From ada86c5b0948b6782b200a1f96bfdcfcdba89666 Mon Sep 17 00:00:00 2001 From: Scott J Dickerson Date: Fri, 10 May 2024 11:08:06 -0400 Subject: [PATCH] :sparkles: Test image build when build related files change If the workflow is run from a PR, and the PR includes a change to the `Dockerfile` or `package-lock.json`, then run image builds for all of our target platforms. The images are built but not pushed to any repository. We want to be reasonably sure that any major build file changes will not cause the image-build-and-push on PR merge workflow to break. Doing the image build here should show up most problems much earlier. For example, a npm version update in the build container could break github action `nofiles` or network access capabilities for the npm install. See #1742, #1746, and #1781 for some other examples of when this check could have caught issues before a PR merge. Supports: #1883 Signed-off-by: Scott J Dickerson --- .github/workflows/ci-image-build.yml | 105 +++++++++++++++++++++++++++ .github/workflows/ci-repo.yml | 7 +- .github/workflows/image-build.yaml | 4 + 3 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/ci-image-build.yml diff --git a/.github/workflows/ci-image-build.yml b/.github/workflows/ci-image-build.yml new file mode 100644 index 0000000000..ac3017a4cf --- /dev/null +++ b/.github/workflows/ci-image-build.yml @@ -0,0 +1,105 @@ +name: CI (test image build for a PR with build related changes) + +on: + pull_request: + branches: + - "main" + - "release-*" + +jobs: + checks: + runs-on: ubuntu-latest + outputs: + should-test: ${{ steps.check-dockerfile.outputs.should-test }} + + steps: + - uses: actions/checkout@v4 + + - name: What files changed? + id: changed + uses: tj-actions/changed-files@v44 + with: + files: | + Dockerfile + package-lock.json + + - name: Check if build related files have been changed in a PR + id: check-changes + env: + IS_PR: ${{ !!github.event.pull_request }} + ANY_MODIFIED: ${{ steps.changed.outputs.any_modified }} + run: | + TEST_IMAGE_BUILD=$( + if [[ $IS_PR == true ]] && [[ $ANY_MODIFIED == true ]]; then + echo "true" + else + echo "false" + fi + ) + + echo "is-pr=$IS_PR" >> "$GITHUB_OUTPUT" + echo "changed=${ANY_MODIFIED:-false}" >> "$GITHUB_OUTPUT" + echo "should-test=$TEST_IMAGE_BUILD" >> "$GITHUB_OUTPUT" + + - name: Summarize findings + env: + MODIFIED_FILES: ${{ steps.changes.outputs.all_modified_files }} + run: | + cat >> "$GITHUB_STEP_SUMMARY" <> "$GITHUB_STEP_SUMMARY" + for file in ${MODIFIED_FILES}; do + echo " - \`$file\`" >> "$GITHUB_STEP_SUMMARY" + done + fi + + # + # Based on: + # - image-build.yaml + # - konveyor/release-tools/.github/workflows/build-push-images.yaml@main + # + # Only test the image build, no push to quay is required. + # + test-image-build: + runs-on: ubuntu-latest + needs: checks + if: ${{ needs.checks.outputs.should-test == 'true' }} + + strategy: + fail-fast: true + matrix: + architecture: # keep this list in sync with `image-build.yaml` + - amd64 + - arm64 + + concurrency: + group: test-image-build-${{ github.ref }} + cancel-in-progress: true + + steps: + - name: Checkout merge commit for PR${{ github.event.pull_request.number }} + uses: actions/checkout@v4 + + - name: Setup QEMU to be able to build on ${{ matrix.architecture }} + if: ${{ matrix.architecture != 'amd64' }} + uses: docker/setup-qemu-action@master + with: + platforms: ${{ matrix.architecture }} + + - name: Test build image on ${{ matrix.architecture }} + id: test-build + uses: redhat-actions/buildah-build@main + with: + image: "tackle2-ui" + tags: pr${{ github.event.pull_request.number }}-${{ matrix.architecture }} + extra-args: "--no-cache --rm --ulimit nofile=4096:4096" + archs: ${{ matrix.architecture }} + labels: "" + containerfiles: "./Dockerfile" + context: "." diff --git a/.github/workflows/ci-repo.yml b/.github/workflows/ci-repo.yml index e5cc1c63ee..1677e134f5 100644 --- a/.github/workflows/ci-repo.yml +++ b/.github/workflows/ci-repo.yml @@ -17,10 +17,11 @@ on: workflow_dispatch: jobs: - unit-test-lookup-image: + unit-test-lookups: runs-on: ubuntu-latest outputs: builder-image: ${{ steps.grepBuilder.outputs.builder }} + steps: - uses: actions/checkout@v4 @@ -33,10 +34,10 @@ jobs: unit-test: runs-on: ubuntu-latest - needs: unit-test-lookup-image + needs: unit-test-lookups # Use the same container as the Dockerfile's "FROM * as builder" - container: ${{ needs.unit-test-lookup-image.outputs.builder-image }} + container: ${{ needs.unit-test-lookups.outputs.builder-image }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index 379fa13d82..48d82e64bd 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -20,9 +20,13 @@ jobs: registry: "quay.io/sdickers" image_name: "tackle2-ui" containerfile: "./Dockerfile" + + # keep the architectures in sync with `ci-image-build.yml` architectures: '[ "amd64", "arm64" ]' + # 2023-03-19: currently needed for npm@10 extra-args: "--ulimit nofile=4096:4096" + secrets: registry_username: ${{ secrets.QUAY_PUBLISH_ROBOT }} registry_password: ${{ secrets.QUAY_PUBLISH_TOKEN }}