From dd248dc0b9182f3da3c2e8096e5664b0aceb97d9 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Wed, 30 Jul 2025 22:23:44 +0200 Subject: [PATCH] Implemented sysbox runtime for docker image build and push step --- argo-workflows/build.yaml | 73 ++++++++++++++------------------------- 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/argo-workflows/build.yaml b/argo-workflows/build.yaml index 7fb693c..8fd666a 100644 --- a/argo-workflows/build.yaml +++ b/argo-workflows/build.yaml @@ -9,12 +9,14 @@ spec: - name: repo value: https://gitea.marcin00.pl/pikram/user-microservice.git - name: branch - value: main + value: dev - name: image value: marcin00.azurecr.io/user-microservice - - name: registry_server - value: marcin00.azurecr.io - serviceAccountName: edu-agentpool + - name: acr-name + value: marcin00 + - name: client-id # client-id of the user-assigned managed identity used by cluster + value: c302726f-fafb-4143-94c1-67a70975574a + serviceAccountName: argo-workflows-user volumeClaimTemplates: - metadata: name: workspace @@ -32,7 +34,7 @@ spec: secretProviderClass: azure-keyvault templates: - # ๐Ÿ” Main steps sequence + # Main steps sequence - name: main steps: - - name: checkout @@ -45,14 +47,14 @@ spec: value: "{{workflow.parameters.branch}}" - - name: tests template: tests - - - name: build-test-and-push-image - template: build-test-and-push-image + - - name: build-and-push-image + template: build-and-push-image arguments: parameters: - name: git-sha value: "{{steps.checkout.outputs.parameters.git-sha}}" - # ๐Ÿ“ฆ GIT CHECKOUT + # GIT CHECKOUT - name: checkout inputs: parameters: @@ -76,7 +78,7 @@ spec: valueFrom: path: /tmp/gitsha.txt - # ๐Ÿงช PYTHON TESTS + # PYTHON TESTS - name: tests script: image: python:3.11.7-alpine @@ -84,59 +86,36 @@ spec: workingDir: /workspace/repo/api source: | python3 -m venv env - . env/bin/activate + source env/bin/activate pip install -r requirements.txt pytest python3 -m pytest --junit-xml=pytest_junit.xml volumeMounts: - name: workspace mountPath: /workspace -# ๐Ÿณ BUILDS AND GOSS TESTS - - name: build-test-and-push-image + # BUILD AND PUSH DOCKER IMAGE + - name: build-and-push-image inputs: parameters: - name: git-sha + metadata: + annotations: + io.kubernetes.cri-o.userns-mode: "auto:size=65536" container: - image: docker:dind + image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm command: [sh, -c] workingDir: /workspace/repo args: - | - dockerd-entrypoint.sh & - sleep 3 - DOCKER_IMAGE={{workflow.parameters.image}}:{{inputs.parameters.git-sha}} - docker build -t $DOCKER_IMAGE . - - apk add --no-cache bash - - wget https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -O goss - wget https://github.com/aelsabbahy/goss/releases/latest/download/dgoss -O dgoss - chmod +rx *goss - - export GOSS_OPTS="-f junit" - export GOSS_PATH=./goss - export GOSS_SLEEP=3 - ./dgoss run -e SQLALCHEMY_DATABASE_URI=sqlite:///:memory: $DOCKER_IMAGE > /workspace/goss_junit.xml + dockerd & + CI_COMMIT_SHA={{inputs.parameters.git-sha}} + DOCKER_IMAGE={{workflow.parameters.image}}:${CI_COMMIT_SHA} + docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") . - echo "===> Logging into ACR" - ACR_PASSWORD=$(cat /mnt/secrets/acr-password) - echo "$ACR_PASSWORD" | docker login {{workflow.parameters.registry_server}} -u $ACR_USERNAME --password-stdin - - echo "===> Pushing image to ACR" - docker push $DOCKER_IMAGE - env: - - name: ACR_USERNAME - value: marcin00 - securityContext: - privileged: true + az login --identity --client-id {{workflow.parameters.client_id}} + az acr login --name {{workflow.parameters.acr-name}} + docker push ${DOCKER_IMAGE} + runtimeClassName: sysbox-runc volumeMounts: - name: workspace mountPath: /workspace - - name: docker-library - mountPath: /var/lib/docker - - name: secrets-store - mountPath: "/mnt/secrets" - readOnly: true - volumes: - - name: docker-library - emptyDir: {}