sceptre-phenix-images/.github/workflows/image-build.yml at 25c0856901ccaf2017bfe8619b2dc21f278950fb · xdnewlun1/sceptre-phenix-images · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: image-build

# Controls when the workflow will run
on:
  # Trigger on push or pull request to main branch
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  # Allow manual run from Actions tab
  workflow_dispatch:
  # Scheduled run every Wednesday at 11:11 UTC
  schedule:
    - cron: "11 11 * * WED"

jobs:
  # Job: Build images using the phenix image builder
  build-images:
    strategy:
      matrix:
        build:
          [
            bookworm,
            kali,
            kali-harmonie,
            jammy,
            noble,
            bennu,
            docker-hello-world,
            ntp,
            vyos,
            minirouter,
            ubuntu-soaptools,
            ot-sim
          ]
    runs-on: ubuntu-latest
    steps:
      # Checkout repository code
      - uses: actions/checkout@v4
      # Create slug var for branch ref suitiable for tags
      - uses: rlespinasse/github-slug-action@v5.2.0
      # Install oras CLI for pushing images to OCI registries
      - uses: oras-project/setup-oras@v1
      - uses: docker/setup-docker-action@v4
      - uses: docker/setup-compose-action@v1
      - name: install dependencies
        run: |
          sudo apt update
          sudo apt install -y qemu-utils guestfs-tools

      # Pull docker containers
      - name: pull docker containers
        run: |
          docker pull ghcr.io/sandialabs/sceptre-phenix/phenix:main
          docker pull ghcr.io/sandialabs/sceptre-phenix/minimega:main
          docker tag ghcr.io/sandialabs/sceptre-phenix/phenix:main phenix:latest
          docker tag ghcr.io/sandialabs/sceptre-phenix/minimega:main minimega:latest

      # Start docker containers
      - name: wget docker-compose.yml
        uses: wei/wget@v1
        with:
          args: https://raw.githubusercontent.com/sandialabs/sceptre-phenix/refs/heads/main/docker/docker-compose.yml
      - name: start docker containers
        run: |
          sed -i 's/\.\/tmp/\/tmp/g' docker-compose.yml
          sed -i '\|/tmp/phenix|a\      - ${{ github.workspace }}:/${{ github.workspace }}\n    working_dir: ${{ github.workspace }}' docker-compose.yml
          docker compose -f docker-compose.yml up -d phenix
          echo "Waiting for services to start..."
          sleep 5

      # Extract miniccc and minirouter binaries
      - name: get miniccc and minirouter
        run: |
          docker cp minimega:/opt/minimega/bin/miniccc ${{ github.workspace }}
          docker cp minimega:/opt/minimega/bin/minirouter ${{ github.workspace }}

      # Remove unneeded tools to make more build space
      - name: free disk space
        uses: jlumbroso/free-disk-space@v1.3.1
        with:
          # skip the remove large-packages step because it takes a while
          large-packages: false

      # Build the non-vyos images using phenix
      - name: ${{ matrix.build }} image build
        if: ${{ matrix.build != 'vyos' }}
        run: make ${{ matrix.build }}

      # Build the vyos image using custom build script
      # Using /mnt for more temp space for injecting miniccc
      - name: ${{ matrix.build }} image build
        if: ${{ matrix.build == 'vyos' }}
        shell: bash
        run: |
          sudo modprobe nbd
          export VYOSTMP=/mnt/vyostmp
          sudo -E make ${{ matrix.build }}

      # Publish the built image to GitHub Container Registry using oras
      - name: publish package with oras
        # Only push package if on the default branch (e.g., main)
        # or if manually triggered on a different branch so maintainers can manually push images
        if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event_name == 'workflow_dispatch'
        shell: bash
        run: |
          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
          oras push "ghcr.io/${{ github.repository }}/${{ matrix.build }}.qc2:${GITHUB_SHA:0:7}" ${{ matrix.build }}.qc2
          # tag with branch name
          oras tag "ghcr.io/${{ github.repository }}/${{ matrix.build }}.qc2:${GITHUB_SHA:0:7}" "${GITHUB_REF_SLUG}"
  # Job: Tag images after successful builds
  tag-images:
    strategy:
      matrix:
        build:
          [
            bookworm,
            kali,
            kali-harmonie,
            jammy,
            noble,
            bennu,
            docker-hello-world,
            ntp,
            vyos,
            minirouter,
            ubuntu-soaptools,
            ot-sim
          ]
    # Only run on main branch for scheduled or manual workflow_dispatch events
    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
    needs: build-images
    runs-on: ubuntu-latest
    outputs:
      date: ${{ steps.date.outputs.date }}
    steps:
      # Get current date for tagging
      - name: Get current date
        id: date
        run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT
      # Install oras CLI
      - uses: oras-project/setup-oras@v1
      # Tag images in the registry with 'latest' and date-based tags
      - name: tag images with date and latest
        run: |
          oras version
          oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
          oras tag ghcr.io/${{ github.repository }}/${{ matrix.build }}.qc2:${GITHUB_SHA:0:7} latest ${{ steps.date.outputs.date }}

  # Job: Create release successful build
  release:
    # Only run on main branch for scheduled or manual workflow_dispatch events
    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
    needs: tag-images
    runs-on: ubuntu-latest
    steps:
      # Create a GitHub release with notes and usage instructions
      - name: create release
        uses: ncipollo/release-action@v1.15.0
        with:
          name: release-${{ needs.tag-images.outputs.date }}
          body: |
            Images can be downloaded from the registry using the oras client: https://oras.land/docs/installation
            e.g.:
            ```bash
            oras pull ghcr.io/${{ github.repository }}/bennu.qc2:latest
            ```
            You can view the available image builds from the [Package List](https://github.com/orgs/${{ github.repository_owner }}/packages?repo_name=${{ github.event.repository.name }})
          tag: release-${{ needs.tag-images.outputs.date }}
          commit: main
          generateReleaseNotes: true
          makeLatest: true