GitHub Actions delivers an immersive platform for testing and deploying all kinds of software, including software that runs in containers. It also offers a container registry with repositories where you can push containers and serve them to anyone on the internet.
By combining these capabilities with Red Hat’s Universal Base Image (UBI) and container technologies such as Podman and Buildah, you can build your own containers on top of a stable Red Hat Enterprise Linux (RHEL) base in GitHub Actions.
The code shown in this post is already in the major/ubi-flask repository in GitHub.
A simple container
Most of my development involves Python and my favorite web framework: Flask. It simplifies web applications by handling a route (a path on a URL) and running code anytime someone accesses the URL. In this example, I wrote a “Hello World” example with a timestamp included:
from datetime import datetime from flask import Flask app = Flask(__name__) @app.route("/") def hello_world(): return f"Hello, World! The current date is: {datetime.now()}"
In this example, when someone accesses the root path, they see the “Hello, World!” text followed by the date and time the request was made. Let’s assemble a brief container build file that tells buildah how to build the container from a UBI:
FROM registry.access.redhat.com/ubi8/ubi # Make a directory for our code and copy it over. RUN mkdir /opt/hello COPY hello/* /opt/hello # Install pip and Python requirements (and clean up). RUN dnf -y install python3-pip && \ dnf clean all RUN pip3 install -r /opt/hello/requirements.txt && \ rm -rf /root/.cache # Set the working directory to where we copied the code. WORKDIR /opt/hello # Expose port 8000. EXPOSE 8000 # Run the Flask application via gunicorn. CMD ["gunicorn", "-b", "0.0.0.0:8000", "hello:app"]
Get to the (GitHub) Action
The container build file and Flask code already exist in my ubi-flask repository in GitHub. We now need to tell GitHub Actions how to build and publish the container on each commit. Everything starts with a workflow YAML file (follow along with mine):
name: Build ubi-flask container on: - push jobs: build: name: Build image runs-on: ubuntu-latest env: IMAGE_NAME: ubi-flask REGISTRY: ghcr.io/major steps:
The initial part of the workflow file controls when the container is built (on every push) and the GitHub container registry URL. The build steps are:
- name: Clone the repository uses: actions/checkout@v2 - name: Buildah Action id: build-image uses: redhat-actions/buildah-build@v2 with: image: ${{ env.IMAGE_NAME }} tags: latest ${{ github.sha }} containerfiles: | ./Containerfile - name: Log in to the GitHub Container registry uses: redhat-actions/podman-login@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Push to GitHub Container Repository id: push-to-ghcr uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build-image.outputs.image }} tags: ${{ steps.build-image.outputs.tags }} registry: ${{ env.REGISTRY }}
Let’s analyze this step by step:
-
First, we clone our repository into the GitHub Actions runner.
-
Next, we build the container using our container build file with buildah. The container has two tags: “latest” and the SHA of the most recent commit in git.
-
The GitHub container registry requires authentication before pushing containers, so we use podman to authenticate. (GitHub Actions automatically provides a token in lieu of an API key or password.)
-
Finally, we push the container to the repository with podman and apply both tags from the build stage.
GitHub Actions runs the workflow, in under two minutes in my testing, and a container appears in the list of packages afterwards.
Your container should appear as ubi-flask inside your GitHub account under ghcr.io/username/ubi-flask. My GitHub account is major, so I can pull my container using this URL: ghcr.io/major/ubi-flask
Testing the container
We can test the container by using podman to download the container and run it:
$ podman run -d -p 8000:8000 ghcr.io/major/ubi-flask 2e77848186579003364b20f83d5fea9de58459f63a8a0c9435a8d15a68c53875 $ curl localhost:8000 Hello, World! The current date is: 2021-10-26 17:12:29.639179
Staying up to date
Keep updated with the latest changes in the redhat-actions repositories by using GitHub’s dependabot. Add a small file in your repo to monitor changes to any of the GitHub Actions that you use:
# File: .github/dependabot.yml version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: interval: "daily"
When GitHub detects that one of your actions has an update, dependabot makes a pull request in your repository to update the action version.
Conclusion
Now you can use the technologies you know and trust, such as Podman and Buildah, alongside your software in GitHub. RHEL UBI provide a stable base for testing and deployment on RHEL systems, in Red Hat OpenShift, or on any other container platform.
Read about the various types of RHEL UBI container images and how to build and run containers as a non-root user with podman.
저자 소개
Major Hayden is a Principal Software Engineer at Red Hat with a focus on making it easier to deploy Red Hat Enterprise Linux wherever a customer needs it. He is also an amateur radio operator (W5WUT), and he maintains a technical blog at major.io.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.