prepare rpm builder using github actions [skip ci]

Author: sergey-safarov

.github/workflows/rpm-builder.yaml

@@ -0,0 +1,228 @@
+---
+name: rpm-builder
+'on':
+  schedule:
+  # Rebuild images day-of-month 15 in January and July
+  - cron: '41 6 15 1,7 *'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: pkg-kamailio-docker
+  IMAGE_REPO: ghcr.io
+
+jobs:
+  build:
+    name: Build image
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+        - alma-10
+        - centos-10
+        - rhel-10
+        - rocky-10
+        - alma-9
+        - centos-9
+        - rhel-9
+        - rocky-9
+        - alma-8
+        - centos-8
+        - rhel-8
+        - rocky-8
+        arch:
+        - x86_64
+        - aarch64
+        - ppc64le
+        - s390x
+        include:
+        # setting image platform
+        - platform: linux/amd64
+          arch: x86_64
+        - platform: linux/arm64/v8
+          arch: aarch64
+        - platform: linux/s390x
+          arch: s390x
+        - platform: linux/ppc64le
+          arch: ppc64le
+
+        # setting runner
+        - runner: ubuntu-latest
+        - runner: ubuntu-24.04-arm
+          arch: aarch64
+
+        # setting base iamge
+        - base_image: almalinux:10
+          os: alma-10
+        - base_image: almalinux:9
+          os: alma-9
+        - base_image: almalinux:8
+          os: alma-8
+        - base_image: quay.io/centos/centos:stream10
+          os: centos-10
+        - base_image: quay.io/centos/centos:stream9
+          os: centos-9
+        - base_image: quay.io/centos/centos:stream8
+          os: centos-8
+        - base_image: registry.redhat.io/ubi10/ubi:latest
+          os: rhel-10
+        - base_image: registry.redhat.io/ubi9/ubi:latest
+          os: rhel-9
+        - base_image: registry.redhat.io/ubi8/ubi:latest
+          os: rhel-8
+        - base_image: rockylinux/rockylinux:10
+          os: rocky-10
+        - base_image: rockylinux/rockylinux:9
+          os: rocky-9
+        - base_image: rockylinux/rockylinux:8
+          os: rocky-8
+        exclude:
+        # We does build for ppc64le because RedHat does not have CodeReady repo for ppc64le.
+        # more info at https://access.redhat.com/solutions/5500841
+        - os: rhel-10
+          arch: ppc64le
+        - os: rhel-9
+          arch: ppc64le
+        - os: rhel-8
+          arch: ppc64le
+        # also Codeready repo does not exist for rhel-9 and 10, s390x arch
+        - os: rhel-10
+          arch: s390x
+        - os: rhel-9
+          arch: s390x
+        # s390x arch does not exist for rhel 8, centos 8, rocky 8. For alma-8 cannot be compiled libphonenumber
+        - os: alma-8
+          arch: s390x
+        - os: centos-8
+          arch: s390x
+        - os: rhel-8
+          arch: s390x
+        - os: rocky-8
+          arch: s390x
+        # ppc64le arch does not exist for rocky 8
+        - os: rocky-8
+          arch: ppc64le
+
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: write
+    steps:
+    - name: Login to RedHat Container Registry
+      uses: docker/login-action@v3
+      if: contains(matrix.os, 'rhel')
+      with:
+        registry: registry.redhat.io
+        username: ${{ secrets.REDHAT_REGISTRY_LOGIN }}
+        password: ${{ secrets.REDHAT_REGISTRY_TOKEN }}
+
+    - name: checkout sources
+      uses: actions/checkout@v4
+
+    - name: print commit info
+      id: init
+      run: |
+        git log -n 1
+
+    - name: Image metadata
+      id: metadata
+      uses: docker/metadata-action@v5
+      with:
+        # list of Docker images to use as base name for tags
+        images: |
+          ${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+        tags: |
+          ${{ matrix.os }}-${{ matrix.arch }}
+        flavor: |
+          latest=false
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+      if: "! contains(fromJson('[\"x86_64\", \"aarch64\"]'), matrix.arch)"
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build builder image
+      uses: docker/build-push-action@v6
+      id: build
+      env:
+        DOCKER_BUILD_SUMMARY: false
+      with:
+        context: "{{defaultContext}}:rpm"
+        tags: ${{ steps.metadata.outputs.tags }}
+        labels: ${{ steps.metadata.outputs.labels }}
+        platforms: ${{ matrix.platform }}
+        secrets: |
+          "RHEL_USERNAME=${{ secrets.RHEL_USERNAME }}"
+          "RHEL_PASSWORD=${{ secrets.RHEL_PASSWORD }}"
+        build-args: |
+          base_image=${{ matrix.base_image }}
+        outputs: type=docker,dest=${{ runner.temp }}/${{ env.IMAGE_NAME }}-${{ matrix.os }}-${{ matrix.arch }}.tar
+
+    - name: Upload builder image as artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ env.IMAGE_NAME }}-${{ matrix.os }}-${{ matrix.arch }}
+        path: ${{ runner.temp }}/${{ env.IMAGE_NAME }}-${{ matrix.os }}-${{ matrix.arch }}.tar
+
+  push:
+    name: Push image to the repo
+    strategy:
+      matrix:
+        os:
+        - alma-10
+        - centos-10
+        - rhel-10
+        - rocky-10
+        - alma-9
+        - centos-9
+        - rhel-9
+        - rocky-9
+        - alma-8
+        - centos-8
+        - rhel-8
+        - rocky-8
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    needs:
+    - build
+    services:
+      registry:
+        image: registry:2
+        ports:
+        - 5000:5000
+    steps:
+    - name: Download artifact images
+      uses: actions/download-artifact@v4
+      with:
+        pattern: ${{ env.IMAGE_NAME }}-${{ matrix.os }}-*
+        path: ${{ runner.temp }}/tar-images
+        merge-multiple: true
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.IMAGE_REPO }}
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Pushing image to the local repo
+      run: |
+        set -o errexit -o nounset -o pipefail
+        jobj="[]"
+        for image_file in ${{ runner.temp }}/tar-images/*.tar; do
+            image_name=$(docker load --input ${image_file} | sed -e 's/Loaded image: //')
+            repo_image_name=$(echo localhost:5000/${image_name})
+            jobj=$(echo "${jobj}" | jq -c ". + [\"${repo_image_name}\"]")
+            docker image tag ${image_name} ${repo_image_name}
+            docker push ${repo_image_name}
+        done
+        eval_command=$(echo "${jobj}" | jq -r '["docker buildx imagetools create --tag localhost:5000/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ matrix.os }}"] + . | join(" ")')
+        eval "${eval_command}"
+
+    - name: Push image to GHCR
+      run: |
+        docker buildx imagetools create \
+            --tag ${{ env.IMAGE_REPO }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ matrix.os }} \
+            localhost:5000/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ matrix.os }}

rpm/README.md

@@ -51,3 +51,9 @@ Suported dist
 | rocky               | 9       |x86_64, aarch64, s390x, ppc64le|
 | fedora              | 42      |x86_64, aarch64, s390x, ppc64le|
 | fedora              | 41      |x86_64, aarch64, s390x, ppc64le|
+
+For GitHub actions required specify in repository "Secrets and variables -> Actions":
+1. REDHAT_REGISTRY_LOGIN - login to pull `ubi` docker images
+2. REDHAT_REGISTRY_TOKEN - security token to pull `ubi` docker images
+3. RHEL_USERNAME - login to get access for RHEL subscription
+4. RHEL_PASSWORD - password to get access for RHEL subscription