Xfeature #15662
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build arm64 Image | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| push: | |
| branches: | |
| - master | |
| - release-* | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| env: | |
| GO_VERSION: '' | |
| jobs: | |
| build-kube-ovn-base: | |
| name: Build kube-ovn-base | |
| runs-on: ubuntu-24.04-arm | |
| outputs: | |
| build-base: ${{ steps.check.outputs.build-base }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - id: check | |
| run: | | |
| if [ ${{ github.event_name }} != 'pull_request' ]; then | |
| exit | |
| fi | |
| tmp_dir=`mktemp -d` | |
| cat > "$tmp_dir/on_changes.txt" <<EOF | |
| dist/images/Dockerfile.base | |
| dist/images/OpenBFDD-compile.patch | |
| dist/images/go-deps/download-go-deps.sh | |
| dist/images/go-deps/rebuild-go-deps.sh | |
| EOF | |
| if git diff --name-only HEAD^ HEAD | grep -Ff "$tmp_dir/on_changes.txt"; then | |
| echo build-base=1 >> "$GITHUB_OUTPUT" | |
| fi | |
| rm -frv "$tmp_dir" | |
| - uses: jlumbroso/free-disk-space@v1.3.1 | |
| if: steps.check.outputs.build-base == 1 | |
| with: | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| docker-images: false | |
| large-packages: false | |
| tool-cache: false | |
| swap-storage: false | |
| - uses: docker/setup-buildx-action@v3 | |
| if: steps.check.outputs.build-base == 1 | |
| - uses: actions/setup-go@v5 | |
| if: steps.check.outputs.build-base == 1 | |
| id: setup-go | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Build kube-ovn-base image | |
| id: build | |
| if: steps.check.outputs.build-base == 1 | |
| env: | |
| GO_VERSION: ${{ steps.setup-go.outputs.go-version }} | |
| run: | | |
| make base-arm64 | |
| make base-tar-arm64 | |
| - name: Upload base images to artifact | |
| if: steps.check.outputs.build-base == 1 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kube-ovn-base | |
| path: image-arm64.tar | |
| build: | |
| name: Build arm64 | |
| runs-on: ubuntu-24.04-arm | |
| needs: | |
| - build-kube-ovn-base | |
| steps: | |
| - uses: actions/checkout@v4 | |
| id: checkout | |
| with: | |
| ref: ${{ github.head_ref || github.ref }} | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION || '' }} | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache: false | |
| - name: Setup environment variables | |
| run: | | |
| echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV" | |
| echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
| - name: Go Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64- | |
| - name: Download base images | |
| if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kube-ovn-base | |
| - name: Load base images | |
| if: needs.build-kube-ovn-base.outputs.build-base == 1 | |
| run: | | |
| docker load --input image-arm64.tar | |
| docker tag kubeovn/kube-ovn-base:$TAG-arm64 kubeovn/kube-ovn-base:$TAG | |
| docker tag kubeovn/kube-ovn-base:$TAG-debug-arm64 kubeovn/kube-ovn-base:$TAG-debug | |
| - name: Scan base image | |
| uses: aquasecurity/trivy-action@0.31.0 | |
| env: | |
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
| with: | |
| scan-type: image | |
| scanners: vuln | |
| image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }} | |
| format: json | |
| output: trivy-result.json | |
| ignore-unfixed: true | |
| trivyignores: .trivyignore | |
| vuln-type: library | |
| - name: Build kubectl and CNI plugins from source | |
| env: | |
| CGO_ENABLED: "0" | |
| GO_INSTALL: "go install -v -mod=mod -trimpath" | |
| run: | | |
| cat trivy-result.json | |
| dockerfile=${{ github.workspace }}/dist/images/Dockerfile | |
| cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins` | |
| cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'" | |
| jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do | |
| bin=`basename $f` | |
| go_bin_dir=`go env GOPATH`/bin | |
| case $bin in | |
| loopback|macvlan) | |
| echo "Building $bin@$cni_plugins_version from source..." | |
| sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version" | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
| ;; | |
| portmap) | |
| echo "Building $bin@$cni_plugins_version from source..." | |
| sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version" | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
| ;; | |
| kubectl) | |
| go mod tidy | |
| version=`go list -m -f '{{.Version}}' k8s.io/kubernetes` | |
| mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes` | |
| source "$mod_dir/hack/lib/util.sh" | |
| source "$mod_dir/hack/lib/logging.sh" | |
| source "$mod_dir/hack/lib/version.sh" | |
| repo=kubernetes/kubernetes | |
| commit=unknown | |
| read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" | | |
| jq -r '.object.type,.object.sha')) | |
| if [ $type = "commit" ]; then | |
| commit=$tag_sha | |
| else | |
| commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha') | |
| fi | |
| export KUBE_GIT_COMMIT="${commit}" | |
| export KUBE_GIT_TREE_STATE='clean' | |
| export KUBE_GIT_VERSION="${version}" | |
| export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'` | |
| export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2` | |
| goldflags="all=$(kube::version::ldflags) -s -w" | |
| echo "Building $bin@$version from source..." | |
| $GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl | |
| echo "COPY $bin /$f" >> "$dockerfile" | |
| cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
| ;; | |
| *) | |
| ;; | |
| esac | |
| done | |
| - name: Build | |
| run: | | |
| if [ ${{ needs.build-kube-ovn-base.outputs.build-base || 0 }} = 1 ]; then | |
| make build-kube-ovn-arm64 | |
| else | |
| make image-kube-ovn-arm64 | |
| fi | |
| make image-vpc-nat-gateway | |
| - name: Push | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| COMMIT: ${{ steps.checkout.outputs.commit }} | |
| run: | | |
| TAG=$(cat VERSION) | |
| COMMIT=${COMMIT:0:9} | |
| echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
| docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-$COMMIT-arm64 | |
| docker tag kubeovn/kube-ovn:$TAG-debug kubeovn/kube-ovn:$TAG-$COMMIT-debug-arm64 | |
| docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-$COMMIT-arm64 | |
| docker images | |
| docker push kubeovn/kube-ovn:$TAG-$COMMIT-arm64 | |
| docker push kubeovn/kube-ovn:$TAG-$COMMIT-debug-arm64 | |
| docker push kubeovn/vpc-nat-gateway:$TAG-$COMMIT-arm64 |