inherit secrets for nvidia-arm-core pipeline #2182
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Push latest ARM images' | |
on: | |
push: | |
branches: | |
- master | |
concurrency: | |
group: ci-arm-${{ github.head_ref || github.ref }}-${{ github.repository }} | |
cancel-in-progress: true | |
env: | |
FORCE_COLOR: 1 | |
jobs: | |
get-core-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
git fetch --prune --unshallow | |
- id: set-matrix | |
run: | | |
content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "core" and .model != "generic"))'` | |
# the following lines are only required for multi line json | |
content="${content//'%'/'%25'}" | |
content="${content//$'\n'/'%0A'}" | |
content="${content//$'\r'/'%0D'}" | |
# end of optional handling for multi line json | |
echo "::set-output name=matrix::{\"include\": $content }" | |
# The matrix for standard (provider) images | |
get-standard-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: | | |
sudo apt update && sudo apt install -y jq | |
- id: set-matrix | |
run: | | |
docker run --name luet quay.io/luet/base && docker cp luet:/usr/bin/luet ./ | |
chmod +x luet | |
sudo mv luet /usr/bin/luet | |
# Construct an array like this from the found versions: | |
sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique' > k3s_versions.json | |
# Create a combination of flavors and k3s versions. | |
content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.arch == "arm64" and .variant == "standard" and .model != "generic"))' .github/flavors.json k3s_versions.json) | |
# the following lines are only required for multi line json | |
content="${content//'%'/'%25'}" | |
content="${content//$'\n'/'%0A'}" | |
content="${content//$'\r'/'%0D'}" | |
# end of optional handling for multi line json | |
echo "::set-output name=matrix::{\"include\": $content }" | |
build-nvidia-base: | |
runs-on: fast | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/changed-files@v40 | |
with: | |
files_yaml: | | |
nvidia: | |
- 'images/Dockerfile.nvidia' | |
- name: Release space from worker | |
if: steps.changed-files.outputs.nvidia_any_changed == 'true' | |
run: | | |
echo "Listing top largest packages" | |
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr) | |
head -n 30 <<< "${pkgs}" | |
echo | |
df -h | |
echo | |
sudo apt-get remove -y '^llvm-.*|^libllvm.*' || true | |
sudo apt-get remove --auto-remove android-sdk-platform-tools || true | |
sudo apt-get purge --auto-remove android-sdk-platform-tools || true | |
sudo rm -rf /usr/local/lib/android | |
sudo apt-get remove -y '^dotnet-.*|^aspnetcore-.*' || true | |
sudo rm -rf /usr/share/dotnet | |
sudo apt-get remove -y '^mono-.*' || true | |
sudo apt-get remove -y '^ghc-.*' || true | |
sudo apt-get remove -y '.*jdk.*|.*jre.*' || true | |
sudo apt-get remove -y 'php.*' || true | |
sudo apt-get remove -y hhvm powershell firefox monodoc-manual msbuild || true | |
sudo apt-get remove -y '^google-.*' || true | |
sudo apt-get remove -y azure-cli || true | |
sudo apt-get remove -y '^mongo.*-.*|^postgresql-.*|^mysql-.*|^mssql-.*' || true | |
sudo apt-get remove -y '^gfortran-.*' || true | |
sudo apt-get autoremove -y | |
sudo apt-get clean | |
echo | |
echo "Listing top largest packages" | |
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr) | |
head -n 30 <<< "${pkgs}" | |
echo | |
sudo rm -rfv build || true | |
df -h | |
- name: Set up Docker Buildx | |
if: steps.changed-files.outputs.nvidia_any_changed == 'true' | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
- name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines | |
if: steps.changed-files.outputs.nvidia_any_changed == 'true' | |
run: | | |
sudo iptables -I INPUT -s 169.254.169.254 -j DROP | |
sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP | |
- name: Login to Quay Registry | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' && steps.changed-files.outputs.nvidia_any_changed == 'true' }} | |
run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io | |
- name: Build 🔧 & Push 🚀 | |
if: steps.changed-files.outputs.nvidia_any_changed == 'true' | |
run: | | |
export IMAGE=$(FAMILY=ubuntu FLAVOR=ubuntu FLAVOR_RELEASE="20.04" MODEL=nvidia-jetson-agx-orin VARIANT=core TARGETARCH=arm64 REGISTRY_AND_ORG="quay.io/kairos" ./images/naming.sh container_artifact_base_name) | |
docker build --platform=linux/arm64 -t $IMAGE -f ./images/Dockerfile.nvidia ./images | |
docker push $IMAGE | |
nvidia-arm-core: | |
needs: build-nvidia-base | |
uses: ./.github/workflows/reusable-docker-arm-build.yaml | |
secrets: inherit | |
with: | |
flavor: ubuntu | |
flavor_release: "20.04" | |
family: ubuntu | |
# is there a way to run the naming.sh script here? | |
base_image: quay.io/kairos/ubuntu:20.04-core-arm64-nvidia-jetson-agx-orin-master | |
model: nvidia-jetson-agx-orin | |
worker: fast | |
build-arm-core: | |
uses: ./.github/workflows/reusable-docker-arm-build.yaml | |
secrets: inherit | |
with: | |
flavor: ${{ matrix.flavor }} | |
flavor_release: ${{ matrix.flavorRelease }} | |
family: ${{ matrix.family }} | |
model: ${{ matrix.model }} | |
base_image: ${{ matrix.baseImage }} | |
worker: ${{ matrix.worker }} | |
needs: | |
- get-core-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}} | |
image_and_iso_arm64_generic: | |
uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml | |
secrets: inherit | |
with: | |
flavor: "opensuse" | |
flavor_release: "leap-15.5" | |
family: opensuse | |
base_image: opensuse/leap:15.5 | |
variant: core | |
notify: | |
runs-on: ubuntu-latest | |
if: failure() | |
needs: | |
- build-arm-core | |
- image_and_iso_arm64_generic | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
git fetch --prune --unshallow | |
- name: save commit-message | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure() | |
run: echo "COMMIT_MSG=$(git log -1 --pretty=format:%s)" >> $GITHUB_ENV | |
- name: notify if failure | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure() | |
uses: slackapi/[email protected] | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
with: | |
payload: | | |
{ | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "Job failure on master branch for job ${{ github.job }} in workflow \"${{ github.workflow }}\"\n\nCommit message is \"${{ env.COMMIT_MSG }}\"\n\n Commit sha is <https://github.com/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>" | |
} | |
}, | |
{ | |
"type": "divider" | |
}, | |
{ | |
"type": "actions", | |
"elements": [ | |
{ | |
"type": "button", | |
"text": { | |
"type": "plain_text", | |
"text": ":thisisfine: Failed Run", | |
"emoji": true | |
}, | |
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
}, | |
{ | |
"type": "button", | |
"text": { | |
"type": "plain_text", | |
"text": ":kairos: Repository link", | |
"emoji": true | |
}, | |
"url": "https://github.com/${{ github.repository }}" | |
} | |
] | |
} | |
] | |
} |