Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github/workflows/centos: Also push zstd:chunked compressed images #129

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

github/workflows/centos: Also push zstd:chunked compressed images #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
daae19a
github/workflows: Use Ubuntu 24.04 runners
travier Jul 10, 2024
081f2de
github/workflows: Keep Debian on ubuntu-latest runners
travier Jul 10, 2024
f84fdd8
github/workflows: Stop building CentOS Stream 8 (EOL)
travier Jul 10, 2024
49b05d7
github/workflows: Also push zstd:chunked compressed images (CentOS)
travier Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/almalinux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['8', '9']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/alpine.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['3.16', '3.17', '3.18', '3.19', '3.20', 'edge']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/amazonlinux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['2', '2023']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
48 changes: 46 additions & 2 deletions .github/workflows/centos.yaml
View file
Open in desktop
Copy link

@p5 p5 Jul 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

Is the plan going to be to make both these images accessible under a single manifest (tag)?

This will allow a user to run podman pull <image>:stream9 and receive a zstd:chunked image if their container tooling supports it, or a gzipped image if it does not.

Additional required steps would be to (some details excluded):

  1. Push the gzipped image to a different tag
  2. Create a manifest (podman manifest create <name>)
  3. Add each images to the manifest (podman manifest add <name> <image>)
  4. Push the manifest to the registry under a stable tag (podman manifest push <name> <image>:stream9)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a single tag would be #128 (comment)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't know this was possible until today. I'll take a look. PRs also welcomed :)

Copy link

@p5 p5 Jul 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would be an awesome feature of redhat-actions/push-to-registry, although I seem to remember somebody saying this action isn't really something managed by RedHat themselves, but rather one or two people who happen to be at RedHat.

Docker requires you to supply the format as a build arg, so it's far more work.

Podman has it under push args, so it would be cool if the action could push these compression-specific images to a registry and build/push the manifest file to the tags we define as inputs. It would make it so much easier if everyone could just say compression-formats: gzip zstd:chunked

Copy link

@p5 p5 Jul 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have created an action that does just this for ublue. The implementation is quite possibly one of the worst things I have ever created, but it does the job.
https://github.com/ublue-os/push-to-registry/tree/scaffold-repository

You define compression-formats: gzip zstd:chunked, it pushes <image>:<tag>-gzip and <image>:<tag>-zstd-chunked to the registry. It then builds the manifest with the required annotations before pushing it to the registry

I'm not suggesting you use my action. Quite the opposite - it would be best if there was a "supported" way of doing this in the existing push-to-registry action. And my module can be an example of the complexity required to DIY this, hopefully justifying the need for improved support.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not opposed to using your action until we find the time to push this upstream in redhat-actions/push-to-registry. Maybe I can take look as I have made some patches to that project before redhat-actions/push-to-registry#90 that are still pending.

Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ jobs:
build-push-images:
strategy:
matrix:
release: ['stream8', 'stream9', 'stream10-development']
release: ['stream9', 'stream10-development']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down Expand Up @@ -84,6 +84,20 @@ jobs:
registry: ${{ env.registry }}
tags: ${{ matrix.release }}

- name: Push to Container Registry (zstd)
uses: redhat-actions/push-to-registry@v2
id: push-zstd
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }}-zstd
extra-args: |
--compression-format=zstd:chunked
--compression-level=19

- name: Push to Container Registry (latest tag)
uses: redhat-actions/push-to-registry@v2
id: push-latest
Expand All @@ -95,6 +109,20 @@ jobs:
registry: ${{ env.registry }}
tags: ${{ matrix.release }} latest

- name: Push to Container Registry (latest tag, zstd)
uses: redhat-actions/push-to-registry@v2
id: push-latest-zstd
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }}-zstd latest-zstd
extra-args: |
--compression-format=zstd:chunked
--compression-level=19

- name: Login to Container Registry
uses: redhat-actions/podman-login@v1
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
Expand All @@ -114,10 +142,26 @@ jobs:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

- name: Sign container image (zstd)
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-zstd.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

- name: Sign container image (latest)
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

- name: Sign container image (latest, zstd)
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest-zstd.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
2 changes: 1 addition & 1 deletion .github/workflows/opensuse.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['tumbleweed']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/rockylinux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['8', '9']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/wolfi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
matrix:
release: ['latest']

runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down