Build image #312
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build image | |
| on: | |
| pull_request: | |
| branches: [main] | |
| paths-ignore: | |
| - 'README.md' | |
| - 'LICENSE' | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - 'README.md' | |
| - 'LICENSE' | |
| # Run daily at a specific time (e.g., 04:00 AM UTC) | |
| schedule: | |
| - cron: '0 4 * * *' | |
| permissions: | |
| contents: read | |
| env: | |
| BASE_IMAGE: quay.io/fedora/fedora-bootc | |
| FINAL_IMAGE: quay.io/coreos-devel/fedora-bootc-nvidia | |
| jobs: | |
| podman_build: | |
| name: Podman Build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| STREAM: [43] | |
| NVIDIA_DRIVER_VERSION: [595.58.03] | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v5 | |
| - name: Calculate image tag and base image | |
| id: image-tag | |
| run: | | |
| FINAL_IMAGE_TAG="${{ matrix.STREAM }}-${{ matrix.NVIDIA_DRIVER_VERSION }}" | |
| IMAGE_TAG="${{ matrix.STREAM }}" | |
| if [[ "${{ matrix.STREAM }}" =~ "coreos" ]]; then | |
| BASE_IMAGE="quay.io/fedora/fedora-coreos" | |
| COREOS_STREAM_FULL="${{ matrix.STREAM }}" | |
| IMAGE_TAG="${COREOS_STREAM_FULL#*-}" | |
| FINAL_IMAGE_TAG="${{ matrix.STREAM }}-${{ matrix.NVIDIA_DRIVER_VERSION }}" | |
| fi | |
| echo "tag=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| echo "final_tag=$FINAL_IMAGE_TAG" >> $GITHUB_OUTPUT | |
| echo "base_image=$BASE_IMAGE" >> $GITHUB_OUTPUT | |
| - name: Podman Login to Quay | |
| # This step uses the secret and is executed before pushing | |
| if: github.event_name == 'push' || github.event_name == 'schedule' | |
| run: | | |
| # Use "echo" and pipe the secret to "podman login --password-stdin" | |
| # This avoids exposing the secret in command logs. | |
| echo "$PASSWORD" | podman login --username $USERNAME --password-stdin quay.io | |
| env: | |
| USERNAME: "${{ secrets.QUAY_USERNAME }}" | |
| PASSWORD: "${{ secrets.QUAY_TOKEN }}" | |
| - name: Build the builder image | |
| run: | | |
| source build-args.conf | |
| podman build --build-arg-file build-args.conf --build-arg STREAM="${{ steps.image-tag.outputs.tag }}" --build-arg BASE_IMAGE="${{ steps.image-tag.outputs.base_image }}" -f Containerfile.builder -t $BUILDER_IMAGE | |
| - name: Build FCOS image with NVIDIA bits | |
| run: | | |
| source build-args.conf | |
| podman build --build-arg-file build-args.conf --build-arg STREAM="${{ steps.image-tag.outputs.tag }}" --build-arg BASE_IMAGE="${{ steps.image-tag.outputs.base_image }}" -f Containerfile -t $FINAL_IMAGE:${{ steps.image-tag.outputs.final_tag }} | |
| - name: Sanity-check | |
| run: | | |
| podman run --rm $FINAL_IMAGE:${{ steps.image-tag.outputs.final_tag }} echo hello | |
| - name: Push image to Quay | |
| if: github.event_name == 'push' || github.event_name == 'schedule' | |
| run: | | |
| podman push $FINAL_IMAGE:${{ steps.image-tag.outputs.final_tag }} | |
| podman tag $FINAL_IMAGE:${{ steps.image-tag.outputs.final_tag }} $FINAL_IMAGE:${{ steps.image-tag.outputs.tag }} | |
| podman push $FINAL_IMAGE:${{ steps.image-tag.outputs.tag }} |