Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Adding dockerfile and ci/cd #875

Merged
merged 4 commits into from
Jul 18, 2024
Merged

Adding dockerfile and ci/cd #875

merged 4 commits into from
Jul 18, 2024

Conversation

glimchb
Copy link
Contributor

@glimchb glimchb commented Jul 18, 2024
edited
Loading

Fixes #869

  • Adding alpine based dockerfile
  • ci: adding linter and builder github action
  • ci: add testing for dockerfile
  • ci: add new release action to run when published

@glimchb glimchb force-pushed the master branch 3 times, most recently from bff7358 to 7752833 Compare July 18, 2024 18:15
@glimchb glimchb marked this pull request as ready for review July 18, 2024 18:16
glimchb added 4 commits July 18, 2024 21:55
@glimchb
Adding alpine based dockerfile
1691ccb 
Fixed stefanberger#869

Used multi-stage build here to reduce final image size.
Builder should have packages for dev and compile.
Final image should only have dependencies for runtime.

Building is simple using `docker build .` command.

Or `docker build --build-arg="LIBTPMS_BRANCH=v0.9.6" .`
if you want another branch/tag of libtpms.

Next patch will add:
- linter
- build
- tpm2 tools testing

Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
@glimchb
ci: adding linter and builder github action
db5c13a 
Fixes stefanberger#869

Using popular Hadolint linter for dockers.
Using standard GitHub action for building.

Build will also publish to GHCR after PR is merged, not before.

Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
@glimchb
ci: add testing via docker compose
613fb05 
Auto testing as well as good example on:
how to run SWTPM in docker or compose.

Simply run `docker-compose up` to bring both swtpm and test.
Or run `docker-compose up --build --force-recreate` to re-build.
Or run `docker-compose up swtpm` to only start swtpm service without
test.

Added new job in the github action to automate this as well.

Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
@glimchb
ci: add new release action to run when published
e12dacd 
It is better to have it as separate action.
So it can grow with nore thiungs to do on release.

It calls existing docker build and push to avoid duplication.

Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
@glimchb
Copy link
Contributor Author

glimchb commented Jul 18, 2024

@stefanberger can you merge this , please ? Travis CI passed

@stefanberger stefanberger merged commit 52546d5 into stefanberger:master Jul 18, 2024
2 checks passed
@stefanberger
Copy link
Owner

Thanks!

@stefanberger
Copy link
Owner

I had to fix the Dockerfile for github ci/cd since it started to fail due to an update of libtpms adding a new API call that then wasn't available to swtpm because the libtpms build didn't happen and the old version of libtpms was used: PR #898
There were lots of broken github builds for the build action lately. I wouldn't mind it skipping the libtpms build for as long as it hasn't been updated but when an update happens it should build again. I suppose there's no way of doing this easily...

@glimchb
Copy link
Contributor Author

glimchb commented Sep 4, 2024
edited
Loading

@stefanberger one way to do it easily is add libtpms as a git submodule of swtpm

cd swtpm
git submodule add ../libtpms

in this way every time to checkout swtpm it will bring correct libtpms with it

so docker build and all other builds, will just do normal checkout of swtpm and don;t need to worry about libtpm

every time you need to bump the libtpm, you just checkout and commit as usual...

WDYT ?

another option - I exposed LIBTPMS_BRANCH argument, so we can just pass specific commit/tag instead of master...

another option - add no-cache: true option in the workflow

swtpm/.github/workflows/docker.yaml

Line 76 in 607eb54

cache-from: type=gha

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@stefanberger stefanberger stefanberger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Any objection if I add Dockerfile here ?
2 participants
@glimchb @stefanberger