Move container build infrastructure to Ansible #1009
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ansible/build-out/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| builder ansible_connection=containers.podman.podman |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| - name: Start build container | ||
| hosts: localhost | ||
| vars: | ||
| image: | ||
| fedora: registry.fedoraproject.org/fedora:latest | ||
| alpine: docker.io/library/alpine:latest | ||
| debian: docker.io/library/debian:latest | ||
|
|
||
| roles: | ||
| - role: build_container | ||
|
|
||
| - name: CI run | ||
| hosts: builder | ||
| connection: podman | ||
| gather_facts: false | ||
| roles: | ||
| - role: ci_run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| Role Name | ||
| ========= | ||
|
|
||
| Build container images. | ||
|
|
||
| Role Variables | ||
| -------------- | ||
|
|
||
| * `image[distribution]` defines the container image URL. | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
|
|
||
| Usage example: | ||
|
|
||
| - hosts: localhost | ||
| roles: | ||
| - role: build_container | ||
|
|
||
| License | ||
| ------- | ||
|
|
||
| BSD | ||
|
|
||
| Author Information | ||
| ------------------ | ||
|
|
||
| Iker Pedrosa <[email protected]> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| # tasks file for build_container | ||
| - name: Pull container image | ||
| containers.podman.podman_image: | ||
| name: '{{ image[distribution] }}' | ||
|
|
||
| - name: Create and start container | ||
| containers.podman.podman_container: | ||
| name: builder | ||
| state: started | ||
| image: '{{ image[distribution] }}' | ||
| command: "sleep 1d" | ||
|
|
||
| - name: Create repo | ||
| ansible.builtin.shell: | ||
| podman exec builder mkdir -p /usr/local/src | ||
|
|
||
| - name: Copy repo | ||
| ansible.builtin.shell: | ||
| podman cp ../../ builder:/usr/local/src/shadow |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| Role Name | ||
| ========= | ||
|
|
||
| Build, install and test package. | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
|
|
||
| Usage example: | ||
|
|
||
| - hosts: builder | ||
| connection: podman | ||
| gather_facts: false | ||
| roles: | ||
| - role: ci_run | ||
|
|
||
| License | ||
| ------- | ||
|
|
||
| BSD | ||
|
|
||
| Author Information | ||
| ------------------ | ||
|
|
||
| Iker Pedrosa <[email protected]> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| --- | ||
| # tasks file for ci_run | ||
| - name: Ensure python is installed | ||
| ansible.builtin.raw: apk add python3 | ||
|
|
||
| - name: Ensure dependencies are installed | ||
| community.general.apk: | ||
| name: | ||
| - autoconf | ||
| - automake | ||
| - bash | ||
| - build-base | ||
| - byacc | ||
| - cmocka-dev | ||
| - expect | ||
| - gettext-dev | ||
| - git | ||
| - libbsd-dev | ||
| - libeconf-dev | ||
| - libtool | ||
| - libxslt | ||
| - pkgconf | ||
| state: present | ||
|
|
||
| - name: Build configuration | ||
| ansible.builtin.command: > | ||
| ./autogen.sh | ||
| --disable-man | ||
| --disable-nls | ||
| --with-yescrypt | ||
| --without-selinux | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Build | ||
| ansible.builtin.shell: | ||
| make -Orecurse -j4 > build.log | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Run unit-tests | ||
| ansible.builtin.command: | ||
| make check | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Install | ||
| ansible.builtin.command: | ||
| make install | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Copy logs | ||
| ansible.builtin.fetch: | ||
| src: '{{ item }}' | ||
| dest: ./build-out/ | ||
| flat: yes | ||
| with_items: | ||
| - "/usr/local/src/shadow/config.log" | ||
| - "/usr/local/src/shadow/config.h" | ||
| - "/usr/local/src/shadow/build.log" | ||
| - "/usr/local/src/shadow/tests/unit/test-suite.log" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| --- | ||
| # tasks file for ci_run | ||
| - name: Ensure repos are updated | ||
| ansible.builtin.raw: apt update | ||
|
|
||
| - name: Ensure python is installed | ||
| ansible.builtin.raw: apt install python3 -y | ||
|
|
||
| - name: Ensure dependencies are installed | ||
| ansible.builtin.apt: | ||
| name: | ||
| - libbsd-dev | ||
| - libcmocka-dev | ||
| - libltdl-dev | ||
| - pkgconf | ||
| state: present | ||
|
|
||
| - name: Gather selected facts | ||
| ansible.builtin.setup: | ||
| filter: | ||
| - 'ansible_distribution_release' | ||
|
|
||
| - name: Add specified repository into sources list | ||
| ansible.builtin.apt_repository: | ||
| repo: deb-src http://deb.debian.org/debian {{ ansible_distribution_release }} main | ||
| state: present | ||
|
|
||
| - name: Ensure build dependencies are installed | ||
| ansible.builtin.apt: | ||
| pkg: shadow | ||
| state: build-dep | ||
|
|
||
| - name: Build configuration | ||
| ansible.builtin.command: > | ||
| ./autogen.sh | ||
| --enable-man | ||
| --with-yescrypt | ||
| --without-selinux | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Build | ||
| ansible.builtin.shell: | ||
| make -Orecurse -j4 > build.log | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Run unit-tests | ||
| ansible.builtin.command: | ||
| make check | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Install | ||
| ansible.builtin.command: | ||
| make install | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Copy logs | ||
| ansible.builtin.fetch: | ||
| src: '{{ item }}' | ||
| dest: ./build-out/ | ||
| flat: yes | ||
| with_items: | ||
| - "/usr/local/src/shadow/config.log" | ||
| - "/usr/local/src/shadow/config.h" | ||
| - "/usr/local/src/shadow/build.log" | ||
| - "/usr/local/src/shadow/tests/unit/test-suite.log" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| --- | ||
| # tasks file for ci_run | ||
| - name: Ensure dependencies are installed | ||
| ansible.builtin.dnf: | ||
| name: | ||
| - dnf-plugins-core | ||
| - libcmocka-devel | ||
| - systemd-devel | ||
| state: present | ||
|
|
||
| - name: Ensure build dependencies are installed | ||
| ansible.builtin.command: | ||
| dnf builddep -y shadow-utils | ||
| register: dnf_result | ||
| changed_when: '"Nothing to do" not in dnf_result.stdout' | ||
|
|
||
| - name: Build configuration | ||
| ansible.builtin.command: > | ||
| ./autogen.sh | ||
| --disable-account-tools-setuid | ||
| --enable-lastlog | ||
| --enable-logind=no | ||
| --enable-man | ||
| --enable-shadowgrp | ||
| --enable-shared | ||
| --with-audit | ||
| --with-bcrypt | ||
| --with-group-name-max-length=32 | ||
| --with-libpam | ||
| --with-selinux | ||
| --with-sha-crypt | ||
| --with-yescrypt | ||
| --without-libbsd | ||
| --without-libcrack | ||
| --without-sssd | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Build | ||
| ansible.builtin.shell: | ||
| make -Orecurse -j4 > build.log | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Run unit-tests | ||
| ansible.builtin.command: | ||
| make check | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
There was a problem hiding this comment. What does this exactly mean? Why do we want to ignore errors? There was a problem hiding this comment. By default if an ansible action fails, then the ansible execution is stopped. I want to ignore the errors and continue the execution to run the last action where the logs are copied from the container to the host system. This way we can gather them for inspection. There was a problem hiding this comment. But does it report the error later? How will we know if ansible failed, if we ignore the errors? Sorry if this is obvious; I never used Ansible before. There was a problem hiding this comment. The error is reported, but the execution continues. At the end of the ansible execution there's the There was a problem hiding this comment. My bad, I forgot to set if: always() in the Github Action. It's fine now. There was a problem hiding this comment. Thanks! It seems to work now. BTW, dumb question: how do I find and read the logs (artifacts)? There was a problem hiding this comment. You need to open the action that failed, then click on summary, and finally scroll down to find all the artifacts There was a problem hiding this comment. Ughhh, and then download a .zip and extract it to find the logs. Can we (also) have a copy on stderr? I very much prefer scrolling. :) There was a problem hiding this comment. That will work until we start running the new tests and have several files to review |
||
|
|
||
| - name: Install | ||
| ansible.builtin.command: | ||
| make install | ||
| args: | ||
| chdir: /usr/local/src/shadow/ | ||
| ignore_errors: true | ||
|
|
||
| - name: Copy logs | ||
| ansible.builtin.fetch: | ||
| src: '{{ item }}' | ||
| dest: ./build-out/ | ||
| flat: yes | ||
| with_items: | ||
| - "/usr/local/src/shadow/config.log" | ||
| - "/usr/local/src/shadow/config.h" | ||
| - "/usr/local/src/shadow/build.log" | ||
| - "/usr/local/src/shadow/tests/unit/test-suite.log" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| # tasks file for ci_run | ||
| - name: 'Include distribution specific ci_run tasks fedora' | ||
| include_tasks: '{{ distribution }}.yml' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,17 +2,13 @@ | |
|
|
||
| # | ||
| # SPDX-FileCopyrightText: 2023, Iker Pedrosa <[email protected]> | ||
| # SPDX-FileCopyrightText: 2024, Iker Pedrosa <[email protected]> | ||
| # | ||
| # SPDX-License-Identifier: BSD-3-Clause | ||
| # | ||
|
|
||
| set -eE | ||
ikerexxe marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| cd ansible/ | ||
| ansible-playbook playbook.yml -i inventory.ini -e 'distribution=alpine' | ||
| ansible-playbook playbook.yml -i inventory.ini -e 'distribution=debian' | ||
| ansible-playbook playbook.yml -i inventory.ini -e 'distribution=fedora' | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW, what if we would map some volume to write the log files to it with docker(1)?
And use https://docs.docker.com/storage/volumes/.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would allow storing the artifacts without needing Ansible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can't mount volumes while building a container image, and that's exactly what we are doing with dockerfile. I have tried to solve this problem in various ways and with the technology we use it is not possible 😓
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm; understood.
How about something like this?
(probably needs redirecting stderr too (or only))
We would only need to find some consistent markers in the log.
So, the full docker logs would go to the output, and the specific error logs that we want, which would be delimited by those delimiters, would go to a specific file in the host (so the runner).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same answer as in #1009 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If each log output has a different marker, you can parse each one separately: