-
Notifications
You must be signed in to change notification settings - Fork 0
416 lines (359 loc) · 15.1 KB
/
docker-weekly-build.yml
File metadata and controls
416 lines (359 loc) · 15.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
name: Build Docker RISC-V64
on:
schedule:
# Run every Sunday at 02:00 UTC (weekly builds from master)
- cron: '0 2 * * 0'
workflow_dispatch:
inputs:
moby_ref:
description: 'Moby ref to build (branch/tag/commit)'
required: false
default: 'master'
containerd_ref:
description: 'Containerd version tag to build'
required: false
default: 'v2.2.1'
runc_ref:
description: 'Runc version tag to build'
required: false
default: 'v1.4.0'
permissions:
contents: write
issues: write
actions: write
jobs:
build-docker:
runs-on: [self-hosted, riscv64]
env:
VERSION_REGEX: '^(docker-)?v[0-9]+\.[0-9]+\.[0-9]+.*$'
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
# Don't checkout all submodules - we only need moby
submodules: false
- name: Checkout moby submodule only
run: |
# Only init and update the moby submodule (skip cli, compose, cagent)
git submodule update --init --depth 1 moby
- name: Cache Go modules and build cache
uses: actions/cache@v5
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-riscv64-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-riscv64-
${{ runner.os }}-go-
- name: Update moby submodule
id: moby_update
run: |
cd moby
git fetch origin --tags
MOBY_REF="${{ github.event.inputs.moby_ref || 'master' }}"
git checkout "$MOBY_REF"
# Pull only if it's a branch (not a tag)
if git show-ref --verify --quiet "refs/remotes/origin/$MOBY_REF"; then
git pull origin "$MOBY_REF"
fi
# Determine version for Docker build
# If checked out to a version tag (vX.Y.Z or docker-vX.Y.Z), extract clean version
VERSION_REGEX='${{ env.VERSION_REGEX }}'
if [[ "$MOBY_REF" =~ $VERSION_REGEX ]]; then
# Official release tag: docker-v29.0.0 -> 29.0.0
VERSION="${MOBY_REF#docker-}"
VERSION="${VERSION#v}"
echo "Building official release version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
else
# Development build: use git describe
VERSION=$(git describe --tags --always --dirty)
echo "Building development version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
fi
# Extract Go version required by go.mod
GO_VERSION=$(grep '^go ' go.mod | awk '{print $2}')
if [ -z "$GO_VERSION" ]; then
echo "WARNING: Could not extract Go version from go.mod, falling back to 1.25.5"
GO_VERSION="1.25.5"
fi
echo "Go version from go.mod: $GO_VERSION"
echo "go_version=$GO_VERSION" >> $GITHUB_OUTPUT
- name: Apply RISC-V patches
run: |
cd moby
# Comment out frozen-images section (no riscv64 manifests)
# Find the FROM stage and comment it out along with its continuation lines
awk '
/^FROM.*frozen-images/ {
in_frozen = 1
print "# " $0
next
}
in_frozen && /\\$/ {
print "# " $0
next
}
in_frozen && !/\\$/ {
print "# " $0
print "RUN mkdir -p /build"
in_frozen = 0
next
}
{ print }
' Dockerfile > Dockerfile.tmp && mv Dockerfile.tmp Dockerfile
# Comment out COPY commands referencing frozen-images
sed -i '/^COPY.*frozen-images/s/^/# /' Dockerfile
# Comment out dockercli-integration section (old CLI)
awk '
/^FROM.*dockercli-integration/ {
in_dockercli = 1
print "# " $0
next
}
in_dockercli && /\\$/ {
print "# " $0
next
}
in_dockercli && !/\\$/ {
print "# " $0
print "RUN mkdir -p /build"
in_dockercli = 0
next
}
{ print }
' Dockerfile > Dockerfile.tmp && mv Dockerfile.tmp Dockerfile
# Comment out COPY commands referencing dockercli-integration
sed -i '/^COPY.*dockercli-integration/s/^/# /' Dockerfile
- name: Build Docker binaries
run: |
cd moby
VERSION="${{ steps.moby_update.outputs.version }}"
GO_VERSION="${{ steps.moby_update.outputs.go_version }}"
echo "Building Docker with VERSION=$VERSION, GO_VERSION=$GO_VERSION"
docker build \
--build-arg BASE_DEBIAN_DISTRO=trixie \
--build-arg GO_VERSION="$GO_VERSION" \
--build-arg VERSION="$VERSION" \
--target=binary \
-f Dockerfile \
-t docker-riscv64:binary-$(date +%Y%m%d) \
.
- name: Build containerd
run: |
CONTAINERD_REF="${{ github.event.inputs.containerd_ref || 'v2.2.1' }}"
# Clone if needed, then always sync to the requested ref
if [ ! -d "containerd" ]; then
git clone https://github.com/containerd/containerd.git
fi
cd containerd
git fetch --tags --prune origin
git checkout --force "$CONTAINERD_REF"
git reset --hard "$CONTAINERD_REF"
git clean -fdx
# Build containerd binaries
make BUILDTAGS='no_btrfs' binaries
ls -lh bin/
- name: Install runc build dependencies
run: |
sudo apt-get update
sudo apt-get install -y libseccomp-dev pkg-config
- name: Build runc
run: |
RUNC_REF="${{ github.event.inputs.runc_ref || 'v1.4.0' }}"
# Clone if needed, then always sync to the requested ref
if [ ! -d "runc" ]; then
git clone https://github.com/opencontainers/runc.git
fi
cd runc
git fetch --tags --prune origin
git checkout --force "$RUNC_REF"
git reset --hard "$RUNC_REF"
git clean -fdx
# Build runc
make static
ls -lh runc
- name: Extract binaries
run: |
DATE=$(date +%Y%m%d)
mkdir -p release-$DATE
# Extract Docker binaries from image (binary target places them at root)
CONTAINER_ID=$(docker create --entrypoint=/bin/true docker-riscv64:binary-$DATE)
docker cp $CONTAINER_ID:/dockerd release-$DATE/
docker cp $CONTAINER_ID:/docker-proxy release-$DATE/
docker rm $CONTAINER_ID
# Copy containerd binaries
cp containerd/bin/containerd release-$DATE/
cp containerd/bin/containerd-shim-runc-v2 release-$DATE/
# Copy runc binary
cp runc/runc release-$DATE/
# Make all binaries executable
chmod +x release-$DATE/*
# Get versions
./release-$DATE/dockerd --version > release-$DATE/VERSIONS.txt
./release-$DATE/docker-proxy --version >> release-$DATE/VERSIONS.txt
./release-$DATE/containerd --version >> release-$DATE/VERSIONS.txt
./release-$DATE/runc --version >> release-$DATE/VERSIONS.txt
# Copy documentation
cp README.md release-$DATE/ || true
cp RUNNER-SETUP.md release-$DATE/ || true
cp INSTALL.md release-$DATE/ 2>/dev/null || echo "Note: INSTALL.md not found" > release-$DATE/INSTALL-NEEDED.txt
ls -lh release-$DATE/
- name: Create release
env:
GH_TOKEN: ${{ github.token }}
run: |
DATE=$(date +%Y%m%d)
MOBY_COMMIT=$(cd moby && git rev-parse --short HEAD)
MOBY_REF="${{ github.event.inputs.moby_ref || 'master' }}"
VERSION="${{ steps.moby_update.outputs.version }}"
# Determine release version and title based on moby_ref
VERSION_REGEX='${{ env.VERSION_REGEX }}'
if [[ "$MOBY_REF" =~ $VERSION_REGEX ]]; then
# Official release: docker-v29.0.0 -> v29.0.0-riscv64
VERSION_TAG="${MOBY_REF#docker-}"
RELEASE_VERSION="${VERSION_TAG}-riscv64"
RELEASE_TITLE="Docker ${VERSION_TAG} for RISC-V64"
VERSION_INFO=$'**Docker Version:** '"${VERSION_TAG}"$'\n**Built Version:** '"${VERSION}"
else
# Development build: master -> v20251018-dev
RELEASE_VERSION="v${DATE}-dev"
RELEASE_TITLE="Docker RISC-V64 Development Build ${DATE}"
VERSION_INFO=$'**Moby Branch:** '"${MOBY_REF}"$'\n**Moby Commit:** '"${MOBY_COMMIT}"$'\n**Built Version:** '"${VERSION}"
fi
CONTAINERD_REF="${{ github.event.inputs.containerd_ref || 'v2.2.1' }}"
RUNC_REF="${{ github.event.inputs.runc_ref || 'v1.4.0' }}"
GO_VERSION="${{ steps.moby_update.outputs.go_version }}"
cat > release-notes.md << EOF
Automated build of Docker Engine for RISC-V64
${VERSION_INFO}
**Build Date:** $(date -u +%Y-%m-%d)
**Architecture:** riscv64
**Components:**
- dockerd (Docker Engine)
- docker-proxy (Network proxy)
- containerd (Container runtime ${CONTAINERD_REF})
- runc (OCI runtime ${RUNC_REF})
- containerd-shim-runc-v2 (Containerd shim)
**Build Command:**
\`\`\`bash
docker build --build-arg BASE_DEBIAN_DISTRO=trixie \\
--build-arg GO_VERSION=${GO_VERSION} \\
--target=binary \\
-f moby/Dockerfile .
\`\`\`
**Installation:**
\`\`\`bash
# Download all binaries
for binary in dockerd docker-proxy containerd containerd-shim-runc-v2 runc; do
wget https://github.com/gounthar/docker-for-riscv64/releases/download/${RELEASE_VERSION}/\$binary
done
# Make executable
chmod +x dockerd docker-proxy containerd containerd-shim-runc-v2 runc
# Install (requires root)
sudo install -m 755 dockerd docker-proxy containerd containerd-shim-runc-v2 runc /usr/local/bin/
\`\`\`
Automated build on RISC-V64 hardware
EOF
# For development builds, delete existing release if it exists
if [[ "$RELEASE_VERSION" =~ -dev$ ]]; then
echo "Checking for existing development release..."
if gh release view "${RELEASE_VERSION}" >/dev/null 2>&1; then
echo "Deleting existing release ${RELEASE_VERSION}..."
gh release delete "${RELEASE_VERSION}" --yes
fi
fi
gh release create "${RELEASE_VERSION}" \
--title "${RELEASE_TITLE}" \
--notes-file release-notes.md \
release-$DATE/*
- name: Close tracking issues
if: ${{ success() }}
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
MOBY_REF="${{ github.event.inputs.moby_ref || 'master' }}"
CONTAINERD_REF="${{ github.event.inputs.containerd_ref || 'v2.2.1' }}"
RUNC_REF="${{ github.event.inputs.runc_ref || 'v1.4.0' }}"
VERSION_REGEX='${{ env.VERSION_REGEX }}'
RELEASE_URL="https://github.com/${{ github.repository }}/releases"
# Only close issues for official releases (not dev builds)
if [[ "$MOBY_REF" =~ $VERSION_REGEX ]]; then
VERSION_TAG="${MOBY_REF#docker-}"
RELEASE_VERSION="${VERSION_TAG}-riscv64"
echo "Searching for tracking issue for Docker ${MOBY_REF}..."
# Find the issue by label and title
ISSUE_NUMBER=$(gh issue list \
--label "build-in-progress,moby-release" \
--state open \
--limit 200 \
--json number,title \
--jq ".[] | select(.title | contains(\"${MOBY_REF}\")) | .number" \
| head -n1)
if [ -n "$ISSUE_NUMBER" ]; then
echo "Found tracking issue #${ISSUE_NUMBER}"
gh issue comment "$ISSUE_NUMBER" \
--body "Build completed successfully! Release published: ${RELEASE_URL}/tag/${RELEASE_VERSION}"
gh issue close "$ISSUE_NUMBER" \
--reason completed \
--comment "Automatically closing - release published."
echo "Issue #${ISSUE_NUMBER} closed successfully"
else
echo "No tracking issue found for ${MOBY_REF}"
fi
else
echo "Skipping moby issue closing for development build"
fi
# Close containerd tracking issues
close_component_issue() {
local LABEL="$1" REF="$2" NAME="$3"
echo "Searching for tracking issue for ${NAME} ${REF}..."
local ISSUE_NUMBER
ISSUE_NUMBER=$(gh issue list \
--label "build-in-progress,${LABEL}" \
--state open \
--limit 200 \
--json number,title \
--jq ".[] | select(.title | contains(\"${REF}\")) | .number" \
| head -n1)
if [ -n "$ISSUE_NUMBER" ]; then
echo "Found ${NAME} tracking issue #${ISSUE_NUMBER}"
gh issue comment "$ISSUE_NUMBER" \
--body "Docker Engine build completed with ${NAME} ${REF}. Release: ${RELEASE_URL}"
gh issue close "$ISSUE_NUMBER" \
--reason completed \
--comment "Automatically closing - included in Docker Engine build."
echo "Issue #${ISSUE_NUMBER} closed successfully"
else
echo "No tracking issue found for ${NAME} ${REF}"
fi
}
close_component_issue "containerd-release" "$CONTAINERD_REF" "containerd"
close_component_issue "runc-release" "$RUNC_REF" "runc"
- name: Trigger package builds
if: ${{ success() }}
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
MOBY_REF="${{ github.event.inputs.moby_ref || 'master' }}"
VERSION_REGEX='${{ env.VERSION_REGEX }}'
# Only trigger package builds for official releases (not dev builds)
if [[ "$MOBY_REF" =~ $VERSION_REGEX ]]; then
VERSION_TAG="${MOBY_REF#docker-}"
RELEASE_TAG="${VERSION_TAG}-riscv64"
echo "Triggering package builds for $RELEASE_TAG..."
# Trigger Debian package build
gh workflow run build-debian-package.yml -f release_tag="$RELEASE_TAG"
echo "✓ Triggered build-debian-package.yml"
# Trigger RPM package build
gh workflow run build-rpm-package.yml -f release_tag="$RELEASE_TAG"
echo "✓ Triggered build-rpm-package.yml"
echo ""
echo "Package builds triggered successfully!"
echo "Monitor progress: gh run list --workflow=build-debian-package.yml --limit 1"
else
echo "Skipping package builds for development build"
fi