Skip to content

Commit 4136129

Browse files
nikolaszimmermannnikolaszimmermann
committed
Use direct podman commands for image deployment
Replace wkdev-sdk-bakery script with direct podman commands for building and deploying container images, matching the pattern from webkit-container-sdk-bots. Main changes: - Build jobs now use direct podman build/push instead of bakery script - Remove artifact upload/download steps for faster workflow execution - Push arch-specific images directly to registry after build - Deploy job validates images exist before creating manifest - Add rollback cleanup if validation fails - Clean up intermediate arch-specific tags after successful deployment - Fix WKDEV_SDK_TAG to use GITHUB_REF_NAME instead of GITHUB_BASE_REF - Add debug output for troubleshooting tag variables Should lead to much faster builds + deployments.
1 parent 7375713 commit 4136129

File tree

1 file changed

+132
-60
lines changed

1 file changed

+132
-60
lines changed

.github/workflows/wkdev-sdk.yml

Lines changed: 132 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -12,18 +12,31 @@ defaults:
1212
jobs:
1313
build_amd64:
1414
runs-on: [self-hosted, x64]
15+
permissions:
16+
packages: write
1517
if: |
1618
github.event_name != 'create' ||
1719
startsWith(github.ref_name, 'tag/')
1820
steps:
1921
- name: Set tag name
2022
run: |
21-
if [ "${GITHUB_BASE_REF}" = 'main' ]; then
23+
if [ "${GITHUB_REF_NAME}" = 'main' ]; then
24+
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
25+
elif [[ "${GITHUB_REF_NAME}" =~ ^tag/(.+)$ ]]; then
26+
echo "WKDEV_SDK_TAG=${BASH_REMATCH[1]}" >> "${GITHUB_ENV}"
27+
else
2228
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
2329
fi
2430
echo "WKDEV_SDK_CONTAINER_REGISTRY_USER_NAME=$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')" >> "${GITHUB_ENV}"
2531
echo "REPO=ghcr.io/$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')/wkdev-sdk" >> "${GITHUB_ENV}"
2632
33+
- name: Debug tag information
34+
run: |
35+
echo "GITHUB_REF_NAME=${GITHUB_REF_NAME}"
36+
echo "WKDEV_SDK_TAG=${WKDEV_SDK_TAG}"
37+
echo "REPO=${REPO}"
38+
echo "Full image tag: ${REPO}:${WKDEV_SDK_TAG}_amd64"
39+
2740
- name: Install podman
2841
run: sudo apt-get update && sudo apt-get -y install podman fuse-overlayfs
2942

@@ -41,16 +54,14 @@ jobs:
4154

4255
- name: Clean unrelated images
4356
run: |
44-
podman rmi --ignore --force ${REPO}:latest
45-
podman manifest rm ${REPO}:latest || true
46-
podman rmi --ignore --force ${REPO}:latest_amd64
57+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}
58+
podman manifest rm ${REPO}:${WKDEV_SDK_TAG} || true
59+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_amd64
4760
4861
- name: Build image
4962
run: |
50-
source ./register-sdk-on-host.sh
51-
wkdev-sdk-bakery --mode=build --verbose --arch amd64
63+
podman build -t ${REPO}:${WKDEV_SDK_TAG}_amd64 --arch=amd64 images/wkdev_sdk
5264
podman image list
53-
wkdev-sdk-bakery --mode=export --verbose --arch amd64
5465
5566
- name: Test image
5667
run: |
@@ -62,13 +73,11 @@ jobs:
6273
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --wpe --release --generate-project-only
6374
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --gtk --release --generate-project-only
6475
65-
- name: Archive image
76+
- name: Push image
6677
if: github.ref_name == 'main' || startsWith(github.ref_name, 'tag/')
67-
uses: actions/upload-artifact@v4
68-
with:
69-
name: wkdev-sdk-amd64.tar
70-
path: wkdev-sdk-amd64.tar
71-
retention-days: 7
78+
run: |
79+
echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io --username=${GITHUB_REPOSITORY_OWNER} --password-stdin
80+
podman push ${REPO}:${WKDEV_SDK_TAG}_amd64
7281
7382
- name: Cleanup test artifacts
7483
if: always()
@@ -84,18 +93,31 @@ jobs:
8493
8594
build_arm64:
8695
runs-on: [self-hosted, arch-arm64]
96+
permissions:
97+
packages: write
8798
if: |
8899
github.event_name != 'create' ||
89100
startsWith(github.ref_name, 'tag/')
90101
steps:
91102
- name: Set tag name
92103
run: |
93-
if [ "${GITHUB_BASE_REF}" = 'main' ]; then
104+
if [ "${GITHUB_REF_NAME}" = 'main' ]; then
105+
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
106+
elif [[ "${GITHUB_REF_NAME}" =~ ^tag/(.+)$ ]]; then
107+
echo "WKDEV_SDK_TAG=${BASH_REMATCH[1]}" >> "${GITHUB_ENV}"
108+
else
94109
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
95110
fi
96111
echo "WKDEV_SDK_CONTAINER_REGISTRY_USER_NAME=$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')" >> "${GITHUB_ENV}"
97112
echo "REPO=ghcr.io/$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')/wkdev-sdk" >> "${GITHUB_ENV}"
98113
114+
- name: Debug tag information
115+
run: |
116+
echo "GITHUB_REF_NAME=${GITHUB_REF_NAME}"
117+
echo "WKDEV_SDK_TAG=${WKDEV_SDK_TAG}"
118+
echo "REPO=${REPO}"
119+
echo "Full image tag: ${REPO}:${WKDEV_SDK_TAG}_arm64"
120+
99121
- name: Install podman
100122
run: sudo apt-get update && sudo apt-get -y install podman fuse-overlayfs
101123

@@ -113,16 +135,14 @@ jobs:
113135

114136
- name: Clean unrelated images
115137
run: |
116-
podman rmi --ignore --force ${REPO}:latest
117-
podman manifest rm ${REPO}:latest || true
118-
podman rmi --ignore --force ${REPO}:latest_amd64
138+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}
139+
podman manifest rm ${REPO}:${WKDEV_SDK_TAG} || true
140+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_arm64
119141
120142
- name: Build image
121143
run: |
122-
source ./register-sdk-on-host.sh
123-
wkdev-sdk-bakery --mode=build --verbose --arch arm64
144+
podman build -t ${REPO}:${WKDEV_SDK_TAG}_arm64 --arch=arm64 images/wkdev_sdk
124145
podman image list
125-
wkdev-sdk-bakery --mode=export --verbose --arch arm64
126146
127147
- name: Test image
128148
run: |
@@ -134,13 +154,11 @@ jobs:
134154
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --wpe --release --generate-project-only
135155
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --gtk --release --generate-project-only
136156
137-
- name: Archive image
157+
- name: Push image
138158
if: github.ref_name == 'main' || startsWith(github.ref_name, 'tag/')
139-
uses: actions/upload-artifact@v4
140-
with:
141-
name: wkdev-sdk-arm64.tar
142-
path: wkdev-sdk-arm64.tar
143-
retention-days: 7
159+
run: |
160+
echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io --username=${GITHUB_REPOSITORY_OWNER} --password-stdin
161+
podman push ${REPO}:${WKDEV_SDK_TAG}_arm64
144162
145163
- name: Cleanup test artifacts
146164
if: always()
@@ -156,18 +174,31 @@ jobs:
156174
157175
build_armv7:
158176
runs-on: [self-hosted, arch-armv7]
177+
permissions:
178+
packages: write
159179
if: |
160180
github.event_name != 'create' ||
161181
startsWith(github.ref_name, 'tag/')
162182
steps:
163183
- name: Set tag name
164184
run: |
165-
if [ "${GITHUB_BASE_REF}" = 'main' ]; then
185+
if [ "${GITHUB_REF_NAME}" = 'main' ]; then
186+
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
187+
elif [[ "${GITHUB_REF_NAME}" =~ ^tag/(.+)$ ]]; then
188+
echo "WKDEV_SDK_TAG=${BASH_REMATCH[1]}" >> "${GITHUB_ENV}"
189+
else
166190
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
167191
fi
168192
echo "WKDEV_SDK_CONTAINER_REGISTRY_USER_NAME=$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')" >> "${GITHUB_ENV}"
169193
echo "REPO=ghcr.io/$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')/wkdev-sdk" >> "${GITHUB_ENV}"
170194
195+
- name: Debug tag information
196+
run: |
197+
echo "GITHUB_REF_NAME=${GITHUB_REF_NAME}"
198+
echo "WKDEV_SDK_TAG=${WKDEV_SDK_TAG}"
199+
echo "REPO=${REPO}"
200+
echo "Full image tag: ${REPO}:${WKDEV_SDK_TAG}_arm"
201+
171202
- name: Install podman
172203
run: sudo apt-get update && sudo apt-get -y install podman fuse-overlayfs
173204

@@ -185,16 +216,14 @@ jobs:
185216

186217
- name: Clean unrelated images
187218
run: |
188-
podman rmi --ignore --force ${REPO}:latest
189-
podman manifest rm ${REPO}:latest || true
190-
podman rmi --ignore --force ${REPO}:latest_amd64
219+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}
220+
podman manifest rm ${REPO}:${WKDEV_SDK_TAG} || true
221+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_arm
191222
192223
- name: Build image
193224
run: |
194-
source ./register-sdk-on-host.sh
195-
wkdev-sdk-bakery --mode=build --verbose --arch arm
225+
podman build -t ${REPO}:${WKDEV_SDK_TAG}_arm --arch=arm images/wkdev_sdk
196226
podman image list
197-
wkdev-sdk-bakery --mode=export --verbose --arch arm
198227
199228
- name: Test image
200229
run: |
@@ -206,13 +235,11 @@ jobs:
206235
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --wpe --release --generate-project-only
207236
wkdev-enter -n ${CONTAINER} --exec -- ./WebKit/Tools/Scripts/build-webkit --gtk --release --generate-project-only
208237
209-
- name: Archive image
238+
- name: Push image
210239
if: github.ref_name == 'main' || startsWith(github.ref_name, 'tag/')
211-
uses: actions/upload-artifact@v4
212-
with:
213-
name: wkdev-sdk-arm.tar
214-
path: wkdev-sdk-arm.tar
215-
retention-days: 7
240+
run: |
241+
echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io --username=${GITHUB_REPOSITORY_OWNER} --password-stdin
242+
podman push ${REPO}:${WKDEV_SDK_TAG}_arm
216243
217244
- name: Cleanup test artifacts
218245
if: always()
@@ -228,19 +255,32 @@ jobs:
228255
229256
deploy:
230257
runs-on: [self-hosted, x64]
258+
permissions:
259+
packages: write
231260
needs: [build_amd64, build_armv7, build_arm64]
232261
if: |
233262
(github.event_name != 'create' || startsWith(github.ref_name, 'tag/')) &&
234263
(github.ref_name == 'main' || startsWith(github.ref_name, 'tag/'))
235264
steps:
236265
- name: Set tag name
237266
run: |
238-
if [ "${GITHUB_BASE_REF}" = 'main' ]; then
267+
if [ "${GITHUB_REF_NAME}" = 'main' ]; then
268+
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
269+
elif [[ "${GITHUB_REF_NAME}" =~ ^tag/(.+)$ ]]; then
270+
echo "WKDEV_SDK_TAG=${BASH_REMATCH[1]}" >> "${GITHUB_ENV}"
271+
else
239272
echo "WKDEV_SDK_TAG=latest" >> "${GITHUB_ENV}"
240273
fi
241274
echo "WKDEV_SDK_CONTAINER_REGISTRY_USER_NAME=$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')" >> "${GITHUB_ENV}"
242275
echo "REPO=ghcr.io/$(echo ${GITHUB_REPOSITORY_OWNER} | tr '[:upper:]' '[:lower:]')/wkdev-sdk" >> "${GITHUB_ENV}"
243276
277+
- name: Debug tag information
278+
run: |
279+
echo "GITHUB_REF_NAME=${GITHUB_REF_NAME}"
280+
echo "WKDEV_SDK_TAG=${WKDEV_SDK_TAG}"
281+
echo "REPO=${REPO}"
282+
echo "Multi-arch manifest tag: ${REPO}:${WKDEV_SDK_TAG}"
283+
244284
- name: Install podman
245285
run: sudo apt-get update && sudo apt-get -y install podman fuse-overlayfs
246286

@@ -256,28 +296,60 @@ jobs:
256296
- name: Checkout repo
257297
uses: actions/checkout@v4
258298

259-
- name: Download images
260-
uses: actions/download-artifact@v4
261-
with:
262-
pattern: wkdev-sdk-*
263-
merge-multiple: true
264-
- run: ls -al
299+
- name: Login to registry
300+
run: echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io --username=${GITHUB_REPOSITORY_OWNER} --password-stdin
301+
302+
- name: Validate all architecture images exist in registry
303+
id: validate
304+
run: |
305+
VALIDATION_FAILED=0
306+
for arch in amd64 arm64 arm; do
307+
if ! podman manifest inspect docker://${REPO}:${WKDEV_SDK_TAG}_${arch} > /dev/null 2>&1; then
308+
echo "Error: Image ${REPO}:${WKDEV_SDK_TAG}_${arch} does not exist in registry"
309+
VALIDATION_FAILED=1
310+
else
311+
echo "Validated: ${REPO}:${WKDEV_SDK_TAG}_${arch} exists in registry"
312+
fi
313+
done
314+
if [ $VALIDATION_FAILED -eq 1 ]; then
315+
echo "validation_failed=true" >> $GITHUB_OUTPUT
316+
exit 1
317+
fi
318+
echo "validation_failed=false" >> $GITHUB_OUTPUT
265319
266-
- name: Clean all previous images
320+
- name: Clean up arch-specific images on validation failure
321+
if: failure() && steps.validate.outputs.validation_failed == 'true'
267322
run: |
268-
podman rmi --ignore --force ${REPO}:latest
269-
podman manifest rm ${REPO}:latest || true
270-
podman rmi --ignore --force ${REPO}:latest_arm64
271-
podman rmi --ignore --force ${REPO}:latest_amd64
272-
podman rmi --ignore --force ${REPO}:latest_arm
323+
echo "Validation failed, cleaning up any pushed arch-specific images from registry..."
324+
for arch in amd64 arm64 arm; do
325+
if podman manifest inspect docker://${REPO}:${WKDEV_SDK_TAG}_${arch} > /dev/null 2>&1; then
326+
echo "Deleting ${REPO}:${WKDEV_SDK_TAG}_${arch} from registry..."
327+
podman rmi docker://${REPO}:${WKDEV_SDK_TAG}_${arch} || true
328+
fi
329+
done
330+
331+
- name: Clean all previous local images
332+
run: |
333+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}
334+
podman manifest rm ${REPO}:${WKDEV_SDK_TAG} || true
335+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_arm64
336+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_amd64
337+
podman rmi --ignore --force ${REPO}:${WKDEV_SDK_TAG}_arm
273338
274-
- name: Deploy image
339+
- name: Create and push multi-arch manifest
275340
run: |
276-
podman load < ./wkdev-sdk-amd64.tar
277-
podman load < ./wkdev-sdk-arm64.tar
278-
podman load < ./wkdev-sdk-arm.tar
279-
podman image list
280341
echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io --username=${GITHUB_REPOSITORY_OWNER} --password-stdin
281-
source ./register-sdk-on-host.sh
282-
wkdev-sdk-bakery --mode=deploy --verbose --multiarch
283-
podman image list
342+
podman manifest create ${REPO}:${WKDEV_SDK_TAG}
343+
podman manifest add ${REPO}:${WKDEV_SDK_TAG} docker://${REPO}:${WKDEV_SDK_TAG}_amd64
344+
podman manifest add ${REPO}:${WKDEV_SDK_TAG} docker://${REPO}:${WKDEV_SDK_TAG}_arm64
345+
podman manifest add ${REPO}:${WKDEV_SDK_TAG} docker://${REPO}:${WKDEV_SDK_TAG}_arm
346+
podman manifest push --all ${REPO}:${WKDEV_SDK_TAG} docker://${REPO}:${WKDEV_SDK_TAG}
347+
348+
- name: Clean up arch-specific tags from registry
349+
if: success()
350+
run: |
351+
echo "Multi-arch manifest successfully pushed, cleaning up arch-specific tags from registry..."
352+
for arch in amd64 arm64 arm; do
353+
echo "Deleting ${REPO}:${WKDEV_SDK_TAG}_${arch} from registry..."
354+
podman rmi docker://${REPO}:${WKDEV_SDK_TAG}_${arch} || true
355+
done

0 commit comments

Comments
 (0)