fixup! [actions] upload docker image tar to artifacts

SiliconLabs · Jun 20, 2024 · c40b6dd · c40b6dd
1 parent 307002f
commit c40b6dd
Show file tree

Hide file tree

Showing 5 changed files with 187 additions and 99 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -29,20 +29,32 @@
 name: Build
 
 on:
-  workflow_run:
-    workflows: [Publish to DockerHub]
-    types: [completed]
+  workflow_call:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
-  cancel-in-progress: true
+# concurrency:
+#   group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
+#   cancel-in-progress: true
 
 jobs:
+  generate-metadata:
+    name: Generate required metadata
+    runs-on: ubuntu-22.04
+    outputs:
+      owner: ${{ steps.lowercase_owner.outputs.REPOSITORY_OWNER }}
+    steps:
+      - name: Lowercase GitHub repository owner
+        id: lowercase_owner
+        run: |
+          echo "REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
+
   arm-gcc:
     name: arm-gcc-${{ matrix.gcc_ver }}
     runs-on: ubuntu-22.04
+    needs: generate-metadata
+    permissions:
+      packages: write
     container:
-      image: siliconlabsinc/ot-efr32-dev:latest
+      image: ghcr.io/${{ needs.generate-metadata.outputs.owner }}/ot-efr32-dev:${{ github.sha }}
       options: --user 1001
     strategy:
       fail-fast: false
@@ -51,51 +63,61 @@ jobs:
           - gcc_ver: 12.2.Rel1
             gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz
             gcc_extract_dir: arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi
-          - gcc_ver: 12.3.Rel1
-            gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/12.3.rel1/binrel/arm-gnu-toolchain-12.3.rel1-x86_64-arm-none-eabi.tar.xz
-            gcc_extract_dir: arm-gnu-toolchain-12.3.rel1-x86_64-arm-none-eabi
+          # - gcc_ver: 12.3.Rel1
+          #   gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/12.3.rel1/binrel/arm-gnu-toolchain-12.3.rel1-x86_64-arm-none-eabi.tar.xz
+          #   gcc_extract_dir: arm-gnu-toolchain-12.3.rel1-x86_64-arm-none-eabi
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: true
+    # - uses: actions/checkout@v4
+    #   with:
+    #     submodules: true
 
-    - name: Create LFS file hash list
-      run: git -C third_party/silabs/gecko_sdk lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
+    # - name: Create LFS file hash list
+    #   run: git -C third_party/silabs/gecko_sdk lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
 
-    - name: Restore gecko_sdk LFS cache
-      uses: actions/cache@v4
-      id: lfs-cache
-      with:
-          path: .git/modules/third_party/silabs/gecko_sdk/lfs
-          key: lfs-${{ hashFiles('.lfs-assets-id') }}
+    # - name: Restore gecko_sdk LFS cache
+    #   uses: actions/cache@v4
+    #   id: lfs-cache
+    #   with:
+    #       path: .git/modules/third_party/silabs/gecko_sdk/lfs
+    #       key: lfs-${{ hashFiles('.lfs-assets-id') }}
+
+    # - name: Git LFS Pull
+    #   run: git -C third_party/silabs/gecko_sdk lfs pull
 
-    - name: Git LFS Pull
-      run: git -C third_party/silabs/gecko_sdk lfs pull
+    # - name: Bootstrap ARM Toolchain
+    #   run: |
+    #     script/bootstrap arm_toolchain ${{ matrix.gcc_download_url }} ${{ matrix.gcc_extract_dir }}
 
-    - name: Bootstrap ARM Toolchain
-      run: |
-        script/bootstrap arm_toolchain ${{ matrix.gcc_download_url }} ${{ matrix.gcc_extract_dir }}
+    # - name: Build
+    #   run: |
+    #     export PATH=${HOME}/.local/${{ matrix.gcc_extract_dir }}/bin:$PATH
+    #     script/build brd4151a
 
-    - name: Build
-      run: |
-        export PATH=${HOME}/.local/${{ matrix.gcc_extract_dir }}/bin:$PATH
-        script/test
+    # - name: Gather SLC generated files
+    #   if: failure()
+    #   run: |
+    #     rm -rf artifact && mkdir artifact
+    #     for b in build/*/slc; do
+    #         board=$(basename $(dirname "${b}"))
 
-    - name: Gather SLC generated files
-      if: failure()
-      run: |
-        rm -rf artifact && mkdir artifact
-        for b in build/*/slc; do
-            board=$(basename $(dirname "${b}"))
+    #         echo "Artifacting '${board}'"
+    #         mkdir -p "artifact/${board}"
+    #         mv "build/${board}/slc" "artifact/${board}"
+    #     done
 
-            echo "Artifacting '${board}'"
-            mkdir -p "artifact/${board}"
-            mv "build/${board}/slc" "artifact/${board}"
-        done
+    # - uses: actions/upload-artifact@v4
+    #   if: failure()
+    #   with:
+    #     name: build-${{ matrix.gcc_ver }}
+    #     path: artifact
 
-    - uses: actions/upload-artifact@v4
-      if: failure()
+    - name: Delete image
+      uses: bots-house/ghcr-delete-image-action@v1.1.0
+      if: always()
+      continue-on-error: true
       with:
-        name: build-${{ matrix.gcc_ver }}
-        path: artifact
+        owner: ${{ needs.generate-metadata.outputs.owner }}
+        name: ot-efr32-dev
+        token: ${{ secrets.GITHUB_TOKEN }}
+        tag: ${{ github.sha }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -29,11 +29,10 @@
 name: Docker
 
 env:
-  TEST_TAG: siliconlabsinc/ot-efr32-dev:test
   SHA_TAG: siliconlabsinc/ot-efr32-dev:${{ github.sha }}
   LATEST_TAG: siliconlabsinc/ot-efr32-dev:latest
-  DOCKER_IMAGE_ARTIFACT_NAME: ot-efr32-dev-image-${{ github.sha }}-${{ github.event_name}}
-  DOCKER_IMAGE_TAR: ot-efr32-dev-image-${{ github.sha }}.tar
+  DOCKER_IMAGE_ARTIFACT_NAME: ot-efr32-dev-image-${{ github.sha }}-${{ github.event_name}}.tar
+  REPO_OWNER: ''
 
 on:
   push:
@@ -48,7 +47,7 @@ concurrency:
   cancel-in-progress: true
 
 permissions:  # added using https://github.com/step-security/secure-workflows
-  contents: read
+  packages: write
 
 jobs:
   build:
@@ -66,32 +65,53 @@ jobs:
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+      with:
+        platforms: linux/amd64
 
     - name: Build and export to Docker context
       uses: docker/build-push-action@v5
       with:
+        build-args: |
+          BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
         context: .
         file: docker/Dockerfile
-        # load: true
-        build-args: |
-          - BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-        platforms:
-          linux/amd64
+        load: true
         tags: |
-          ${{ env.TEST_TAG }}
           ${{ env.SHA_TAG }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
-        outputs: type=oci,dest=${{ env.DOCKER_IMAGE_TAR}}
 
-    # - name: Container image sanity checks
-    #   run: |
-    #     # Download container-structure-test
-    #     curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 \
-    #       && chmod +x container-structure-test-linux-amd64
+    - name: Inspect Docker image
+      run: docker inspect ${{ env.SHA_TAG }}
+
+    - name: Container image sanity checks
+      run: |
+        # Download container-structure-test
+        curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 \
+          && chmod +x container-structure-test-linux-amd64
 
-    #     # Run tests
-    #     ./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.TEST_TAG }}
+        # Run tests
+        ./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.SHA_TAG }}
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Lowercase GitHub repository owner
+      id: lowercase_owner
+      run: |
+        echo "REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
+
+    - name: Tag Docker image
+      run: |
+        docker tag ${{ env.SHA_TAG }} ghcr.io/${{ steps.lowercase_owner.outputs.REPOSITORY_OWNER }}/ot-efr32-dev:${{ github.sha }}
+
+    - name: Push Docker image
+      run: |
+        docker push ghcr.io/${{ steps.lowercase_owner.outputs.REPOSITORY_OWNER }}/ot-efr32-dev:${{ github.sha }}
 
     # - name: Create LFS file hash list
     #   run: git -C third_party/silabs/gecko_sdk lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
@@ -108,59 +128,48 @@ jobs:
 
     # - name: Test build inside container
     #   run: |
-    #     docker run -v ${{ github.workspace }}:/ot-efr32/ --user $(id -u) --rm ${{ env.TEST_TAG }} script/build --skip-silabs-apps brd4151a
+    #     docker run -v ${{ github.workspace }}:/ot-efr32/ --user $(id -u) --rm ${{ env.SHA_TAG }} script/build --skip-silabs-apps brd4151a
 
-    - name: Upload docker image
-      uses: actions/upload-artifact@v4.3.3
-      with:
-        name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
-        path: ${{ env.DOCKER_IMAGE_TAR }}
+    # - name: Upload docker image
+    #   uses: actions/upload-artifact@v4.3.3
+    #   with:
+    #     name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
+    #     path: /tmp/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
 
-  publish:
-    name: Publish to DockerHub
+  publish-dockerhub:
+    name: Tag `latest` and publish to DockerHub
     runs-on: ubuntu-22.04
     needs: [build]
     if: |
       github.repository == 'SiliconLabs/ot-efr32' &&
-      github.event_name != 'pull_request'
+      github.event_name != 'pull_request' &&
+      github.ref == 'refs/heads/main'
     steps:
       - name: Login to DockerHub
+        if: github.ref == 'refs/heads/main'
         uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Download Docker image
+        id: download
         uses: actions/download-artifact@v4.1.7
         with:
           name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
-
-      - name: Show downloaded Docker image
-        run: ls -ahl ${{ github.workspace }}
+          path: /tmp
 
       - name: Load Docker image
-        run: docker load -i ${{ github.workspace }}/${{ env.DOCKER_IMAGE_TAR }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        if: github.ref == 'refs/heads/main'
-        with:
-          context: .
-          file: docker/Dockerfile
-          push: true
-          tags: |
-            ${{ env.SHA_TAG }}
-          platforms:
-            linux/amd64
+        run: |
+          docker load --input ${{ steps.download.outputs.download-path }}/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
+          docker inspect ${{ env.SHA_TAG }}
 
       - name: Tag `latest` and push
-        uses: docker/build-push-action@v5
-        if: github.ref == 'refs/heads/main'
-        with:
-          context: .
-          file: docker/Dockerfile
-          push: true
-          tags: |
-            ${{ env.LATEST_TAG }}
-          platforms:
-            linux/amd64
+        run: |
+          docker tag ${{ env.SHA_TAG }} ${{ env.LATEST_TAG }}
+          docker push ${{ env.LATEST_TAG }}
+
+  trigger_build:
+    name: Trigger Build Workflow
+    uses: ./.github/workflows/build.yml
+    needs: [build]
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,4 +1,6 @@
-FROM ubuntu:22.04
+ARG BASE_IMAGE='ubuntu:22.04'
+
+FROM ${BASE_IMAGE} AS base
 
 ENV TZ="America/New_York"
 ENV repo_dir="/ot-efr32"
@@ -23,7 +25,11 @@ RUN ./script/bootstrap arm_toolchain
 COPY ./requirements.txt .
 RUN ./script/bootstrap python
 
+# ==============================================================================
+
 # Label the build date before downloading slc to force slc to always be downloaded during a docker build
+
+FROM base AS ot-efr32-dev
 ARG BUILD_DATE
 LABEL build_date=${BUILD_DATE}
 
@@ -34,8 +40,13 @@ RUN mkdir ${SLC_INSTALL_DIR} && \
       ./script/bootstrap silabs
 
 
+# Change workdir to root temporarily
+WORKDIR /
+
 # Clone repo for convenience
 ARG REPO_URL="https://github.com/openthread/ot-efr32"
-WORKDIR /
+ENV repo_dir="/ot-efr32"
 RUN rm -rf ${repo_dir} && git clone ${REPO_URL} ${repo_dir}
+
+# Change workdir back to repo
 WORKDIR ${repo_dir}
diff --git a/docker/base.Dockerfile b/docker/base.Dockerfile
@@ -0,0 +1,25 @@
+ARG BASE_IMAGE='ubuntu:22.04'
+FROM ${BASE_IMAGE} as base
+
+ENV TZ="America/New_York"
+ENV repo_dir="/ot-efr32"
+WORKDIR ${repo_dir}
+
+# Install packages
+RUN apt-get update && \
+      apt-get -y install --no-install-recommends \
+      sudo \
+      tzdata \
+      && rm -rf /var/lib/apt/lists/*
+
+# Copy scripts
+COPY  ./script/bootstrap \
+      ./script/
+
+# Install system packages and ARM toolchain
+RUN ./script/bootstrap packages && rm -rf /var/lib/apt/lists/*
+RUN ./script/bootstrap arm_toolchain
+
+# Install Python packages
+COPY ./requirements.txt .
+RUN ./script/bootstrap python
diff --git a/docker/ot-efr32-dev.Dockerfile b/docker/ot-efr32-dev.Dockerfile
@@ -0,0 +1,21 @@
+ARG BASE_IMAGE='siliconlabsinc/ot-efr32-dev:base'
+
+FROM ${BASE_IMAGE} AS ot-efr32-dev
+
+COPY  ./script/bootstrap_silabs \
+      ./script/
+ENV SLC_INSTALL_DIR=/opt/slc_cli
+RUN mkdir ${SLC_INSTALL_DIR} && \
+      ./script/bootstrap silabs
+
+
+# Change workdir to root temporarily
+WORKDIR /
+
+# Clone repo for convenience
+ARG REPO_URL="https://github.com/openthread/ot-efr32"
+ENV repo_dir="/ot-efr32"
+RUN rm -rf ${repo_dir} && git clone ${REPO_URL} ${repo_dir}
+
+# Change workdir back to repo
+WORKDIR ${repo_dir}