-
Notifications
You must be signed in to change notification settings - Fork 999
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rootfs: Make OPA build working in docker for s390x and pp… #9489
Conversation
22adfb0
to
6c24530
Compare
6c24530
to
7762f9a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks okay, but that my brain can't fully validate that Dockerfile templating line , so I've added the ok-to-test and will check the agent-opa job for s390x and ppc64le before I approve :)
The changes are failing for the am64 confidential rootfs image:
|
The commit is to make the OPA build from source working in `ubuntu-rootfs-osbuilder`. To achieve the goal, the configuration is changed as follows: - Switch the make target to `ci-build-linux-static` not triggering docker-in-docker build - Install go in the builder image for s390x and ppc64le Fixes: kata-containers#9466 Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
7762f9a
to
d523e86
Compare
Ah, I missed an underscore between |
354c16c
to
d523e86
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The agent-opa and confidential images jobs are passing now, so looks good to me. Thanks
For reviewers: |
@@ -384,6 +389,11 @@ install_initrd() { | |||
if [ "${variant}" == "confidential" ]; then | |||
export COCO_GUEST_COMPONENTS_TARBALL="$(get_coco_guest_components_tarball_path)" | |||
export PAUSE_IMAGE_TARBALL="$(get_pause_image_tarball_path)" | |||
# GO_VERSION should be exported to install the package in ubuntu-rootfs-osbuilder | |||
# This is necessary for installing opa from the source for s390x and ppc64le | |||
if [ "${AGENT_POLICY}" == "yes" ] && [ "${ARCH}" == "s390x" -o "${ARCH}" == "ppc64le" ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @BbolroC ! I've some doubts that I won't be able to study more today. However, one thing that I can ask now before going offline:
Is this if
block in the path of s390x builds? I figured that variant==confidential
when you build the rootfs-image-confidential
asset. The .github/workflows/build-kata-static-tarball-s390x.yaml workflow seems to build both rootfs-image
and rootfs-initrd
only.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you are right. The mentioned code block is not reached by the current workflow. The PR is tested (see https://github.com/BbolroC/kata-containers/actions/runs/8711566342/job/23908856311) and raised based on an assumption that a follow-up PR #9494 uses the change of this PR (it includes building 3 new confidential artifacts). Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool! thanks for the info!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Thanks @BbolroC!
Please do not merge this until the review from @wainersm is finished. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @BbolroC ! Sorry for holding this for too long. LGTM!
The PR is to make the OPA build from source working in a docker builder
ubuntu-rootfs-osbuilder
.To achieve the goal, the configuration is changed as follows:
ci-build-linux-static
not triggering docker-in-docker buildFixes: #9466
Signed-off-by: Hyounggyu Choi Hyounggyu.Choi@ibm.com