.github/workflows/build-ci-container.yml

   1 name: Build CI Container
   2
   3 permissions:
   4   contents: read
   5
   6 on:
   7   push:
   8     branches:
   9       - main
  10     paths:
  11       - .github/workflows/build-ci-container.yml
  12       - '.github/workflows/containers/github-action-ci/**'
  13   pull_request:
  14     branches:
  15       - main
  16     paths:
  17       - .github/workflows/build-ci-container.yml
  18       - '.github/workflows/containers/github-action-ci/**'
  19
  20 jobs:
  21   build-ci-container:
  22     if: github.repository_owner == 'llvm'
  23     runs-on: depot-ubuntu-22.04-16
  24     outputs:
  25       container-name: ${{ steps.vars.outputs.container-name }}
  26       container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
  27       container-filename: ${{ steps.vars.outputs.container-filename }}
  28     steps:
  29       - name: Checkout LLVM
  30         uses: actions/checkout@v4
  31         with:
  32           sparse-checkout: .github/workflows/containers/github-action-ci/
  33       - name: Write Variables
  34         id: vars
  35         run: |
  36           tag=`date +%s`
  37           container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/ci-ubuntu-22.04"
  38           echo "container-name=$container_name" >> $GITHUB_OUTPUT
  39           echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
  40           echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
  41       - name: Build container
  42         working-directory: ./.github/workflows/containers/github-action-ci/
  43         run: |
  44           podman build -t ${{ steps.vars.outputs.container-name-tag }} .
  45
  46       # Save the container so we have it in case the push fails.  This also
  47       # allows us to separate the push step into a different job so we can
  48       # maintain minimal permissions while building the container.
  49       - name: Save container image
  50         run: |
  51           podman save  ${{ steps.vars.outputs.container-name-tag }} >  ${{ steps.vars.outputs.container-filename }}
  52
  53       - name: Upload container image
  54         uses: actions/upload-artifact@v4
  55         with:
  56           name: container
  57           path: ${{ steps.vars.outputs.container-filename }}
  58           retention-days: 14
  59
  60       - name: Test Container
  61         run: |
  62           for image in ${{ steps.vars.outputs.container-name-tag }}; do
  63             # Use --pull=never to ensure we are testing the just built image.
  64             podman run --pull=never --rm -it $image /usr/bin/bash -x -c 'cd $HOME && printf '\''#include <iostream>\nint main(int argc, char **argv) { std::cout << "Hello\\n"; }'\'' | clang++ -x c++ - && ./a.out | grep Hello'
  65           done
  66
  67   push-ci-container:
  68     if: github.event_name == 'push'
  69     needs:
  70       - build-ci-container
  71     permissions:
  72       packages: write
  73     runs-on: ubuntu-24.04
  74     env:
  75       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  76     steps:
  77       - name: Download container
  78         uses: actions/download-artifact@v4
  79         with:
  80           name: container
  81
  82       - name: Push Container
  83         run: |
  84           podman load -i ${{ needs.build-ci-container.outputs.container-filename }}
  85           podman tag ${{ needs.build-ci-container.outputs.container-name-tag }} ${{ needs.build-ci-container.outputs.container-name }}:latest
  86           podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
  87           podman push ${{ needs.build-ci-container.outputs.container-name-tag }}
  88           podman push ${{ needs.build-ci-container.outputs.container-name }}:latest