Skip to content

inherit secrets for nvidia-arm-core pipeline #2182

inherit secrets for nvidia-arm-core pipeline

inherit secrets for nvidia-arm-core pipeline #2182

Workflow file for this run

name: 'Push latest ARM images'
on:
push:
branches:
- master
concurrency:
group: ci-arm-${{ github.head_ref || github.ref }}-${{ github.repository }}
cancel-in-progress: true
env:
FORCE_COLOR: 1
jobs:
get-core-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- run: |
git fetch --prune --unshallow
- id: set-matrix
run: |
content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "core" and .model != "generic"))'`
# the following lines are only required for multi line json
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
# end of optional handling for multi line json
echo "::set-output name=matrix::{\"include\": $content }"
# The matrix for standard (provider) images
get-standard-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: |
sudo apt update && sudo apt install -y jq
- id: set-matrix
run: |
docker run --name luet quay.io/luet/base && docker cp luet:/usr/bin/luet ./
chmod +x luet
sudo mv luet /usr/bin/luet
# Construct an array like this from the found versions:
sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique' > k3s_versions.json
# Create a combination of flavors and k3s versions.
content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.arch == "arm64" and .variant == "standard" and .model != "generic"))' .github/flavors.json k3s_versions.json)
# the following lines are only required for multi line json
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
# end of optional handling for multi line json
echo "::set-output name=matrix::{\"include\": $content }"
build-nvidia-base:
runs-on: fast
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v40
with:
files_yaml: |
nvidia:
- 'images/Dockerfile.nvidia'
- name: Release space from worker
if: steps.changed-files.outputs.nvidia_any_changed == 'true'
run: |
echo "Listing top largest packages"
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr)
head -n 30 <<< "${pkgs}"
echo
df -h
echo
sudo apt-get remove -y '^llvm-.*|^libllvm.*' || true
sudo apt-get remove --auto-remove android-sdk-platform-tools || true
sudo apt-get purge --auto-remove android-sdk-platform-tools || true
sudo rm -rf /usr/local/lib/android
sudo apt-get remove -y '^dotnet-.*|^aspnetcore-.*' || true
sudo rm -rf /usr/share/dotnet
sudo apt-get remove -y '^mono-.*' || true
sudo apt-get remove -y '^ghc-.*' || true
sudo apt-get remove -y '.*jdk.*|.*jre.*' || true
sudo apt-get remove -y 'php.*' || true
sudo apt-get remove -y hhvm powershell firefox monodoc-manual msbuild || true
sudo apt-get remove -y '^google-.*' || true
sudo apt-get remove -y azure-cli || true
sudo apt-get remove -y '^mongo.*-.*|^postgresql-.*|^mysql-.*|^mssql-.*' || true
sudo apt-get remove -y '^gfortran-.*' || true
sudo apt-get autoremove -y
sudo apt-get clean
echo
echo "Listing top largest packages"
pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' | awk '$NF == "installed"{print $1 "\t" $2}' | sort -nr)
head -n 30 <<< "${pkgs}"
echo
sudo rm -rfv build || true
df -h
- name: Set up Docker Buildx
if: steps.changed-files.outputs.nvidia_any_changed == 'true'
id: buildx
uses: docker/setup-buildx-action@master
- name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines
if: steps.changed-files.outputs.nvidia_any_changed == 'true'
run: |
sudo iptables -I INPUT -s 169.254.169.254 -j DROP
sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP
- name: Login to Quay Registry
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' && steps.changed-files.outputs.nvidia_any_changed == 'true' }}
run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
- name: Build 🔧 & Push 🚀
if: steps.changed-files.outputs.nvidia_any_changed == 'true'
run: |
export IMAGE=$(FAMILY=ubuntu FLAVOR=ubuntu FLAVOR_RELEASE="20.04" MODEL=nvidia-jetson-agx-orin VARIANT=core TARGETARCH=arm64 REGISTRY_AND_ORG="quay.io/kairos" ./images/naming.sh container_artifact_base_name)
docker build --platform=linux/arm64 -t $IMAGE -f ./images/Dockerfile.nvidia ./images
docker push $IMAGE
nvidia-arm-core:
needs: build-nvidia-base
uses: ./.github/workflows/reusable-docker-arm-build.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "20.04"
family: ubuntu
# is there a way to run the naming.sh script here?
base_image: quay.io/kairos/ubuntu:20.04-core-arm64-nvidia-jetson-agx-orin-master
model: nvidia-jetson-agx-orin
worker: fast
build-arm-core:
uses: ./.github/workflows/reusable-docker-arm-build.yaml
secrets: inherit
with:
flavor: ${{ matrix.flavor }}
flavor_release: ${{ matrix.flavorRelease }}
family: ${{ matrix.family }}
model: ${{ matrix.model }}
base_image: ${{ matrix.baseImage }}
worker: ${{ matrix.worker }}
needs:
- get-core-matrix
strategy:
fail-fast: false
matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}}
image_and_iso_arm64_generic:
uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml
secrets: inherit
with:
flavor: "opensuse"
flavor_release: "leap-15.5"
family: opensuse
base_image: opensuse/leap:15.5
variant: core
notify:
runs-on: ubuntu-latest
if: failure()
needs:
- build-arm-core
- image_and_iso_arm64_generic
steps:
- uses: actions/checkout@v4
- run: |
git fetch --prune --unshallow
- name: save commit-message
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure()
run: echo "COMMIT_MSG=$(git log -1 --pretty=format:%s)" >> $GITHUB_ENV
- name: notify if failure
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} && failure()
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
with:
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Job failure on master branch for job ${{ github.job }} in workflow \"${{ github.workflow }}\"\n\nCommit message is \"${{ env.COMMIT_MSG }}\"\n\n Commit sha is <https://github.com/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>"
}
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": ":thisisfine: Failed Run",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
},
{
"type": "button",
"text": {
"type": "plain_text",
"text": ":kairos: Repository link",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}"
}
]
}
]
}