1name: Build CI Container 2 3permissions: 4 contents: read 5 6on: 7 push: 8 branches: 9 - main 10 paths: 11 - .github/workflows/build-ci-container.yml 12 - '.github/workflows/containers/github-action-ci/**' 13 pull_request: 14 branches: 15 - main 16 paths: 17 - .github/workflows/build-ci-container.yml 18 - '.github/workflows/containers/github-action-ci/**' 19 20jobs: 21 build-ci-container: 22 if: github.repository_owner == 'llvm' 23 runs-on: depot-ubuntu-22.04-16 24 outputs: 25 container-name: ${{ steps.vars.outputs.container-name }} 26 container-name-agent: ${{ steps.vars.outputs.container-name-agent }} 27 container-name-tag: ${{ steps.vars.outputs.container-name-tag }} 28 container-name-agent-tag: ${{ steps.vars.outputs.container-name-agent-tag }} 29 container-filename: ${{ steps.vars.outputs.container-filename }} 30 container-agent-filename: ${{ steps.vars.outputs.container-agent-filename }} 31 steps: 32 - name: Checkout LLVM 33 uses: actions/checkout@v4 34 with: 35 sparse-checkout: .github/workflows/containers/github-action-ci/ 36 - name: Write Variables 37 id: vars 38 run: | 39 tag=`date +%s` 40 container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/ci-ubuntu-22.04" 41 echo "container-name=$container_name" >> $GITHUB_OUTPUT 42 echo "container-name-agent=$container_name-agent" >> $GITHUB_OUTPUT 43 echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT 44 echo "container-name-agent-tag=$container_name-agent:$tag" >> $GITHUB_OUTPUT 45 echo "container-filename=$(echo $container_name:$tag | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT 46 echo "container-agent-filename=$(echo $container_name-agent:$tag | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT 47 - name: Build container 48 working-directory: ./.github/workflows/containers/github-action-ci/ 49 run: | 50 podman build --target ci-container -t ${{ steps.vars.outputs.container-name-tag }} . 51 podman build --target ci-container-agent -t ${{ steps.vars.outputs.container-name-agent-tag }} . 52 53 # Save the container so we have it in case the push fails. This also 54 # allows us to separate the push step into a different job so we can 55 # maintain minimal permissions while building the container. 56 - name: Save container image 57 run: | 58 podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }} 59 podman save ${{ steps.vars.outputs.container-name-agent-tag }} > ${{ steps.vars.outputs.container-agent-filename }} 60 61 - name: Upload container image 62 uses: actions/upload-artifact@v4 63 with: 64 name: container 65 path: "*.tar" 66 retention-days: 14 67 68 - name: Test Container 69 run: | 70 for image in ${{ steps.vars.outputs.container-name-tag }}; do 71 # Use --pull=never to ensure we are testing the just built image. 72 podman run --pull=never --rm -it $image /usr/bin/bash -x -c 'cd $HOME && printf '\''#include <iostream>\nint main(int argc, char **argv) { std::cout << "Hello\\n"; }'\'' | clang++ -x c++ - && ./a.out | grep Hello' 73 done 74 75 push-ci-container: 76 if: github.event_name == 'push' 77 needs: 78 - build-ci-container 79 permissions: 80 packages: write 81 runs-on: ubuntu-24.04 82 env: 83 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 84 steps: 85 - name: Download container 86 uses: actions/download-artifact@v4 87 with: 88 name: container 89 90 - name: Push Container 91 run: | 92 podman load -i ${{ needs.build-ci-container.outputs.container-filename }} 93 podman tag ${{ needs.build-ci-container.outputs.container-name-tag }} ${{ needs.build-ci-container.outputs.container-name }}:latest 94 podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io 95 podman push ${{ needs.build-ci-container.outputs.container-name-tag }} 96 podman push ${{ needs.build-ci-container.outputs.container-name }}:latest 97 98 podman load -i ${{ needs.build-ci-container.outputs.container-agent-filename }} 99 podman tag ${{ needs.build-ci-container.outputs.container-name-agent-tag }} ${{ needs.build-ci-container.outputs.container-name-agent }}:latest 100 podman push ${{ needs.build-ci-container.outputs.container-name-agent-tag }} 101 podman push ${{ needs.build-ci-container.outputs.container-name-agent }}:latest 102