Publish ARM Ansible Docker images

peterdeme · peterdeme · commit b442aadf0242 · 2022-11-10T16:18:27.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,38 +11,76 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: base
           push: false
+          platforms: linux/amd64,linux/arm64
           tags: |
             ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
             ghcr.io/spacelift-io/runner-ansible:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
 
+      - name: Test if ansible binary works
+        run: |
+          # We need to rebuild the images because the previous step is a multi-arch build
+          # and it doesn't produce outputs unfortunately.
+
+          # ARM64
+          docker build --platform linux/arm64 -t ansible-test-arm base
+          docker run --rm ansible-test-arm ansible --version
+
+          # AMD64
+          docker build --platform linux/amd64 -t ansible-test-amd64 base
+          docker run --rm ansible-test-amd64 ansible --version
+
   aws:
     name: Build and deploy the alpine base AWS image
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           build-args: |
             REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
           context: aws
           push: false
           tags: |
             ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+
+      - name: Test if ansible binary works
+        run: |
+          # We need to rebuild the images because the previous step is a multi-arch build
+          # and it doesn't produce outputs unfortunately.
+
+          # ARM64
+          docker build --platform linux/arm64 --build-arg REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }} -t ansible-test-arm aws
+          docker run --rm ansible-test-arm sh -c "python3 -c \"import boto3; print(boto3.__version__)\" && ansible --version"
+
+          # AMD64
+          docker build --platform linux/amd64 --build-arg REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }} -t ansible-test-amd64 aws
+          docker run --rm ansible-test-amd64 sh -c "python3 -c \"import boto3; print(boto3.__version__)\" && ansible --version"
diff --git a/.github/workflows/deploy-preproduction.yml b/.github/workflows/deploy-preproduction.yml
@@ -20,7 +20,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -46,12 +51,13 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: base
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
@@ -64,7 +70,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
+
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
@@ -85,12 +97,13 @@ jobs:
           REPOSITORY_BASE_PATH: ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: aws
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}/runner-ansible-aws:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
@@ -20,7 +20,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -46,23 +51,31 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: base
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+            ghcr.io/spacelift-io/runner-ansible:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
 
   aws:
     needs: base
     name: Build and deploy the alpine base AWS image
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
+
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
@@ -83,14 +96,15 @@ jobs:
           REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           build-args: |
             REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
           context: aws
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
diff --git a/.github/workflows/prod-pr.yml b/.github/workflows/prod-pr.yml
@@ -8,10 +8,10 @@ jobs:
   create-pr:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@main
 
       - name: Create Pull Request
-        uses: vsoch/pull-request-action@1.0.13
+        uses: vsoch/pull-request-action@1.0.22
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PASS_IF_EXISTS: true
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
 
       - name: Build an image from Dockerfile
         run: |
@@ -31,7 +31,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
 
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
 
       - name: Build an image from Dockerfile
         run: |
@@ -57,6 +57,6 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
