From 2651d82f8a1bf1029ffde8b48e080cc70dd7f558 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Mon, 3 Apr 2023 12:12:46 +0100 Subject: [PATCH 1/6] CI: Add a push flag to kolla container image build workflow --- .../stackhpc-container-image-build.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 4f56eed5b..c5d7b425b 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -26,6 +26,11 @@ on: options: - centos - ubuntu + push: + description: Whether to push images + type: boolean + required: false + default: true env: ANSIBLE_FORCE_COLOR: True @@ -99,9 +104,13 @@ jobs: - name: Build and push kolla overcloud images run: | + args="${{ github.event.inputs.regexes }} -e kolla_base_distro=${{ inputs.distro }}" + if ${{ inputs.push }} == 'true'; then + args="$args --push" + fi source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe overcloud container image build ${{ github.event.inputs.regexes }} --push -e kolla_base_distro=${{ inputs.distro }} + kayobe overcloud container image build "$args" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.overcloud == 'true' @@ -126,9 +135,13 @@ jobs: - name: Build and push kolla seed images run: | + args="kolla_base_distro=${{ inputs.distro }}" + if ${{ inputs.push }} == 'true'; then + args="$args --push" + fi source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed container image build --push -e kolla_base_distro=${{ inputs.distro }} + kayobe seed container image build "$args" env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.seed == 'true' @@ -159,7 +172,7 @@ jobs: name: Trigger container image repository sync needs: - container-image-build - if: github.repository == 'stackhpc/stackhpc-kayobe-config' + if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push runs-on: ubuntu-latest steps: # NOTE(mgoddard): Trigger another CI workflow in the From 09d701030c9045a40cc90e95c09a40eb089f9b50 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Mon, 3 Apr 2023 12:13:16 +0100 Subject: [PATCH 2/6] CI: Generate Kolla tag in advance This ensures we use the same tag for seed & overcloud images. --- .../stackhpc-container-image-build.yml | 41 ++++++++++++++++--- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index c5d7b425b..d466e635b 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -35,10 +35,41 @@ on: env: ANSIBLE_FORCE_COLOR: True jobs: + generate-tag: + name: Generate container image tag + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + permissions: {} + outputs: + openstack_release: ${{ steps.openstack_release.outputs.openstack_release }} + kolla_tag: ${{ steps.kolla_tag.outputs.kolla_tag }} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Determine OpenStack release + id: openstack_release + run: | + BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' .gitreview) + echo "openstack_release=${BRANCH}" | sed "s|stable/||" >> $GITHUB_OUTPUT + + # Generate a tag to apply to all built container images. + # Without this, each kayobe * container image build command would use a different tag. + - name: Generate container image tag + id: kolla_tag + run: | + echo "kolla_tag=$(date +${{ steps.openstack_release.outputs.openstack_release }}-%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT + + - name: Display container image tag + run: | + echo "${{ steps.kolla_tag.outputs.kolla_tag }}" + container-image-build: name: Build Kolla container images if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + needs: + - generate-tag steps: - uses: actions/checkout@v3 with: @@ -48,7 +79,7 @@ jobs: uses: actions/checkout@v3 with: repository: stackhpc/kayobe - ref: refs/heads/stackhpc/wallaby + ref: refs/heads/stackhpc/${{ needs.generate-tag.outputs.openstack_release }} path: src/kayobe # FIXME: Failed in kolla-ansible : Ensure the latest version of pip is installed @@ -104,13 +135,13 @@ jobs: - name: Build and push kolla overcloud images run: | - args="${{ github.event.inputs.regexes }} -e kolla_base_distro=${{ inputs.distro }}" + args="${{ github.event.inputs.regexes }} -e kolla_base_distro=${{ inputs.distro }} -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" if ${{ inputs.push }} == 'true'; then args="$args --push" fi source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe overcloud container image build "$args" + kayobe overcloud container image build $args env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.overcloud == 'true' @@ -135,13 +166,13 @@ jobs: - name: Build and push kolla seed images run: | - args="kolla_base_distro=${{ inputs.distro }}" + args="kolla_base_distro=${{ inputs.distro }} -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" if ${{ inputs.push }} == 'true'; then args="$args --push" fi source venvs/kayobe/bin/activate && source src/kayobe-config/kayobe-env --environment ci-builder && - kayobe seed container image build "$args" + kayobe seed container image build $args env: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.seed == 'true' From efa70f6741f89b5217b3df685ea85933b6f55119 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Mon, 3 Apr 2023 12:48:05 +0100 Subject: [PATCH 3/6] CI: Drop permissions for container image build job --- .github/workflows/stackhpc-container-image-build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index d466e635b..a235893b2 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -68,6 +68,7 @@ jobs: name: Build Kolla container images if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] + permissions: {} needs: - generate-tag steps: @@ -205,6 +206,7 @@ jobs: - container-image-build if: github.repository == 'stackhpc/stackhpc-kayobe-config' && inputs.push runs-on: ubuntu-latest + permissions: {} steps: # NOTE(mgoddard): Trigger another CI workflow in the # stackhpc-release-train repository. From 8c153a3b02fae4afae280b3de471ae33b64266ef Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Mon, 3 Apr 2023 13:51:24 +0100 Subject: [PATCH 4/6] CI: Support building multiple container image distros in parallel --- .../stackhpc-container-image-build.yml | 81 ++++++++++--------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index a235893b2..adef6ffdc 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -18,14 +18,16 @@ on: type: boolean required: false default: false - distro: - description: Container image OS distribution - type: choice + centos-stream-8: + description: Build CentOS Stream 8 images? + type: boolean + required: false + default: true + ubuntu-focal: + description: Build Ubuntu Focal 20.04 images? + type: boolean required: false - default: centos - options: - - centos - - ubuntu + default: true push: description: Whether to push images type: boolean @@ -41,8 +43,9 @@ jobs: runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] permissions: {} outputs: - openstack_release: ${{ steps.openstack_release.outputs.openstack_release }} kolla_tag: ${{ steps.kolla_tag.outputs.kolla_tag }} + matrix: ${{ steps.set-matrix.outputs.matrix }} + openstack_release: ${{ steps.openstack_release.outputs.openstack_release }} steps: - name: Checkout uses: actions/checkout@v3 @@ -60,6 +63,24 @@ jobs: run: | echo "kolla_tag=$(date +${{ steps.openstack_release.outputs.openstack_release }}-%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT + # Dynamically define job matrix. + # We need a separate matrix entry for each distribution, when the relevant input is true. + # https://stackoverflow.com/questions/65384420/how-do-i-make-a-github-action-matrix-element-conditional + - name: Generate build matrix + id: set-matrix + run: | + comma="" + echo -n "matrix={\"distro\": [" >> $GITHUB_OUTPUT + if [[ ${{ inputs.centos-stream-8 }} == 'true' ]]; then + echo -n "$comma\"centos\"" >> $GITHUB_OUTPUT + comma=", " + fi + if [[ ${{ inputs.ubuntu-focal }} == 'true' ]]; then + echo -n "$comma\"ubuntu\"" >> $GITHUB_OUTPUT + comma=", " + fi + echo "]}" >> $GITHUB_OUTPUT + - name: Display container image tag run: | echo "${{ steps.kolla_tag.outputs.kolla_tag }}" @@ -69,6 +90,8 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: [self-hosted, stackhpc-kayobe-config-kolla-builder] permissions: {} + strategy: + matrix: ${{ fromJson(needs.generate-tag.outputs.matrix) }} needs: - generate-tag steps: @@ -136,7 +159,9 @@ jobs: - name: Build and push kolla overcloud images run: | - args="${{ github.event.inputs.regexes }} -e kolla_base_distro=${{ inputs.distro }} -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" + args="${{ github.event.inputs.regexes }}" + args="$args -e kolla_base_distro=${{ matrix.distro }}" + args="$args -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" if ${{ inputs.push }} == 'true'; then args="$args --push" fi @@ -147,27 +172,10 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.overcloud == 'true' - - name: Display the overcloud container image tag - run: | - echo "$(cat ~/kolla_tag)" - if: github.event.inputs.overcloud == 'true' - - - name: Get built overcloud container images - run: | - sudo docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:$(cat ~/kolla_tag)" > overcloud-container-images - if: github.event.inputs.overcloud == 'true' - - - name: Upload overcloud-container-images artifact - uses: actions/upload-artifact@v3 - with: - name: Overcloud container images - path: overcloud-container-images - retention-days: 7 - if: github.event.inputs.overcloud == 'true' - - name: Build and push kolla seed images run: | - args="kolla_base_distro=${{ inputs.distro }} -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" + args="kolla_base_distro=${{ matrix.distro }}" + args="$args -e kolla_tag=${{ needs.generate-tag.outputs.kolla_tag }}" if ${{ inputs.push }} == 'true'; then args="$args --push" fi @@ -178,23 +186,16 @@ jobs: KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }} if: github.event.inputs.seed == 'true' - - name: Display the seed container image tag - run: | - echo "$(cat ~/kolla_tag)" - if: github.event.inputs.seed == 'true' - - - name: Get built seed container images + - name: Get built container images run: | - sudo docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/*:$(cat ~/kolla_tag)" > seed-container-images - if: github.event.inputs.seed == 'true' + sudo docker image ls --filter "reference=ark.stackhpc.com/stackhpc-dev/${{ matrix.distro }}-*:${{ needs.generate-tag.outputs.kolla_tag }}" > ${{ matrix.distro }}-container-images - - name: Upload seed-container-images artifact + - name: Upload container images artifact uses: actions/upload-artifact@v3 with: - name: Seed container images - path: seed-container-images + name: ${{ matrix.distro }} container images + path: ${{ matrix.distro }}-container-images retention-days: 7 - if: github.event.inputs.seed == 'true' - name: Prune local Kolla container images over 1 week old run: | From a6157ccf7bde7702277e1654320a4a2165d38f23 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Mon, 3 Apr 2023 14:47:53 +0100 Subject: [PATCH 5/6] CI: Drop permissions for package promote job --- .github/workflows/stackhpc-promote.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/stackhpc-promote.yml b/.github/workflows/stackhpc-promote.yml index 81b05b774..978cab437 100644 --- a/.github/workflows/stackhpc-promote.yml +++ b/.github/workflows/stackhpc-promote.yml @@ -11,6 +11,7 @@ jobs: name: Trigger package repository promotion if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: ubuntu-latest + permissions: {} steps: # NOTE(mgoddard): Trigger another CI workflow in the # stackhpc-release-train repository. From 977d58b5f717344ae97103893c7b0984f9d3c623 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 4 Apr 2023 16:04:38 +0100 Subject: [PATCH 6/6] Remove write-kolla-tag.yml custom playbook & hooks It is no longer necessary since we generate a tag in advance. --- README.rst | 5 +---- etc/kayobe/ansible/write-kolla-tag.yml | 19 ------------------- .../post.d/50-write-kolla-tag.yml | 1 - .../post.d/50-write-kolla-tag.yml | 1 - 4 files changed, 1 insertion(+), 25 deletions(-) delete mode 100644 etc/kayobe/ansible/write-kolla-tag.yml delete mode 120000 etc/kayobe/hooks/overcloud-container-image-build/post.d/50-write-kolla-tag.yml delete mode 120000 etc/kayobe/hooks/seed-container-image-build/post.d/50-write-kolla-tag.yml diff --git a/README.rst b/README.rst index d8e39fa87..76255e096 100644 --- a/README.rst +++ b/README.rst @@ -459,10 +459,7 @@ At this point you are ready to build and push some container images. kayobe seed container image build --push kayobe overcloud container image build --push -The container images are tagged as ``wallaby-``. This Kayobe -configuration includes a hook that writes the tag to ``~/kolla_tag``, since -it is not always simple to determine which tag was last applied to built -images. +The container images are tagged as ``wallaby-``. To use the new images, edit ``~/src/kayobe-config/etc/kayobe/kolla.yml`` to set the above diff --git a/etc/kayobe/ansible/write-kolla-tag.yml b/etc/kayobe/ansible/write-kolla-tag.yml deleted file mode 100644 index e0099bb87..000000000 --- a/etc/kayobe/ansible/write-kolla-tag.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Write out value of kolla_tag - hosts: localhost - gather_facts: no - vars: - kolla_tag_dest: ~/kolla_tag - tasks: - - name: Query image tag - shell: - cmd: >- - grep '^tag' {{ kolla_build_config_path }}/kolla-build.conf | - sed 's/tag\s=\s\(.*\)/\1/' - become: true - register: tag - - - name: Write out value of kolla_tag - copy: - content: "{{ tag.stdout }}" - dest: "{{ kolla_tag_dest }}" diff --git a/etc/kayobe/hooks/overcloud-container-image-build/post.d/50-write-kolla-tag.yml b/etc/kayobe/hooks/overcloud-container-image-build/post.d/50-write-kolla-tag.yml deleted file mode 120000 index c685974a2..000000000 --- a/etc/kayobe/hooks/overcloud-container-image-build/post.d/50-write-kolla-tag.yml +++ /dev/null @@ -1 +0,0 @@ -../../../ansible/write-kolla-tag.yml \ No newline at end of file diff --git a/etc/kayobe/hooks/seed-container-image-build/post.d/50-write-kolla-tag.yml b/etc/kayobe/hooks/seed-container-image-build/post.d/50-write-kolla-tag.yml deleted file mode 120000 index c685974a2..000000000 --- a/etc/kayobe/hooks/seed-container-image-build/post.d/50-write-kolla-tag.yml +++ /dev/null @@ -1 +0,0 @@ -../../../ansible/write-kolla-tag.yml \ No newline at end of file