cache podman install

opendatahub-io · Oct 14, 2024 · 31493a3 · 31493a3
1 parent 0502e6e
commit 31493a3
Showing 1 changed file with 0 additions and 123 deletions.
diff --git a/.github/workflows/build-notebooks-TEMPLATE.yaml b/.github/workflows/build-notebooks-TEMPLATE.yaml
@@ -94,126 +94,3 @@ jobs:
 
       - name: Add linuxbrew to PATH
         run: echo "/home/linuxbrew/.linuxbrew/bin/" >> $GITHUB_PATH
-
-      - name: Configure Podman
-        run: |
-          set -x
-          mkdir -p $HOME/.config/containers/
-          cp ci/cached-builds/containers.conf $HOME/.config/containers/containers.conf
-          cp ci/cached-builds/storage.conf $HOME/.config/containers/storage.conf
-
-          # should at least reset storage when touching storage.conf
-          podman system reset --force
-          mkdir -p $HOME/.local/share/containers/storage/tmp
-
-          # start systemd user service
-          # since `brew services start podman` is buggy, let's do our own brew-compatible service
-          mkdir -p "${HOME}/.config/systemd/user/"
-          cp ci/cached-builds/homebrew.podman.service "${HOME}/.config/systemd/user/homebrew.podman.service"
-          systemctl --user daemon-reload
-          systemctl --user start homebrew.podman.service
-          echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
-
-      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
-      - name: "push|schedule: make ${{ inputs.target }}"
-        run: |
-          SANITIZED_REF_NAME=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9._-]/_/g')
-          export IMAGE_TAG="${SANITIZED_REF_NAME}_${{ github.sha }}"
-          make ${{ inputs.target }}
-        if: ${{ fromJson(inputs.github).event_name == 'push' || fromJson(inputs.github).event_name == 'schedule' }}
-        env:
-          IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}/workbench-images"
-          CONTAINER_BUILD_CACHE_ARGS: "--cache-from ${{ env.CACHE }} --cache-to ${{ env.CACHE }}"
-          # dependent images were already built and pushed, so just let podman pull it
-          BUILD_DEPENDENT_IMAGES: "no"
-
-      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
-      - name: "pull_request: make ${{ inputs.target }}"
-        run: |
-          make ${{ inputs.target }}
-        if: "${{ fromJson(inputs.github).event_name == 'pull_request' }}"
-        env:
-          IMAGE_TAG: "${{ github.sha }}"
-          IMAGE_REGISTRY: "localhost:5000/workbench-images"
-          CONTAINER_BUILD_CACHE_ARGS: "--cache-from ${{ env.CACHE }}"
-          # We don't have access to image registry, so disable pushing
-          PUSH_IMAGES: "no"
-
-      - name: "Show podman images information"
-        run: podman images --digests
-
-      - name: "pull_request|schedule: resolve target if Trivy scan should run"
-        id: resolve-target
-        if: ${{ fromJson(inputs.github).event_name == 'pull_request' || fromJson(inputs.github).event_name == 'schedule' }}
-        env:
-          EVENT_NAME: ${{ fromJson(inputs.github).event_name }}
-          HAS_TRIVY_LABEL: ${{ contains(fromJson(inputs.github).event.pull_request.labels.*.name, 'trivy-scan') }}
-          FS_SCAN_FOLDER: ${{ fromJson(env.TRIVY_SCAN_FS_JSON)[inputs.target] }}
-        run: |
-          if [[ "$EVENT_NAME" == "pull_request" && "$HAS_TRIVY_LABEL" == "true" ]]; then
-            if [[ -n "$FS_SCAN_FOLDER" ]]; then
-              TARGET="$FS_SCAN_FOLDER"
-              TYPE="fs"
-            else
-              TARGET="localhost:5000/workbench-images:${{ inputs.target }}-${{ github.sha }}"
-              TYPE="image"
-            fi
-          elif [[ "$EVENT_NAME" == "schedule" ]]; then
-            if [[ -n "$FS_SCAN_FOLDER" ]]; then
-              TARGET="$FS_SCAN_FOLDER"
-              TYPE="fs"
-            else
-              TARGET="ghcr.io/${{ github.repository }}/workbench-images:${{ inputs.target }}-${{ github.ref_name }}_${{ github.sha }}"
-              TYPE="image"
-            fi
-          fi
-
-          if [[ -n "$TARGET" ]]; then
-            echo "target=$TARGET" >> $GITHUB_OUTPUT
-            echo "type=$TYPE" >> $GITHUB_OUTPUT
-            echo "Trivy scan will run on $TARGET ($TYPE)"
-          else
-            echo "Trivy scan won't run"
-          fi
-
-      - name: Run Trivy vulnerability scanner
-        if: ${{ steps.resolve-target.outputs.target }}
-        run: |
-          TRIVY_VERSION=0.53.0
-          REPORT_FOLDER=${{ github.workspace }}/report
-          REPORT_FILE=trivy-report.md
-          REPORT_TEMPLATE=trivy-markdown.tpl
-
-          mkdir -p $REPORT_FOLDER
-          cp ci/$REPORT_TEMPLATE $REPORT_FOLDER
-
-          SCAN_TARGET=${{ steps.resolve-target.outputs.target }}
-          SCAN_TYPE=${{ steps.resolve-target.outputs.type }}
-          echo "Scanning $SCAN_TARGET ($SCAN_TYPE)"
-
-          if [[ "$SCAN_TYPE" == "image" ]]; then
-            SCAN_ARGS="--image-src podman --podman-host /var/run/podman/podman.sock"
-            PODMAN_ARGS="-v ${PODMAN_SOCK}:/var/run/podman/podman.sock"
-          elif [[ "$SCAN_TYPE" == "fs" ]]; then
-            WORKSPACE_FOLDER="/workspace"
-            SCAN_TARGET="$WORKSPACE_FOLDER/$SCAN_TARGET"
-            PODMAN_ARGS="-v ${{ github.workspace }}:$WORKSPACE_FOLDER"
-          fi
-
-          # have trivy access podman socket,
-          # https://github.com/aquasecurity/trivy/issues/580#issuecomment-666423279
-          podman run --rm \
-              $PODMAN_ARGS \
-              -v ${REPORT_FOLDER}:/report \
-              docker.io/aquasec/trivy:$TRIVY_VERSION \
-                $SCAN_TYPE \
-                $SCAN_ARGS \
-                --scanners vuln --ignore-unfixed \
-                --exit-code 0 --timeout 30m \
-                --format template --template "@/report/$REPORT_TEMPLATE" -o /report/$REPORT_FILE \
-                $SCAN_TARGET
-
-          cat $REPORT_FOLDER/$REPORT_FILE >> $GITHUB_STEP_SUMMARY
-
-      - run: df -h
-        if: "${{ !cancelled() }}"