diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 654e21e77..a11b5ab58 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -1,5 +1,4 @@ --- - # Runs the build-packages based on the provided files in test.yml name: build-packages @@ -12,6 +11,8 @@ permissions: jobs: build-packages: runs-on: ubuntu-latest + permissions: + packages: read steps: - uses: actions/checkout@v4 - uses: actions/download-artifact@v3 @@ -22,6 +23,14 @@ jobs: with: name: package-parts-linuxmusl-x86-64 path: agent/native/_build/linuxmusl-x86-64-release/ + + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: package run: make -C packaging package - name: package info diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 000000000..6b12f219b --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,87 @@ +--- +name: Build Cached Container Images +on: + workflow_dispatch: + schedule: + - cron: "0 3 * * 1-5" + +env: + DOCKER_BUILDKIT: 1 + IMAGE_NAME: ${{ github.repository }} + REGISTRY: ghcr.io + +permissions: + contents: read + +jobs: + build: + uses: ./.github/workflows/build.yml + + publish: + runs-on: ubuntu-latest + needs: + - build + permissions: + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v3 + with: + name: package-parts-linux-x86-64 + path: agent/native/_build/linux-x86-64-release/ + + - uses: actions/download-artifact@v3 + with: + name: package-parts-linuxmusl-x86-64 + path: agent/native/_build/linuxmusl-x86-64-release/ + + - name: Create a unique tag + run: | + echo "TEST_TAG=$(date +%s)" >> "${GITHUB_ENV}" + + - name: Extract metadata (tags, labels) for Test Container + id: test-meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{ env.TEST_TAG }} + + - name: Build and export Container image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./packaging/cache/ + load: true + tags: ${{ steps.test-meta.outputs.tags }} + labels: ${{ steps.test-meta.outputs.labels }} + + - name: Package + run: make IMAGE_TAG=${{ env.TEST_TAG }} -C packaging package + + - name: Package info + run: make IMAGE_TAG=${{ env.TEST_TAG }} -C packaging info + + - name: Extract metadata (tags, labels) for Container + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest + + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: ./packaging/cache/ + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/test-packages.yml b/.github/workflows/test-packages.yml index 0961731ec..48c2a965c 100644 --- a/.github/workflows/test-packages.yml +++ b/.github/workflows/test-packages.yml @@ -1,5 +1,4 @@ --- - # Runs the test packages based on the provided files in test.yml name: test-packages @@ -10,12 +9,12 @@ on: required: true type: string max-parallel: - description: 'Set the maximum number of jobs that can run simultaneously in the matrix' + description: "Set the maximum number of jobs that can run simultaneously in the matrix" default: 20 required: false type: number package-name: - description: 'The artifact name with the binaries to be tested' + description: "The artifact name with the binaries to be tested" default: "package" required: false type: string @@ -38,6 +37,9 @@ jobs: TESTING_TYPE: ${{ matrix.item[2] }} ELASTIC_APM_PHP_TESTS_MATRIX_ROW: "${{ join(matrix.item, ',') }}" BUILD_PACKAGES: build/packages + permissions: + contents: read + packages: read steps: - uses: actions/checkout@v4 @@ -46,6 +48,13 @@ jobs: name: ${{ inputs.package-name }} path: ${{ env.BUILD_PACKAGES }} + - name: Log in to the Container registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + ## This will help with preparing the signed artifacts that were bundled in a zip file - if: ${{ inputs.package-name == 'signed-artifacts' }} name: Unzip signed packages diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2132bcaac..3e35dcffd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -104,22 +104,30 @@ jobs: path: build/*junit.xml if-no-files-found: error build-packages: + permissions: + contents: read + packages: read needs: - build - static-checks-unit-tests - phpt-tests uses: ./.github/workflows/build-packages.yml + secrets: inherit generate-test-packages-matrix: uses: ./.github/workflows/generate-matrix.yml test-packages: + permissions: + contents: read + packages: read needs: - build-packages - generate-test-packages-matrix uses: ./.github/workflows/test-packages.yml with: include: ${{ needs.generate-test-packages-matrix.outputs.include }} + secrets: inherit # The very last job to report whether the Workflow passed. # This will act as the Branch Protection gatekeeper diff --git a/packaging/Dockerfile b/packaging/Dockerfile index 91117172d..df1d7f87c 100644 --- a/packaging/Dockerfile +++ b/packaging/Dockerfile @@ -1,18 +1,5 @@ -FROM ruby:3.3.0-alpine3.18 - -ENV FPM_VERSION 1.15.1 -RUN apk add --no-cache \ - alpine-sdk make cpio curl libarchive-tools make php-pear \ - python3 py3-virtualenv py3-setuptools py3-pip \ - rpm unzip xz git tar dpkg \ - && ln -sf python3 /usr/bin/python \ - && gem install --no-document fpm -v ${FPM_VERSION} - -## Fix fpm issue, see https://github.com/jordansissel/fpm/issues/1227 -ADD fpm_apm.patch /tmp -RUN (cd /usr/local/bundle/gems/fpm-${FPM_VERSION}/ ; patch -p 1 < /tmp/fpm_apm.patch ) \ - && rm -f /tmp/fpm_apk.patch - +ARG IMAGE_TAG=latest +FROM ghcr.io/elastic/apm-agent-php:${IMAGE_TAG} COPY create-package.sh /bin WORKDIR /app ENTRYPOINT ["/bin/create-package.sh"] diff --git a/packaging/Makefile b/packaging/Makefile index fa524660c..16b7d1279 100644 --- a/packaging/Makefile +++ b/packaging/Makefile @@ -1,6 +1,7 @@ SHELL = /bin/bash MAKEFLAGS += --no-print-directory IMAGE:=php-packaging +IMAGE_TAG:=latest NAME:=apm-agent-php VERSION?=$(shell grep 'VERSION' ../agent/php/ElasticApm/ElasticApm.php | cut -d= -f2 | tr -d " " | sed "s/'\(.*\)'.*/\1/g") OUTPUT:=build/packages @@ -27,7 +28,7 @@ clean: ## Clean the generated packages .PHONY: prepare prepare: ## Build docker image for the packaging - docker build -t $(IMAGE) . || exit 1 + docker build --build-arg IMAGE_TAG=$(IMAGE_TAG) -t $(IMAGE) . || exit 1 .PHONY: build-docker-images build-docker-images: prepare prepare-apk prepare-deb prepare-rpm prepare-tar prepare-deb-apache prepare-deb-fpm ## Build all the docker images diff --git a/packaging/cache/Dockerfile b/packaging/cache/Dockerfile new file mode 100644 index 000000000..e3f960a14 --- /dev/null +++ b/packaging/cache/Dockerfile @@ -0,0 +1,14 @@ +FROM ruby:3.3-alpine + +ENV FPM_VERSION 1.15.1 +RUN apk add --no-cache \ + alpine-sdk make cpio curl libarchive-tools make php-pear \ + python3 py3-virtualenv py3-setuptools py3-pip \ + rpm unzip xz git tar dpkg \ + && ln -sf python3 /usr/bin/python \ + && gem install --no-document fpm -v ${FPM_VERSION} + +## Fix fpm issue, see https://github.com/jordansissel/fpm/issues/1227 +ADD fpm_apm.patch /tmp +RUN (cd /usr/local/bundle/gems/fpm-${FPM_VERSION}/ ; patch -p 1 < /tmp/fpm_apm.patch ) \ + && rm -f /tmp/fpm_apk.patch diff --git a/packaging/fpm_apm.patch b/packaging/cache/fpm_apm.patch similarity index 100% rename from packaging/fpm_apm.patch rename to packaging/cache/fpm_apm.patch