Skip to content

backport: Use P and Z GHA runners (#2215) #2326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

backport: Use P and Z GHA runners (#2215) #2326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
147 changes: 53 additions & 94 deletions .github/workflows/collector-builder.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:
required: true
description: |
The tag used to build the collector image

outputs:
collector-builder-tag:
description: The builder tag used by the build
Expand All @@ -23,7 +24,11 @@ jobs:
name: Determine if builder image needs to be built
runs-on: ubuntu-24.04
outputs:
build-image: ${{ steps.changed.outputs.builder-changed }}
build-image: ${{ steps.builder-tag.outputs.build-image || false }}
collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag || 'master'}}

env:
DEFAULT_BUILDER_TAG: master

steps:
- uses: actions/checkout@v4
Expand All @@ -38,11 +43,29 @@ jobs:
- builder/Dockerfile
- .github/workflows/collector-builder.yml

- name: Check labels and define builder tag
id: builder-tag
if: |
steps.changed.outputs.builder-changed == 'true' ||
(github.event_name == 'push' && (
github.ref_type == 'tag' || startsWith(github.ref_name, 'release-')
)) ||
contains(github.event.pull_request.labels.*.name, 'build-builder-image') ||
github.event_name == 'schedule'
run: |
COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}"
if [[ "${{ github.event_name }}" == 'pull_request' || \
"${{ github.ref_type }}" == 'tag' || \
"${{ github.ref_name }}" =~ ^release- ]]; then
COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}"
fi

echo "::notice::Rebuild builder image with tag ${COLLECTOR_BUILDER_TAG}"
echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT"
echo "build-image=true" >> "$GITHUB_OUTPUT"

build-builder-image:
name: Build the builder image
runs-on: ubuntu-24.04
# Multiarch builds sometimes take for eeeeeeeeeever
timeout-minutes: 480
name: Build builder image
needs:
- builder-needs-rebuilding
if: |
Expand All @@ -57,7 +80,15 @@ jobs:
strategy:
fail-fast: false
matrix:
arch: [amd64, ppc64le, s390x, arm64]
arch:
- amd64
- arm64
- ppc64le
- s390x
runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') ||
(matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') ||
(matrix.arch == 's390x' && 'ubuntu-24.04-s390x') ||
'ubuntu-24.04' }}

env:
PLATFORM: linux/${{ matrix.arch }}
Expand All @@ -68,74 +99,27 @@ jobs:
with:
submodules: true

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- uses: actions/setup-python@v5
with:
python-version: "3.10"

- uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}'

- uses: 'google-github-actions/setup-gcloud@v2'

- uses: ./.github/actions/setup-vm-creds
with:
gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }}
ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }}
ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }}
s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }}
ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }}
redhat-username: ${{ secrets.REDHAT_USERNAME }}
redhat-password: ${{ secrets.REDHAT_PASSWORD }}
vm-type: all
job-tag: builder

- name: Create Build VMs
if: |
matrix.arch == 's390x' &&
(github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
- name: Install ansible on P&Z runners
if: matrix.arch == 'ppc64le' || matrix.arch == 's390x'
run: |
make -C "${{ github.workspace }}/ansible" create-build-vms

- name: Define builder tag
id: builder-tag
run: |
COLLECTOR_BUILDER_TAG="${DEFAULT_BUILDER_TAG}"
if [[ "${{ github.event_name }}" == 'pull_request' || \
"${{ github.ref_type }}" == 'tag' || \
"${{ github.ref_name }}" =~ ^release- ]]; then
COLLECTOR_BUILDER_TAG="${{ inputs.collector-tag }}"
fi

echo "COLLECTOR_BUILDER_TAG=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_ENV"
echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT"
sudo apt-get install -y ansible

- name: Create ansible vars
run: |
{
echo "---"
echo "stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}"
echo "stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}"
echo "rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}"
echo "rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}"
echo "collector_git_ref: ${{ github.ref }}"
echo "collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}"
} > ${{ github.workspace }}/ansible/secrets.yml
cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
---
stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
collector_git_ref: ${{ github.ref }}
collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
EOF

- name: Build images
if: |
(github.event_name != 'pull_request' && matrix.arch != 's390x') ||
matrix.arch == 'amd64' ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x')
timeout-minutes: 480
run: |
ansible-galaxy install -r ansible/requirements.yml
ansible-playbook \
Expand All @@ -146,24 +130,6 @@ jobs:
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-builder.yml

- name: Build s390x images
if: |
(github.event_name != 'pull_request' && matrix.arch == 's390x') ||
(contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x')
timeout-minutes: 480
run: |
ansible-playbook \
-i ansible/ci \
-e build_hosts='job_id_${{ env.JOB_ID }}' \
-e arch='${{ matrix.arch }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-builder.yml

- name: Destroy VMs
if: always() && matrix.arch == 's390x'
run: |
make -C ansible destroy-vms

create-multiarch-manifest:
needs:
- build-builder-image
Expand All @@ -174,8 +140,8 @@ jobs:
(needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
env:
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
ARCHS: amd64 ppc64le s390x arm64
COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }}
ARCHS: amd64 arm64 ppc64le s390x

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -208,15 +174,8 @@ jobs:

retag-x86-image:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just guessing from the error in the last run

Suggested change
retag-x86-image:
retag-x86-image:
runs-on: ubuntu-24.04

needs:
- build-builder-image
name: Retag x86 builder image
runs-on: ubuntu-24.04
if: |
github.event_name == 'pull_request' &&
needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
!contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
env:
COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
- build-builder-image
- create-multiarch-manifest
Comment on lines +177 to +178
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure about the indentation here

Suggested change
- build-builder-image
- create-multiarch-manifest
- build-builder-image
- create-multiarch-manifest

steps:
- name: Pull image to retag
run: |
Expand Down
115 changes: 19 additions & 96 deletions .github/workflows/collector.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,19 @@ env:

jobs:
build-collector-image:
name: Build Collector
runs-on: ubuntu-24.04
name: Build collector image ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch: [amd64, ppc64le, arm64]
arch:
- amd64
- arm64
- ppc64le
- s390x
runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') ||
(matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') ||
(matrix.arch == 's390x' && 'ubuntu-24.04-s390x') ||
'ubuntu-24.04' }}

env:
PLATFORM: linux/${{ matrix.arch }}
Expand All @@ -45,12 +52,14 @@ jobs:
with:
submodules: true

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Install ansible on P&Z runners
if: matrix.arch == 'ppc64le' || matrix.arch == 's390x'
run: |
sudo apt-get install -y ansible

- name: Create ansible vars
run: |
cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
Expand All @@ -69,12 +78,7 @@ jobs:
driver_version: ${DRIVER_VERSION}
EOF

- name: Build images
if: |
github.event_name != 'pull_request' ||
matrix.arch == 'amd64' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
timeout-minutes: 480
- name: Build ${{ matrix.arch }} image locally
run: |
ansible-playbook \
--connection local \
Expand All @@ -84,93 +88,16 @@ jobs:
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-collector.yml

build-collector-image-remote-vm:
name: Build Collector on a remote VM
runs-on: ubuntu-24.04
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
strategy:
fail-fast: false
matrix:
arch: [s390x]

env:
PLATFORM: linux/${{ matrix.arch }}

steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
with:
python-version: "3.10"

- uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}'

- uses: 'google-github-actions/setup-gcloud@v2'

- uses: ./.github/actions/setup-vm-creds
with:
gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }}
ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }}
ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }}
s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }}
ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }}
redhat-username: ${{ secrets.REDHAT_USERNAME }}
redhat-password: ${{ secrets.REDHAT_PASSWORD }}
vm-type: rhel-${{ matrix.arch }}
job-tag: builder

- name: Create Build VMs
run: |
make -C "${{ github.workspace }}/ansible" create-build-vms

- name: Create ansible vars
run: |
cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
---
stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
collector_git_ref: ${{ github.ref }}
collector_git_sha: ${{ github.sha }}
collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}
rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}
collector_image: ${{ inputs.collector-image }}
collector_tag: ${{ inputs.collector-tag }}
debug_mode: ${{ github.event_name == 'pull_request' }}
EOF

- name: Build ${{ matrix.arch }} image
timeout-minutes: 480
run: |
ansible-playbook \
-i ansible/ci \
-e arch='${{ matrix.arch }}' \
-e build_hosts='job_id_${{ env.JOB_ID }}' \
-e @'${{ github.workspace }}/ansible/secrets.yml' \
ansible/ci-build-collector.yml

- name: Destroy Build VMs
if: always()
run: |
make -C ansible destroy-vms

create-multiarch-manifest:
needs:
- build-collector-image
- build-collector-image-remote-vm
name: Create Multiarch manifest
runs-on: ubuntu-24.04
if: |
github.event_name != 'pull_request' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
env:
ARCHS: amd64 ppc64le s390x arm64
ARCHS: amd64 arm64 ppc64le s390x

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -245,12 +172,8 @@ jobs:

retag-x86-image:
needs:
- build-collector-image
name: Retag x86 slim image
runs-on: ubuntu-24.04
if: |
github.event_name == 'pull_request' &&
!contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
- build-collector-image
- create-multiarch-manifest
steps:
- name: Pull image to retag
run: |
Expand Down
6 changes: 0 additions & 6 deletions .github/workflows/integration-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,6 @@ jobs:

s390x-integration-tests:
uses: ./.github/workflows/integration-tests-vm-type.yml
if: |
github.event_name != 'pull_request' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
with:
vm_type: rhel-s390x
collector-tag: ${{ inputs.collector-tag }}
Expand All @@ -130,9 +127,6 @@ jobs:

ppc64le-integration-tests:
uses: ./.github/workflows/integration-tests-vm-type.yml
if: |
github.event_name != 'pull_request' ||
contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
with:
vm_type: rhel-ppc64le
collector-tag: ${{ inputs.collector-tag }}
Expand Down
Loading
Loading