diff --git a/.github/workflows/barbican-exporter-build.yaml b/.github/workflows/barbican-exporter-build.yaml index 1044063..b9c3eed 100644 --- a/.github/workflows/barbican-exporter-build.yaml +++ b/.github/workflows/barbican-exporter-build.yaml @@ -7,6 +7,9 @@ on: - main pull_request: +env: + REGISTRY: ghcr.io + jobs: build-and-push: runs-on: ubuntu-latest @@ -37,7 +40,9 @@ jobs: type=ref,event=branch type=ref,event=pr type=sha - + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v4 with: @@ -46,4 +51,6 @@ jobs: push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - build-args: EXPORTER_PORT=9100 # Default, overridden by env in deployment + build-args: | + GHCR_URL=${{ env.GHCR_URL }} + EXPORTER_PORT=9100 diff --git a/.github/workflows/container-build-alert-proxy.yaml b/.github/workflows/container-build-alert-proxy.yaml index aefb039..7aa7bee 100644 --- a/.github/workflows/container-build-alert-proxy.yaml +++ b/.github/workflows/container-build-alert-proxy.yaml @@ -49,6 +49,9 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -63,6 +66,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -118,3 +123,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-apache.yaml b/.github/workflows/container-build-apache.yaml index 7be58b6..882a545 100644 --- a/.github/workflows/container-build-apache.yaml +++ b/.github/workflows/container-build-apache.yaml @@ -35,25 +35,32 @@ env: # workaround until there's a better way to handle this. mod_wsgi: > ["5.0.2"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] + jobs: init: runs-on: ubuntu-latest outputs: apache-mod-wsgi-version: ${{ steps.generate-matrix.outputs.mod_wsgi }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then mod_wsgi="$(echo '${{ github.event.inputs.apache-mod-wsgi-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" fi echo "mod_wsgi=${mod_wsgi:-${{ env.mod_wsgi }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: apache-mod-wsgi-version: ${{ fromJSON(needs.init.outputs.apache-mod-wsgi-version) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} runs-on: ubuntu-latest steps: - name: Checkout @@ -81,6 +88,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -96,6 +106,9 @@ jobs: build-args: | MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -146,9 +159,14 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.apache-mod-wsgi-version }}-${{ matrix.venv-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.apache-mod-wsgi-version }}-${{ matrix.venv-tag }}-${{ env.MY_DATE }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.venv-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.venv-tag }}-${{ env.MY_DATE }} labels: ${{ steps.meta.outputs.labels }} build-args: | MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-barbican.yaml b/.github/workflows/container-build-barbican.yaml index cc21522..9cd91c8 100644 --- a/.github/workflows/container-build-barbican.yaml +++ b/.github/workflows/container-build-barbican.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a barbican image +name: Create and publish a Barbican image permissions: actions: read @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-blazar.yaml b/.github/workflows/container-build-blazar.yaml index 95bcf76..20062e8 100644 --- a/.github/workflows/container-build-blazar.yaml +++ b/.github/workflows/container-build-blazar.yaml @@ -1,163 +1,188 @@ ---- -name: Create and publish a blazar image - -permissions: - actions: read - contents: read - id-token: write - packages: write - pull-requests: write - security-events: write - -on: - pull_request: - paths: - - .github/workflows/container-build-blazar.yaml - - ContainerFiles/blazar - - scripts/blazar-cve-patching.sh - schedule: - - cron: '0 0 * * 0' # Run Weekly at midnight UTC - workflow_dispatch: - inputs: - openstack-constraints: - description: 'Version of OpenStack Constraints to use' - required: true - default: "master" - type: choice - options: - - master - - unmaintained/2024.1 - - stable/2025.1 - project-version: - description: 'Version of OpenStack blazar to build, defaults to openstack-constraints if unspecified' - required: false - type: string - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}/blazar - project_version: ${{ github.event.inputs.project-version }} - # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the - # workflow_dispatch event, so they're being stored in the environment variables. This is a - # workaround until there's a better way to handle this. - openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] -jobs: - init: - runs-on: ubuntu-latest - outputs: - openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} - steps: - - name: generate-matrix - id: generate-matrix - run: | - if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then - openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" - fi - echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT - build-and-push-image: - needs: - - init - strategy: - matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Dynamically set MY_DATE environment variable - run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - - name: Dynamically set OS_VERSION_PARSE environment variable - run: | - VERSION=$(echo -n "${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}" | awk -F'/' '{($2=="" ? x=$1 : x=$2); print x}') - echo "OS_VERSION_PARSE=${VERSION}" >> $GITHUB_ENV - NAME=$(echo -n "${{ env.IMAGE_NAME }}" | awk -F'/' '{print $NF}') - echo "CATEGORY_NAME=${VERSION}-${NAME}" >> $GITHUB_ENV - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - context: . - file: ContainerFiles/blazar - push: false - load: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ${{ env.IMAGE_NAME }}:local - labels: ${{ steps.meta.outputs.labels }} - build-args: | - OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} - OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - CACHEBUST=${{ github.sha }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - with: - image-ref: '${{ env.IMAGE_NAME }}:local' - format: 'sarif' - output: 'trivy-results.sarif' - ignore-unfixed: true - severity: 'CRITICAL,HIGH,MEDIUM' - - name: Upload Trivy scan results to GitHub Security tab - continue-on-error: true - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - category: "${{ env.CATEGORY_NAME }}" - - name: Run Trivy scanner - uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner - if: ${{ github.event_name == 'pull_request' }} - with: - image-ref: '${{ env.IMAGE_NAME }}:local' - output: trivy.txt - ignore-unfixed: true - severity: 'CRITICAL,HIGH,MEDIUM' - - name: Create trivy output file in markdown format - if: ${{ github.event_name == 'pull_request' }} - run: | - if [[ -s trivy.txt ]]; then - echo "### Security Output" > trivy-output.txt - echo '```terraform' >> trivy-output.txt - cat trivy.txt >> trivy-output.txt - echo '```' >> trivy-output.txt - fi - - name: Publish Trivy Output to Summary - if: ${{ github.event_name == 'pull_request' }} - run: | - if [[ -s trivy-output.txt ]]; then - { - cat trivy-output.txt - } >> $GITHUB_STEP_SUMMARY - fi - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - context: . - file: ContainerFiles/blazar - push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-${{ env.MY_DATE }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} - OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - CACHEBUST=${{ github.sha }} +--- +name: Create and publish a Blazar image + +permissions: + actions: read + contents: read + id-token: write + packages: write + pull-requests: write + security-events: write + +on: + pull_request: + paths: + - .github/workflows/container-build-blazar.yaml + - ContainerFiles/blazar + - scripts/blazar-cve-patching.sh + schedule: + - cron: '0 0 * * 0' # Run Weekly at midnight UTC + workflow_dispatch: + inputs: + openstack-constraints: + description: 'Version of OpenStack Constraints to use' + required: true + default: "master" + type: choice + options: + - master + - unmaintained/2024.1 + - stable/2025.1 + project-version: + description: 'Version of OpenStack blazar to build, defaults to openstack-constraints if unspecified' + required: false + type: string + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/blazar + project_version: ${{ github.event.inputs.project-version }} + # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the + # workflow_dispatch event, so they're being stored in the environment variables. This is a + # workaround until there's a better way to handle this. + openstack_constraints: > + ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] + +jobs: + init: + runs-on: ubuntu-latest + outputs: + openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} + steps: + - name: generate-matrix + id: generate-matrix + run: | + if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then + openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi + fi + echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT + + build-and-push-image: + needs: + - init + strategy: + matrix: + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Dynamically set MY_DATE environment variable + run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + - name: Dynamically set OS_VERSION_PARSE environment variable + run: | + VERSION=$(echo -n "${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}" | awk -F'/' '{($2=="" ? x=$1 : x=$2); print x}') + echo "OS_VERSION_PARSE=${VERSION}" >> $GITHUB_ENV + NAME=$(echo -n "${{ env.IMAGE_NAME }}" | awk -F'/' '{print $NF}') + echo "CATEGORY_NAME=${VERSION}-${NAME}" >> $GITHUB_ENV + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ContainerFiles/blazar + push: false + load: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ${{ env.IMAGE_NAME }}:local + labels: ${{ steps.meta.outputs.labels }} + build-args: | + OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} + OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner + if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + with: + image-ref: '${{ env.IMAGE_NAME }}:local' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + severity: 'CRITICAL,HIGH,MEDIUM' + - name: Upload Trivy scan results to GitHub Security tab + continue-on-error: true + if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + category: "${{ env.CATEGORY_NAME }}" + - name: Run Trivy scanner + uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner + if: ${{ github.event_name == 'pull_request' }} + with: + image-ref: '${{ env.IMAGE_NAME }}:local' + output: trivy.txt + ignore-unfixed: true + severity: 'CRITICAL,HIGH,MEDIUM' + - name: Create trivy output file in markdown format + if: ${{ github.event_name == 'pull_request' }} + run: | + if [[ -s trivy.txt ]]; then + echo "### Security Output" > trivy-output.txt + echo '```terraform' >> trivy-output.txt + cat trivy.txt >> trivy-output.txt + echo '```' >> trivy-output.txt + fi + - name: Publish Trivy Output to Summary + if: ${{ github.event_name == 'pull_request' }} + run: | + if [[ -s trivy-output.txt ]]; then + { + cat trivy-output.txt + } >> $GITHUB_STEP_SUMMARY + fi + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: ContainerFiles/blazar + push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-${{ env.MY_DATE }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} + OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-ceph-client.yaml b/.github/workflows/container-build-ceph-client.yaml index 9b673a4..4b44848 100644 --- a/.github/workflows/container-build-ceph-client.yaml +++ b/.github/workflows/container-build-ceph-client.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a ceph-libs image +name: Create and publish a ceph-client image permissions: actions: read @@ -13,52 +13,87 @@ on: pull_request: paths: - .github/workflows/container-build-ceph.yaml - - ContainerFiles/ceph-libs + - ContainerFiles/ceph-client schedule: - cron: '0 0 * * 0' # Run Weekly at midnight UTC workflow_dispatch: inputs: - ceph-version: - description: 'Version of Ceph to use' + ceph-repo: + description: 'Use distro or pve (Proxmox) repo' required: true - default: "v19.2.2" + default: "pve" type: choice options: - - "v19.2.2" - + - "pve" + - "distro" + ceph-release: + description: 'Release of ceph to use' + required: true + default: "squid" + type: choice + options: + - "squid" + - "distro" env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}/ceph-libs - CATEGORY_NAME: ceph-libs + IMAGE_NAME: ${{ github.repository }}/ceph-client + CATEGORY_NAME: ceph-client # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. - ceph_version: > - ["v19.2.2"] + os_release: > + ['trixie','bookworm'] + python_version: > + ['3.13','3.12'] + ceph_repo: > + ['pve'] + ceph_release: > + ['squid'] jobs: init: - runs-on: i-hate-ceph + runs-on: ubuntu-latest outputs: - ceph-version: ${{ steps.generate-matrix.outputs.ceph_version }} + os-release: ${{ steps.generate-matrix.outputs.os_release }} + python-version: ${{ steps.generate-matrix.outputs.python_version }} + ceph-repo: ${{ steps.generate-matrix.outputs.ceph_repo }} + ceph-release: ${{ steps.generate-matrix.outputs.ceph_release }} steps: - name: generate-matrix id: generate-matrix run: | + echo "os_release=${{ env.os_release }}" >> $GITHUB_OUTPUT if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then - ceph_version="$(echo '${{ github.event.inputs.ceph-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + ceph_repo="$(echo '${{ github.event.inputs.ceph-repo }}' | jq -R '[select(length>0)]' | jq -c '.')" + ceph_release="$(echo '${{ github.event.inputs.ceph-release }}' | jq -R '[select(length>0)]' | jq -c '.')" + python_version="['3.13']" fi - echo "ceph_version=${ceph_version:-${{ env.ceph_version }}}" >> $GITHUB_OUTPUT + echo "ceph_repo=${ceph_repo:-${{ env.ceph_repo }}}" >> $GITHUB_OUTPUT + echo "ceph_release=${ceph_release:-${{ env.ceph_release }}}" >> $GITHUB_OUTPUT + echo "python_version=${python_version:-${{ env.python_version }}}" >> $GITHUB_OUTPUT + build-and-push-image: needs: - init strategy: matrix: - ceph-libs-version: ${{ fromJSON(needs.init.outputs.ceph-version) }} + os-release: ${{ fromJSON(needs.init.outputs.os-release) }} + python-version: ${{ fromJSON(needs.init.outputs.python-version) }} + ceph-repo: ${{ fromJSON(needs.init.outputs.ceph-repo) }} + ceph-release: ${{ fromJSON(needs.init.outputs.ceph-release) }} + exclude: + - os-release: trixie + python-version: 3.12 + ceph-repo: pve + ceph-release: squid + - os-release: bookworm + python-version: 3.13 + ceph-repo: pve + ceph-release: squid outputs: MY_DATE: ${{ steps.mydate.outputs.MY_DATE }} MY_CONTAINER: ${{ steps.mycontainer.outputs.MY_CONTAINER }} - runs-on: i-hate-ceph + runs-on: ubuntu-latest steps: - name: Cleanup disk space run: | @@ -92,21 +127,29 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: . - file: ContainerFiles/ceph-libs + file: ContainerFiles/ceph-client push: false load: true cache-from: type=gha cache-to: type=gha,mode=max tags: | ${{ env.IMAGE_NAME }}:local + ${{ matrix.python-version }}-${{ matrix.os-release }}:local labels: ${{ steps.meta.outputs.labels }} build-args: | - CEPH_VERSION=${{ matrix.ceph-libs-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + PYTHON_VERSION=${{ matrix.python-version }} + OS_RELEASE=${{ matrix.os-release }} + CEPH_REPO=${{ matrix.ceph-repo }} + CEPH_VERSION=${{ matrix.ceph-release }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -152,14 +195,19 @@ jobs: uses: docker/build-push-action@v6 with: context: . - file: ContainerFiles/ceph-libs + file: ContainerFiles/ceph-client push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ceph-libs-version }}-latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ceph-libs-version }}-${{ env.MY_DATE }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ceph-release }}-${{ matrix.python-version }}-${{ env.MY_DATE }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ceph-release }}-${{ matrix.python-version }}-${{ matrix.os-release }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ceph-release }}-${{ matrix.python-version }}-${{ matrix.os-release }}-latest labels: ${{ steps.meta.outputs.labels }} build-args: | - CEPH_VERSION=${{ matrix.ceph-libs-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + PYTHON_VERSION=${{ matrix.python-version }} + OS_RELEASE=${{ matrix.os-release }} + CEPH_REPO=${{ matrix.ceph-repo }} + CEPH_RELEASE=${{ matrix.ceph-release }} diff --git a/.github/workflows/container-build-cinder.yaml b/.github/workflows/container-build-cinder.yaml index eb28e71..d53e89a 100644 --- a/.github/workflows/container-build-cinder.yaml +++ b/.github/workflows/container-build-cinder.yaml @@ -41,27 +41,42 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] + ['unmaintained/2024.1','stable/2025.1'] + ceph_client_tags: > + ['squid-3.12-bookworm','squid-3.13-trixie'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + ceph-client-tags: ${{ steps.generate-matrix.outputs.ceph_client_tags }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + ceph_client_tags="['squid-3.12-bookworm']" + else + ceph_client_tags="['squid-3.13-trixie']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "ceph_client_tags=${ceph_client_tags:-${{ env.ceph_client_tags }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + ceph-client-tags: ${{ fromJSON(needs.init.outputs.ceph-client-tags) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + ceph-client-tags: squid-3.13-trixie + - openstack-constraints: stable/2025.1 + ceph-client-tags: squid-3.12-bookworm runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +104,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +123,8 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +182,5 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} diff --git a/.github/workflows/container-build-cloudkitty.yaml b/.github/workflows/container-build-cloudkitty.yaml index 0fabd5e..b8e0db7 100644 --- a/.github/workflows/container-build-cloudkitty.yaml +++ b/.github/workflows/container-build-cloudkitty.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a cloudkitty image +name: Create and publish a Cloudkitty image permissions: actions: read @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,7 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} + diff --git a/.github/workflows/container-build-designate.yaml b/.github/workflows/container-build-designate.yaml index bec47b2..44fa7a3 100644 --- a/.github/workflows/container-build-designate.yaml +++ b/.github/workflows/container-build-designate.yaml @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-freezer.yaml b/.github/workflows/container-build-freezer.yaml index 1b1428f..e1f6d1f 100644 --- a/.github/workflows/container-build-freezer.yaml +++ b/.github/workflows/container-build-freezer.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a freezer image +name: Create and publish a Freezer image permissions: actions: read @@ -38,12 +38,15 @@ env: project_version: ${{ github.event.inputs.project-version }} openstack_constraints: > ["stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix @@ -52,12 +55,14 @@ jobs: openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} runs-on: ubuntu-latest steps: - name: Checkout @@ -85,6 +90,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -101,6 +109,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -158,3 +169,7 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} + diff --git a/.github/workflows/container-build-glance-ceph.yaml b/.github/workflows/container-build-glance-ceph.yaml deleted file mode 100644 index 3b5d6d8..0000000 --- a/.github/workflows/container-build-glance-ceph.yaml +++ /dev/null @@ -1,164 +0,0 @@ ---- -name: Create and publish a Glance image with Ceph support - -permissions: - actions: read - contents: read - id-token: write - packages: write - pull-requests: write - security-events: write - -on: - pull_request: - paths: - - .github/workflows/container-build-glance-ceph.yaml - - ContainerFiles/glance-ceph - - scripts/glance-cve-patching.sh - schedule: - - cron: '0 0 * * 0' # Run Weekly at midnight UTC - workflow_dispatch: - inputs: - openstack-constraints: - description: 'Version of OpenStack Constraints to use' - required: true - default: "master" - type: choice - options: - - master - - unmaintained/2024.1 - - stable/2025.1 - project-version: - description: 'Version of OpenStack Glance to build, defaults to openstack-constraints if unspecified' - required: false - type: string - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}/glance-ceph - project_version: ${{ github.event.inputs.project-version }} - # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the - # workflow_dispatch event, so they're being stored in the environment variables. This is a - # workaround until there's a better way to handle this. - openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] - -jobs: - init: - runs-on: ubuntu-latest - outputs: - openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} - steps: - - name: generate-matrix - id: generate-matrix - run: | - if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then - openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" - fi - echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT - build-and-push-image: - needs: - - init - strategy: - matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Dynamically set MY_DATE environment variable - run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - - name: Dynamically set OS_VERSION_PARSE environment variable - run: | - VERSION=$(echo -n "${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }}" | awk -F'/' '{($2=="" ? x=$1 : x=$2); print x}') - echo "OS_VERSION_PARSE=${VERSION}" >> $GITHUB_ENV - NAME=$(echo -n "${{ env.IMAGE_NAME }}" | awk -F'/' '{print $NF}') - echo "CATEGORY_NAME=${VERSION}-${NAME}" >> $GITHUB_ENV - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - context: . - file: ContainerFiles/glance-ceph - push: false - load: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ${{ env.IMAGE_NAME }}:local - labels: ${{ steps.meta.outputs.labels }} - build-args: | - OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} - OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - CACHEBUST=${{ github.sha }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - with: - image-ref: '${{ env.IMAGE_NAME }}:local' - format: 'sarif' - output: 'trivy-results.sarif' - ignore-unfixed: true - severity: 'CRITICAL,HIGH' - - name: Upload Trivy scan results to GitHub Security tab - continue-on-error: true - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - category: "${{ env.CATEGORY_NAME }}" - - name: Run Trivy scanner - uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner - if: ${{ github.event_name == 'pull_request' }} - with: - image-ref: '${{ env.IMAGE_NAME }}:local' - output: trivy.txt - ignore-unfixed: true - severity: 'CRITICAL,HIGH' - - name: Create trivy output file in markdown format - if: ${{ github.event_name == 'pull_request' }} - run: | - if [[ -s trivy.txt ]]; then - echo "### Security Output" > trivy-output.txt - echo '```terraform' >> trivy-output.txt - cat trivy.txt >> trivy-output.txt - echo '```' >> trivy-output.txt - fi - - name: Publish Trivy Output to Summary - if: ${{ github.event_name == 'pull_request' }} - run: | - if [[ -s trivy-output.txt ]]; then - { - cat trivy-output.txt - } >> $GITHUB_STEP_SUMMARY - fi - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - context: . - file: ContainerFiles/glance-ceph - push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.OS_VERSION_PARSE }}-${{ env.MY_DATE }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} - OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-glance.yaml b/.github/workflows/container-build-glance.yaml index d320bc7..fabb9eb 100644 --- a/.github/workflows/container-build-glance.yaml +++ b/.github/workflows/container-build-glance.yaml @@ -41,27 +41,42 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] + ['unmaintained/2024.1','stable/2025.1'] + ceph_client_tags: > + ['squid-3.12-bookworm','squid-3.13-trixie'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + ceph-client-tags: ${{ steps.generate-matrix.outputs.ceph_client_tags }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + ceph_client_tags="['squid-3.12-bookworm']" + else + ceph_client_tags="['squid-3.13-trixie']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "ceph_client_tags=${ceph_client_tags:-${{ env.ceph_client_tags }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + ceph-client-tags: ${{ fromJSON(needs.init.outputs.ceph-client-tags) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + ceph-client-tags: squid-3.13-trixie + - openstack-constraints: stable/2025.1 + ceph-client-tags: squid-3.12-bookworm runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +104,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +123,8 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +182,5 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} diff --git a/.github/workflows/container-build-heat.yaml b/.github/workflows/container-build-heat.yaml index 5b3e609..59b9e52 100644 --- a/.github/workflows/container-build-heat.yaml +++ b/.github/workflows/container-build-heat.yaml @@ -41,27 +41,40 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] - + ['unmaintained/2024.1','stable/2025.1'] + venv_tag: > + ['3.12-bookworm-latest','3.13-trixie-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-horizon.yaml b/.github/workflows/container-build-horizon.yaml index ea16c14..f67af1b 100644 --- a/.github/workflows/container-build-horizon.yaml +++ b/.github/workflows/container-build-horizon.yaml @@ -42,26 +42,40 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +103,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +122,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,4 +182,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} - + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-ironic-api.yaml b/.github/workflows/container-build-ironic-api.yaml index ec8a14d..712716d 100644 --- a/.github/workflows/container-build-ironic-api.yaml +++ b/.github/workflows/container-build-ironic-api.yaml @@ -42,26 +42,40 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +103,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +122,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +182,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.REGISTRY }}/${{ github.repository }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-ironic-conductor.yaml b/.github/workflows/container-build-ironic-conductor.yaml index b723d10..100af23 100644 --- a/.github/workflows/container-build-ironic-conductor.yaml +++ b/.github/workflows/container-build-ironic-conductor.yaml @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.REGISTRY }}/${{ github.repository }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-ironic-inspector.yaml b/.github/workflows/container-build-ironic-inspector.yaml index 4a98557..5146cd4 100644 --- a/.github/workflows/container-build-ironic-inspector.yaml +++ b/.github/workflows/container-build-ironic-inspector.yaml @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-ironic-pxe.yaml b/.github/workflows/container-build-ironic-pxe.yaml index 4bff7ef..3e49451 100644 --- a/.github/workflows/container-build-ironic-pxe.yaml +++ b/.github/workflows/container-build-ironic-pxe.yaml @@ -42,26 +42,40 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +103,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +122,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +182,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-keystone.yaml b/.github/workflows/container-build-keystone.yaml index f08ea85..c5f5335 100644 --- a/.github/workflows/container-build-keystone.yaml +++ b/.github/workflows/container-build-keystone.yaml @@ -48,15 +48,18 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] + ['unmaintained/2024.1', 'stable/2025.1'] rackspace_plugin: > ["main"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} rackspace-plugin-version: ${{ steps.generate-matrix.outputs.rackspace_plugin }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix @@ -64,16 +67,29 @@ jobs: if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" rackspace_plugin="$(echo '${{ github.event.inputs.rackspace-plugin-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT echo "rackspace_plugin=${rackspace_plugin:-${{ env.rackspace_plugin }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} rackspace-plugin-version: ${{ fromJSON(needs.init.outputs.rackspace-plugin-version) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + rackspace-plugin-version: main + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + rackspace-plugin-version: main + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -101,6 +117,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -118,6 +137,9 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} RXT_VERSION=${{ matrix.rackspace-plugin-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -176,3 +198,6 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} RXT_VERSION=${{ matrix.rackspace-plugin-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-kube-ovn.yaml b/.github/workflows/container-build-kube-ovn.yaml index 67b80f7..be33883 100644 --- a/.github/workflows/container-build-kube-ovn.yaml +++ b/.github/workflows/container-build-kube-ovn.yaml @@ -35,6 +35,7 @@ env: # workaround until there's a better way to handle this. kube_ovn: > ["v1.14.15", "v1.13.15"] + jobs: init: runs-on: ubuntu-latest @@ -81,6 +82,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -97,6 +101,7 @@ jobs: KUBE_OVN_VERSION=${{ matrix.kube-ovn-version }} KUBE_OVN_VERSION_ENV=${{ matrix.kube-ovn-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -155,3 +160,4 @@ jobs: KUBE_OVN_VERSION=${{ matrix.kube-ovn-version }} KUBE_OVN_VERSION_ENV=${{ matrix.kube-ovn-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-kubectl.yaml b/.github/workflows/container-build-kubectl.yaml index 720c75d..bb0f7c5 100644 --- a/.github/workflows/container-build-kubectl.yaml +++ b/.github/workflows/container-build-kubectl.yaml @@ -47,6 +47,9 @@ jobs: uses: docker/metadata-action@v5 with: images: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest' + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - name: Build and push Docker image @@ -63,6 +66,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -118,3 +122,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-kubernetes-entrypoint.yaml b/.github/workflows/container-build-kubernetes-entrypoint.yaml index a31dfed..8a94e31 100644 --- a/.github/workflows/container-build-kubernetes-entrypoint.yaml +++ b/.github/workflows/container-build-kubernetes-entrypoint.yaml @@ -48,6 +48,9 @@ jobs: uses: docker/metadata-action@v5 with: images: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest' + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - name: Build and push Docker image @@ -64,6 +67,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -119,3 +123,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-libguestfs.yaml b/.github/workflows/container-build-libguestfs.yaml index 4a61d01..38857f8 100644 --- a/.github/workflows/container-build-libguestfs.yaml +++ b/.github/workflows/container-build-libguestfs.yaml @@ -21,11 +21,11 @@ on: libguestfs-version: description: 'Version of libguestfs to use' required: true - default: "v1.56.1" + default: "v1.56.2" type: choice options: - "master" - - "v1.56.1" + - "v1.56.2" libguestfs-hivex-version: description: 'Version of libguestfs-hivex to use' required: true @@ -42,15 +42,19 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. libguestfs_release: > - ["v1.56.1"] + ['v1.56.2'] libguestfs_hivex_release: > - ["v1.3.24"] + ['v1.3.24'] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] + jobs: init: runs-on: ubuntu-latest outputs: libguestfs-version: ${{ steps.generate-matrix.outputs.libguestfs_release }} - libguestfs_hivex_release: ${{ steps.generate-matrix.outputs.libguestfs_hivex_release }} + libguestfs-hivex-release: ${{ steps.generate-matrix.outputs.libguestfs_hivex_release }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix @@ -58,16 +62,19 @@ jobs: if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then libguestfs_release="$(echo '${{ github.event.inputs.libguestfs-version }}' | jq -R '[select(length>0)]' | jq -c '.')" libguestfs_hivex_release="$(echo '${{ github.event.inputs.libguestfs-hivex-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" fi echo "libguestfs_release=${libguestfs_release:-${{ env.libguestfs_release }}}" >> $GITHUB_OUTPUT echo "libguestfs_hivex_release=${libguestfs_hivex_release:-${{ env.libguestfs_hivex_release }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: libguestfs-version: ${{ fromJSON(needs.init.outputs.libguestfs-version) }} - libguestfs-hivex-version: ${{ fromJSON(needs.init.outputs.libguestfs_hivex_release) }} + libguestfs-hivex-version: ${{ fromJSON(needs.init.outputs.libguestfs-hivex-release) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} runs-on: ubuntu-latest steps: - name: Checkout @@ -95,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -111,6 +121,9 @@ jobs: GUESTFS_VERSION=${{ matrix.libguestfs-version }} GUESTFS_HIVEX_VERSION=${{ matrix.libguestfs-hivex-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -161,10 +174,14 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.libguestfs-version }}-latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.libguestfs-version }}-${{ matrix.venv-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}-${{ matrix.libguestfs-version }}-${{ matrix.venv-tag }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }} labels: ${{ steps.meta.outputs.labels }} build-args: | GUESTFS_VERSION=${{ matrix.libguestfs-version }} GUESTFS_HIVEX_VERSION=${{ matrix.libguestfs-hivex-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-libvirt.yaml b/.github/workflows/container-build-libvirt.yaml index ed79266..780a9b7 100644 --- a/.github/workflows/container-build-libvirt.yaml +++ b/.github/workflows/container-build-libvirt.yaml @@ -17,17 +17,59 @@ on: schedule: - cron: '0 0 * * 0' # Run Weekly at midnight UTC workflow_dispatch: - + inputs: + ovs-tag: + description: 'Version of ovs to merge into image' + required: true + default: "v3.5.2-3.13-trixie-latest" + type: choice + options: + - v3.5.2-3.13-trixie-latest + - v3.5.2-3.12-bookworm-latest + libguestfs-tag: + description: 'Version of libguestfs to merge into image' + required: true + default: "v1.56.2-3.13-trixie-latest" + type: choice + options: + - v1.56.2-3.13-trixie-latest + - v1.56.2-3.12-bookworm-latest env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}/libvirt - CATEGORY_NAME: libvirt - + ovs_tag: > + ['v3.5.2-3.13-trixie-latest','v3.5.2-3.12-bookworm-latest'] + libguestfs_tag: > + ['v1.56.2-3.13-trixie-latest','v1.56.2-3.12-bookworm-latest'] jobs: - build-and-push-image: + init: + runs-on: ubuntu-latest outputs: - MY_DATE: ${{ steps.mydate.outputs.MY_DATE }} - MY_CONTAINER: ${{ steps.mycontainer.outputs.MY_CONTAINER }} + ovs-tag: ${{ steps.generate-matrix.outputs.ovs_tag }} + libguestfs-tag: ${{ steps.generate-matrix.outputs.libguestfs_tag }} + steps: + - name: generate-matrix + id: generate-matrix + run: | + if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then + ovs_tag="$(echo '${{ github.event.inputs.ovs-tag }}' | jq -R '[select(length>0)]' | jq -c '.')" + libguestfs_tag="$(echo '${{ github.event.inputs.libguestfs-tag }}' | jq -R '[select(length>0)]' | jq -c '.')" + fi + echo "ovs_tag=${ovs_tag:-${{ env.ovs_tag }}}" >> $GITHUB_OUTPUT + echo "libguestfs_tag=${libguestfs_tag:-${{ env.libguestfs_tag }}}" >> $GITHUB_OUTPUT + + build-and-push-image: + needs: + - init + strategy: + matrix: + ovs-tag: ${{ fromJSON(needs.init.outputs.ovs-tag) }} + libguestfs-tag: ${{ fromJSON(needs.init.outputs.libguestfs-tag) }} + exclude: + - ovs-tag: v3.5.2-3.13-trixie-latest + libguestfs-tag: v1.56.2-3.12-bookworm-latest + - ovs-tag: v3.5.2-3.12-bookworm-latest + libguestfs-tag: v1.56.2-3.13-trixie-latest runs-on: ubuntu-latest steps: - name: Checkout repository @@ -42,11 +84,20 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Dynamically set MY_DATE, NAME environment variable + run: | + echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + + NAME=$(echo -n "${{ env.IMAGE_NAME }}" | awk -F'/' '{print $NF}') + echo "CATEGORY_NAME=${VERSION}-${NAME}" >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - name: Build and push Docker image @@ -63,6 +114,9 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + OVS_TAG=${{ matrix.ovs-tag }} + LIBGUESTFS_TAG=${{ matrix.libguestfs-tag }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -113,8 +167,12 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.libguestfs-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}-${{ matrix.libguestfs-tag }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }} labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + OVS_TAG=${{ matrix.ovs-tag }} + LIBGUESTFS_TAG=${{ matrix.libguestfs-tag }} diff --git a/.github/workflows/container-build-magnum.yaml b/.github/workflows/container-build-magnum.yaml index 392eb94..7e941da 100644 --- a/.github/workflows/container-build-magnum.yaml +++ b/.github/workflows/container-build-magnum.yaml @@ -52,13 +52,15 @@ env: ["unmaintained/2024.1", "stable/2025.1"] osCapiPluginTag: > ["1.2.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} osCapiPluginTag: ${{ steps.generate-matrix.outputs.osCapiPluginTag }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix @@ -66,9 +68,14 @@ jobs: if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" osCapiPluginTag="$(echo '${{ github.event.inputs.osCapiPluginVersion }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT echo "osCapiPluginTag=${osCapiPluginTag:-${{ env.osCapiPluginTag }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init @@ -76,6 +83,14 @@ jobs: matrix: openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} osCapiPluginTag: ${{ fromJSON(needs.init.outputs.osCapiPluginTag) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + osCapiPluginTag: 1.2.1 + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest + osCapiPluginTag: 1.2.1 runs-on: ubuntu-latest steps: - name: Checkout @@ -103,6 +118,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -120,6 +138,9 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OS_CAPI_PLUGIN_VERSION=${{ matrix.osCapiPluginTag }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -178,3 +199,6 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OS_CAPI_PLUGIN_VERSION=${{ matrix.osCapiPluginTag }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-manila.yaml b/.github/workflows/container-build-manila.yaml index 720444a..a0eb88b 100644 --- a/.github/workflows/container-build-manila.yaml +++ b/.github/workflows/container-build-manila.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a manila image +name: Create and publish a Manila image permissions: actions: read @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -164,3 +183,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-masakari-monitors.yaml b/.github/workflows/container-build-masakari-monitors.yaml index 3155925..4694547 100644 --- a/.github/workflows/container-build-masakari-monitors.yaml +++ b/.github/workflows/container-build-masakari-monitors.yaml @@ -47,26 +47,40 @@ env: # Genestack versions 2024.1 and 2025.1 as of 11/2025. # 2. There is a feature bug for kubernetes check that is in progress to be approved/merged and most likely # be introduced in tag versions beyond stable/2025.2. + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -94,6 +108,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -110,6 +127,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -167,3 +187,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-masakari.yaml b/.github/workflows/container-build-masakari.yaml index 5899d2a..88ecc10 100644 --- a/.github/workflows/container-build-masakari.yaml +++ b/.github/workflows/container-build-masakari.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a masakari image +name: Create and publish a Masakari image permissions: actions: read @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-neutron.yaml b/.github/workflows/container-build-neutron.yaml index 2571e11..76c71ce 100644 --- a/.github/workflows/container-build-neutron.yaml +++ b/.github/workflows/container-build-neutron.yaml @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -98,6 +111,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -115,6 +131,9 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} RXT_VERSION=${{ env.RXT_VERSION }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -173,3 +192,6 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} RXT_VERSION=${{ env.RXT_VERSION }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-nova.yaml b/.github/workflows/container-build-nova.yaml index ecd86b0..7bd4a5b 100644 --- a/.github/workflows/container-build-nova.yaml +++ b/.github/workflows/container-build-nova.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a nova image +name: Create and publish a Nova image permissions: actions: read @@ -49,15 +49,20 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["unmaintained/2024.1", "stable/2025.1"] + ['unmaintained/2024.1','stable/2025.1'] + ceph_client_tags: > + ['squid-3.12-bookworm'] +# ['squid-3.12-bookworm','squid-3.13-trixie'] +# Remove 3.13 python until epoxy compiles libvirt-python novnc_version: > - ["v1.6.0"] + ['v1.6.0'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + ceph-client-tags: ${{ steps.generate-matrix.outputs.ceph_client_tags }} novnc-version: ${{ steps.generate-matrix.outputs.novnc_version }} steps: - name: generate-matrix @@ -66,16 +71,28 @@ jobs: if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" novnc_version="$(echo '${{ github.event.inputs.novnc-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + ceph_client_tags="['squid-3.12-bookworm']" + else + ceph_client_tags="['squid-3.13-trixie']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT echo "novnc_version=${novnc_version:-${{ env.novnc_version }}}" >> $GITHUB_OUTPUT + echo "ceph_client_tags=${ceph_client_tags:-${{ env.ceph_client_tags }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + ceph-client-tags: ${{ fromJSON(needs.init.outputs.ceph-client-tags) }} novnc-version: ${{ fromJSON(needs.init.outputs.novnc-version) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + ceph-client-tags: squid-3.13-trixie + - openstack-constraints: stable/2025.1 + ceph-client-tags: squid-3.12-bookworm runs-on: ubuntu-latest steps: - name: Checkout @@ -103,6 +120,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -120,6 +140,8 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} NOVNC_VERSION=${{ matrix.novnc-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -178,3 +200,5 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} NOVNC_VERSION=${{ matrix.novnc-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + CEPH_CLIENT_TAG=${{ matrix.ceph-client-tags }} diff --git a/.github/workflows/container-build-octavia.yaml b/.github/workflows/container-build-octavia.yaml index 4b02dbf..9a2f878 100644 --- a/.github/workflows/container-build-octavia.yaml +++ b/.github/workflows/container-build-octavia.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a octavia image +name: Create and publish a Octavia image permissions: actions: read @@ -52,13 +52,15 @@ env: ["unmaintained/2024.1", "stable/2025.1"] ovnPluginTag: > ["8.0.0"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} ovnPluginTag: ${{ steps.generate-matrix.outputs.ovnPluginTag }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix @@ -66,16 +68,29 @@ jobs: if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" ovnPluginTag="$(echo '${{ github.event.inputs.ovnPluginTag }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT echo "ovnPluginTag=${ovnPluginTag:-${{ env.ovnPluginTag }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} - ovnPluginTag: ${{ fromJSON(needs.init.outputs.ovnPluginTag)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + ovnPluginTag: ${{ fromJSON(needs.init.outputs.ovnPluginTag) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + ovnPluginTag: 8.0.0 + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest + ovnPluginTag: 8.0.0 runs-on: ubuntu-latest steps: - name: Checkout @@ -103,6 +118,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -120,6 +138,9 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OVN_PLUGIN_VERSION=${{ matrix.ovnPluginTag }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -161,6 +182,9 @@ jobs: cat trivy-output.txt } >> $GITHUB_STEP_SUMMARY fi + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -178,3 +202,6 @@ jobs: OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OVN_PLUGIN_VERSION=${{ matrix.ovnPluginTag }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-openstack-client.yaml b/.github/workflows/container-build-openstack-client.yaml index 245b3a9..80b007a 100644 --- a/.github/workflows/container-build-openstack-client.yaml +++ b/.github/workflows/container-build-openstack-client.yaml @@ -47,6 +47,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - name: Build and push Docker image @@ -63,6 +66,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -118,3 +122,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-openstack-venv.yaml b/.github/workflows/container-build-openstack-venv.yaml index a2090b3b..107c8b6 100644 --- a/.github/workflows/container-build-openstack-venv.yaml +++ b/.github/workflows/container-build-openstack-venv.yaml @@ -17,15 +17,62 @@ on: schedule: - cron: '0 0 * * 0' # Run Weekly at midnight UTC workflow_dispatch: + inputs: + os-release: + description: 'Version of debian image to use' + required: true + default: "trixie" + type: choice + options: + - "trixie" + - "bookworm" + python-version: + description: 'Version of python to use' + required: true + default: "3.13" + type: choice + options: + - "3.13" + - "3.12" env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}/openstack-venv - PYTHON_VERSION: 3.12 CATEGORY_NAME: openstack-venv + os_release: > + ['trixie','bookworm'] + python_version: > + ['3.13','3.12'] jobs: + init: + runs-on: ubuntu-latest + outputs: + os-release: ${{ steps.generate-matrix.outputs.os_release }} + python-version: ${{ steps.generate-matrix.outputs.python_version }} + steps: + - name: generate-matrix + id: generate-matrix + run: | + if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then + os_release="$(echo '${{ github.event.inputs.os-release }}' | jq -R '[select(length>0)]' | jq -c '.')" + python_version="$(echo '${{ github.event.inputs.python-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + fi + echo "os_release=${os_release:-${{ env.os_release }}}" >> $GITHUB_OUTPUT + echo "python_version=${python_version:-${{ env.python_version }}}" >> $GITHUB_OUTPUT build-and-push-image: + needs: + - init + strategy: + matrix: + os-release: ${{ fromJSON(needs.init.outputs.os-release) }} + python-version: ${{ fromJSON(needs.init.outputs.python-version) }} + exclude: + - os-release: trixie + python-version: 3.12 + - os-release: bookworm + python-version: 3.13 + outputs: MY_DATE: ${{ steps.mydate.outputs.MY_DATE }} MY_CONTAINER: ${{ steps.mycontainer.outputs.MY_CONTAINER }} @@ -50,6 +97,9 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -60,16 +110,18 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.IMAGE_NAME }}:local + ${{ env.IMAGE_NAME }}:${{ matrix.python-version }}-${{ matrix.os-release }}-local labels: ${{ steps.meta.outputs.labels }} build-args: | - PYTHON_VERSION=${{ env.PYTHON_VERSION }} + PYTHON_VERSION=${{ matrix.python-version }} + OS_RELEASE=${{ matrix.os-release }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} with: - image-ref: '${{ env.IMAGE_NAME }}:local' + image-ref: '${{ env.IMAGE_NAME }}:${{ matrix.python-version }}-${{ matrix.os-release }}-local' format: 'sarif' output: 'trivy-results.sarif' ignore-unfixed: true @@ -85,7 +137,7 @@ jobs: uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'pull_request' }} with: - image-ref: '${{ env.IMAGE_NAME }}:local' + image-ref: '${{ env.IMAGE_NAME }}:${{ matrix.python-version }}-${{ matrix.os-release }}-local' output: trivy.txt ignore-unfixed: true severity: 'CRITICAL,HIGH' @@ -106,6 +158,9 @@ jobs: cat trivy-output.txt } >> $GITHUB_STEP_SUMMARY fi + - name: Set registry URL + run: | + echo "GHCR_URL=https://${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -115,9 +170,10 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PYTHON_VERSION }}-latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PYTHON_VERSION }}-${{ env.MY_DATE }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.python-version }}-${{ matrix.os-release }}-latest labels: ${{ steps.meta.outputs.labels }} build-args: | - PYTHON_VERSION=${{ env.PYTHON_VERSION }} + PYTHON_VERSION=${{ matrix.python-version }} + OS_RELEASE=${{ matrix.os-release }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-ovs.yaml b/.github/workflows/container-build-ovs.yaml index 152dd14..b28067f 100644 --- a/.github/workflows/container-build-ovs.yaml +++ b/.github/workflows/container-build-ovs.yaml @@ -21,11 +21,11 @@ on: ovs-version: description: 'Version of ovs to use' required: true - default: "main" + default: "v3.5.2" type: choice options: - "main" - - "v3.5.1" + - "v3.5.2" env: REGISTRY: ghcr.io @@ -33,27 +33,34 @@ env: # NOTE(cloudnull): This is used to parse the workflow_dispatch inputs, sadly the inputs are not available in the # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. - ovs_release: > - ["v3.5.1"] + ovs_version: > + ["v3.5.2"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] + jobs: init: runs-on: ubuntu-latest outputs: - ovs-version: ${{ steps.generate-matrix.outputs.ovs_release }} + ovs-version: ${{ steps.generate-matrix.outputs.ovs_version }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then - ovs_release="$(echo '${{ github.event.inputs.ovs-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + ovs_version="$(echo '${{ github.event.inputs.ovs-version }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" fi - echo "ovs_release=${ovs_release:-${{ env.ovs_release }}}" >> $GITHUB_OUTPUT + echo "ovs_version=${ovs_version:-${{ env.ovs_version }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: ovs-version: ${{ fromJSON(needs.init.outputs.ovs-version) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} runs-on: ubuntu-latest steps: - name: Checkout @@ -81,6 +88,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -94,8 +104,11 @@ jobs: ${{ env.IMAGE_NAME }}:local labels: ${{ steps.meta.outputs.labels }} build-args: | - OVS_VERSION=${{ matrix.ovs-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + OVS_VERSION=${{ matrix.ovs-version }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -146,9 +159,13 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ovs-version }}-latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.ovs-version }}-${{ matrix.venv-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}-${{ matrix.ovs-version }}-${{ matrix.venv-tag }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }} labels: ${{ steps.meta.outputs.labels }} build-args: | - OVS_VERSION=${{ matrix.ovs-version }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + OVS_VERSION=${{ matrix.ovs-version }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-placement.yaml b/.github/workflows/container-build-placement.yaml index 981527c..ee52aa1 100644 --- a/.github/workflows/container-build-placement.yaml +++ b/.github/workflows/container-build-placement.yaml @@ -1,5 +1,5 @@ --- -name: Create and publish a placement image +name: Create and publish a Placement image permissions: actions: read @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-shibd.yaml b/.github/workflows/container-build-shibd.yaml index c7534fb..ca0e2c6 100644 --- a/.github/workflows/container-build-shibd.yaml +++ b/.github/workflows/container-build-shibd.yaml @@ -47,6 +47,9 @@ jobs: uses: docker/metadata-action@v5 with: images: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest' + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Dynamically set MY_DATE environment variable run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV - name: Build and push Docker image @@ -63,6 +66,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -118,3 +122,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} diff --git a/.github/workflows/container-build-skyline.yaml b/.github/workflows/container-build-skyline.yaml index 5c1e4fb..aa1ab09 100644 --- a/.github/workflows/container-build-skyline.yaml +++ b/.github/workflows/container-build-skyline.yaml @@ -25,7 +25,8 @@ on: default: "stable/2025.1" type: choice options: - - "stable/2025.1" + - unmaintained/2024.1 + - stable/2025.1 project-version: description: 'Version of OpenStack Skyline to build, defaults to openstack-constraints if unspecified' required: false @@ -39,27 +40,40 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["stable/2025.1"] - + ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -87,6 +101,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -103,6 +120,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -160,3 +180,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-trove.yaml b/.github/workflows/container-build-trove.yaml index fb85e32..737bf70 100644 --- a/.github/workflows/container-build-trove.yaml +++ b/.github/workflows/container-build-trove.yaml @@ -42,26 +42,39 @@ env: # workaround until there's a better way to handle this. openstack_constraints: > ["unmaintained/2024.1", "stable/2025.1"] - + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -89,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -105,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -162,3 +181,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/container-build-zaqar.yaml b/.github/workflows/container-build-zaqar.yaml index 428c315..5122431 100644 --- a/.github/workflows/container-build-zaqar.yaml +++ b/.github/workflows/container-build-zaqar.yaml @@ -26,6 +26,7 @@ on: type: choice options: - master + - unmaintained/2024.1 - stable/2025.1 project-version: description: 'Version of OpenStack Zaqar to build, defaults to openstack-constraints if unspecified' @@ -40,27 +41,40 @@ env: # workflow_dispatch event, so they're being stored in the environment variables. This is a # workaround until there's a better way to handle this. openstack_constraints: > - ["stable/2025.1"] - + ["unmaintained/2024.1", "stable/2025.1"] + venv_tag: > + ['3.13-trixie-latest','3.12-bookworm-latest'] jobs: init: runs-on: ubuntu-latest outputs: openstack-constraints: ${{ steps.generate-matrix.outputs.openstack_constraints }} + venv-tag: ${{ steps.generate-matrix.outputs.venv_tag }} steps: - name: generate-matrix id: generate-matrix run: | if [ "${{ github.event_name == 'workflow_dispatch' }}" = "true" ]; then openstack_constraints="$(echo '${{ github.event.inputs.openstack-constraints }}' | jq -R '[select(length>0)]' | jq -c '.')" + venv_tag="['3.13-trixie-latest']" + if [ "${{ github.event.inputs.openstack-constraints }}" == "unmaintained/2024.1" ]; then + venv_tag="['3.12-bookworm-latest']" + fi fi echo "openstack_constraints=${openstack_constraints:-${{ env.openstack_constraints }}}" >> $GITHUB_OUTPUT + echo "venv_tag=${venv_tag:-${{ env.venv_tag }}}" >> $GITHUB_OUTPUT build-and-push-image: needs: - init strategy: matrix: - openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints)}} + openstack-constraints: ${{ fromJSON(needs.init.outputs.openstack-constraints) }} + venv-tag: ${{ fromJSON(needs.init.outputs.venv-tag) }} + exclude: + - openstack-constraints: unmaintained/2024.1 + venv-tag: 3.13-trixie-latest + - openstack-constraints: stable/2025.1 + venv-tag: 3.12-bookworm-latest runs-on: ubuntu-latest steps: - name: Checkout @@ -88,6 +102,9 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -104,6 +121,9 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 # using latest trivy scanner if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -163,3 +183,6 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} CACHEBUST=${{ github.sha }} + GHCR_URL=${{ env.GHCR_URL }} + VENV_TAG=${{ matrix.venv-tag }} + PYTHON_CONTAINER=${{ case(matrix.venv-tag == '3.13-trixie-latest','python:3.13-slim-trixie','python:3.12-slim-bookworm') }} diff --git a/.github/workflows/openstack-exporter-build.yaml b/.github/workflows/openstack-exporter-build.yaml index 0c74947..af4bc33 100644 --- a/.github/workflows/openstack-exporter-build.yaml +++ b/.github/workflows/openstack-exporter-build.yaml @@ -7,6 +7,9 @@ on: - main pull_request: +env: + REGISTRY: ghcr.io + jobs: build-and-push: runs-on: ubuntu-latest @@ -38,6 +41,10 @@ jobs: type=ref,event=pr type=sha + - name: Set registry URL + run: | + echo "GHCR_URL=${REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} + - name: Build and push Docker image uses: docker/build-push-action@v4 with: @@ -46,4 +53,6 @@ jobs: push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - build-args: EXPORTER_PORT=49152 # Default, overridden by env in deployment + build-args: | + GHCR_URL=${{ env.GHCR_URL }} + EXPORTER_PORT=49152 diff --git a/ContainerFiles/alert-proxy b/ContainerFiles/alert-proxy index 1547044..1b64fb4 100644 --- a/ContainerFiles/alert-proxy +++ b/ContainerFiles/alert-proxy @@ -2,9 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest - -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -26,7 +27,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="alert-proxy" diff --git a/ContainerFiles/apache b/ContainerFiles/apache index ed8fc56..e30c77d 100644 --- a/ContainerFiles/apache +++ b/ContainerFiles/apache @@ -2,13 +2,16 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build + ARG CACHEBUST=0 LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" -LABEL org.opencontainers.image.name="keystone" -LABEL org.opencontainers.image.description="OpenStack Service (Keystone) built for the enterprise." +LABEL org.opencontainers.image.name="apache" +LABEL org.opencontainers.image.description="Apache main container" ARG MOD_WSGI_VERSION=5.0.2 RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ @@ -38,8 +41,8 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key - -FROM python:3.12-slim-bookworm +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="Apache2 with mod_wsgi ${MOD_WSGI_VERSION}" diff --git a/ContainerFiles/barbican b/ContainerFiles/barbican index b9094e2..40ee944 100644 --- a/ContainerFiles/barbican +++ b/ContainerFiles/barbican @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -52,7 +54,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="barbican" diff --git a/ContainerFiles/barbican-exporter b/ContainerFiles/barbican-exporter index 78f72e9..d3e1b2f 100644 --- a/ContainerFiles/barbican-exporter +++ b/ContainerFiles/barbican-exporter @@ -2,9 +2,9 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest - -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build WORKDIR /app COPY scripts/barbican-exporter-app/requirements.txt . @@ -13,7 +13,7 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.pyo' -delete \ && find / -name '__pycache__' -delete -FROM python:3.12-slim-bookworm +FROM python:3.13-slim-trixie LABEL maintainer="Rackspace" LABEL org.opencontainers.image.name="barbican-exporter" LABEL org.opencontainers.image.description="Barbican Exporter for Prometheus" diff --git a/ContainerFiles/blazar b/ContainerFiles/blazar index ab724a8..1d791e5 100644 --- a/ContainerFiles/blazar +++ b/ContainerFiles/blazar @@ -1,82 +1,84 @@ -# syntax = docker/dockerfile:1 -# This Dockerfile uses multi-stage build to customize DEV and PROD images: -# https://docs.docker.com/develop/develop-images/multistage-build/ - -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build -ARG CACHEBUST=0 -ARG OS_VERSION=master -ARG OS_CONSTRAINTS=master -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y \ - bash \ - brotli \ - build-essential \ - curl \ - docutils-common \ - gettext \ - git \ - libffi-dev \ - libjs-sphinxdoc \ - libjs-underscore \ - libldap2-dev \ - libpq-dev \ - libsasl2-dev \ - libssl-dev \ - libsystemd-dev \ - libxml2-dev \ - libvirt-dev \ - libxslt1-dev \ - libxslt1.1 \ - pkg-config \ - python3-dev \ - ssl-cert \ - xmlsec1 -RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ - git+https://opendev.org/openstack/blazar.git@${OS_VERSION}#egg=blazar \ - PyMySQL \ - python-memcached \ - uwsgi - -COPY scripts/blazar-cve-patching.sh /opt/ -RUN bash /opt/blazar-cve-patching.sh - -RUN find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && find / -name '*.whl' -delete \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ - && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA - - -FROM python:3.12-slim-bookworm -LABEL maintainer="Rackspace" -LABEL vendor="Rackspace OpenStack Team" -LABEL org.opencontainers.image.name="blazar" -LABEL org.opencontainers.image.description="OpenStack Service (blazar) built for the enterprise." -COPY --from=dependency_build /var/lib/openstack /var/lib/openstack -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y libxml2 \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get clean -y \ - && rm -rf /var/lib/apt/lists/* \ - && find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && groupadd --system --gid 42424 blazar \ - && useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/blazar blazar \ - && mkdir -p /var/lib/openstack/etc/blazar \ - && ln -s /var/lib/openstack/etc/blazar /etc/blazar \ - && chown blazar:blazar -h /etc/blazar \ - && chown -R blazar:blazar /var/lib/openstack/etc/blazar -# Set the environment variables for the blazar venv -ENV PATH="/var/lib/openstack/bin:$PATH" -# Set the working directory -WORKDIR /var/lib/openstack -# Set the user and group to match the original build -USER 42424:42424 -# Set the entrypoint to the blazar-manage command -ENTRYPOINT ["/var/lib/openstack/bin/blazar-manage"] +# syntax = docker/dockerfile:1 +# This Dockerfile uses multi-stage build to customize DEV and PROD images: +# https://docs.docker.com/develop/develop-images/multistage-build/ + +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 +ARG OS_VERSION=master +ARG OS_CONSTRAINTS=master +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update && apt-get upgrade -y \ + && apt-get install --no-install-recommends -y \ + bash \ + brotli \ + build-essential \ + curl \ + docutils-common \ + gettext \ + git \ + libffi-dev \ + libjs-sphinxdoc \ + libjs-underscore \ + libldap2-dev \ + libpq-dev \ + libsasl2-dev \ + libssl-dev \ + libsystemd-dev \ + libxml2-dev \ + libvirt-dev \ + libxslt1-dev \ + libxslt1.1 \ + pkg-config \ + python3-dev \ + ssl-cert \ + xmlsec1 +RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ + git+https://opendev.org/openstack/blazar.git@${OS_VERSION}#egg=blazar \ + PyMySQL \ + python-memcached \ + uwsgi + +COPY scripts/blazar-cve-patching.sh /opt/ +RUN bash /opt/blazar-cve-patching.sh + +RUN find / -name '*.pyc' -delete \ + && find / -name '*.pyo' -delete \ + && find / -name '__pycache__' -delete \ + && find / -name '*.whl' -delete \ + && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ + && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ + && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA + + +FROM ${PYTHON_CONTAINER} +LABEL maintainer="Rackspace" +LABEL vendor="Rackspace OpenStack Team" +LABEL org.opencontainers.image.name="blazar" +LABEL org.opencontainers.image.description="OpenStack Service (blazar) built for the enterprise." +COPY --from=dependency_build /var/lib/openstack /var/lib/openstack +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update && apt-get upgrade -y \ + && apt-get install --no-install-recommends -y libxml2 \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* \ + && find / -name '*.pyc' -delete \ + && find / -name '*.pyo' -delete \ + && find / -name '__pycache__' -delete \ + && groupadd --system --gid 42424 blazar \ + && useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/blazar blazar \ + && mkdir -p /var/lib/openstack/etc/blazar \ + && ln -s /var/lib/openstack/etc/blazar /etc/blazar \ + && chown blazar:blazar -h /etc/blazar \ + && chown -R blazar:blazar /var/lib/openstack/etc/blazar +# Set the environment variables for the blazar venv +ENV PATH="/var/lib/openstack/bin:$PATH" +# Set the working directory +WORKDIR /var/lib/openstack +# Set the user and group to match the original build +USER 42424:42424 +# Set the entrypoint to the blazar-manage command +ENTRYPOINT ["/var/lib/openstack/bin/blazar-manage"] diff --git a/ContainerFiles/ceph-client b/ContainerFiles/ceph-client new file mode 100644 index 0000000..3d25100 --- /dev/null +++ b/ContainerFiles/ceph-client @@ -0,0 +1,66 @@ +# syntax = docker/dockerfile:1 +# This Dockerfile uses multi-stage build to customize DEV and PROD images: +# https://docs.docker.com/develop/develop-images/multistage-build/ + +ARG PYTHON_VERSION=3.13 +ARG OS_RELEASE=trixie +ARG VENV_TAG=${PYTHON_VERSION}-${OS_RELEASE}-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 +WORKDIR /opt +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt update && apt-get upgrade -y \ + && apt install --no-install-recommends -y \ + ca-certificates \ + lsb-release \ + curl \ + libxml2 \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* + +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} +ARG CEPH_VERSION=squid +ENV CEPH_VERSION=${CEPH_VERSION} +ARG CEPH_REPO=pve +ENV CEPH_REPO=${CEPH_REPO} +ARG OS_RELEASE=trixie +ENV OS_RELEASE=${OS_RELEASE} + +LABEL maintainer="Rackspace" +LABEL vendor="Rackspace OpenStack Team" +LABEL org.opencontainers.image.name="ceph-client" +LABEL org.opencontainers.image.description="Ceph client packages built for the enterprise." + +COPY --from=dependency_build /usr/local /usr/local +COPY --from=dependency_build /var/lib/openstack /var/lib/openstack + + +COPY scripts/ceph-repo.sh /opt/ +RUN bash /opt/ceph-repo.sh + +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get update && apt-get upgrade -y \ + && apt-get update && apt-get install --no-install-recommends -y \ + ceph-common \ + python3-ceph \ + python3-ceph-common \ + python3-cephfs \ + python3-rados \ + python3-rbd \ + && cd `/var/lib/openstack/bin/python -c 'import site;print(site.getsitepackages()[0])'` && ln -sf `/usr/bin/python3 -c 'import rados; print(rados.__file__)'` \ + && cd `/var/lib/openstack/bin/python -c 'import site;print(site.getsitepackages()[0])'` && ln -sf `/usr/bin/python3 -c 'import rbd; print(rbd.__file__)'` \ + && cd `/var/lib/openstack/bin/python -c 'import site;print(site.getsitepackages()[0])'` && ln -sf `/usr/bin/python3 -c 'import cephfs; print(cephfs.__file__)'` \ + && cd `/var/lib/openstack/bin/python -c 'import site;print(site.getsitepackages()[0])'` && ln -sf `/usr/bin/python3 -c 'import ceph_argparse; print(ceph_argparse.__file__)'` \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* /opt/ceph-repo.sh \ + && find / -name '*.pyc' -delete \ + && find / -name '*.pyo' -delete \ + && find / -name '__pycache__' -delete + +ENV PATH="/usr/local/bin:/usr/local/sbin:/var/lib/openstack/bin:$PATH" +WORKDIR /var/lib/openstack diff --git a/ContainerFiles/cinder b/ContainerFiles/cinder index b223beb..920582c 100644 --- a/ContainerFiles/cinder +++ b/ContainerFiles/cinder @@ -2,11 +2,18 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CEPH_CLIENT_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/ceph-client:${CEPH_CLIENT_TAG} ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master + +LABEL maintainer="Rackspace" +LABEL vendor="Rackspace OpenStack Team" +LABEL org.opencontainers.image.name="cinder" +LABEL org.opencontainers.image.description="OpenStack Service (cinder) built for the enterprise." + RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ @@ -33,7 +40,17 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libxslt1-dev \ pkg-config \ ssl-cert \ - xmlsec1 + xmlsec1 \ + libxml2 \ + multipath-tools \ + open-iscsi \ + qemu-block-extra \ + qemu-utils \ + lsscsi \ + nvme-cli \ + sudo \ + nfs-common + RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ git+https://opendev.org/openstack/cinder.git@${OS_VERSION}#egg=cinder \ cryptography \ @@ -54,24 +71,10 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.whl' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ - && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA - - -FROM python:3.12-slim-bookworm -LABEL maintainer="Rackspace" -LABEL vendor="Rackspace OpenStack Team" -LABEL org.opencontainers.image.name="cinder" -LABEL org.opencontainers.image.description="OpenStack Service (cinder) built for the enterprise." -COPY --from=dependency_build /var/lib/openstack /var/lib/openstack -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y libxml2 multipath-tools open-iscsi qemu-block-extra qemu-utils systemctl lsscsi nvme-cli sudo nfs-common \ + && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ - && find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ && groupadd --system --gid 42424 cinder \ && useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/cinder cinder \ && mkdir -p /var/lib/openstack/etc/cinder \ @@ -80,6 +83,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && chown cinder:cinder -h /etc/cinder \ && chown -R cinder:cinder /var/lib/openstack/etc/cinder \ /var/lib/cinder/mnt + # Set the environment variables for the cinder venv ENV PATH="/var/lib/openstack/bin:$PATH" # Set the working directory diff --git a/ContainerFiles/cloudkitty b/ContainerFiles/cloudkitty index 12c5dcc..a1fa0a6 100644 --- a/ContainerFiles/cloudkitty +++ b/ContainerFiles/cloudkitty @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="cloudkitty" diff --git a/ContainerFiles/designate b/ContainerFiles/designate index a4929f6..a7a2433 100644 --- a/ContainerFiles/designate +++ b/ContainerFiles/designate @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="designate" diff --git a/ContainerFiles/freezer b/ContainerFiles/freezer index 7e532bd..acbb40c 100644 --- a/ContainerFiles/freezer +++ b/ContainerFiles/freezer @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -52,7 +54,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="freezer" diff --git a/ContainerFiles/glance b/ContainerFiles/glance index 756ef92..f77cada 100644 --- a/ContainerFiles/glance +++ b/ContainerFiles/glance @@ -2,11 +2,18 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CEPH_CLIENT_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/ceph-client:${CEPH_CLIENT_TAG} ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master + +LABEL maintainer="Rackspace" +LABEL vendor="Rackspace OpenStack Team" +LABEL org.opencontainers.image.name="glance" +LABEL org.opencontainers.image.description="OpenStack Service (glance) built for the enterprise." + RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ @@ -30,7 +37,9 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libxslt1.1 \ pkg-config \ ssl-cert \ - xmlsec1 + xmlsec1 \ + libxml2 + RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ git+https://opendev.org/openstack/glance.git@${OS_VERSION}#egg=glance \ PyMySQL \ @@ -52,18 +61,7 @@ RUN find / -name '*.pyc' -delete \ && find / -name '*.whl' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ - && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA - - -FROM python:3.12-slim-bookworm -LABEL maintainer="Rackspace" -LABEL vendor="Rackspace OpenStack Team" -LABEL org.opencontainers.image.name="glance" -LABEL org.opencontainers.image.description="OpenStack Service (glance) built for the enterprise." -COPY --from=dependency_build /var/lib/openstack /var/lib/openstack -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y libxml2 \ + && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ @@ -76,6 +74,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && ln -s /var/lib/openstack/etc/glance /etc/glance \ && chown glance:glance -h /etc/glance \ && chown -R glance:glance /var/lib/openstack/etc/glance + # Set the environment variables for the glance venv ENV PATH="/var/lib/openstack/bin:$PATH" # Set the working directory diff --git a/ContainerFiles/glance-ceph b/ContainerFiles/glance-ceph deleted file mode 100644 index 2d08139..0000000 --- a/ContainerFiles/glance-ceph +++ /dev/null @@ -1,88 +0,0 @@ -# syntax = docker/dockerfile:1 -# This Dockerfile uses multi-stage build to customize DEV and PROD images: -# https://docs.docker.com/develop/develop-images/multistage-build/ - -ARG CEPH_TAG=v19.2.2-latest -FROM ghcr.io/rackerlabs/genestack-images/ceph-libs:${CEPH_TAG} AS dependency_build -ARG CACHEBUST=0 -ARG OS_VERSION=master -ARG OS_CONSTRAINTS=master -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y \ - bash \ - brotli \ - build-essential \ - curl \ - docutils-common \ - gettext \ - git \ - libffi-dev \ - libjs-sphinxdoc \ - libjs-underscore \ - libldap2-dev \ - libpq-dev \ - libsasl2-dev \ - libssl-dev \ - libsystemd-dev \ - libxml2-dev \ - libxslt1-dev \ - libxslt1.1 \ - pkg-config \ - ssl-cert \ - xmlsec1 -RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \ - git+https://opendev.org/openstack/glance.git@${OS_VERSION}#egg=glance \ - PyMySQL \ - boto3 \ - Cython \ - os-brick \ - python-cinderclient \ - python-memcached \ - python-swiftclient \ - uwsgi \ - warlock - -COPY scripts/glance-cve-patching.sh /opt/ -RUN bash /opt/glance-cve-patching.sh - -RUN find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && find / -name '*.whl' -delete \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ - && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ - && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA - - -FROM python:3.12-slim-bookworm -LABEL maintainer="Rackspace" -LABEL vendor="Rackspace OpenStack Team" -LABEL org.opencontainers.image.name="glance" -LABEL org.opencontainers.image.description="OpenStack Service (glance) w/ Ceph support built for the enterprise." -COPY --from=dependency_build /usr/local/lib /usr/local/lib -COPY --from=dependency_build /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu -COPY --from=dependency_build /var/lib/openstack /var/lib/openstack -RUN export DEBIAN_FRONTEND=noninteractive \ - && apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y libxml2 \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && apt-get clean -y \ - && rm -rf /var/lib/apt/lists/* \ - && find / -name '*.pyc' -delete \ - && find / -name '*.pyo' -delete \ - && find / -name '__pycache__' -delete \ - && groupadd --system --gid 42424 glance \ - && useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/glance glance \ - && mkdir -p /var/lib/openstack/etc/glance \ - && ln -s /var/lib/openstack/etc/glance /etc/glance \ - && chown glance:glance -h /etc/glance \ - && chown -R glance:glance /var/lib/openstack/etc/glance -# Set the environment variables for the glance venv -ENV PATH="/var/lib/openstack/bin:$PATH" -# Set the working directory -WORKDIR /var/lib/openstack -# Set the user and group to match the original build -USER 42424:42424 -# Set the entrypoint to the glance-manage command -ENTRYPOINT ["/var/lib/openstack/bin/glance-manage"] diff --git a/ContainerFiles/heat b/ContainerFiles/heat index 5e28cf8..5ef94f4 100644 --- a/ContainerFiles/heat +++ b/ContainerFiles/heat @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,8 +51,7 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA - -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="heat" @@ -61,7 +62,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get install --no-install-recommends -y curl \ libxml2 \ libxslt1.1 \ - libopenmpi3 \ + $([ `egrep '^13.' /etc/debian_version |wc -l` -gt 0 ] && echo libopenmpi40 || echo libopenmpi3 ) \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* \ diff --git a/ContainerFiles/horizon b/ContainerFiles/horizon index a9463c2..3d13761 100644 --- a/ContainerFiles/horizon +++ b/ContainerFiles/horizon @@ -2,8 +2,9 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -62,7 +63,9 @@ RUN find / -name '*.pyc' -delete \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \ && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key -FROM ghcr.io/rackerlabs/genestack-images/apache:latest +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/apache:${VENV_TAG} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="horizon" diff --git a/ContainerFiles/ironic-api b/ContainerFiles/ironic-api index 383c8d5..803db5c 100644 --- a/ContainerFiles/ironic-api +++ b/ContainerFiles/ironic-api @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-api" diff --git a/ContainerFiles/ironic-conductor b/ContainerFiles/ironic-conductor index bf534d2..09e7545 100644 --- a/ContainerFiles/ironic-conductor +++ b/ContainerFiles/ironic-conductor @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -51,7 +53,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-conductor" diff --git a/ContainerFiles/ironic-inspector b/ContainerFiles/ironic-inspector index a87903b..8a062c8 100644 --- a/ContainerFiles/ironic-inspector +++ b/ContainerFiles/ironic-inspector @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-inspector" diff --git a/ContainerFiles/ironic-pxe b/ContainerFiles/ironic-pxe index 5b5d781..145a810 100644 --- a/ContainerFiles/ironic-pxe +++ b/ContainerFiles/ironic-pxe @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -49,7 +51,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="ironic-pxe" diff --git a/ContainerFiles/keystone b/ContainerFiles/keystone index d86b1ce..526885c 100644 --- a/ContainerFiles/keystone +++ b/ContainerFiles/keystone @@ -2,13 +2,13 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master ARG RXT_VERSION=main -ARG MOD_WSGI_VERSION=5.0.2 RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ @@ -54,7 +54,9 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM ghcr.io/rackerlabs/genestack-images/apache:latest +ARG VENV_TAG=3.13-trixie-latest +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/apache:${VENV_TAG} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="keystone" diff --git a/ContainerFiles/kube-ovn b/ContainerFiles/kube-ovn index 924d158..307be55 100644 --- a/ContainerFiles/kube-ovn +++ b/ContainerFiles/kube-ovn @@ -3,7 +3,7 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ ARG KUBE_OVN_VERSION=v1.14.10 -FROM golang:1.25-bookworm AS dependency_build +FROM golang:1.25-trixie AS dependency_build ARG KUBE_OVN_VERSION_ENV=v1.14.10 ARG CACHEBUST=0 RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/kubectl b/ContainerFiles/kubectl index 97681c4..0deb985 100644 --- a/ContainerFiles/kubectl +++ b/ContainerFiles/kubectl @@ -1,5 +1,5 @@ # Simple, reliable kubectl container for Velero operations -FROM debian:bookworm-slim +FROM debian:trixie-slim # Set kubectl version ARG KUBECTL_VERSION=v1.34.1 ARG TARGETARCH=amd64 diff --git a/ContainerFiles/kubernetes-entrypoint b/ContainerFiles/kubernetes-entrypoint index dc9780e..e786491 100644 --- a/ContainerFiles/kubernetes-entrypoint +++ b/ContainerFiles/kubernetes-entrypoint @@ -2,7 +2,7 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -FROM golang:1.25-bookworm AS dependency_build +FROM golang:1.25-trixie AS dependency_build RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update && apt-get upgrade -y \ && apt-get install --no-install-recommends -y \ diff --git a/ContainerFiles/libguestfs b/ContainerFiles/libguestfs index 63a0f24..dcc0b34 100644 --- a/ContainerFiles/libguestfs +++ b/ContainerFiles/libguestfs @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG GUESTFS_VERSION=master ARG GUESTFS_HIVEX_VERSION=master RUN export DEBIAN_FRONTEND=noninteractive \ @@ -52,6 +54,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libxslt1.1 \ libyara-dev \ libyara-dev \ + libtirpc-dev \ opam \ pkg-config \ qemu-block-extra \ @@ -96,8 +99,8 @@ RUN ./configure --disable-erlang \ RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC RUN make INSTALLDIRS=vendor REALLY_INSTALL=yes install - -FROM python:3.12-slim-bookworm +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="libguestfs" diff --git a/ContainerFiles/libvirt b/ContainerFiles/libvirt index e72ed2c..0de6da3 100644 --- a/ContainerFiles/libvirt +++ b/ContainerFiles/libvirt @@ -3,12 +3,15 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ # Stage 1: libguestfs_base -ARG BUILT_TAG=v3.5.1-latest -ARG BUILT_TAG_2=v1.56.1-latest -FROM ghcr.io/rackerlabs/genestack-images/ovs:${BUILT_TAG} AS dependency_build +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +ARG OVS_TAG=v3.5.1-3.13-trixie-latest +ARG LIBGUESTFS_TAG=v1.56.2-3.13-trixie-latest +FROM ${GHCR_URL}/ovs:${OVS_TAG} AS dependency_build # Final Stage: dependency_build -FROM ghcr.io/rackerlabs/genestack-images/libguestfs:${BUILT_TAG_2} +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +ARG LIBGUESTFS_TAG=v1.56.2-3.13-trixie-latest +FROM ${GHCR_URL}/libguestfs:${LIBGUESTFS_TAG} ARG CACHEBUST=0 LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" @@ -45,7 +48,7 @@ RUN mkdir -p /etc/udev/rules.d \ ovmf \ pm-utils \ qemu-block-extra \ - qemu-efi \ + $([ `egrep '^12.' /etc/debian_version |wc -l` -gt 0 ] && echo qemu-efi ) \ qemu-efi-arm \ qemu-system \ qemu-utils \ diff --git a/ContainerFiles/magnum b/ContainerFiles/magnum index 2475a41..8ecb613 100644 --- a/ContainerFiles/magnum +++ b/ContainerFiles/magnum @@ -2,8 +2,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master @@ -51,7 +53,7 @@ RUN find / -name '*.pyc' -delete \ && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA -FROM python:3.12-slim-bookworm +FROM ${PYTHON_CONTAINER} LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="magnum" diff --git a/ContainerFiles/manila b/ContainerFiles/manila index eaaf89d..51a563f 100644 --- a/ContainerFiles/manila +++ b/ContainerFiles/manila @@ -3,8 +3,10 @@ # This Dockerfile uses multi-stage build to customize DEV and PROD images: # https://docs.docker.com/develop/develop-images/multistage-build/ -ARG VENV_TAG=3.12-latest -FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG VENV_TAG=3.13-trixie-latest +ARG PYTHON_CONTAINER=python:3.13-slim-trixie +ARG GHCR_URL=ghcr.io/rackerlabs/genestack-images +FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build ARG CACHEBUST=0 ARG OS_VERSION=master @@ -116,8 +118,7 @@ RUN < C[Apply CVE patches] C --> D[Configure Apache] D --> E[Container ready] - E --> Keystone + E --> apache ``` ??? example "ContainerFile used for the build" @@ -23,7 +23,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | MOD_WSGI_VERSION | 5.0.2 | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg MOD_WSGI_VERSION=5.0.2 \ -f ContainerFiles/apache \ diff --git a/docs/containers/barbican.md b/docs/containers/barbican.md index 041303f..7270222 100644 --- a/docs/containers/barbican.md +++ b/docs/containers/barbican.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/blazar.md b/docs/containers/blazar.md index f2067a6..0d32b19 100644 --- a/docs/containers/blazar.md +++ b/docs/containers/blazar.md @@ -1,49 +1,51 @@ -# Blazar - -The `blazar` image is built from [ContainerFiles/blazar](https://github.com/rackerlabs/genestack-images/blob/main/ContainerFiles/blazar). Security patches are applied by [scripts/blazar-cve-patching.sh](https://github.com/rackerlabs/genestack-images/blob/main/scripts/blazar-cve-patching.sh). - -This container packages the Blazar service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration. - -``` mermaid -graph LR - A[Base image] --> B[Install packages] - B --> C[Apply CVE patches] - C --> D[Configure Blazar] - D --> E[Container ready] -``` - -??? example "ContainerFile used for the build" - - ``` docker - --8<-- "ContainerFiles/blazar" - ``` - -## Build Arguments - -| Argument | Default | -| --- | --- | -| VENV_TAG | 3.12-latest | -| CACHEBUST | 0 | -| OS_VERSION | master | -| OS_CONSTRAINTS | master | - -??? example "Build Command" - - ``` bash - docker build \ - --build-arg VENV_TAG=3.12-latest \ - --build-arg CACHEBUST=0 \ - --build-arg OS_VERSION=master \ - --build-arg OS_CONSTRAINTS=master \ - -f ContainerFiles/blazar \ - -t blazar:local \ - . - ``` - -## Dependencies - -- Builds From [OpenStack Virtual Environment](openstack-venv.md) - -## Container Image - -The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Fblazar). +# Blazar + +The `blazar` image is built from [ContainerFiles/blazar](https://github.com/rackerlabs/genestack-images/blob/main/ContainerFiles/blazar). Security patches are applied by [scripts/blazar-cve-patching.sh](https://github.com/rackerlabs/genestack-images/blob/main/scripts/blazar-cve-patching.sh). + +This container packages the Blazar service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration. + +``` mermaid +graph LR + A[Base image] --> B[Install packages] + B --> C[Apply CVE patches] + C --> D[Configure Blazar] + D --> E[Container ready] +``` + +??? example "ContainerFile used for the build" + + ``` docker + --8<-- "ContainerFiles/blazar" + ``` + +## Build Arguments + +| Argument | Default | +| --- | --- | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | +| CACHEBUST | 0 | +| OS_VERSION | master | +| OS_CONSTRAINTS | master | + +??? example "Build Command" + + ``` bash + docker build \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ + --build-arg CACHEBUST=0 \ + --build-arg OS_VERSION=master \ + --build-arg OS_CONSTRAINTS=master \ + -f ContainerFiles/blazar \ + -t blazar:local \ + . + ``` + +## Dependencies + +- Builds From [OpenStack Virtual Environment](openstack-venv.md) + +## Container Image + +The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Fblazar). diff --git a/docs/containers/ceph-client.md b/docs/containers/ceph-client.md new file mode 100644 index 0000000..b4d1cfe --- /dev/null +++ b/docs/containers/ceph-client.md @@ -0,0 +1,50 @@ +# Ceph Libs + +The `ceph-client` image is built from [ContainerFiles/ceph-client](https://github.com/rackerlabs/genestack-images/blob/main/ContainerFiles/ceph-client). This image has no dedicated CVE script; security updates are included during the build. + +This container packages the Ceph client for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration. + +``` mermaid +graph LR + A[Base image] --> B[Install packages] + B --> C[Apply CVE patches] + C --> D[Configure Ceph Libs] + D --> E[Container ready] + Openstack_Venv --> A +``` + +??? example "ContainerFile used for the build" + + ``` docker + --8<-- "ContainerFiles/ceph-client" + ``` + +## Build Arguments + +| Argument | Default | +| --- | --- | +| VENV_TAG | 3.13-trixie-latest | +| CACHEBUST | 0 | +| CEPH_REPO | pve | +| CEPH_VERSION | squid | +| OS_RELEASE | trixie | + +??? example "Build Command" + + ``` bash + docker build \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg CACHEBUST=0 \ + --build-arg CEPH_VERSION=19.2.3-pve2 \ + -f ContainerFiles/ceph-client \ + -t ceph-client:local \ + . + ``` + +## Dependencies + +- Builds From [OpenStack Virtual Environment](openstack-venv.md) + +## Container Image + +The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Fceph-client). diff --git a/docs/containers/ceph-libs.md b/docs/containers/ceph-libs.md deleted file mode 100644 index 6c4f6c3..0000000 --- a/docs/containers/ceph-libs.md +++ /dev/null @@ -1,48 +0,0 @@ -# Ceph Libs - -The `ceph-libs` image is built from [ContainerFiles/ceph-libs](https://github.com/rackerlabs/genestack-images/blob/main/ContainerFiles/ceph-libs). This image has no dedicated CVE script; security updates are included during the build. - -This container packages the Ceph Libs service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration. - -``` mermaid -graph LR - A[Base image] --> B[Install packages] - B --> C[Apply CVE patches] - C --> D[Configure Ceph Libs] - D --> E[Container ready] - Openstack_Venv --> A -``` - -??? example "ContainerFile used for the build" - - ``` docker - --8<-- "ContainerFiles/ceph-libs" - ``` - -## Build Arguments - -| Argument | Default | -| --- | --- | -| VENV_TAG | 3.12-latest | -| CACHEBUST | 0 | -| CEPH_VERSION | main | - -??? example "Build Command" - - ``` bash - docker build \ - --build-arg VENV_TAG=3.12-latest \ - --build-arg CACHEBUST=0 \ - --build-arg CEPH_VERSION=main \ - -f ContainerFiles/ceph-libs \ - -t ceph-libs:local \ - . - ``` - -## Dependencies - -- Builds From [OpenStack Virtual Environment](openstack-venv.md) - -## Container Image - -The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Fceph-libs). diff --git a/docs/containers/cinder.md b/docs/containers/cinder.md index 23cd707..645c29f 100644 --- a/docs/containers/cinder.md +++ b/docs/containers/cinder.md @@ -23,19 +23,21 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | +| CEPH_CLIENT_TAG | squid-3.13-trixie | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ + --build-arg CEPH_CLIENT_TAG=squid-3.13-trixie \ -f ContainerFiles/cinder \ -t cinder:local \ . diff --git a/docs/containers/cloudkitty.md b/docs/containers/cloudkitty.md index 14ba31f..74a6a37 100644 --- a/docs/containers/cloudkitty.md +++ b/docs/containers/cloudkitty.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/designate.md b/docs/containers/designate.md index 205e833..f7ea6f1 100644 --- a/docs/containers/designate.md +++ b/docs/containers/designate.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/freezer.md b/docs/containers/freezer.md index 5ed33af..7d504e5 100644 --- a/docs/containers/freezer.md +++ b/docs/containers/freezer.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ @@ -46,4 +48,4 @@ graph LR ## Container Image -The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Ffreezer). \ No newline at end of file +The container image is available on [Github Container Registry](https://github.com/rackerlabs/genestack-images/pkgs/container/genestack-images%2Ffreezer). diff --git a/docs/containers/glance.md b/docs/containers/glance.md index 9c614cb..a7059fd 100644 --- a/docs/containers/glance.md +++ b/docs/containers/glance.md @@ -22,19 +22,21 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | +| CEPH_CLIENT_TAG | squid-3.13-trixie | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ + --build-arg CEPH_CLIENT_TAG=squid-3.13-trixie \ -f ContainerFiles/glance \ -t glance:local \ . diff --git a/docs/containers/heat.md b/docs/containers/heat.md index a865eb0..75907b1 100644 --- a/docs/containers/heat.md +++ b/docs/containers/heat.md @@ -21,7 +21,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -30,7 +31,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/horizon.md b/docs/containers/horizon.md index 88c6e9b..07ae2d3 100644 --- a/docs/containers/horizon.md +++ b/docs/containers/horizon.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +32,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-api.md b/docs/containers/ironic-api.md index 74dd021..ccc8ec3 100644 --- a/docs/containers/ironic-api.md +++ b/docs/containers/ironic-api.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-conductor.md b/docs/containers/ironic-conductor.md index eedd720..b792f84 100644 --- a/docs/containers/ironic-conductor.md +++ b/docs/containers/ironic-conductor.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-inspector.md b/docs/containers/ironic-inspector.md index 4109e5e..70250bf 100644 --- a/docs/containers/ironic-inspector.md +++ b/docs/containers/ironic-inspector.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/ironic-pxe.md b/docs/containers/ironic-pxe.md index 6398527..7939c5e 100644 --- a/docs/containers/ironic-pxe.md +++ b/docs/containers/ironic-pxe.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/keystone.md b/docs/containers/keystone.md index ecbf3bc..9fb1656 100644 --- a/docs/containers/keystone.md +++ b/docs/containers/keystone.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -34,7 +34,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/libguestfs.md b/docs/containers/libguestfs.md index a498102..56b3d0b 100644 --- a/docs/containers/libguestfs.md +++ b/docs/containers/libguestfs.md @@ -23,7 +23,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | GUESTFS_VERSION | master | | GUESTFS_HIVEX_VERSION | master | @@ -31,7 +31,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg GUESTFS_VERSION=master \ --build-arg GUESTFS_HIVEX_VERSION=master \ -f ContainerFiles/libguestfs \ diff --git a/docs/containers/libvirt.md b/docs/containers/libvirt.md index cbbdb09..b49f56e 100644 --- a/docs/containers/libvirt.md +++ b/docs/containers/libvirt.md @@ -23,14 +23,16 @@ graph LR | Argument | Default | | --- | --- | -| BUILT_TAG | v3.5.1-latest | +| OVS_TAG | v3.5.2-3.13-trixie-latest | +| LIBGUESTFS_TAG | v1.56.2-3.13-trixie-latest | | CACHEBUST | 0 | ??? example "Build Command" ``` bash docker build - --build-arg BUILT_TAG=v3.5.1-latest \ + --build-arg OVS_TAG=v3.5.2-3.13-trixie-latest \ + --build-arg LIBGUESTFS_TAG=v1.56.2-3.13-trixie-latest \ --build-arg CACHEBUST=0 \ -f ContainerFiles/libvirt \ -t libvirt:local \ diff --git a/docs/containers/magnum.md b/docs/containers/magnum.md index 43b4c4d..c52ee61 100644 --- a/docs/containers/magnum.md +++ b/docs/containers/magnum.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +33,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/manila.md b/docs/containers/manila.md index d3a67c9..f4cbad8 100644 --- a/docs/containers/manila.md +++ b/docs/containers/manila.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/masakari-monitors.md b/docs/containers/masakari-monitors.md index b7254dc..f3731e9 100644 --- a/docs/containers/masakari-monitors.md +++ b/docs/containers/masakari-monitors.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/masakari.md b/docs/containers/masakari.md index 83d7611..db4f798 100644 --- a/docs/containers/masakari.md +++ b/docs/containers/masakari.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/nova.md b/docs/containers/nova.md index 7a0ba37..846d2b1 100644 --- a/docs/containers/nova.md +++ b/docs/containers/nova.md @@ -23,19 +23,21 @@ graph LR | Argument | Default | | --- | --- | -| BUILT_TAG | v1.56.1-latest | +| BUILT_TAG | v1.56.2-latest | | OS_VERSION | master | | OS_CONSTRAINTS | master | | NOVNC_VERSION | master | +| CEPH_CLIENT_TAG | squid-3.13-trixie | ??? example "Build Command" ``` bash docker build \ - --build-arg BUILT_TAG=v1.56.1-latest \ + --build-arg BUILT_TAG=v1.56.2-latest \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ --build-arg NOVNC_VERSION=master \ + --build-arg CEPH_CLIENT_TAG=squid-3.13-trixie \ -f ContainerFiles/nova \ -t nova:local \ . diff --git a/docs/containers/octavia.md b/docs/containers/octavia.md index 7e8b5e8..f212b6d 100644 --- a/docs/containers/octavia.md +++ b/docs/containers/octavia.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +33,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/openstack-client.md b/docs/containers/openstack-client.md index e4d3203..950e6fa 100644 --- a/docs/containers/openstack-client.md +++ b/docs/containers/openstack-client.md @@ -22,7 +22,7 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | | CACHEBUST | 0 | | OS_CONSTRAINTS | master | @@ -30,7 +30,7 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ --build-arg CACHEBUST=0 \ -f ContainerFiles/openstack-client \ -t openstack-client:local \ diff --git a/docs/containers/openstack-venv.md b/docs/containers/openstack-venv.md index 9b7e43f..5795043 100644 --- a/docs/containers/openstack-venv.md +++ b/docs/containers/openstack-venv.md @@ -10,7 +10,7 @@ graph LR B --> C[Apply CVE patches] C --> D[Configure Openstack Venv] D --> E[Container ready] - E --> Ceph_Libs + E --> Ceph_Client ``` ??? example "ContainerFile used for the build" @@ -23,16 +23,16 @@ graph LR | Argument | Default | | --- | --- | -| PYTHON_VERSION | 3.12 | -| OS_RELEASE | bookworm | +| PYTHON_VERSION | 3.13 | +| OS_RELEASE | trixie | | CACHEBUST | 0 | ??? example "Build Command" ``` bash docker build \ - --build-arg PYTHON_VERSION=3.12 \ - --build-arg OS_RELEASE=bookworm \ + --build-arg PYTHON_VERSION=3.13 \ + --build-arg OS_RELEASE=trixie \ --build-arg CACHEBUST=0 \ -f ContainerFiles/openstack-venv \ -t openstack-venv:local \ diff --git a/docs/containers/ovs.md b/docs/containers/ovs.md index 0b57534..827da8d 100644 --- a/docs/containers/ovs.md +++ b/docs/containers/ovs.md @@ -23,14 +23,16 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | OVS_VERSION | main | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg OVS_VERSION=main \ -f ContainerFiles/ovs \ -t ovs:local \ diff --git a/docs/containers/placement.md b/docs/containers/placement.md index ab80fd2..fbf3354 100644 --- a/docs/containers/placement.md +++ b/docs/containers/placement.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/skyline.md b/docs/containers/skyline.md index adf54de..2d2da84 100644 --- a/docs/containers/skyline.md +++ b/docs/containers/skyline.md @@ -22,16 +22,20 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | +| OS_VERSION | master | | OS_CONSTRAINTS | master | ??? example "Build Command" ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ + --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ -f ContainerFiles/skyline \ -t skyline:local \ diff --git a/docs/containers/trove.md b/docs/containers/trove.md index 3b02a27..42b3f34 100644 --- a/docs/containers/trove.md +++ b/docs/containers/trove.md @@ -23,7 +23,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -32,7 +33,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/docs/containers/zaqar.md b/docs/containers/zaqar.md index d7b4901..91f3929 100644 --- a/docs/containers/zaqar.md +++ b/docs/containers/zaqar.md @@ -22,7 +22,8 @@ graph LR | Argument | Default | | --- | --- | -| VENV_TAG | 3.12-latest | +| VENV_TAG | 3.13-trixie-latest | +| PYTHON_CONTAINER | python:3.13-slim-trixie | | CACHEBUST | 0 | | OS_VERSION | master | | OS_CONSTRAINTS | master | @@ -31,7 +32,8 @@ graph LR ``` bash docker build \ - --build-arg VENV_TAG=3.12-latest \ + --build-arg VENV_TAG=3.13-trixie-latest \ + --build-arg PYTHON_CONTAINER=python:3.13-slim-trixie \ --build-arg CACHEBUST=0 \ --build-arg OS_VERSION=master \ --build-arg OS_CONSTRAINTS=master \ diff --git a/mkdocs.yml b/mkdocs.yml index a8675e7..a9d06c5 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -135,7 +135,7 @@ nav: - Apache: containers/apache.md - Barbican: containers/barbican.md - Blazar: containers/blazar.md - - Ceph Libs: containers/ceph-libs.md + - Ceph Client: containers/ceph-client.md - Designate: containers/designate.md - Cinder: containers/cinder.md - Cloudkitty: containers/cloudkitty.md diff --git a/scripts/ceph-repo.sh b/scripts/ceph-repo.sh new file mode 100644 index 0000000..df2a384 --- /dev/null +++ b/scripts/ceph-repo.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +case $CEPH_REPO in + pve) + export CEPH_KEY=https://enterprise.proxmox.com/debian/proxmox-release-${OS_RELEASE}.gpg \ + CEPH_SRC="deb [signed-by=/usr/share/keyrings/ceph-keyring.gpg] http://download.proxmox.com/debian/ceph-${CEPH_VERSION} ${OS_RELEASE} no-subscription" + + curl -o /usr/share/keyrings/ceph-keyring.gpg ${CEPH_KEY} + echo "${CEPH_SRC}" >/etc/apt/sources.list.d/ceph.list + + echo "*** configured repo ***" + cat /etc/apt/sources.list.d/ceph.list + + echo "*** pin ceph repo and version" + cat << EOT > /etc/apt/preferences.d/ceph_packages.pref +Package: * +Pin: release o=download.proxmox.com +Pin-Priority: 1001 +EOT + ;; + + *) + true + ;; +esac