X-Smart-Squash: Squashed 18 commits:

1179d57 Squash
835342e rn
8430368 update
f54326c unit
e9fc780 merge builder
9515346 split
d7b2d89 workflow
19f9fc9 update
f220584 always
1af882d unit
6a5d9a7 comment
a22a493 unit
9424110 unit
83bb60f enable builder
4c01e09 arch
4f0df21 clean
d07cefc arch
50aec13c9 typo

Author: robbycochran

.github/workflows/collector-builder.yml

@@ -8,6 +8,11 @@ on:
         required: true
         description: |
           The tag used to build the collector image
+      include-arch-json:
+        type: string
+        required: true
+        description: |
+          JSON for matrix.include to select architectures and runners to build
     outputs:
       collector-builder-tag:
         description: The builder tag used by the build
@@ -40,7 +45,6 @@ jobs:
 
   build-builder-image:
     name: Build the builder image
-    runs-on: ubuntu-24.04
     # Multiarch builds sometimes take for eeeeeeeeeever
     timeout-minutes: 480
     needs:
@@ -55,9 +59,9 @@ jobs:
     outputs:
       collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag }}
     strategy:
-      fail-fast: false
       matrix:
-        arch: [amd64, ppc64le, s390x, arm64]
+        include: ${{ fromJSON(inputs.include-arch-json) }}
+    runs-on: ${{ matrix.runner }}
 
     env:
       PLATFORM: linux/${{ matrix.arch }}
@@ -69,24 +73,30 @@ jobs:
           submodules: true
 
       - name: Set up QEMU
+        if: matrix.remote != true
         uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:qemu-v8.1.5
 
       - name: Set up Docker Buildx
+        if: matrix.remote != true
         uses: docker/setup-buildx-action@v3
 
       - uses: actions/setup-python@v5
+        if: matrix.remote
         with:
           python-version: "3.10"
 
       - uses: 'google-github-actions/auth@v2'
+        if: matrix.remote
         with:
           credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}'
 
       - uses: 'google-github-actions/setup-gcloud@v2'
+        if: matrix.remote
 
       - uses: ./.github/actions/setup-vm-creds
+        if: matrix.remote
         with:
           gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
           gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
@@ -101,9 +111,7 @@ jobs:
           job-tag: builder
 
       - name: Create Build VMs
-        if: |
-          matrix.arch == 's390x' &&
-          (github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
+        if: matrix.remote
         run: |
           make -C "${{ github.workspace }}/ansible" create-build-vms
 
@@ -133,10 +141,7 @@ jobs:
           } > ${{ github.workspace }}/ansible/secrets.yml
 
       - name: Build images
-        if: |
-          (github.event_name != 'pull_request' && matrix.arch != 's390x') ||
-          matrix.arch == 'amd64' ||
-          (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch != 's390x')
+        if: matrix.remote != true
         timeout-minutes: 480
         run: |
           ansible-galaxy install -r ansible/requirements.yml
@@ -149,9 +154,7 @@ jobs:
             ansible/ci-build-builder.yml
 
       - name: Build s390x images
-        if: |
-          (github.event_name != 'pull_request' && matrix.arch == 's390x') ||
-          (contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') && matrix.arch == 's390x')
+        if: matrix.remote
         timeout-minutes: 480
         run: |
           ansible-playbook \
@@ -162,7 +165,7 @@ jobs:
             ansible/ci-build-builder.yml
 
       - name: Destroy VMs
-        if: always() && matrix.arch == 's390x'
+        if: always() && matrix.remote
         run: |
           make -C ansible destroy-vms
 
@@ -173,11 +176,10 @@ jobs:
     runs-on: ubuntu-24.04
     if: |
       github.event_name != 'pull_request' ||
-      (needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
-       contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds'))
+      needs.build-builder-image.outputs.collector-builder-tag != 'cache'
     env:
       COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
-      ARCHS: amd64 ppc64le s390x arm64
+      ARCHS: ${{ join(fromJSON(inputs.include-arch-json).*.arch, ' ') }}
 
     steps:
       - uses: actions/checkout@v4
@@ -208,45 +210,12 @@ jobs:
           base-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
           archs: ${{ env.ARCHS }}
 
-  retag-x86-image:
-    needs:
-    - build-builder-image
-    name: Retag x86 builder image
-    runs-on: ubuntu-24.04
-    if: |
-      github.event_name == 'pull_request' &&
-      needs.build-builder-image.outputs.collector-builder-tag != 'cache' &&
-      !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
-    env:
-      COLLECTOR_BUILDER_TAG: ${{ needs.build-builder-image.outputs.collector-builder-tag }}
-    steps:
-      - name: Pull image to retag
-        run: |
-          docker pull "quay.io/stackrox-io/collector-builder:${COLLECTOR_BUILDER_TAG}-amd64"
-
-      - name: Retag and push stackrox-io
-        uses: stackrox/actions/images/retag-and-push@v1
-        with:
-          src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64
-          dst-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
-          username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
-          password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
-
-      - name: Retag and push rhacs-eng
-        uses: stackrox/actions/images/retag-and-push@v1
-        with:
-          src-image: quay.io/stackrox-io/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}-amd64
-          dst-image: quay.io/rhacs-eng/collector-builder:${{ env.COLLECTOR_BUILDER_TAG }}
-          username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
-          password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
-
   notify:
     runs-on: ubuntu-24.04
     if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request'
     needs:
       - build-builder-image
       - create-multiarch-manifest
-      - retag-x86-image
     steps:
       - name: Slack notification
         uses: rtCamp/action-slack-notify@v2

.github/workflows/collector.yml

@@ -18,6 +18,11 @@ on:
         required: true
         description: |
           The builder tag to use in the build
+      include-arch-json:
+        type: string
+        required: true
+        description: |
+          JSON for matrix.include to select architectures and runners to build
 
 env:
   COLLECTOR_TAG: ${{ inputs.collector-tag }}
@@ -30,11 +35,10 @@ env:
 jobs:
   build-collector-image:
     name: Build Collector
-    runs-on: ubuntu-24.04
     strategy:
-      fail-fast: false
       matrix:
-        arch: [amd64, ppc64le, arm64]
+        include: ${{ fromJSON(inputs.include-arch-json) }}
+    runs-on: ${{ matrix.runner }}
 
     env:
       PLATFORM: linux/${{ matrix.arch }}
@@ -46,11 +50,13 @@ jobs:
           submodules: true
 
       - name: Set up QEMU
+        if: matrix.remote != true
         uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:qemu-v8.1.5
 
       - name: Set up Docker Buildx
+        if: matrix.remote != true
         uses: docker/setup-buildx-action@v3
 
       - name: Create ansible vars
@@ -62,6 +68,7 @@ jobs:
           rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
           rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
           collector_git_ref: ${{ github.ref }}
+          collector_git_sha: ${{ github.sha }}
           collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
           disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}
           rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}
@@ -71,11 +78,8 @@ jobs:
           driver_version: ${DRIVER_VERSION}
           EOF
 
-      - name: Build images
-        if: |
-          github.event_name != 'pull_request' ||
-          matrix.arch == 'amd64' ||
-          contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
+      - name: Build ${{ matrix.arch }} image locally
+        if: matrix.remote != true
         timeout-minutes: 480
         run: |
           ansible-playbook \
@@ -86,32 +90,21 @@ jobs:
             -e @'${{ github.workspace }}/ansible/secrets.yml' \
             ansible/ci-build-collector.yml
 
-  build-collector-image-remote-vm:
-    name: Build Collector on a remote VM
-    runs-on: ubuntu-24.04
-    if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [s390x]
-
-    env:
-      PLATFORM: linux/${{ matrix.arch }}
-
-    steps:
-      - uses: actions/checkout@v4
-
       - uses: actions/setup-python@v5
+        if: matrix.remote
         with:
           python-version: "3.10"
 
       - uses: 'google-github-actions/auth@v2'
+        if: matrix.remote
         with:
           credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}'
 
       - uses: 'google-github-actions/setup-gcloud@v2'
+        if: matrix.remote
 
       - uses: ./.github/actions/setup-vm-creds
+        if: matrix.remote
         with:
           gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }}
           gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }}
@@ -126,28 +119,12 @@ jobs:
           job-tag: builder
 
       - name: Create Build VMs
+        if: matrix.remote
         run: |
           make -C "${{ github.workspace }}/ansible" create-build-vms
 
-      - name: Create ansible vars
-        run: |
-          cat << EOF > ${{ github.workspace }}/ansible/secrets.yml
-          ---
-          stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
-          stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
-          rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
-          rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
-          collector_git_ref: ${{ github.ref }}
-          collector_git_sha: ${{ github.sha }}
-          collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }}
-          disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }}
-          rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }}
-          collector_image: ${{ inputs.collector-image }}
-          collector_tag: ${{ inputs.collector-tag }}
-          debug_mode: ${{ github.event_name == 'pull_request' }}
-          EOF
-
-      - name: Build ${{ matrix.arch }} image
+      - name: Build ${{ matrix.arch }} image remotely
+        if: matrix.remote
         timeout-minutes: 480
         run: |
           ansible-playbook \
@@ -158,21 +135,18 @@ jobs:
             ansible/ci-build-collector.yml
 
       - name: Destroy Build VMs
-        if: always()
+        if: always() && matrix.remote
         run: |
           make -C ansible destroy-vms
 
   create-multiarch-manifest:
     needs:
     - build-collector-image
-    - build-collector-image-remote-vm
     name: Create Multiarch manifest
     runs-on: ubuntu-24.04
-    if: |
-      github.event_name != 'pull_request' ||
-      contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
+    if: always() && !contains(join(needs.*.result, ','), 'failure')
     env:
-      ARCHS: amd64 ppc64le s390x arm64
+      ARCHS: ${{ join(fromJSON(inputs.include-arch-json).*.arch, ' ') }}
 
     steps:
       - uses: actions/checkout@v4
@@ -203,43 +177,12 @@ jobs:
           base-image: quay.io/rhacs-eng/collector:${{ inputs.collector-tag }}
           archs: ${{ env.ARCHS }}
 
-  retag-x86-image:
-    needs:
-    - build-collector-image
-    name: Retag x86 image
-    runs-on: ubuntu-24.04
-    if: |
-      github.event_name == 'pull_request' &&
-      !contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')
-    steps:
-      - name: Pull image to retag
-        run: |
-          docker pull ${{ inputs.collector-image }}-amd64
-
-      - name: Retag and push stackrox-io
-        uses: stackrox/actions/images/retag-and-push@v1
-        with:
-          src-image: ${{ inputs.collector-image }}-amd64
-          dst-image: ${{ inputs.collector-image }}
-          username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
-          password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
-
-      - name: Retag and push rhacs-eng
-        uses: stackrox/actions/images/retag-and-push@v1
-        with:
-          src-image: ${{ inputs.collector-image }}-amd64
-          dst-image: ${{ env.RHACS_ENG_IMAGE }}
-          username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }}
-          password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }}
-
   notify:
     runs-on: ubuntu-24.04
     if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request'
     needs:
       - build-collector-image
-      - build-collector-image-remote-vm
       - create-multiarch-manifest
-      - retag-x86-image
     steps:
       - name: Slack notification
         uses: rtCamp/action-slack-notify@v2