Skip to content

Merge pull request #23959 from auyer/hide-secrets-from-container-inspect #1988

Merge pull request #23959 from auyer/hide-secrets-from-container-inspect

Merge pull request #23959 from auyer/hide-secrets-from-container-inspect #1988

name: Build FCOS image with packages from rhcontainerbot/podman-next
on:
push:
branches:
- main
# Run everyday at midnight and pull the latest packages from the copr
schedule:
- cron: '0 0 * * *'
env:
IMAGE_NAME: fcos
# IMAGE_ARCHS has to be comma separated
IMAGE_ARCHS: amd64, arm64
IMAGE_REGISTRY: quay.io/podman
COPR_OWNER: rhcontainerbot
COPR_PROJECT: podman-next
jobs:
fcos-podman-next-image-build:
runs-on: ubuntu-latest
steps:
- name: Install qemu dependency
run: |
sudo apt update
sudo apt -y install qemu-user-static
- name: Set up wait-for-copr
# Do not run on scheduled nightly builds
if: ${{ github.event_name != 'schedule' }}
run: |
pip3 install git+https://github.com/packit/wait-for-copr.git@main
- name: Check out code
uses: actions/checkout@v4
- name: Get short SHA from HEAD
run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
id: short_sha
- name: Wait for successful podman-next build with the latest commit
# Do not run on scheduled nightly builds
if: ${{ github.event_name != 'schedule' }}
run: |
# TODO: add this in the Containerfile itself or as a --build-arg
wait-for-copr --owner ${{ env.COPR_OWNER }} --project ${{ env.COPR_PROJECT }} podman ${{ env.SHORT_SHA }}
echo "podman-next build successful."
- name: Build FCOS Image
id: build_image_multiarch
# Ref: https://github.com/redhat-actions/buildah-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.COPR_PROJECT }} podman-${{ env.SHORT_SHA }}
archs: ${{ env.IMAGE_ARCHS }}
containerfiles: ./contrib/podman-next/fcos-podmanimage/Containerfile
labels: |
org.opencontainers.image.title=fcos-podman-next image
org.opencontainers.image.source=https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }}/contrib/podman-next/fcos-podmanimage/Containerfile
org.opencontainers.image.url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
org.opencontainers.image.description=FCOS image with rpms from rhcontainerbot/podman-next copr
org.opencontainers.image.revision=${{ github.sha }}
- name: Echo Outputs
run: |
echo "Image: ${{ steps.build_image_multiarch.outputs.image }}"
echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}"
echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}"
- name: Check images created
run: buildah images | grep '${{ env.IMAGE_NAME }}'
- name: Check image metadata
run: |
set -x
# COPR_PROJECT envvar is used for the `podman-next` floating tag
buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".OCIv1.architecture"
buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".Docker.architecture"
buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".OCIv1.architecture"
buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".Docker.architecture"
- name: Run image
run: podman run --privileged --rm ${{ steps.build_image_multiarch.outputs.image-with-tag }} podman system info
- name: Push to Quay
id: push-to-quay
# Ref: https://github.com/redhat-actions/push-to-registry
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.build_image_multiarch.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ secrets.QUAY_PODMAN_USERNAME }}
password: ${{ secrets.QUAY_PODMAN_PASSWORD }}