diff --git a/.github/workflows/auto-publish-images.yml b/.github/workflows/auto-publish-images.yml new file mode 100644 index 00000000000..79dd1e1e1be --- /dev/null +++ b/.github/workflows/auto-publish-images.yml @@ -0,0 +1,99 @@ +name: "WIP: SapMachine auto builder" + +on: + # schedule: + # - cron: '0 0 * * *' # Daily at midnight + workflow_dispatch: + +env: + GARDEN_LINUX_IMAGE: ghcr.io/gardenlinux/gardenlinux + GARDEN_LINUX_VER: TODO + SAPMACHINE_VERSION: TODO + TARGET_IMAGE: WILL_BE_SET + +jobs: + docker-login: + runs-on: ubuntu-24.04 + steps: + - name: Login to registry + run: | + podman login -u token -p ${{ github.token }} ghcr.io + + conditional-build: + runs-on: ubuntu-24.04 + needs: docker-login + + strategy: + matrix: + flavor: ["jdk", "jdk-headless", "jre", "jre-headless"] + sapmachineVersion: [24, 21, 17, 11] # TODO: generate this in another action or update by hand + gardenVersion: [1592, 1877] # TODO: generate this in another action or update by hand + + steps: + - name: Retrieve existing image and extract labels + # id: inspect_target + # continue-on-error: true + run: | + set -euo pipefail + TARGET_IMAGE="ghcr.io/sap/sapmachine:${{sapmachineVersion}}-${{matrix.flavor}}-gl-${{matrix.gardenVersion}" + if podman pull $TARGET_IMAGE; then + SAPMACHINE_CHECKSUM=$(podman inspect $TARGET_IMAGE --format '{{ index .Labels "sapmachine.checksum" }}') + GARDEN_LINUX_IMAGEID=$(podman inspect $TARGET_IMAGE --format '{{ index .Labels "gardenlinux.id" }}') + else + echo "Target image not found.. forcing rebuild." + SAPMACHINE_CHECKSUM="" + GARDEN_LINUX_IMAGEID="" + fi + echo "SAPMACHINE_CHECKSUM=$SAPMACHINE_CHECKSUM" >> $GITHUB_ENV + echo "GARDEN_LINUX_IMAGEID=$GARDEN_LINUX_IMAGEID" >> $GITHUB_ENV + + - name: Pull base image and get corresponding image id + run: | + BASE_IMAGE=ghcr.io/gardenlinux/gardenlinux:${{matrix.gardenVersion}} + podman pull $BASE_IMAGE + CURRENT_IMAGEID=$(podman image inspect $BASE_IMAGE --format '{{.Id}}') + echo "CURRENT_IMAGEID=$CURRENT_IMAGEID" >> $GITHUB_ENV + + - name: Get current package checksum for sapmachine deb package + run: | + cd dockerfiles/ + podman build --target checksum-stage -t checksum-temp . + CURRENT_CHECKSUM=$(podman run --rm checksum-temp cat /checksum.txt) + echo "CURRENT_CHECKSUM=$CURRENT_CHECKSUM" >> $GITHUB_ENV + + - name: Decide whether to build + run: | + echo "Garden Linux image changed: $GARDEN_LINUX_IMAGEID != $CURRENT_IMAGEID" + echo "SapMachine .deb package changed: $SAPMACHINE_CHECKSUM != $CURRENT_CHECKSUM" + if [[ -z "$GARDEN_LINUX_IMAGEID != $CURRENT_IMAGEID" || "$SAPMACHINE_CHECKSUM != $CURRENT_CHECKSUM" ]]; then + echo "NEED_BUILD=true" >> $GITHUB_ENV + else + echo "NEED_BUILD=false" >> $GITHUB_ENV + fi + + - name: Build and push image + if: env.NEED_BUILD == 'true' + run: | + podman build --target main-stage --build-arg GARDEN_LINUX_MAJOR_VER="${{ matrix.gardenVersion }}" --build-arg SAPMACHINE_MAJOR_VER="${{ matrix.sapmachineVersion }}" --build-arg SAPMACHINE_FLAVOR="${{ matrix.flavor }}" --build-arg SAPMACHINE_CHECKSUM="$SAPMACHINE_CHECKSUM" --build-arg GARDEN_LINUX_IMAGEID="$GARDEN_LINUX_IMAGEID" -t "ghcr.io/sap/sapmachine:${{ matrix.sapmachineVersion }}-${{ matrix.flavor }}-gl-${{ matrix.gardenVersion }}" . + echo "TODO: PUBLISH" + # podman build \ + # --build-arg BASE_IMAGE_DIGEST=$CURRENT_BASE_DIGEST \ + # --build-arg DEB_PACKAGE_CHECKSUM=$CURRENT_PACKAGE_CHECKSUM \ + # -t docker.io/your-namespace/your-target-image:latest . + # + # podman push docker.io/your-namespace/your-target-image:latest +# SM_FLAVOURS=(jdk jdk-headless jre jre-headless) +# SM_REGISTRY="ghcr.io/sap/sapmachine" +# cd dockerfiles/${{ inputs.sapMachineVersion }}/gardenlinux/${{ inputs.gardenLinuxVersion }} +# podman login -u token -p ${{ github.token }} ghcr.io +# for sm_flvr in "${SM_FLAVOURS[@]}" ; do +# tag=${{ inputs.sapMachineVersion }}-${sm_flvr}-gl-${{ inputs.gardenLinuxVersion }} +# cd ${sm_flvr} +# podman manifest create ${SM_REGISTRY}:$tag +# podman build --platform linux/amd64,linux/arm64 --manifest ${SM_REGISTRY}:$tag . +# podman manifest push ${SM_REGISTRY}:$tag +# cd .. +# done +# +# +# diff --git a/dockerfiles/Dockerfile b/dockerfiles/Dockerfile new file mode 100644 index 00000000000..c38bb6d5073 --- /dev/null +++ b/dockerfiles/Dockerfile @@ -0,0 +1,37 @@ +ARG GARDEN_LINUX_MAJOR_VER +ARG SAPMACHINE_MAJOR_VER +ARG SAPMACHINE_FLAVOR + +# Base image used in all further stages +FROM ghcr.io/gardenlinux/gardenlinux:$GARDEN_LINUX_MAJOR_VER as base-stage +RUN apt-get update && apt-get -y --no-install-recommends install wget && \ + wget -qO- https://dist.sapmachine.io/debian/sapmachine.key > /etc/apt/trusted.gpg.d/sapmachine.asc && \ + chmod 644 /etc/apt/trusted.gpg.d/sapmachine.asc && \ + echo "deb https://dist.sapmachine.io/debian/$(dpkg --print-architecture)/ ./" > /etc/apt/sources.list.d/sapmachine.list && \ + apt-get update + +# TODO: do checksum verification via debian repository +# https://dist.sapmachine.io/debian/amd64/Packages + +# Image to calculate and export checksum. +FROM base-stage as checksum-stage +ARG SAPMACHINE_MAJOR_VER +ARG SAPMACHINE_FLAVOR +RUN apt download -y sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR +RUN echo -n "md5:" > checksum.txt +RUN md5sum sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR*.deb | awk '{ print $1 }' >> checksum.txt + + +# Final image +FROM base-stage as main-stage +ARG SAPMACHINE_MAJOR_VER +ARG SAPMACHINE_FLAVOR +ARG SAPMACHINE_CHECKSUM +ARG GARDEN_LINUX_IMAGEID +LABEL sapmachine.checksum=$SAPMACHINE_CHECKSUM +LABEL gardenlinux.id=$GARDEN_LINUX_IMAGEID +RUN apt-get -y --no-install-recommends install sapmachine-$SAPMACHINE_MAJOR_VER-$SAPMACHINE_FLAVOR +RUN apt-get remove -y --purge --autoremove wget && rm -rf /var/lib/apt/lists/* +ENV JAVA_HOME=/usr/lib/jvm/sapmachine-24 + +CMD ["jshell"]