Fix Docker setup for macOS ARM64 CI runners #17

Workflow file for this run

.github/workflows/build-test.yml at c25f12a

	name: Build and Test

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	# Set permissions explicitly for security best practices
	permissions:
	contents: read # For checking out code
	packages: read # For pulling container images

	jobs:
	build-amd64:
	name: Build and Test (Linux AMD64)
	runs-on: ubuntu-latest # Standard x86_64 runner

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Create certificate file for build
	env:
	CA_BUNDLE: ${{ secrets.CA_BUNDLE }}
	CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }}
	CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }}
	CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }}
	CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }}
	CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }}
	CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }}
	CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }}
	CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }}
	CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }}
	run: \|
	./scripts/assemble-certificates.sh --verify

	- name: Build amd64 minimal container
	uses: docker/build-push-action@v4
	with:
	context: .
	file: ./Dockerfile.optimized
	push: false
	platforms: linux/amd64
	tags: cac-builder:minimal-test
	cache-from: type=gha
	cache-to: type=gha,mode=max
	load: true

	- name: Test minimal container
	run: \|
	docker run --rm cac-builder:minimal-test -c "mkdir -p /content/build && cd /content/build && cmake .. && echo 'Build environment test: SUCCESS'"

	- name: Build amd64 full container
	uses: docker/build-push-action@v4
	with:
	context: .
	file: ./Dockerfile
	push: false
	platforms: linux/amd64
	tags: cac-builder:full-test
	cache-from: type=gha
	cache-to: type=gha,mode=max
	build-args: \|
	BUILD_TYPE=full
	load: true

	- name: Test full container
	run: \|
	mkdir -p output
	docker run -v ${{ github.workspace }}/output:/output --rm cac-builder:full-test -c "ls /content/build/ssg-* && cp /content/build/ssg-* /output/ 2>/dev/null \|\| echo 'No content found, checking build environment'"

	- name: Collect build info
	run: \|
	# Create a detailed build-info file
	{
	echo "===== AMD64 Build Information ====="
	echo "Build timestamp: $(date)"
	echo "Architecture: amd64"
	echo "Runner: ${{ runner.os }}"
	echo "Build triggered by: ${{ github.event_name }}"
	echo "Job ID: ${{ github.job }}"
	echo "Commit: ${{ github.sha }}"

	echo "===== Output Files ====="
	if [ "$(ls -A output/ 2>/dev/null)" ]; then
	find output -type f -name "*.xml" \| sort > output/amd64-file-list.txt

	echo "File listing:"
	cat output/amd64-file-list.txt

	echo "File sizes:"
	find output -type f -name "*.xml" -exec du -h {} \; \| sort -h
	else
	echo "No output files found."
	fi
	} > output/amd64-build-info.txt

	# Update to v4
	- name: Upload amd64 artifacts
	uses: actions/upload-artifact@v4
	with:
	name: cac-test-content-amd64
	path: \|
	output/*.xml
	output/*.xccdf.xml
	output/*.ds.xml
	output/amd64-build-info.txt
	output/amd64-file-list.txt
	if-no-files-found: warn
	retention-days: 7

	build-arm64:
	name: Build and Test (Apple Silicon ARM64)
	runs-on: macos-14 # macOS Sonoma with Apple Silicon

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Check system information
	run: \|
	echo "OS: $(uname -s)"
	echo "Architecture: $(uname -m)"
	echo "Processor: $(sysctl -n machdep.cpu.brand_string)"

	- name: Install Docker with Rancher Desktop
	run: \|
	# Install Homebrew if needed
	if ! command -v brew &> /dev/null; then
	echo "Installing Homebrew..."
	/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
	echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile
	eval "$(/opt/homebrew/bin/brew shellenv)"
	fi

	# Install Docker CLI
	brew install docker

	# Install Rancher Desktop for M1/M2 Macs
	echo "Installing Rancher Desktop..."
	brew install --cask rancher

	# Set environment variables for Docker to use Rancher's socket
	echo "Setting up Docker environment..."
	mkdir -p ~/.docker

	# Wait for Rancher services to start
	echo "Waiting for Rancher Desktop services to start..."
	timeout=120
	until test -S ~/Library/Application\ Support/rancher-desktop/run/docker.sock \|\| [ $timeout -eq 0 ]; do
	echo "Waiting for Docker socket... ($timeout seconds left)"
	sleep 5
	((timeout-=5))
	done

	# Link the socket if it exists
	if test -S ~/Library/Application\ Support/rancher-desktop/run/docker.sock; then
	ln -sf ~/Library/Application\ Support/rancher-desktop/run/docker.sock ~/.docker/run-docker.sock
	export DOCKER_HOST=unix://~/.docker/run-docker.sock
	echo "DOCKER_HOST=unix://~/.docker/run-docker.sock" >> $GITHUB_ENV
	echo "Docker socket linked successfully"
	else
	# Fallback to Docker Desktop if available
	echo "Rancher Desktop failed to start, trying Docker CLI directly..."
	brew install --cask docker
	open -a Docker

	# Wait for Docker to start
	echo "Waiting for Docker to start..."
	timeout=60
	while ! docker info &>/dev/null && [ $timeout -gt 0 ]; do
	echo "Waiting for Docker... ($timeout seconds left)"
	sleep 2
	((timeout-=2))
	done
	fi

	# Verify Docker is running
	if docker info &>/dev/null; then
	echo "Docker is running successfully"
	docker info
	else
	echo "Docker failed to start after multiple attempts"
	exit 1
	fi

	- name: Create certificate file for build
	env:
	CA_BUNDLE: ${{ secrets.CA_BUNDLE }}
	CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }}
	CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }}
	CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }}
	CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }}
	CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }}
	CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }}
	CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }}
	CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }}
	CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }}
	run: \|
	./scripts/assemble-certificates.sh --verify

	- name: Build arm64 minimal container
	run: \|
	docker build -t cac-builder:minimal-test-arm64 -f Dockerfile.optimized .

	- name: Test minimal container
	run: \|
	docker run --rm cac-builder:minimal-test-arm64 -c "mkdir -p /content/build && cd /content/build && cmake .. && echo 'Build environment test: SUCCESS'"

	- name: Build arm64 full container
	run: \|
	docker build -t cac-builder:full-test-arm64 -f Dockerfile --build-arg BUILD_TYPE=full .

	- name: Test full container
	run: \|
	mkdir -p output
	docker run -v ${{ github.workspace }}/output:/output --rm cac-builder:full-test-arm64 -c "ls /content/build/ssg-* && cp /content/build/ssg-* /output/ 2>/dev/null \|\| echo 'No content found, checking build environment'"

	- name: Collect build info
	run: \|
	# Create a detailed build-info file
	{
	echo "===== ARM64 Build Information ====="
	echo "Build timestamp: $(date)"
	echo "Architecture: arm64"
	echo "Runner: ${{ runner.os }} (Apple Silicon)"
	echo "Build triggered by: ${{ github.event_name }}"
	echo "Job ID: ${{ github.job }}"
	echo "Commit: ${{ github.sha }}"

	echo "===== Output Files ====="
	if [ "$(ls -A output/ 2>/dev/null)" ]; then
	find output -type f -name "*.xml" \| sort > output/arm64-file-list.txt

	echo "File listing:"
	cat output/arm64-file-list.txt

	echo "File sizes:"
	find output -type f -name "*.xml" -exec du -h {} \; \| sort -h
	else
	echo "No output files found."
	fi
	} > output/arm64-build-info.txt

	# Update to v4
	- name: Upload arm64 artifacts
	uses: actions/upload-artifact@v4
	with:
	name: cac-test-content-arm64
	path: \|
	output/*.xml
	output/*.xccdf.xml
	output/*.ds.xml
	output/arm64-build-info.txt
	output/arm64-file-list.txt
	if-no-files-found: warn
	retention-days: 7

	summarize:
	name: Generate Build Summary
	needs: [build-amd64, build-arm64]
	runs-on: ubuntu-latest

	steps:
	# Update to v4
	- name: Download all artifacts
	uses: actions/download-artifact@v4
	with:
	path: artifacts

	- name: Prepare summary report
	run: \|
	mkdir -p summary
	echo "# CAC-Builder Test Results" > summary/README.md
	echo "" >> summary/README.md
	echo "## Build Summary" >> summary/README.md
	echo "- Date: $(date)" >> summary/README.md
	echo "- Commit: ${{ github.sha }}" >> summary/README.md
	echo "- Triggered by: ${{ github.event_name }}" >> summary/README.md
	echo "" >> summary/README.md

	echo "## AMD64 Build" >> summary/README.md
	if [ -f artifacts/cac-test-content-amd64/amd64-build-info.txt ]; then
	echo '```' >> summary/README.md
	cat artifacts/cac-test-content-amd64/amd64-build-info.txt >> summary/README.md
	echo '```' >> summary/README.md
	else
	echo "No AMD64 build info available" >> summary/README.md
	fi

	echo "" >> summary/README.md
	echo "## ARM64 Build" >> summary/README.md
	if [ -f artifacts/cac-test-content-arm64/arm64-build-info.txt ]; then
	echo '```' >> summary/README.md
	cat artifacts/cac-test-content-arm64/arm64-build-info.txt >> summary/README.md
	echo '```' >> summary/README.md
	else
	echo "No ARM64 build info available" >> summary/README.md
	fi

	# Update to v4
	- name: Upload summary
	uses: actions/upload-artifact@v4
	with:
	name: cac-builder-test-summary
	path: summary/
	retention-days: 14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Docker setup for macOS ARM64 CI runners #17

Workflow file

Fix Docker setup for macOS ARM64 CI runners #17

Jobs

Run details

Workflow file for this run