Skip to content

Commit 62d1730

Browse files
adeltonadelton
committed
Easier execution of GitHub Actions workflows without Red Hat subscriptions
by moving building and testing RHEL images to separate job.
1 parent 6bfc994 commit 62d1730

File tree

4 files changed

+52
-121
lines changed

4 files changed

+52
-121
lines changed

.github/actions/decrypt-file/action.yml

Lines changed: 0 additions & 17 deletions
This file was deleted.

.github/actions/encrypt-file/action.yml

Lines changed: 0 additions & 17 deletions
This file was deleted.

.github/workflows/build-test.yaml

Lines changed: 42 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -16,29 +16,15 @@ jobs:
1616
matrix:
1717
os: [ fedora-rawhide, fedora-40, fedora-39, centos-9-stream, rocky-9, rocky-8, almalinux-9, almalinux-8 ]
1818
docker: [ docker ]
19-
include:
20-
- os: rhel-9
21-
docker: podman
22-
- os: rhel-8
23-
docker: podman
2419
timeout-minutes: 15
2520
steps:
2621
- uses: actions/checkout@v4
27-
- name: Install podman 4.*
28-
uses: ./.github/actions/install-podman-4
29-
if: matrix.docker == 'podman'
3022
- name: Separate git work tree with just the files needed for build
3123
run: git worktree add --no-checkout ../minimize-for-build
3224
- name: Populate with the Dockerfile
3325
run: cd ../minimize-for-build && git checkout HEAD Dockerfile.${{ matrix.os }}
3426
- name: Populate with files referenced from the Dockerfile
3527
run: cd ../minimize-for-build && awk '/^(ADD|COPY)/ { for (i = 2; i < NF; i++) print $i }' Dockerfile.${{ matrix.os }} | while read f ; do git checkout HEAD $f ; done
36-
- name: For RHEL builds, use entitlements
37-
if: ${{ startsWith(matrix.os, 'rhel-') }}
38-
uses: ./.github/actions/podman-entitlement
39-
with:
40-
org: ${{ secrets.REDHAT_ORG }}
41-
activationkey: ${{ secrets.REDHAT_ACTIVATIONKEY }}
4228
- name: Ensure docker images sees the named parent image
4329
run: awk '$1 == "FROM" { print $2 ; exit }' ../minimize-for-build/Dockerfile.${{ matrix.os }} | xargs ${{ matrix.docker }} pull
4430
- name: Build image
@@ -73,12 +59,6 @@ jobs:
7359
run: mkdir freeipa-server-${{ matrix.os }}
7460
- name: Save image
7561
run: ${{ matrix.docker }} save localhost/freeipa-server:${{ matrix.os }} | gzip > freeipa-server-${{ matrix.os }}/freeipa-server-${{ matrix.os }}.tar.gz
76-
- name: For RHEL builds, encrypt the artifacts
77-
uses: ./.github/actions/encrypt-file
78-
if: ${{ startsWith(matrix.os, 'rhel-') }}
79-
with:
80-
file: freeipa-server-${{ matrix.os }}/freeipa-server-${{ matrix.os }}.tar.gz
81-
secret: ${{ secrets.UPLOAD_SECRET }}
8262
- uses: actions/upload-artifact@v4
8363
with:
8464
name: freeipa-server-${{ matrix.os }}
@@ -106,20 +86,14 @@ jobs:
10686
- os: centos-9-stream
10787
readonly: --read-only
10888
ca: --external-ca
109-
os: [ fedora-39, rhel-9, rhel-8, almalinux-9 ]
89+
os: [ fedora-39, almalinux-9, rocky-8 ]
11090
timeout-minutes: 30
11191
steps:
11292
- uses: actions/checkout@v4
11393
- uses: ./.github/actions/docker-cgroups-ubuntu-22
11494
- uses: actions/download-artifact@v4
11595
with:
11696
name: freeipa-server-${{ matrix.os }}
117-
- name: Decrypt artifacts that were encrypted after build
118-
uses: ./.github/actions/decrypt-file
119-
if: ${{ startsWith(matrix.os, 'rhel-') }}
120-
with:
121-
file: freeipa-server-${{ matrix.os }}.tar.gz
122-
secret: ${{ secrets.UPLOAD_SECRET }}
12397
- name: Load image
12498
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
12599
- name: Run master and replica
@@ -135,7 +109,7 @@ jobs:
135109
strategy:
136110
fail-fast: false
137111
matrix:
138-
os: [ fedora-rawhide, fedora-40, rocky-9, almalinux-9 ]
112+
os: [ fedora-rawhide, fedora-40, rocky-9, almalinux-8 ]
139113
readonly: [ --read-only ]
140114
timeout-minutes: 30
141115
steps:
@@ -145,12 +119,6 @@ jobs:
145119
- uses: actions/download-artifact@v4
146120
with:
147121
name: freeipa-server-${{ matrix.os }}
148-
- name: Decrypt artifacts that were encrypted after build
149-
uses: ./.github/actions/decrypt-file
150-
if: ${{ startsWith(matrix.os, 'rhel-') }}
151-
with:
152-
file: freeipa-server-${{ matrix.os }}.tar.gz
153-
secret: ${{ secrets.UPLOAD_SECRET }}
154122
- name: Load image
155123
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
156124
- name: Run master and replica
@@ -178,12 +146,6 @@ jobs:
178146
- uses: actions/download-artifact@v4
179147
with:
180148
name: freeipa-server-${{ matrix.os }}
181-
- name: Decrypt artifacts that were encrypted after build
182-
uses: ./.github/actions/decrypt-file
183-
if: ${{ startsWith(matrix.os, 'rhel-') }}
184-
with:
185-
file: freeipa-server-${{ matrix.os }}.tar.gz
186-
secret: ${{ secrets.UPLOAD_SECRET }}
187149
- name: Load image
188150
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
189151
- name: Disable fs.protected_regular
@@ -211,12 +173,6 @@ jobs:
211173
- uses: actions/download-artifact@v4
212174
with:
213175
name: freeipa-server-${{ matrix.os }}
214-
- name: Decrypt artifacts that were encrypted after build
215-
uses: ./.github/actions/decrypt-file
216-
if: ${{ startsWith(matrix.os, 'rhel-') }}
217-
with:
218-
file: freeipa-server-${{ matrix.os }}.tar.gz
219-
secret: ${{ secrets.UPLOAD_SECRET }}
220176
- name: Load image
221177
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | sudo podman load
222178
- name: Run master and replica
@@ -232,7 +188,7 @@ jobs:
232188
strategy:
233189
fail-fast: false
234190
matrix:
235-
os: [ fedora-40, rhel-9, rhel-8, centos-9-stream, rocky-9, rocky-8, almalinux-8 ]
191+
os: [ fedora-40, centos-9-stream, rocky-9, almalinux-8 ]
236192
timeout-minutes: 30
237193
steps:
238194
- uses: actions/checkout@v4
@@ -241,12 +197,6 @@ jobs:
241197
- uses: actions/download-artifact@v4
242198
with:
243199
name: freeipa-server-${{ matrix.os }}
244-
- name: Decrypt artifacts that were encrypted after build
245-
uses: ./.github/actions/decrypt-file
246-
if: ${{ startsWith(matrix.os, 'rhel-') }}
247-
with:
248-
file: freeipa-server-${{ matrix.os }}.tar.gz
249-
secret: ${{ secrets.UPLOAD_SECRET }}
250200
- name: Load image
251201
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | podman load
252202
- name: Run master
@@ -269,8 +219,6 @@ jobs:
269219
data-from: fedora-39
270220
- os: fedora-40
271221
data-from: fedora-38
272-
- os: rhel-8
273-
data-from: centos-8
274222
- os: rocky-8
275223
data-from: centos-8
276224
- os: almalinux-8
@@ -282,12 +230,6 @@ jobs:
282230
- uses: actions/download-artifact@v4
283231
with:
284232
name: freeipa-server-${{ matrix.os }}
285-
- name: Decrypt artifacts that were encrypted after build
286-
uses: ./.github/actions/decrypt-file
287-
if: ${{ startsWith(matrix.os, 'rhel-') }}
288-
with:
289-
file: freeipa-server-${{ matrix.os }}.tar.gz
290-
secret: ${{ secrets.UPLOAD_SECRET }}
291233
- name: Load image
292234
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
293235
- name: Populate volume with data
@@ -313,12 +255,6 @@ jobs:
313255
- uses: actions/download-artifact@v4
314256
with:
315257
name: freeipa-server-${{ matrix.os }}
316-
- name: Decrypt artifacts that were encrypted after build
317-
uses: ./.github/actions/decrypt-file
318-
if: ${{ startsWith(matrix.os, 'rhel-') }}
319-
with:
320-
file: freeipa-server-${{ matrix.os }}.tar.gz
321-
secret: ${{ secrets.UPLOAD_SECRET }}
322258
- name: Load image
323259
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | podman load
324260
- name: Populate volume with data
@@ -344,12 +280,6 @@ jobs:
344280
- uses: actions/download-artifact@v4
345281
with:
346282
name: freeipa-server-${{ matrix.os }}
347-
- name: Decrypt artifacts that were encrypted after build
348-
uses: ./.github/actions/decrypt-file
349-
if: ${{ startsWith(matrix.os, 'rhel-') }}
350-
with:
351-
file: freeipa-server-${{ matrix.os }}.tar.gz
352-
secret: ${{ secrets.UPLOAD_SECRET }}
353283
- name: Load image
354284
run: gunzip < freeipa-server-${{ matrix.os }}.tar.gz | docker load
355285
- name: Populate volume with data
@@ -364,20 +294,14 @@ jobs:
364294
strategy:
365295
fail-fast: false
366296
matrix:
367-
os: [ fedora-rawhide, fedora-40, rhel-9, rhel-8, centos-9-stream ]
297+
os: [ fedora-rawhide, fedora-40, rocky-9, almalinux-8, centos-9-stream ]
368298
timeout-minutes: 30
369299
steps:
370300
- uses: actions/checkout@v4
371301
- uses: ./.github/actions/docker-cgroups-ubuntu-22
372302
- uses: actions/download-artifact@v4
373303
with:
374304
name: freeipa-server-${{ matrix.os }}
375-
- name: Decrypt artifacts that were encrypted after build
376-
uses: ./.github/actions/decrypt-file
377-
if: ${{ startsWith(matrix.os, 'rhel-') }}
378-
with:
379-
file: freeipa-server-${{ matrix.os }}.tar.gz
380-
secret: ${{ secrets.UPLOAD_SECRET }}
381305
- name: Download latest cri-dockerd
382306
run: curl -s ${{ github.api_url }}/repos/Mirantis/cri-dockerd/releases/latest | jq -r '.assets[].browser_download_url' | grep jammy_amd64.deb | tee /dev/stderr | xargs curl -LO
383307
- name: Install cri-dockerd
@@ -435,3 +359,41 @@ jobs:
435359
${{ secrets.REGISTRY_TARGET_LIST }}
436360
EOF
437361
362+
test-subscription:
363+
# Workaround https://github.com/actions/runner/issues/1138
364+
name: Prerequisite for RHEL builds
365+
runs-on: ubuntu-latest
366+
timeout-minutes: 1
367+
outputs:
368+
has_rhel_subscriptions: ${{ steps.check.outputs.has_rhel_subscriptions }}
369+
steps:
370+
- id: check
371+
run: |
372+
if [ -n "${{ secrets.REDHAT_ORG }}" -a -n "${{ secrets.REDHAT_ACTIVATIONKEY }}" ] ; then
373+
echo "has_rhel_subscriptions=1" >> $GITHUB_OUTPUT
374+
fi
375+
376+
build-test-rhel-podman:
377+
name: Build and test RHEL image
378+
runs-on: ubuntu-22.04
379+
needs: [ test-subscription ]
380+
if: needs.test-subscription.outputs.has_rhel_subscriptions == 1
381+
strategy:
382+
fail-fast: false
383+
matrix:
384+
os: [ rhel-9, rhel-8 ]
385+
timeout-minutes: 20
386+
steps:
387+
- uses: actions/checkout@v4
388+
- name: Install podman 4.*
389+
uses: ./.github/actions/install-podman-4
390+
- name: For RHEL builds, use entitlements
391+
uses: ./.github/actions/podman-entitlement
392+
with:
393+
org: ${{ secrets.REDHAT_ORG }}
394+
activationkey: ${{ secrets.REDHAT_ACTIVATIONKEY }}
395+
- name: Build image
396+
run: podman build -t localhost/freeipa-server:${{ matrix.os }} -f Dockerfile.${{ matrix.os }} .
397+
- name: Run master
398+
run: docker=podman tests/run-master-and-replica.sh localhost/freeipa-server:${{ matrix.os }} && podman pod ls -q | xargs podman pod rm -f
399+

.github/workflows/run-partial-tests.yaml

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,16 @@ jobs:
2929
steps:
3030
- id: default-matrix
3131
run: |
32-
echo "matrix={'os': [ 'fedora-rawhide', 'fedora-40', 'fedora-39', 'centos-9-stream', 'rocky-9', 'rocky-8', 'almalinux-9', 'almalinux-8' ], \
33-
'docker': [ 'docker', 'podman' ], \
34-
'include': [ \
35-
{ 'os': 'rhel-9', 'docker': 'podman' }, \
36-
{ 'os': 'rhel-8', 'docker': 'podman' } \
37-
] \
38-
}" | tee -a $GITHUB_OUTPUT
32+
(
33+
echo -n "matrix={'os': [ 'fedora-rawhide', 'fedora-40', 'fedora-39', 'centos-9-stream', 'rocky-9', 'rocky-8', 'almalinux-9', 'almalinux-8' ], \
34+
'docker': [ 'docker', 'podman' ] "
35+
if [ -n "${{ secrets.REDHAT_ORG }}" -a -n "${{ secrets.REDHAT_ACTIVATIONKEY }}" ] ; then
36+
echo -n ", 'include': [ \
37+
{ 'os': 'rhel-9', 'docker': 'podman' }, \
38+
{ 'os': 'rhel-8', 'docker': 'podman' } \
39+
]"
40+
fi
41+
echo "}" ) | tee -a $GITHUB_OUTPUT
3942
if: github.event_name != 'workflow_dispatch' || inputs.full
4043
- id: dispatch-matrix
4144
run: |

0 commit comments

Comments
 (0)