From 93b702e067e9ccfaab1d13a73c36a7ce85a05abe Mon Sep 17 00:00:00 2001 From: Matthieu MOREL Date: Tue, 6 Jan 2026 19:31:45 +0100 Subject: [PATCH] feat: add GitHub Actions workflow for publishing Build Tools Docker image Signed-off-by: Matthieu MOREL --- .github/workflows/publish-build-tools.yml | 79 ++++++++++++++++++++ .github/workflows/test.yml | 2 +- bazel/external/Dockerfile.bazel | 87 ++++++++++++++++++----- 3 files changed, 149 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/publish-build-tools.yml diff --git a/.github/workflows/publish-build-tools.yml b/.github/workflows/publish-build-tools.yml new file mode 100644 index 00000000..1cd80913 --- /dev/null +++ b/.github/workflows/publish-build-tools.yml @@ -0,0 +1,79 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Publish Build Tools Docker Image + +on: + workflow_dispatch: + inputs: + ubuntu_version: + description: 'Ubuntu version for base image' + required: true + bazel_version: + description: 'Bazel version to build' + required: true + platforms: + description: 'Target platforms (comma-separated)' + required: false + default: 'linux/s390x' + draft: + description: 'Draft mode (true: build only, false: build and push)' + type: boolean + required: false + default: true + +jobs: + publish: + runs-on: ubuntu-24.04-16core + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v2 + + - name: Generate tag + id: tag + run: | + TAG="ubuntu-${{ github.event.inputs.ubuntu_version }}-bazel-${{ github.event.inputs.bazel_version }}" + echo "tag=$TAG" >> $GITHUB_OUTPUT + + - name: Login to GitHub Container Registry + if: ${{ !github.event.inputs.draft }} + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and Push Docker Image + uses: docker/build-push-action@v6 + with: + context: . + file: bazel/external/Dockerfile.bazel + platforms: ${{ github.event.inputs.platforms }} + tags: ghcr.io/proxy-wasm/build-tools:${{ steps.tag.outputs.tag }} + build-args: | + UBUNTU_VERSION=${{ github.event.inputs.ubuntu_version }} + BAZEL_VERSION=${{ github.event.inputs.bazel_version }} + push: ${{ !github.event.inputs.draft }} + load: ${{ github.event.inputs.draft }} + cache-from: type=gha,scope=build-tools-${{ steps.tag.outputs.tag }} + cache-to: type=gha,mode=max,scope=build-tools-${{ steps.tag.outputs.tag }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f4d9064b..bf1233b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -277,7 +277,7 @@ jobs: - name: Activate Docker/QEMU if: startsWith(matrix.run_under, 'docker') - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx if: startsWith(matrix.run_under, 'docker') diff --git a/bazel/external/Dockerfile.bazel b/bazel/external/Dockerfile.bazel index 0fc7d852..87456c21 100644 --- a/bazel/external/Dockerfile.bazel +++ b/bazel/external/Dockerfile.bazel @@ -14,24 +14,75 @@ # limitations under the License. -# Prep: -# docker run --rm --privileged tonistiigi/binfmt --install all -# docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -# Need to see "F" flag: cat /proc/sys/fs/binfmt_misc/qemu-* -# -# Build: -# docker buildx build --platform linux/s390x -t $IMAGE -f Dockerfile.bazel -# -# Push: -# docker image tag $IMAGE ghcr.io/proxy-wasm/$IMAGE -# docker push ghcr.io/proxy-wasm/$IMAGE -# -# Test: -# docker run --rm --volume $(pwd):/mnt --workdir /mnt \ -# --platform linux/s390x $IMAGE \ -# bazel test --verbose_failures --test_output=errors \ -# --define engine=null --config=clang --test_timeout=1800 \ -# -- //test/... +# ============================================================================ +# BUILD TOOLS DOCKER IMAGE WORKFLOWS +# ============================================================================ +# +# This Dockerfile creates build tools images for cross-platform testing, +# particularly for s390x architecture. Images are published to GitHub +# Container Registry (ghcr.io/proxy-wasm/build-tools). +# +# ---------------------------------------------------------------------------- +# RECOMMENDED: Automated Workflow (via GitHub Actions) +# ---------------------------------------------------------------------------- +# +# The preferred method for publishing build tools images is through the +# automated GitHub Actions workflow defined in: +# .github/workflows/publish-build-tools.yml +# +# This workflow can be triggered manually via the GitHub UI: +# 1. Go to Actions tab in the repository +# 2. Select "Publish Build Tools Docker Image" +# 3. Click "Run workflow" +# 4. Provide the required inputs: +# - ubuntu_version: Base Ubuntu version (e.g., 22.04, 24.04) +# - bazel_version: Bazel version to build (e.g., 6.5.0, 7.0.0) +# - platforms: Target platforms (default: linux/s390x) +# - draft: Set to 'false' to build and push, 'true' for build-only testing +# +# The workflow handles QEMU setup, multi-platform builds, caching, and +# authentication automatically. Images are tagged as: +# ghcr.io/proxy-wasm/build-tools:ubuntu-{VERSION}-bazel-{VERSION} +# +# This automated approach is recommended because it: +# - Ensures consistent build environments +# - Handles authentication and permissions automatically +# - Provides build caching for faster iterations +# - Supports draft mode for testing before publishing +# +# ---------------------------------------------------------------------------- +# ALTERNATIVE: Manual Build and Push +# ---------------------------------------------------------------------------- +# +# For local development or when automated workflows are unavailable, +# you can manually build and push images using the following steps: +# +# 1. Prep (enable cross-platform emulation): +# docker run --rm --privileged tonistiigi/binfmt --install all +# docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +# # Verify "F" flag: cat /proc/sys/fs/binfmt_misc/qemu-* +# +# 2. Build: +# docker buildx build --platform linux/s390x \ +# --build-arg UBUNTU_VERSION=22.04 \ +# --build-arg BAZEL_VERSION=6.5.0 \ +# -t build-tools:local \ +# -f bazel/external/Dockerfile.bazel . +# +# 3. Push (requires appropriate permissions): +# docker image tag build-tools:local \ +# ghcr.io/proxy-wasm/build-tools:ubuntu-22.04-bazel-6.5.0 +# docker push ghcr.io/proxy-wasm/build-tools:ubuntu-22.04-bazel-6.5.0 +# +# 4. Test: +# docker run --rm --volume $(pwd):/mnt --workdir /mnt \ +# --platform linux/s390x \ +# ghcr.io/proxy-wasm/build-tools:ubuntu-22.04-bazel-6.5.0 \ +# bazel test --verbose_failures --test_output=errors \ +# --define engine=null --config=clang --test_timeout=1800 \ +# -- //test/... +# +# ============================================================================ ARG BAZEL_VERSION=7.7.1 ARG UBUNTU_VERSION=24.04