Merge pull request #566 from kiwix/new-ci-container-build

Move CI container building to a dedicated CI workflow
2023-03-15 17:17:49 +01:00 · 2023-03-15 17:17:49 +01:00 · b8978b1c60
parent d3e4111a18 534dee9c94
commit b8978b1c60
8 changed files with 63 additions and 65 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -5,30 +5,7 @@ on:
 schedule:
   - cron: '0 1 * * *'

-env:
-  DOCKER_VERSION: 32
-
 jobs:
-  Docker:
-    strategy:
-      fail-fast: false
-      matrix:
-        variant: [bionic, f35, focal, alpine]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Build docker image
-      shell: bash
-      run: |
-        TAGNAME=${{matrix.variant}}-${DOCKER_VERSION}
-        if [ ! $(curl -sflL https://hub.docker.com/v2/repositories/kiwix/kiwix-build_ci/tags/${TAGNAME}) ]
-        then
-          echo "${{secrets.docker_password}}" | docker login -u "${{secrets.docker_username}}" --password-stdin
-          FULLTAGNAME=kiwix/kiwix-build_ci:${TAGNAME}
-          docker build -t ${FULLTAGNAME} - < ${GITHUB_WORKSPACE}/.github/ci_images/${{matrix.variant}}_builder.dockerfile
-          docker push ${FULLTAGNAME}
-        fi
-
  Linux:
    strategy:
      fail-fast: false
@ -60,9 +37,8 @@ jobs:
      HOME: /home/runner
      SSH_KEY: /tmp/id_rsa
    runs-on: ubuntu-latest
-    needs: Docker
    container:
-      image: "kiwix/kiwix-build_ci:${{matrix.image_variant}}-32"
+      image: "ghcr.io/kiwix/kiwix-build_ci_${{matrix.image_variant}}:dev"
      options: "--device /dev/fuse --privileged"
    steps:
    - name: Checkout code
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@ -0,0 +1,43 @@
+name: CI Containers
+
+on:
+  push:
+    paths:
+      - 'ci_images/**'
+  release:
+    types: [published]
+
+env:
+  IMAGE_PREFIX: ghcr.io/kiwix/kiwix-build_ci_
+
+jobs:
+  Container:
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: [bionic, f35, focal, alpine]
+    runs-on: ubuntu-22.04
+
+    steps:
+    - name: Retrieve the code
+      uses: actions/checkout@v3
+
+    - name: Setup container image name
+      id: env
+      run: |
+        echo "IMAGE_NAME=${{ env.IMAGE_PREFIX }}${{ matrix.variant }}" >> $GITHUB_OUTPUT
+
+    - name: Build container image
+      run: |
+        docker build -t ${{ steps.env.outputs.IMAGE_NAME }}:dev - < ci_images/${{ matrix.variant }}_builder.dockerfile
+
+    - name: Tag release container image
+      if: github.event.action == 'published'
+      run: |
+        docker tag ${{ steps.env.outputs.IMAGE_NAME }} ${{ env.GITHUB_REF_NAME }}
+        docker tag ${{ steps.env.outputs.IMAGE_NAME }} latest
+
+    - name: Upload container image
+      run: |
+        echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin
+        docker push --all-tags ${{ steps.env.outputs.IMAGE_NAME }}
--- a/.github/workflows/releaseNigthly.yml
+++ b/.github/workflows/releaseNigthly.yml
@ -7,30 +7,7 @@ on:
 schedule:
   - cron: '0 1 * * *'

-env:
-  DOCKER_VERSION: 32
-
 jobs:
-  Docker:
-    strategy:
-      fail-fast: false
-      matrix:
-        variant: [bionic, f35, focal, alpine]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Build docker image
-      shell: bash
-      run: |
-        TAGNAME=${{matrix.variant}}-${DOCKER_VERSION}
-        if [ ! $(curl -sflL https://hub.docker.com/v2/repositories/kiwix/kiwix-build_ci/tags/${TAGNAME}) ]
-        then
-          echo "${{secrets.docker_password}}" | docker login -u "${{secrets.docker_username}}" --password-stdin
-          FULLTAGNAME=kiwix/kiwix-build_ci:${TAGNAME}
-          docker build -t ${FULLTAGNAME} - < ${GITHUB_WORKSPACE}/.github/ci_images/${{matrix.variant}}_builder.dockerfile
-          docker push ${FULLTAGNAME}
-        fi
-
  Linux:
    strategy:
      fail-fast: false
--- a/README.md
+++ b/README.md
@ -179,8 +179,8 @@ Libmicrohttps, ...) but it contains dependencies installed with package manager.
 These container images are necessary and intended to be used by Kiwix
 itself in many of its CI. But they are free to download et can be
 reused, although they can break anytime, therefore at your won risk.
-You can find them on [Docker
-Hub](https://hub.docker.com/r/kiwix/kiwix-build_ci).
+You can find them on
+[here](https://github.com/orgs/kiwix/packages?repo_name=kiwix-build).

 Troubleshooting
 ---------------
--- a/.github/ci_images/alpine_builder.dockerfile
+++ b/.github/ci_images/alpine_builder.dockerfile
@ -15,9 +15,9 @@ RUN apk update -q \
        gtest-dev

 # Create user
-RUN adduser -h /home/runner -D runner
+RUN addgroup --gid 121 runner
+RUN adduser -u 1001 -G runner -h /home/runner -D runner
 USER runner
-WORKDIR /home/runner
 ENV PATH /home/runner/.local/bin:$PATH
 RUN pip3 install meson ninja ; \
-    ln -s /usr/bin/python3 .local/bin/python
+    ln -s /usr/bin/python3 /home/runner/.local/bin/python
--- a/.github/ci_images/bionic_builder.dockerfile
+++ b/.github/ci_images/bionic_builder.dockerfile
@ -18,6 +18,8 @@ RUN apt update -q \
 # Packaged dependencies
    libbz2-dev libmagic-dev uuid-dev zlib1g-dev \
    libmicrohttpd-dev aria2 libgtest-dev libgl-dev \
+# Devel package to compile python modules
+    libxml2-dev libxslt-dev python3-dev \
 # Qt packages
    qt515base qt515webengine qt515svg qt515imageformats qt515wayland \
 # To create the appimage of kiwix-desktop
@ -32,14 +34,14 @@ RUN apt update -q \
  && rm -rf /var/lib/apt/lists/* /usr/share/doc/* /var/cache/debconf/* \
  && pip3 install meson pytest gcovr requests distro

-# Create user
-RUN useradd --create-home runner
-USER runner
-WORKDIR /home/runner
-ENV PATH /home/runner/.local/bin:$PATH
-
 # Set qt515 environment (the equivalent of "source /opt/qt515/bin/qt515-env.sh")
 # RUN echo "source /opt/qt515/bin/qt515-env.sh" >> /home/runner/.bashrc
 ENV PATH=/opt/qt515/bin:$PATH \
    LD_LIBRARY_PATH=/opt/qt515/lib/x86_64-linux-gnu:/opt/qt515/lib:$LD_LIBRARY_PATH \
    PKG_CONFIG_PATH=/opt/qt515/lib/pkgconfig:$PKG_CONFIG_PATH
+
+# Create user
+RUN groupadd --gid 121 runner
+RUN useradd --uid 1001 --gid 121 --create-home runner
+USER runner
+ENV PATH /home/runner/.local/bin:$PATH
--- a/.github/ci_images/f35_builder.dockerfile
+++ b/.github/ci_images/f35_builder.dockerfile
@ -22,7 +22,7 @@ RUN dnf install -y --nodocs \
  && pip3 install meson pytest requests distro

 # Create user
-RUN useradd --create-home runner
+RUN groupadd --gid 121 runner
+RUN useradd --uid 1001 --gid 121 --create-home runner
 USER runner
-WORKDIR /home/runner
-ENV PATH /home/runner/.local/bin:$PATH
+ENV PATH /home/runner/.local/bin:$PATH
--- a/.github/ci_images/focal_builder.dockerfile
+++ b/.github/ci_images/focal_builder.dockerfile
@ -28,7 +28,7 @@ RUN apt update -q \
  && pip3 install meson pytest gcovr requests distro

 # Create user
-RUN useradd --create-home runner
+RUN groupadd --gid 121 runner
+RUN useradd --uid 1001 --gid 121 --create-home runner
 USER runner
-WORKDIR /home/runner
-ENV PATH /home/runner/.local/bin:$PATH
+ENV PATH /home/runner/.local/bin:$PATH