Write public deployment key #32

Workflow file for this run

.github/workflows/spacktainer.yaml at e6cd3e4

	---
	name: Build Spacktainers
	on: [push]
	jobs:
	base-container-job:
	runs-on:
	- codebuild-spacktainers-${{ github.run_id }}-${{ github.run_attempt }}
	- image:ubuntu-7.0
	- instance-size:small
	steps:
	- name: clone repo
	uses: actions/checkout@v4
	- name: create builder
	env:
	AWS_ECR_URL: ${{ secrets.AWS_ECR_URL }}
	AWS_BUILDER_REPO_URL: ${{ secrets.AWS_ECR_URL }}/spacktainers/builder
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
	BUILDAH_EXTRA_ARGS: --label org.opencontainers.image.revision="$GITHUB_SHA"
	--label org.opencontainers.image.authors="$GITHUB_TRIGGERING_ACTOR"
	--label org.opencontainers.image.url="https:/${GITHUB_REPOSITORY}"
	--label org.opencontainers.image.source="https:/${GITHUB_REPOSITORY}"
	--label ch.epfl.bbpgitlab.ci-pipeline-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
	--label ch.epfl.bbpgitlab.ci-commit-branch="$GITHUB_REF_NAME"
	--build-arg SPACK_BRANCH=develop
	# ' --label org.opencontainers.image.created="$CI_JOB_STARTED_AT"'
	SPACK_DEPLOYMENT_KEY_PUB: ${{ secrets.SPACK_DEPLOYMENT_KEY_PUB }}
	run: \|-
	echo "Creating builder"
	set -x
	apt install -y awscli buildah podman
	export STORAGE_DRIVER=vfs # allows to build inside containers without additional mounts
	export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible
	export REGISTRY_IMAGE_TAG=latest # for now
	echo "${SPACK_DEPLOYMENT_KEY_PUB}" > builder/key.pub
	aws ecr get-login-password --region us-east-1 \| buildah login --username AWS --password-stdin ${AWS_ECR_URL}
	# This is written like that in case $BUILDAH_EXTRA_ARGS has args that require spaces,
	# which is tricky with shell variable expansion. Similar to Kaniko, see also:
	# https:/GoogleContainerTools/kaniko/issues/1803
	export IFS=''
	COMMAND="buildah bud --iidfile image_id ${BUILDAH_EXTRA_ARGS} builder"
	echo "${COMMAND}"
	eval "${COMMAND}"
	# Sometimes buildah push fails on the first attempt
	buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" \|\| sleep 10; buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}"
	- name: create runtime
	env:
	AWS_ECR_URL: ${{ secrets.AWS_ECR_URL }}
	AWS_BUILDER_REPO_URL: ${{ secrets.AWS_ECR_URL }}/spacktainers/runtime
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
	BUILDAH_EXTRA_ARGS: --label org.opencontainers.image.revision="$GITHUB_SHA"
	--label org.opencontainers.image.authors="$GITHUB_TRIGGERING_ACTOR"
	--label org.opencontainers.image.url="https:/${GITHUB_REPOSITORY}"
	--label org.opencontainers.image.source="https:/${GITHUB_REPOSITORY}"
	--label ch.epfl.bbpgitlab.ci-pipeline-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
	--label ch.epfl.bbpgitlab.ci-commit-branch="$GITHUB_REF_NAME"
	--build-arg SPACK_BRANCH=develop
	# ' --label org.opencontainers.image.created="$CI_JOB_STARTED_AT"'
	run: \|-
	# Holy code duplication, Batman!
	echo "Creating runtime"
	yum install -y awscli
	export STORAGE_DRIVER=vfs # allows to build inside containers without additional mounts
	export BUILDAH_FORMAT=docker # enables ONBUILD instructions which are not OCI compatible
	export REGISTRY_IMAGE_TAG=latest # for now
	aws ecr get-login-password --region us-east-1 \| buildah login --username AWS --password-stdin ${AWS_ECR_URL}
	# This is written like that in case $BUILDAH_EXTRA_ARGS has args that require spaces,
	# which is tricky with shell variable expansion. Similar to Kaniko, see also:
	# https:/GoogleContainerTools/kaniko/issues/1803
	export IFS=''
	COMMAND="buildah bud --iidfile image_id ${BUILDAH_EXTRA_ARGS} builder"
	eval "${COMMAND}"
	# Sometimes buildah push fails on the first attempt
	buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}" \|\| sleep 10; buildah push $(<image_id) "docker://${AWS_BUILDER_REPO_URL}:${REGISTRY_IMAGE_TAG}"
	spacktainer-build-job:
	runs-on:
	- codebuild-spacktainers-${{ github.run_id }}-${{ github.run_attempt }}
	- image:LINUX_IMAGE-130659266700.dkr.ecr.us-east-1.amazonaws.com/spacktainers/builder:latest
	- instance-size:small
	needs: base-container-job
	steps:
	- name: configure-build-cache
	env:
	AWS_CACHE_ACCESS_KEY_ID: ${{ secrets.AWS_CACHE_ACCESS_KEY_ID }}
	AWS_CACHE_SECRET_ACCESS_KEY: ${{ secrets.AWS_CACHE_SECRET_ACCESS_KEY }}
	AWS_CACHE_BUCKET: ${{ secrets.AWS_CACHE_BUCKET }}
	run: \|-
	echo "Configuring build cache"
	/opt/spack/bin/spack config blame mirrors
	/opt/spack/bin/spack mirror add --s3-access-key-id=${AWS_CACHE_ACCESS_KEY_ID} --s3-access-key-secret=${AWS_CACHE_SECRET_ACCESS_KEY} s3cache s3://${AWS_CACHE_BUCKET}
	/opt/spack/bin/spack config blame mirrors
	- name: second step
	run: \|-
	/opt/spack/bin/spack config blame mirrors

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Write public deployment key #32

Workflow file

Write public deployment key #32

Jobs

Run details

Workflow file for this run