UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-04-18 21:25:11 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[no-relnote] Use github actions from main

Browse Source 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
Evan Lezar 2025-02-28 17:25:21 +02:00
parent 868f385a01
commit 9848c3e985
No known key found for this signature in database
5 changed files with 177 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
.github/workflows/ci.yaml vendored Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2025 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: CI Pipeline
on:
push:
branches:
- "pull-request/[0-9]+"
- main
- release-*
jobs:
code-scanning:
uses: ./.github/workflows/code_scanning.yaml
variables:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Generate Commit Short SHA
id: version
run: echo "version=$(echo $GITHUB_SHA | cut -c1-8)" >> "$GITHUB_OUTPUT"
golang:
uses: ./.github/workflows/golang.yaml
image:
uses: ./.github/workflows/image.yaml
needs: [variables, golang, code-scanning]
secrets: inherit
with:
version: ${{ needs.variables.outputs.version }}
build_multi_arch_images: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }}
e2e-test:
needs: [image, variables]
secrets: inherit
uses: ./.github/workflows/e2e.yaml
with:
version: ${{ needs.variables.outputs.version }}

5
.github/workflows/code_scanning.yaml vendored
View File

@ -15,6 +15,7 @@
name: "CodeQL" name: "CodeQL"
on: on:
workflow_call: {}
pull_request: pull_request:
types: types:
- opened - opened
@ -22,10 +23,6 @@ on:
branches: branches:
- main - main
- release-* - release-*
push:
branches:
- main
- release-*
jobs: jobs:
analyze: analyze:

98
.github/workflows/e2e.yaml vendored Normal file
View File

@ -0,0 +1,98 @@
# Copyright 2025 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: End-to-end Tests
on:
workflow_call:
inputs:
version:
required: true
type: string
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
AWS_SSH_KEY:
required: true
E2E_SSH_USER:
required: true
SLACK_BOT_TOKEN:
required: true
SLACK_CHANNEL_ID:
required: true
jobs:
e2e-tests:
runs-on: linux-amd64-cpu4
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Calculate build vars
id: vars
run: |
echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV
echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
GOLANG_VERSION=$(./hack/golang-version.sh)
echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION := }" >> $GITHUB_ENV
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Set up Holodeck
uses: NVIDIA/holodeck@v0.2.6
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_ssh_key: ${{ secrets.AWS_SSH_KEY }}
holodeck_config: "tests/e2e/infra/aws.yaml"
- name: Get public dns name
id: holodeck_public_dns_name
uses: mikefarah/yq@master
with:
cmd: yq '.status.properties[] | select(.name == "public-dns-name") | .value' /github/workspace/.cache/holodeck.yaml
- name: Run e2e tests
env:
IMAGE_NAME: ghcr.io/nvidia/container-toolkit
VERSION: ${{ inputs.version }}
SSH_KEY: ${{ secrets.AWS_SSH_KEY }}
E2E_SSH_USER: ${{ secrets.E2E_SSH_USER }}
E2E_SSH_HOST: ${{ steps.holodeck_public_dns_name.outputs.result }}
E2E_INSTALL_CTK: "true"
run: |
e2e_ssh_key=$(mktemp)
echo "$SSH_KEY" > "$e2e_ssh_key"
chmod 600 "$e2e_ssh_key"
export E2E_SSH_KEY="$e2e_ssh_key"
make -f tests/e2e/Makefile test
- name: Send Slack alert notification
if: ${{ failure() }}
uses: slackapi/slack-github-action@v2.0.0
with:
method: chat.postMessage
token: ${{ secrets.SLACK_BOT_TOKEN }}
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: On repository ${{ github.repository }}, the Workflow *${{ github.workflow }}* has failed.
Details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

5
.github/workflows/golang.yaml vendored
View File

@ -15,6 +15,7 @@
name: Golang name: Golang
on: on:
workflow_call: {}
pull_request: pull_request:
types: types:
- opened - opened
@ -22,10 +23,6 @@ on:
branches: branches:
- main - main
- release-* - release-*
push:
branches:
- main
- release-*
jobs: jobs:
check: check:

64
.github/workflows/image.yaml vendored
View File

@ -16,21 +16,18 @@
name: image name: image
on: on:
pull_request: workflow_call:
types: inputs:
- opened version:
- synchronize required: true
branches: type: string
- main build_multi_arch_images:
- release-* required: true
push: type: string
branches:
- main
- release-*
jobs: jobs:
packages: packages:
runs-on: ubuntu-latest runs-on: linux-amd64-cpu4
strategy: strategy:
matrix: matrix:
target: target:
@ -41,7 +38,7 @@ jobs:
- centos7-x86_64 - centos7-x86_64
- centos8-ppc64le - centos8-ppc64le
ispr: ispr:
- ${{github.event_name == 'pull_request'}} - ${{ github.ref_name != 'main' && !startsWith( github.ref_name, 'release-' ) }}
exclude: exclude:
- ispr: true - ispr: true
target: ubuntu18.04-arm64 target: ubuntu18.04-arm64
@ -52,20 +49,25 @@ jobs:
- ispr: true - ispr: true
target: centos8-ppc64le target: centos8-ppc64le
fail-fast: false fail-fast: false
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
name: Check out code name: Check out code
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
with: with:
image: tonistiigi/binfmt:master image: tonistiigi/binfmt:master
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: build ${{ matrix.target }} packages - name: build ${{ matrix.target }} packages
run: | run: |
sudo apt-get install -y coreutils build-essential sed git bash make sudo apt-get install -y coreutils build-essential sed git bash make
echo "Building packages" echo "Building packages"
./scripts/build-packages.sh ${{ matrix.target }} ./scripts/build-packages.sh ${{ matrix.target }}
- name: 'Upload Artifacts' - name: 'Upload Artifacts'
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
@ -74,7 +76,7 @@ jobs:
path: ${{ github.workspace }}/dist/* path: ${{ github.workspace }}/dist/*
image: image:
runs-on: ubuntu-latest runs-on: linux-amd64-cpu4
strategy: strategy:
matrix: matrix:
dist: dist:
@ -82,7 +84,7 @@ jobs:
- ubi8 - ubi8
- packaging - packaging
ispr: ispr:
- ${{github.event_name == 'pull_request'}} - ${{ github.ref_name != 'main' && !startsWith( github.ref_name, 'release-' ) }}
exclude: exclude:
- ispr: true - ispr: true
dist: ubi8 dist: ubi8
@ -90,36 +92,15 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
name: Check out code name: Check out code
- name: Calculate build vars
id: vars
run: |
echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV
echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}"
echo "${REPO_FULL_NAME}"
echo "LABEL_IMAGE_SOURCE=https://github.com/${REPO_FULL_NAME}" >> $GITHUB_ENV
PUSH_ON_BUILD="false"
BUILD_MULTI_ARCH_IMAGES="false"
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
if [[ "${{ github.actor }}" != "dependabot[bot]" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then
# For non-fork PRs that are not created by dependabot we do push images
PUSH_ON_BUILD="true"
fi
elif [[ "${{ github.event_name }}" == "push" ]]; then
# On push events we do generate images and enable muilti-arch builds
PUSH_ON_BUILD="true"
BUILD_MULTI_ARCH_IMAGES="true"
fi
echo "PUSH_ON_BUILD=${PUSH_ON_BUILD}" >> $GITHUB_ENV
echo "BUILD_MULTI_ARCH_IMAGES=${BUILD_MULTI_ARCH_IMAGES}" >> $GITHUB_ENV
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
with: with:
image: tonistiigi/binfmt:master image: tonistiigi/binfmt:master
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Get built packages - name: Get built packages
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@ -133,10 +114,13 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build image - name: Build image
env: env:
IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit IMAGE_NAME: ghcr.io/nvidia/container-toolkit
VERSION: ${COMMIT_SHORT_SHA} VERSION: ${{ inputs.version }}
PUSH_ON_BUILD: "true"
BUILD_MULTI_ARCH_IMAGES: ${{ inputs.build_multi_arch_images }}
run: | run: |
echo "${VERSION}" echo "${VERSION}"
make -f deployments/container/Makefile build-${{ matrix.dist }} make -f deployments/container/Makefile build-${{ matrix.dist }}