Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix z3 install and CN tests for Dockerfiles #712

Merged
merged 15 commits into from
Nov 21, 2024
Merged

Fix z3 install and CN tests for Dockerfiles #712

merged 15 commits into from
Nov 21, 2024

Conversation

podhrmic
Copy link
Contributor

@podhrmic podhrmic commented Nov 11, 2024
edited
Loading

The nighly docker build hid an error in docker invocation. I fixed the invocation of run-cn.sh and properly installed z3 via opam in both docker images.

@podhrmic podhrmic changed the title Add GPG key import to the Redhat build to avoid package signature errors Fix z3 install and CN tests for Dockerfiles Nov 11, 2024
@podhrmic
Copy link
Contributor Author

@dc-mak this fixes the error in https://github.com/rems-project/cerberus/actions/runs/11784243588/job/32823035384

@dc-mak
Copy link
Contributor

dc-mak commented Nov 12, 2024

Hmm, to minimise this in the future, can you please also adjust the docker.yml to run on any PR that edits the docker.yml or any Dockerfiles? https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request

@podhrmic
Copy link
Contributor Author

@dc-mak I tried - but as you can see, the on-change triggers do not seem to work very well (or at all). This matches my previous experience, so if you have an idea how to fix this go ahead, otherwise I would just merge as is, as moving forward we shouldn't need to change the Dockerfiles much

@podhrmic podhrmic mentioned this pull request Nov 12, 2024
Merged
@dc-mak
Copy link
Contributor

dc-mak commented Nov 12, 2024

It seems to have triggered the workflow but I did it when the actual scheduled job is also running, so it is waiting behind that to finish... https://github.com/rems-project/cerberus/actions/runs/11803628827

@dc-mak
Disable Docker push on PRs
e1b416d 
It's not allowed anyway (as desired) but it fails the CI spuriously.
@dc-mak dc-mak mentioned this pull request Nov 13, 2024
Merged
@podhrmic
Copy link
Contributor Author

@dc-mak I would also recommend that the test-docker-images job depends on the build job, such that you test the newly built images.

Adding:

needs:
  needs: [docker-release-redhat, docker-release-ubuntu]

Indeed, this will only work on master branch, as you are limiting which branch can push the new images, but probably good enough for now

@dc-mak
Copy link
Contributor

dc-mak commented Nov 13, 2024

@dc-mak I would also recommend that the test-docker-images job depends on the build job, such that you test the newly built images.

Adding:

needs:
  needs: [docker-release-redhat, docker-release-ubuntu]

Indeed, this will only work on master branch, as you are limiting which branch can push the new images, but probably good enough for now

Fair point, feel free to add and push

@dc-mak
Copy link
Contributor

dc-mak commented Nov 13, 2024

https://docs.docker.com/build/ci/github-actions/share-image-jobs

https://docs.docker.com/reference/cli/docker/buildx/build/#output

There also seem to be some caching options of some sort.

@podhrmic
Copy link
Contributor Author

@dc-mak I updated the job dependency. I cannot use the caching, because I am building the images with attestation, and that is allowed only if you directly push the images into the registry (attests: type=sbom and provenance: mode=max). I think this is good enough for now, thanks for tweaking the push conditions!

@podhrmic
Copy link
Contributor Author

@dc-mak any reason not to merge this?

@dc-mak dc-mak merged commit 21ec7e0 into rems-project:master Nov 21, 2024
8 checks passed
@dc-mak
Copy link
Contributor

dc-mak commented Nov 21, 2024

I’ve been writing 2000 words/day.

@podhrmic podhrmic deleted the redhat-fix branch November 21, 2024 16:37
vzaliva pushed a commit to vzaliva/cerberus that referenced this pull request Dec 4, 2024
@podhrmic @dc-mak @vzaliva
Fix z3 install and CN tests for Dockerfiles (rems-project#712)
5f7162a 
* Add GPG key import to the Redhat build to avoid package signature errors

* Fix the docker test script, and update z3 installation

* Run docker actions any time a dockerfile is changed

* Specify the working directory for the container

* Minimal dockerfile change (added documentation) to test triggering the docker action

* Trigger docker action on any push event that also changes a Dockerfile. This should be OK as we don't expect the dockerfiles to be changing very often and from multiple branches

* Also enable docker action run any time there is a change in the docker.yml file

* Change the path hoping to trigger the docker action

* Try disabling the scheduled run

* Re-enabling the scheduled run

* Try triggering docker.yml on PR

* Disable Docker push on PRs

It's not allowed anyway (as desired) but it fails the CI spuriously.

* Fix Docker push condition

* Fix other Docker push condition

* Update test-docker image dependencies

---------

Co-authored-by: Dhruv Makwana <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@podhrmic @dc-mak