
build-and-push-docker-image:
name: Container Img Weekly Build and Release
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get the current date
id: current_date
run: echo "name=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"

- name: Build image and push to Docker Hub
uses: docker/build-push-action@v6
with:
context: .
file: ./infrastructure/base-container-img
platforms: linux/amd64,linux/arm64
tags: |
riscvintl/udb:${{ github.sha }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file bin/.container_tag has the current version of the container. It's supposed to increment whenever the container changes. Can we use that as the tag instead of the commit SHA?

riscvintl/udb:latest
push: ${{ github.event_name != 'pull_request' }}

- name: Set short SHA
run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> "$GITHUB_ENV"

- name: Get current date
run: echo "CURRENT_DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV"
39 changes: 39 additions & 0 deletions infrastructure/base-container-img
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive
ENV DEVCONTAINER_ENV=1
ENV BUNDLE_PATH=/usr/local/bundle
ENV BUNDLE_APP_CONFIG=/usr/local/bundle

# Set working directory
WORKDIR /workspace

# Install dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git \
gh \
less \
python3 \
python3.12-venv \
python3-pip \
build-essential \
ruby \
ruby-dev \
bundler \
nodejs \
npm \
ditaa && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

# Copy and install Ruby dependencies
COPY Gemfile Gemfile.lock ./
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've been installing the Ruby/Node/Python packages on the host (under ${UDB_ROOT}/.home/.gems, ${UDB_ROOT}/node_modules, and ${UDB_ROOT}/.home/.venv, respectively). We then make sure that the UDB_ROOT is bound in the container. The thought was that it would (a) keep the container smaller, and (b) make it easier to add packages as we go (most additions won't need a container rebuild). You can see how all this gets set up in bin/setup (which is implicitly called any time you execute a program under bin/ or the top-level do script).

Is there a reason that we should be including them in the container instead?

RUN bundle install

# Copy and install Node.js dependencies
COPY package.json package-lock.json ./
RUN npm ci

# Final working directory
WORKDIR /workspace
Loading