From 41c2cfadcc47684294283adc5e4833f65d5e7809 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 08:15:17 -0500 Subject: [PATCH 1/8] chore(ci): fix version inspection handling --- .github/workflows/reusable-build.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 07bbe6d..d0af658 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -40,10 +40,23 @@ jobs: - name: Fetch CoreOS stream versions id: fetch run: | + set -eo pipefail + skopeo inspect docker://quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} > inspect.json + linux=$(jq -r '.["Labels"]["ostree.linux"]' inspect.json) + if [ -z "$linux" ] || [ "null" = "$linux" ]; then + echo "inspected linux version must not be empty or null" + exit 1 + fi + + version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) + if [ -z "$version" ] || [ "null" = "$verson" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi + echo "linux=$linux" >> $GITHUB_OUTPUT - version=$(jq -r '.["Labels"]["version"]' inspect.json) echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | From b7c70eaf37a427d5c0ba550c562a56d3f0a9b1a3 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 08:37:20 -0500 Subject: [PATCH 2/8] chore(ci): add retry for image info query and pull base --- .github/workflows/reusable-build.yml | 64 +++++++++++++++++++--------- 1 file changed, 44 insertions(+), 20 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index d0af658..c9582d0 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -34,33 +34,37 @@ jobs: name: Get Stream Info runs-on: ubuntu-latest outputs: - linux: ${{ steps.fetch.outputs.linux }} - version: ${{ steps.fetch.outputs.version }} + linux: ${{ fromJSON(steps.fetch.outputs).linux }} + version: ${{ fromJSON(steps.fetch.outputs).version }} steps: - name: Fetch CoreOS stream versions id: fetch - run: | - set -eo pipefail - - skopeo inspect docker://quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} > inspect.json - - linux=$(jq -r '.["Labels"]["ostree.linux"]' inspect.json) - if [ -z "$linux" ] || [ "null" = "$linux" ]; then - echo "inspected linux version must not be empty or null" - exit 1 - fi + uses: Wandalen/wretry.action@v1.4.5 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + set -eo pipefail + + skopeo inspect docker://quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} > inspect.json + + linux=$(jq -r '.["Labels"]["ostree.linux"]' inspect.json) + if [ -z "$linux" ] || [ "null" = "$linux" ]; then + echo "inspected linux version must not be empty or null" + exit 1 + fi - version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) - if [ -z "$version" ] || [ "null" = "$verson" ]; then - echo "inspected image version must not be empty or null" - exit 1 - fi + version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) + if [ -z "$version" ] || [ "null" = "$verson" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi - echo "linux=$linux" >> $GITHUB_OUTPUT - echo "version=$version" >> $GITHUB_OUTPUT + echo "linux=$linux" >> $GITHUB_OUTPUT + echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | - echo "${{ toJSON(steps.fetch.outputs) }}" + echo "${{ steps.fetch.outputs }}" build_fcos: name: fedora-coreos @@ -142,6 +146,16 @@ jobs: org.opencontainers.image.title=${{ matrix.image_name }} org.opencontainers.image.version=${{ matrix.image_version }} + - name: Pull base image + uses: Wandalen/wretry.action@v1.4.5 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + # pull the base image used for FROM in containerfile so + # we can retry on that unfortunately common failure case + podman pull quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} + # Build image using Buildah action - name: Build Image id: build_image @@ -304,6 +318,16 @@ jobs: org.opencontainers.image.title=${{ matrix.image_base }}${{ matrix.image_suffix }} org.opencontainers.image.version=${{ matrix.image_version }} + - name: Pull base image + uses: Wandalen/wretry.action@v1.4.5 + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + # pull the base image used for FROM in containerfile so + # we can retry on that unfortunately common failure case + podman pull quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} + # Build image using Buildah action - name: Build Image id: build_image From 6a1eed49e9afa6a3de476a3c93a7fb3c6ffc664d Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 08:41:47 -0500 Subject: [PATCH 3/8] refactor: fix some whitespace --- .github/workflows/reusable-build.yml | 42 ++++++++++++++-------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c9582d0..8a916fd 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -7,7 +7,7 @@ on: required: true type: string env: - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} jobs: workflow_info: @@ -40,28 +40,28 @@ jobs: - name: Fetch CoreOS stream versions id: fetch uses: Wandalen/wretry.action@v1.4.5 - with: - attempt_limit: 3 - attempt_delay: 15000 - command: | - set -eo pipefail - - skopeo inspect docker://quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} > inspect.json - - linux=$(jq -r '.["Labels"]["ostree.linux"]' inspect.json) - if [ -z "$linux" ] || [ "null" = "$linux" ]; then - echo "inspected linux version must not be empty or null" - exit 1 - fi + with: + attempt_limit: 3 + attempt_delay: 15000 + command: | + set -eo pipefail - version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) - if [ -z "$version" ] || [ "null" = "$verson" ]; then - echo "inspected image version must not be empty or null" - exit 1 - fi + skopeo inspect docker://quay.io/fedora/fedora-coreos:${{ inputs.coreos_version }} > inspect.json + + linux=$(jq -r '.["Labels"]["ostree.linux"]' inspect.json) + if [ -z "$linux" ] || [ "null" = "$linux" ]; then + echo "inspected linux version must not be empty or null" + exit 1 + fi + + version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) + if [ -z "$version" ] || [ "null" = "$verson" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi - echo "linux=$linux" >> $GITHUB_OUTPUT - echo "version=$version" >> $GITHUB_OUTPUT + echo "linux=$linux" >> $GITHUB_OUTPUT + echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | echo "${{ steps.fetch.outputs }}" From 255d483daea68c2296bdebbacf0257ddb4b468ff Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 08:47:37 -0500 Subject: [PATCH 4/8] chore(ci): shortcircuit matrix jobs --- .github/workflows/reusable-build.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 8a916fd..458afdf 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -55,7 +55,7 @@ jobs: fi version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' inspect.json) - if [ -z "$version" ] || [ "null" = "$verson" ]; then + if [ -z "$version" ] || [ "null" = "$version" ]; then echo "inspected image version must not be empty or null" exit 1 fi @@ -96,6 +96,14 @@ jobs: - name: Checkout Push to Registry action uses: actions/checkout@v4 + - name: Verify version + shell: bash + run: | + if [ -z "${{ matrix.image_version }}" ] || [ "null" = "${{ matrix.image_version }}" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi + - name: Generate tags id: generate-tags shell: bash @@ -264,6 +272,14 @@ jobs: - name: Checkout Push to Registry action uses: actions/checkout@v4 + - name: Verify version + shell: bash + run: | + if [ -z "${{ matrix.image_version }}" ] || [ "null" = "${{ matrix.image_version }}" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi + - name: Generate tags id: generate-tags shell: bash From f77efbf7eb792844f00dde7c0d682677a66b230b Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 08:53:58 -0500 Subject: [PATCH 5/8] chore: debug output improve --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 458afdf..c154b03 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -64,7 +64,7 @@ jobs: echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | - echo "${{ steps.fetch.outputs }}" + echo "${{ fromJSON(steps.fetch.outputs) }}" build_fcos: name: fedora-coreos @@ -100,7 +100,7 @@ jobs: shell: bash run: | if [ -z "${{ matrix.image_version }}" ] || [ "null" = "${{ matrix.image_version }}" ]; then - echo "inspected image version must not be empty or null" + echo "matrix.image_version must not be empty or null" exit 1 fi @@ -276,7 +276,7 @@ jobs: shell: bash run: | if [ -z "${{ matrix.image_version }}" ] || [ "null" = "${{ matrix.image_version }}" ]; then - echo "inspected image version must not be empty or null" + echo "matrix.image_version must not be empty or null" exit 1 fi From 5c065143a8989b74a5f3aa3686b2de42a82ef6c5 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 09:03:25 -0500 Subject: [PATCH 6/8] chore(ci): tricky retry outputs --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c154b03..45a1561 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -34,8 +34,8 @@ jobs: name: Get Stream Info runs-on: ubuntu-latest outputs: - linux: ${{ fromJSON(steps.fetch.outputs).linux }} - version: ${{ fromJSON(steps.fetch.outputs).version }} + linux: ${{ fromJSON(steps.fetch.outputs.outputs).linux }} + version: ${{ fromJSON(steps.fetch.outputs.outputs).version }} steps: - name: Fetch CoreOS stream versions id: fetch @@ -64,7 +64,7 @@ jobs: echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | - echo "${{ fromJSON(steps.fetch.outputs) }}" + echo "${{ fromJSON(steps.fetch.outputs.outputs) }}" build_fcos: name: fedora-coreos From d8a9d37822303031e0d0b8d06f1f3ef1a10e030e Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 09:05:24 -0500 Subject: [PATCH 7/8] chore: output debugging --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 45a1561..4110c14 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -64,7 +64,7 @@ jobs: echo "version=$version" >> $GITHUB_OUTPUT - name: Echo outputs run: | - echo "${{ fromJSON(steps.fetch.outputs.outputs) }}" + echo "${{ steps.fetch.outputs.outputs }}" build_fcos: name: fedora-coreos From 8abc192d200224bfcbf31fa0716b0a096c9c6229 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 14 Mar 2024 09:10:54 -0500 Subject: [PATCH 8/8] chore: retry push to ghcr --- .github/workflows/reusable-build.yml | 40 +++++++++++++++++----------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 4110c14..0859880 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -193,20 +193,24 @@ jobs: # Push the image to GHCR (Image Registry) - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 + uses: Wandalen/wretry.action@v1.4.5 id: push if: github.event_name != 'pull_request' env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust + action: redhat-actions/push-to-registry@v2 + attempt_limit: 3 + attempt_delay: 15000 + with: | + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust - name: Login to GitHub Container Registry uses: docker/login-action@v3 @@ -375,20 +379,24 @@ jobs: # Push the image to GHCR (Image Registry) - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 + uses: Wandalen/wretry.action@v1.4.5 id: push if: github.event_name != 'pull_request' env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust + action: redhat-actions/push-to-registry@v2 + attempt_limit: 3 + attempt_delay: 15000 + with: | + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust - name: Login to GitHub Container Registry uses: docker/login-action@v3