订阅内容

GitHub Actions delivers an immersive platform for testing and deploying all kinds of software, including software that runs in containers. It also offers a container registry with repositories where you can push containers and serve them to anyone on the internet.

By combining these capabilities with Red Hat’s Universal Base Image (UBI) and container technologies such as Podman and Buildah, you can build your own containers on top of a stable Red Hat Enterprise Linux (RHEL) base in GitHub Actions.

The code shown in this post is already in the major/ubi-flask repository in GitHub.

A simple container

Most of my development involves Python and my favorite web framework: Flask. It simplifies web applications by handling a route (a path on a URL) and running code anytime someone accesses the URL. In this example, I wrote a “Hello World” example with a timestamp included:

from datetime import datetime

from flask import Flask

app = Flask(__name__)

@app.route("/")
def hello_world():
return f"Hello, World! The current date is: {datetime.now()}"

In this example, when someone accesses the root path, they see the “Hello, World!” text followed by the date and time the request was made. Let’s assemble a brief container build file that tells buildah how to build the container from a UBI:

FROM registry.access.redhat.com/ubi8/ubi
# Make a directory for our code and copy it over.
RUN mkdir /opt/hello
COPY hello/* /opt/hello
# Install pip and Python requirements (and clean up).
RUN dnf -y install python3-pip && \
      dnf clean all
RUN pip3 install -r /opt/hello/requirements.txt && \
      rm -rf /root/.cache
# Set the working directory to where we copied the code.
WORKDIR /opt/hello
# Expose port 8000.
EXPOSE 8000
# Run the Flask application via gunicorn.
CMD ["gunicorn", "-b", "0.0.0.0:8000", "hello:app"]

Get to the (GitHub) Action

The container build file and Flask code already exist in my ubi-flask repository in GitHub. We now need to tell GitHub Actions how to build and publish the container on each commit. Everything starts with a workflow YAML file (follow along with mine):

name: Build ubi-flask container
on:
  - push

jobs:
  build:
    name: Build image
    runs-on: ubuntu-latest
    env:
      IMAGE_NAME: ubi-flask
      REGISTRY: ghcr.io/major
    steps:

The initial part of the workflow file controls when the container is built (on every push) and the GitHub container registry URL. The build steps are:

- name: Clone the repository
  uses: actions/checkout@v2

- name: Buildah Action
  id: build-image
  uses: redhat-actions/buildah-build@v2
  with:
    image: ${{ env.IMAGE_NAME }}
    tags: latest ${{ github.sha }}
    containerfiles: |
      ./Containerfile

- name: Log in to the GitHub Container registry
  uses: redhat-actions/podman-login@v1
  with:
    registry: ${{ env.REGISTRY }}
    username: ${{ github.actor }}
    password: ${{ secrets.GITHUB_TOKEN }}

- name: Push to GitHub Container Repository
  id: push-to-ghcr
  uses: redhat-actions/push-to-registry@v2
  with:
    image: ${{ steps.build-image.outputs.image }}
    tags: ${{ steps.build-image.outputs.tags }}
    registry: ${{ env.REGISTRY }}

Let’s analyze this step by step:

  • First, we clone our repository into the GitHub Actions runner.

  • Next, we build the container using our container build file with buildah. The container has two tags: “latest” and the SHA of the most recent commit in git.

  • The GitHub container registry requires authentication before pushing containers, so we use podman to authenticate. (GitHub Actions automatically provides a token in lieu of an API key or password.)

  • Finally, we push the container to the repository with podman and apply both tags from the build stage.

GitHub Actions runs the workflow, in under two minutes in my testing, and a container appears in the list of packages afterwards. 

Your container should appear as ubi-flask inside your GitHub account under ghcr.io/username/ubi-flask. My GitHub account is major, so I can pull my container using this URL: ghcr.io/major/ubi-flask

Testing the container

We can test the container by using podman to download the container and run it:

$ podman run -d -p 8000:8000 ghcr.io/major/ubi-flask
2e77848186579003364b20f83d5fea9de58459f63a8a0c9435a8d15a68c53875
$ curl localhost:8000
Hello, World! The current date is: 2021-10-26 17:12:29.639179

Staying up to date

Keep updated with the latest changes in the redhat-actions repositories by using GitHub’s dependabot. Add a small file in your repo to monitor changes to any of the GitHub Actions that you use:

# File: .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
    interval: "daily"

When GitHub detects that one of your actions has an update, dependabot makes a pull request in your repository to update the action version.

Conclusion

Now you can use the technologies you know and trust, such as Podman and Buildah, alongside your software in GitHub. RHEL UBI provide a stable base for testing and deployment on RHEL systems, in Red Hat OpenShift, or on any other container platform.

Read about the various types of RHEL UBI container images and how to build and run containers as a non-root user with podman.


关于作者

Major Hayden is a Principal Software Engineer at Red Hat with a focus on making it easier to deploy Red Hat Enterprise Linux wherever a customer needs it. He is also an amateur radio operator (W5WUT), and he maintains a technical blog at major.io.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事