Samba Container Image CI #1748
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Samba Container Image CI | |
on: | |
push: | |
branches: [master] | |
pull_request: | |
branches: [master] | |
schedule: | |
- cron: '0 2 * * *' | |
# Allow manually triggering a run in the github ui. | |
# See: https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow | |
workflow_dispatch: {} | |
env: | |
CONTAINER_CMD: docker | |
jobs: | |
checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# We need a newer version of shellcheck to avoid problems with the | |
# relative imports. Our scripts work on v0.7.2 and up but not the | |
# v0.7.0 preinstalled in the ubutnu image. We can force a local | |
# install by expliclity setting SHELLCHECK to `$ALT_BIN/shellcheck` | |
- name: Run static check tools | |
run: make check SHELLCHECK=$PWD/.bin/shellcheck | |
check-commits: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Ensure branches | |
run: git fetch | |
- name: Lint git commit messages | |
run: make check-gitlint | |
build-server: | |
# Reminder: the nightly-server images consume nightly samba rpm builds | |
# it is not *just* an image that gets built nightly | |
strategy: | |
matrix: | |
package_source: [default, nightly] | |
os: [centos, fedora, opensuse] | |
arch: [amd64, arm64] | |
exclude: | |
# there are no nightly packages for opensuse | |
- package_source: nightly | |
os: opensuse | |
- os: centos | |
arch: arm64 | |
include: | |
- package_source: devbuilds | |
os: centos | |
arch: amd64 | |
runs-on: ubuntu-latest | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build the server image | |
run: make KIND=server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-image | |
- name: Upload server image | |
uses: ishworkh/container-image-artifact-upload@v2.0.0 | |
with: | |
image: "samba-server:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
retention_days: 1 | |
build-ad-server: | |
strategy: | |
matrix: | |
package_source: [default, nightly] | |
os: [centos, fedora, opensuse] | |
arch: [amd64, arm64] | |
exclude: | |
# there are no nightly packages for opensuse | |
- package_source: nightly | |
os: opensuse | |
# the distro packages for centos do not include an ad-dc | |
- package_source: default | |
os: centos | |
- os: centos | |
arch: arm64 | |
runs-on: ubuntu-latest | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build the ad server image | |
run: make KIND=ad-server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
- name: Upload ad server image | |
uses: ishworkh/container-image-artifact-upload@v2.0.0 | |
with: | |
image: "samba-ad-server:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
retention_days: 1 | |
build-client: | |
strategy: | |
matrix: | |
os: [centos, fedora, opensuse] | |
arch: [amd64, arm64] | |
exclude: | |
- os: centos | |
arch: arm64 | |
runs-on: ubuntu-latest | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: build the client image | |
run: make KIND=client OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
# The client image is used as a base for the samba-toolbox build process. | |
- name: Upload the client image | |
uses: ishworkh/container-image-artifact-upload@v2.0.0 | |
with: | |
image: "samba-client:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
retention_days: 1 | |
build-toolbox: | |
strategy: | |
matrix: | |
os: [centos, fedora, opensuse] | |
arch: [amd64] | |
needs: build-client | |
runs-on: ubuntu-latest | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
# Download locally stored samba-client image to be used as base for building | |
# samba-toolbox. | |
- name: Download client image | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-client:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
# Workaround: retag the image so that the FQIN image matches the name in | |
# the toolbox containerfiles. | |
- name: Apply OS-latest tag to image (for centos) | |
run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:${{ matrix.os }}-latest | |
- name: Apply latest tag to image (for fedora) | |
run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:latest | |
- name: Build the toolbox image | |
run: make KIND=toolbox OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image | |
# Upload the toolbox image for reference and/or image push | |
- name: Upload the toolbox image | |
uses: ishworkh/container-image-artifact-upload@v2.0.0 | |
with: | |
image: "samba-toolbox:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
retention_days: 1 | |
test-server: | |
strategy: | |
matrix: | |
package_source: [default, nightly] | |
os: [centos, fedora, opensuse] | |
arch: [amd64] | |
exclude: | |
# there are no nightly packages for opensuse | |
- package_source: nightly | |
os: opensuse | |
include: | |
- package_source: devbuilds | |
os: centos | |
arch: amd64 | |
needs: build-server | |
runs-on: ubuntu-latest | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download server image | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Test the server image | |
run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh | |
test-ad-server-kubernetes: | |
strategy: | |
matrix: | |
package_source: [default, nightly] | |
os: [centos, fedora, opensuse] | |
arch: [amd64] | |
exclude: | |
# there are no nightly packages for opensuse | |
- package_source: nightly | |
os: opensuse | |
# the distro packages for centos do not include an ad-dc | |
- package_source: default | |
os: centos | |
needs: | |
- build-ad-server | |
- build-server | |
# need to explicitly use 20.04 to avoid problems with jq... | |
runs-on: ubuntu-20.04 | |
env: | |
BUILDAH_FORMAT: oci | |
IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: nolar/setup-k3d-k3s@v1 | |
- name: get nodes | |
run: kubectl get nodes | |
- name: Download ad server image | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Download file server image | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:${{ env.IMG_TAG }}" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: import images to k3d | |
run: k3d image import samba-server:${{ env.IMG_TAG }} samba-ad-server:${{ env.IMG_TAG }} | |
- name: run the ad-dc deployment test | |
run: ./tests/test-samba-ad-server-kubernetes.sh | |
push: | |
# verify it passes the test jobs first | |
needs: | |
- build-client | |
- build-toolbox | |
- test-server | |
- test-ad-server-kubernetes | |
runs-on: ubuntu-latest | |
env: | |
REPO_BASE: quay.io/samba.org | |
# NOTE: the fromJSON below is needed beause the syntax github uses | |
# doesn't actually understand JS/JSON style arrays (inline). When I left it | |
# out I just got an error. It is present in their example(s). | |
if: > | |
contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) | |
&& github.repository == 'samba-in-kubernetes/samba-container' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: log in to quay.io | |
run: ${CONTAINER_CMD} login -u "${{ secrets.QUAY_USER }}" -p "${{ secrets.QUAY_PASS }}" quay.io | |
# pull in already built images we plan on pushing | |
# (server images) | |
- name: Fetch server default-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:default-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server default-fedora-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:default-fedora-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server default-opensuse-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:default-opensuse-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server nightly-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:nightly-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server nightly-fedora-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:nightly-fedora-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server nightly-centos-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:nightly-centos-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch server devbuilds-centos-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-server:devbuilds-centos-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
# (ad server images) | |
- name: Fetch ad-server default-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:default-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch ad-server default-fedora-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:default-fedora-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch ad-server default-opensuse-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:default-opensuse-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch ad-server nightly-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:nightly-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch ad-server nightly-fedora-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-ad-server:nightly-fedora-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
# (client images) | |
- name: Fetch client default-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-client:default-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch client default-fedora-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-client:default-fedora-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
- name: Fetch client default-opensuse-arm64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-client:default-opensuse-arm64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
# (toolbox images) | |
- name: Fetch toolbox default-fedora-amd64 | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "samba-toolbox:default-fedora-amd64" | |
container_engine: ${{ env.CONTAINER_CMD }} | |
# reapply missing tags | |
- name: Retag images | |
run: > | |
./hack/build-image | |
--retag | |
--container-engine=${CONTAINER_CMD} | |
--repo-base=${REPO_BASE} | |
--no-distro-qualified | |
-i samba-server:default-fedora-amd64 | |
-i samba-server:default-fedora-arm64 | |
-i samba-server:default-opensuse-arm64 | |
-i samba-server:nightly-fedora-amd64 | |
-i samba-server:nightly-fedora-arm64 | |
-i samba-server:nightly-centos-amd64 | |
-i samba-server:devbuilds-centos-amd64 | |
-i samba-ad-server:default-fedora-amd64 | |
-i samba-ad-server:default-fedora-arm64 | |
-i samba-ad-server:default-opensuse-arm64 | |
-i samba-ad-server:nightly-fedora-amd64 | |
-i samba-ad-server:nightly-fedora-arm64 | |
-i samba-client:default-fedora-amd64 | |
-i samba-client:default-fedora-arm64 | |
-i samba-client:default-opensuse-arm64 | |
-i samba-toolbox:default-fedora-amd64 | |
- name: Push images | |
run: > | |
./hack/build-image | |
--push | |
--container-engine=${CONTAINER_CMD} | |
--verbose | |
--push-state=exists | |
--push-selected-tags=mixed | |
-i ${REPO_BASE}/samba-server:default-fedora-amd64 | |
-i ${REPO_BASE}/samba-server:default-fedora-arm64 | |
-i ${REPO_BASE}/samba-server:default-opensuse-arm64 | |
-i ${REPO_BASE}/samba-server:nightly-fedora-amd64 | |
-i ${REPO_BASE}/samba-server:nightly-centos-amd64 | |
-i ${REPO_BASE}/samba-server:devbuilds-centos-amd64 | |
-i ${REPO_BASE}/samba-ad-server:default-fedora-amd64 | |
-i ${REPO_BASE}/samba-ad-server:default-fedora-arm64 | |
-i ${REPO_BASE}/samba-ad-server:default-opensuse-arm64 | |
-i ${REPO_BASE}/samba-ad-server:nightly-fedora-amd64 | |
-i ${REPO_BASE}/samba-client:default-fedora-amd64 | |
-i ${REPO_BASE}/samba-client:default-fedora-arm64 | |
-i ${REPO_BASE}/samba-client:default-opensuse-arm64 | |
-i ${REPO_BASE}/samba-toolbox:default-fedora-amd64 |