Skip to content

Commit 2c22aca

Browse files
authored
feat: add retry_push_count option to expose retry-push CLI options (#91)
It's reasonable common for the image pushing step to fail in CI due to transient network issues, so it makes sense to expose the `--retry-push` and `--retry-count` options in the GitHub action. This adds a `retry_push_count` option to the action that defaults to 0, and if set to be nonzero, it enables `--retry-push` and passes the retry count to the CLI. I also did a bit of minor cleanup of the action: * Updated actions/checkout to v5.0.0. * Added `persist-credentials: false` to actions/checkout for security, per Zizmor recommendation. * Converted direct template expansions (which are potentially vulnerable to code injection attacks) into environment variables. * Quoted shell variables to prevent unintended shell splitting. Signed-off-by: Daniel Hast <[email protected]>
1 parent db72d1a commit 2c22aca

File tree

1 file changed

+39
-20
lines changed

1 file changed

+39
-20
lines changed

action.yml

Lines changed: 39 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ inputs:
3838
default: "true"
3939
use_unstable_cli:
4040
description: |
41-
If true, this action pulls the `main` branch of blue-build/cli instead of the stable version the current action version is configured to use by default.
41+
If true, this action pulls the `main` branch of blue-build/cli instead of the stable version the current action version is configured to use by default.
4242
This feature is useful for testing new features, but should not be used in production.
4343
Input must match the string 'true' for the unstable version to be used.
4444
required: false
@@ -73,6 +73,11 @@ inputs:
7373
Make use of layer cache by pushing the layers to the registry. Input must match the string 'true' for the step to be enabled.
7474
required: false
7575
default: "false"
76+
retry_push_count:
77+
description: |
78+
The number of times to retry pushing the image.
79+
required: false
80+
default: 0
7681
squash:
7782
description: |
7883
Uses buildah to squash the build's layers into a single layer. Use of this option
@@ -105,10 +110,13 @@ runs:
105110
steps:
106111
- name: Validate inputs
107112
shell: bash
108-
run: "${{ github.action_path }}/build_opts_check.sh"
109113
env:
110-
SQUASH_INPUT_VALUE: "${{ inputs.squash }}"
111-
BUILD_OPTS: "${{ inputs.build_opts }}"
114+
SQUASH_INPUT_VALUE: ${{ inputs.squash }}
115+
BUILD_OPTS: ${{ inputs.build_opts }}
116+
github_action_path: ${{ github.action_path }}
117+
run: |
118+
"${github_action_path}/build_opts_check.sh"
119+
112120
# building custom images might take a lot of space,
113121
# so it's best to remove unneeded softawre
114122
- name: Maximize build space
@@ -129,7 +137,7 @@ runs:
129137
run: |
130138
VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release)
131139
echo "Ubuntu version is $VERSION"
132-
echo "version=$VERSION" >> $GITHUB_OUTPUT
140+
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
133141
134142
# that is compatible with BlueBuild
135143
- name: Setup Podman
@@ -140,8 +148,8 @@ runs:
140148
ubuntu_version='22.04'
141149
key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
142150
sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
143-
echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
144-
curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
151+
echo "deb ${sources_url}/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
152+
curl -fsSL "${key_url}" | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
145153
sudo apt-get update
146154
sudo apt-get install -y podman
147155
@@ -151,31 +159,35 @@ runs:
151159
use-sudo: true
152160

153161
# clones user's repo
154-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
162+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
155163
if: ${{ inputs.skip_checkout == 'false' }}
164+
with:
165+
persist-credentials: false
156166

157167
- name: Determine Vars
158168
id: build_vars
159169
shell: bash
160170
env:
161171
RECIPE: ${{ inputs.recipe }}
172+
USE_UNSTABLE_CLI: ${{ inputs.use_unstable_cli }}
173+
CLI_VERSION: ${{ inputs.cli_version }}
162174
run: |
163-
if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then
175+
if [[ "${USE_UNSTABLE_CLI}" == "true" && -z "${CLI_VERSION}" ]]; then
164176
CLI_VERSION_TAG="main"
165-
elif [ -n "${{ inputs.cli_version }}" ]; then
166-
CLI_VERSION_TAG="${{ inputs.cli_version }}"
177+
elif [ -n "${CLI_VERSION}" ]; then
178+
CLI_VERSION_TAG="${CLI_VERSION}"
167179
else
168180
CLI_VERSION_TAG="v0.9"
169181
fi
170-
echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT}
182+
echo "cli_version=${CLI_VERSION_TAG}" >> "${GITHUB_OUTPUT}"
171183
172184
RECIPE_PATH=""
173185
if [ -f "./config/${RECIPE}" ]; then
174186
RECIPE_PATH="./config/${RECIPE}"
175187
else
176188
RECIPE_PATH="./recipes/${RECIPE}"
177189
fi
178-
echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT}
190+
echo "recipe_path=${RECIPE_PATH}" >> "${GITHUB_OUTPUT}"
179191
180192
- name: Install BlueBuild
181193
shell: bash
@@ -184,7 +196,7 @@ runs:
184196
run: |
185197
sudo docker create \
186198
--name blue-build-installer \
187-
ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer
199+
"ghcr.io/blue-build/cli:${CLI_VERSION_TAG}-installer"
188200
sudo docker cp blue-build-installer:/out/bluebuild /usr/bin/bluebuild
189201
sudo docker rm blue-build-installer
190202
bluebuild --version
@@ -202,23 +214,30 @@ runs:
202214
BB_REGISTRY_NAMESPACE: ${{ inputs.registry_namespace }}
203215
GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
204216
BB_CACHE_LAYERS: ${{ inputs.use_cache }}
217+
BB_RETRY_PUSH_COUNT: ${{ inputs.retry_push_count }}
218+
BB_SQUASH: ${{ inputs.squash }}
219+
BB_RECHUNK: ${{ inputs.rechunk }}
205220
RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }}
206221
RUST_LOG_STYLE: always
207222
CLICOLOR_FORCE: "1"
208223
BUILD_OPTS: ${{ inputs.build_opts }}
209224
run: |
210-
if [ "${{ inputs.squash }}" = "true" ]; then
211-
BUILD_OPTS="--build-driver podman --squash $BUILD_OPTS"
225+
if [ "${BB_SQUASH}" = "true" ]; then
226+
BUILD_OPTS="--build-driver podman --squash ${BUILD_OPTS}"
212227
fi
213228
214229
RUN_SUDO=""
215-
if [ "${{ inputs.rechunk }}" = "true" ]; then
230+
if [ "${BB_RECHUNK}" = "true" ]; then
216231
RUN_SUDO=1
217-
BUILD_OPTS="--rechunk $BUILD_OPTS"
232+
BUILD_OPTS="--rechunk ${BUILD_OPTS}"
233+
fi
234+
235+
if [ "${BB_RETRY_PUSH_COUNT}" != '0' ]; then
236+
BUILD_OPTS="--retry-push --retry-count '${BB_RETRY_PUSH_COUNT}' ${BUILD_OPTS}"
218237
fi
219238
220239
if [ -n "$RUN_SUDO" ]; then
221-
sudo -E bluebuild build -v --push ${BUILD_OPTS} ${RECIPE_PATH}
240+
sudo -E bluebuild build -v --push ${BUILD_OPTS} "${RECIPE_PATH}"
222241
else
223-
bluebuild build -v --push ${BUILD_OPTS} ${RECIPE_PATH}
242+
bluebuild build -v --push ${BUILD_OPTS} "${RECIPE_PATH}"
224243
fi

0 commit comments

Comments
 (0)