From 05e0f7742e7142ca5d1e09c967ccdf83ffa69a94 Mon Sep 17 00:00:00 2001 From: prouthu Date: Wed, 15 Apr 2026 12:50:06 +0530 Subject: [PATCH] Fetch docker image from AWS ECR Instead of pulling kmake image from code linaro we need to pull it from AWS ECR Signed-off-by: prouthu --- .github/actions/build/action.yml | 1 - .github/actions/build_ubuntu/action.yml | 17 +++++---- .github/actions/lava_job_render/action.yml | 1 - .github/actions/pull_docker_image/action.yml | 36 ++++++++++++++----- .github/workflows/build-yocto.yml | 2 +- .github/workflows/build.yml | 3 +- .github/workflows/build_rt.yml | 1 + .github/workflows/pre_merge.yml | 6 ++-- .github/workflows/test.yml | 2 +- .../workflows/ubuntu-package-generation.yml | 3 +- 10 files changed, 47 insertions(+), 25 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index baebf44..deb612a 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -5,7 +5,6 @@ inputs: docker_image: description: Docker image required: true - default: kmake-image:latest workspace_path: description: Workspace path required: true diff --git a/.github/actions/build_ubuntu/action.yml b/.github/actions/build_ubuntu/action.yml index 1cb3c4e..bbfc0d6 100644 --- a/.github/actions/build_ubuntu/action.yml +++ b/.github/actions/build_ubuntu/action.yml @@ -37,6 +37,9 @@ inputs: firmware: description: Firmware file to use for the build required: true + docker_image: + description: Full docker image name with tag (e.g. kmake-image-ubuntu-noble-arm64:ver.1.0) + required: true outputs: artifacts_location: @@ -56,8 +59,8 @@ runs: - name: Pull Docker image for building Ubuntu packages uses: qualcomm-linux/kernel-config/.github/actions/pull_docker_image@main with: - image: kmake-image-ubuntu-noble-arm64:ver.1.0 - tag: ubuntu-noble-arm64 + image: ${{ inputs.docker_image }} + registry: artifacts.codelinaro.org/clo-420-qli-registry - name: Setup git config and Logging shell: bash @@ -124,7 +127,7 @@ runs: echo "==>Logging to $LOGFILE" echo "=== Kernel Build Log ===" >> "$LOGFILE" docker run -i \ - --privileged --rm -v $PWD:$PWD --workdir="$PWD" kmake-image:ubuntu-noble-arm64 \ + --privileged --rm -v $PWD:$PWD --workdir="$PWD" ${{ inputs.docker_image }} \ -c ' cd kernel export BUILD_TOP=${{ env.build_top }} @@ -139,7 +142,7 @@ runs: run: | echo "::group::$(printf '__________ %-100s' 'Generate Kernel Debian Package' | tr ' ' _)" docker run -i \ - --privileged --rm -v $PWD:$PWD --workdir="$PWD" kmake-image:ubuntu-noble-arm64 \ + --privileged --rm -v $PWD:$PWD --workdir="$PWD" ${{ inputs.docker_image }} \ -c ' cd kernel # Run build-kernel-deb.sh and pass as argument the directory where kernel build artifacts were deployed (out/) @@ -178,7 +181,7 @@ runs: echo "==>Logging to $LOGFILE" echo "=== Ubuntu Rootfs Build Log ===" >> "$LOGFILE" docker run -i \ - --privileged --rm -v /dev:/dev -v $PWD:$PWD --workdir="$PWD" kmake-image:ubuntu-noble-arm64 \ + --privileged --rm -v /dev:/dev -v $PWD:$PWD --workdir="$PWD" ${{ inputs.docker_image }} \ -c ' FIRMWARE="${{ inputs.firmware }}" firmware=$(basename "$FIRMWARE") @@ -194,7 +197,7 @@ runs: run: | echo "::group::$(printf '__________ %-100s' 'Generate dtb.bin' | tr ' ' _)" docker run -i \ - --privileged --rm -v $PWD:$PWD --workdir="$PWD" kmake-image:ubuntu-noble-arm64 \ + --privileged --rm -v $PWD:$PWD --workdir="$PWD" ${{ inputs.docker_image }} \ -c " sed -i 's/\r$//' /usr/bin/generate_boot_bins.sh generate_boot_bins.sh dtb --input kernel/out/${{ inputs.machine }}.dtb --output images @@ -323,7 +326,7 @@ runs: shell: bash run: | docker run -i \ - --privileged --rm -v $PWD:$PWD --workdir="$PWD" kmake-image:ubuntu-noble-arm64 \ + --privileged --rm -v $PWD:$PWD --workdir="$PWD" ${{ inputs.docker_image }} \ -c 'rm -rf ${{ github.workspace }}/*' - name: Update Summary diff --git a/.github/actions/lava_job_render/action.yml b/.github/actions/lava_job_render/action.yml index 7b3c571..d0d1534 100644 --- a/.github/actions/lava_job_render/action.yml +++ b/.github/actions/lava_job_render/action.yml @@ -3,7 +3,6 @@ inputs: docker_image: description: Docker image required: true - default: kmake-image:ver.1.0 kernel_version: description: Kernel Version required: true diff --git a/.github/actions/pull_docker_image/action.yml b/.github/actions/pull_docker_image/action.yml index 0c34752..4a2de02 100644 --- a/.github/actions/pull_docker_image/action.yml +++ b/.github/actions/pull_docker_image/action.yml @@ -5,20 +5,38 @@ inputs: image: description: The docker image to pull required: true - default: kmake-image:ver.1.0 - tag: - description: The tag to apply to the pulled image - required: false - default: ver.1.0 + registry: + description: "Registry to pull from. E.g. '.dkr.ecr..amazonaws.com' or 'artifacts.codelinaro.org/clo-420-qli-registry'" + required: true runs: using: "composite" steps: + - name: Authenticate to registry (ECR only) + shell: bash + run: | + REGISTRY="${{ inputs.registry }}" + if [[ "$REGISTRY" == *.dkr.ecr.*.amazonaws.com ]]; then + echo "ECR registry detected — authenticating..." + REGION=$(echo "$REGISTRY" | grep -oP '(?<=dkr\.ecr\.)[^.]+') + aws ecr get-login-password --region "$REGION" | \ + docker login --username AWS --password-stdin "$REGISTRY" + else + echo "Non-ECR registry — skipping authentication." + fi + - name: Pull Docker image shell: bash run: | - echo "Pulling Docker image: ${{ inputs.image }}" - docker pull artifacts.codelinaro.org/clo-420-qli-registry/${{ inputs.image }} - echo "Docker image pulled successfully:" - docker tag artifacts.codelinaro.org/clo-420-qli-registry/${{ inputs.image }} kmake-image:${{ inputs.tag }} + echo "Pulling Docker image: ${{ inputs.registry }}/${{ inputs.image }}" + docker pull "${{ inputs.registry }}/${{ inputs.image }}" + echo "Docker image pulled successfully." + + - name: Retag image locally + shell: bash + run: | + FULL_IMAGE="${{ inputs.registry }}/${{ inputs.image }}" + # Retag using the original image name (strips registry prefix, preserves original tag) + docker tag "$FULL_IMAGE" "${{ inputs.image }}" + echo "Image tagged as ${{ inputs.image }} successfully." diff --git a/.github/workflows/build-yocto.yml b/.github/workflows/build-yocto.yml index b7b221e..4255ed1 100644 --- a/.github/workflows/build-yocto.yml +++ b/.github/workflows/build-yocto.yml @@ -99,4 +99,4 @@ jobs: token: ${{ secrets.PAT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 + AWS_REGION: ${{ secrets.AWS_REGION }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 97cc6de..e20f6b9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -62,6 +62,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/actions/pull_docker_image@main with: image: ${{ inputs.docker_image }} + registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com - name: Build workspace id: build_workspace @@ -114,7 +115,7 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 + AWS_REGION: ${{ secrets.AWS_REGION }} - name: Upload artifacts id: upload-artifacts diff --git a/.github/workflows/build_rt.yml b/.github/workflows/build_rt.yml index 7dee196..3916f41 100644 --- a/.github/workflows/build_rt.yml +++ b/.github/workflows/build_rt.yml @@ -47,6 +47,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/actions/pull_docker_image@main with: image: ${{ inputs.docker_image }} + registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com - name: Build workspace id: build_workspace diff --git a/.github/workflows/pre_merge.yml b/.github/workflows/pre_merge.yml index 764201d..055b5b2 100644 --- a/.github/workflows/pre_merge.yml +++ b/.github/workflows/pre_merge.yml @@ -43,7 +43,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/workflows/build.yml@main secrets: inherit with: - docker_image: kmake-image:ver.1.0 + docker_image: ${{ vars.TECH_TEAM_NAMESPACE }}/kmake-image:${{ vars.KMAKE_IMAGE_VERSION }} pr_number: ${{ inputs.pr }} branch: ${{ inputs.ref }} repo: ${{ inputs.repo }} @@ -55,7 +55,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/workflows/build_rt.yml@main secrets: inherit with: - docker_image: kmake-image:ver.1.0 + docker_image: ${{ vars.TECH_TEAM_NAMESPACE }}/kmake-image:${{ vars.KMAKE_IMAGE_VERSION }} pr_number: ${{ inputs.pr }} branch: ${{ inputs.ref }} repo: ${{ inputs.repo }} @@ -80,7 +80,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/workflows/test.yml@main secrets: inherit with: - docker_image: kmake-image:ver.1.0 + docker_image: ${{vars.TECH_TEAM_NAMESPACE}}/kmake-image:${{vars.KMAKE_IMAGE_VERSION}} rootfs_matrix: ${{ needs.loading.outputs.rootfs_matrix }} kernel_version: ${{ needs.build.outputs.kernel_version }} commit_SHA: ${{ inputs.sha }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ffe8ddd..3b87d29 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,7 +8,6 @@ on: description: Docker image type: string required: true - default: kmake-image:ver.1.0 rootfs_matrix: description: Full matrix containing lava description @@ -66,6 +65,7 @@ jobs: uses: qualcomm-linux/kernel-config/.github/actions/pull_docker_image@main with: image: ${{ inputs.docker_image }} + registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com - name: Download URLs list if: ${{ inputs.build_type == 'kbdev' }} diff --git a/.github/workflows/ubuntu-package-generation.yml b/.github/workflows/ubuntu-package-generation.yml index 49f549d..cec0af4 100644 --- a/.github/workflows/ubuntu-package-generation.yml +++ b/.github/workflows/ubuntu-package-generation.yml @@ -63,8 +63,9 @@ jobs: target: ${{ matrix.ubuntu_matrix.target }} efi: ${{ matrix.ubuntu_matrix.efi }} firmware: ${{ matrix.ubuntu_matrix.firmware }} + docker_image: ${{ vars.TECH_TEAM_NAMESPACE }}/kmake-image-ubuntu-noble-arm64:${{ vars.KMAKE_UBUNTU_IMAGE_VERSION }} env: token: ${{ secrets.PAT }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 + AWS_REGION: ${{ secrets.AWS_REGION }}