sceptre-phenix-images/.github/workflows/image-build.yml at 91299552ee2365231692b09ad43f8da67a897bfc · cmulk/sceptre-phenix-images · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: image-build

# Controls when the workflow will run
on:
  # Trigger on push or pull request to main branch
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  # Allow manual run from Actions tab
  workflow_dispatch:
  # Scheduled run every Wednesday at 11:11 UTC
  schedule:
    - cron: "11 11 * * WED"

jobs:
  # Job: Save minicc and minirouter as artifacts for later use in image builds
  get-miniccc:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/sandialabs/sceptre-phenix/minimega:main
    steps:
      # Upload binaries as artifact named 'miniexes'
      - name: upload miniccc and minirouter
        uses: actions/upload-artifact@v4
        with:
          name: miniexes
          path: |
            /opt/minimega/bin/miniccc
            /opt/minimega/bin/minirouter

  # Job: Build the bennu image using the phenix image builder
  build-bennu:
    needs: get-miniccc
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/sandialabs/sceptre-phenix/phenix:31ce034
      options: --privileged # needed for kernel device-mapper permissions

    steps:
      # Install oras CLI for pushing images to OCI registries
      - name: oras install
        uses: oras-project/setup-oras@v1
      # Checkout repository code
      - uses: actions/checkout@v4
      # Download miniexes artifact (miniccc and minirouter)
      - name: get miniexes
        uses: actions/download-artifact@v4.1.8
        with:
          name: miniexes

      # Add the miniccc binary to the overlay for image build
      # The systemd service is already included in base scripts
      - name: add miniccc
        run: |
          mkdir -p ./overlays/miniccc/opt/minimega/bin
          cp ./miniccc ./overlays/miniccc/opt/minimega/bin
          chmod +x ./overlays/miniccc/opt/minimega/bin/miniccc

      # Build the bennu image using phenix
      - name: bennu image build
        run: |
          phenix version
          mkdir ./out
          phenix image create -O ./overlays/bennu,./overlays/brash,./overlays/miniccc -T ./scripts/aptly,./scripts/bennu --format qcow2 --release jammy -c bennu --size 10G
          phenix image build bennu -o ./out -x

      # Optionally upload bennu.qc2 as artifact (currently commented out)
      # - name: upload qc2
      #   uses: actions/upload-artifact@v4
      #   with:
      #     name: bennu.qc2
      #     path: ./out/bennu.qc2

      # Publish the built image to GitHub Container Registry using oras
      - name: publish package with oras
        # Only push package if on the default branch (e.g., main)
        if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
        run: |
          cd ./out
          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
          oras push "ghcr.io/${{ github.repository }}/bennu.qc2:${GITHUB_SHA:0:7}" bennu.qc2

  # Job: Build the ubuntu image using the phenix image builder
  build-ubuntu:
    needs: get-miniccc
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/sandialabs/sceptre-phenix/phenix:31ce034
      options: --privileged # needed for kernel device-mapper permissions

    steps:
      # Install oras CLI
      - name: oras install
        uses: oras-project/setup-oras@v1
      # Checkout repository code
      - uses: actions/checkout@v4
      # Download miniexes artifact
      - name: get miniexes
        uses: actions/download-artifact@v4.1.8
        with:
          name: miniexes

      # Add the miniccc binary to the overlay for image build
      - name: add miniccc
        run: |
          mkdir -p ./overlays/miniccc/opt/minimega/bin
          cp ./miniccc ./overlays/miniccc/opt/minimega/bin
          chmod +x ./overlays/miniccc/opt/minimega/bin/miniccc

      # Build the ubuntu image using phenix
      - name: ubuntu image build
        run: |
          phenix version
          mkdir ./out
          phenix image create -O ./overlays/miniccc -T ./scripts/ubuntu,./scripts/ubuntu-user --format qcow2 --release noble -c ubuntu --size 10G
          phenix image build ubuntu -o ./out -x

      # Optionally upload ubuntu.qc2 as artifact (currently commented out)
      # - name: upload qc2
      #   uses: actions/upload-artifact@v4
      #   with:
      #     name: ubuntu.qc2
      #     path: ./out/ubuntu.qc2

      # Publish the built image to GitHub Container Registry using oras
      - name: publish package with oras
        # Only push package if on the default branch (e.g., main)
        if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
        run: |
          cd ./out
          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
          oras push "ghcr.io/${{ github.repository }}/ubuntu.qc2:${GITHUB_SHA:0:7}" ubuntu.qc2

  # Job: Tag and release images after successful builds
  release:
    # Only run on main branch for scheduled or manual workflow_dispatch events
    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
    needs:
      - build-bennu
      - build-ubuntu
    runs-on: ubuntu-latest
    steps:
      # Get current date for tagging
      - name: Get current date
        id: date
        run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
      # Download built images from artifacts (if uploaded)
      # Not needed with oras push, but kept for reference
      # - name: get images from artifacts
      #   uses: actions/download-artifact@v4.1.8
      #   with:
      #     pattern: "*.qc2"
      #     path: ./images
      #     merge-multiple: true

      # Install oras CLI
      - name: oras install
        uses: oras-project/setup-oras@v1

      # Tag images in the registry with 'latest' and date-based tags
      - name: tag images with date and latest
        run: |
          oras version
          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
          oras tag ghcr.io/${{ github.repository }}/bennu.qc2:${GITHUB_SHA:0:7} latest ${{ steps.date.outputs.date }}
          oras tag ghcr.io/${{ github.repository }}/ubuntu.qc2:${GITHUB_SHA:0:7} latest ${{ steps.date.outputs.date }}

      # Create a GitHub release with notes and usage instructions
      - name: create release
        uses: ncipollo/release-action@v1.15.0
        with:
          name: release-${{ steps.date.outputs.date }}
          body: |
            Images can be downloaded from the registry using the oras client: https://oras.land/docs/installation
            e.g.:
            ```
            oras pull ghcr.io/${{ github.repository }}/bennu.qc2:latest
            ```
            You can view the available image builds from the [Package List](https://github.com/orgs/${{ github.repository_owner }}/packages?repo_name=${{ github.event.repository.name }})

          tag: release-${{ steps.date.outputs.date }}
          commit: main
          generateReleaseNotes: true
          makeLatest: true