From 1489c0e66b7c2da8e1e0aa91abc63c49eed127e6 Mon Sep 17 00:00:00 2001 From: Vitaliy Gulyy Date: Thu, 10 Jul 2025 13:24:11 -0400 Subject: [PATCH 1/3] Add SSH Support Signed-off-by: vitaliy-guliy --- .github/workflows/image-publish.yml | 201 ------------------ .../pr-check-build-che-code-image.yaml | 155 ++++++++++++++ .../workflows/pull-request-check-licenses.yml | 3 +- .../workflows/pull-request-check-publish.yml | 103 --------- .github/workflows/pull-request-check.yml | 173 --------------- .github/workflows/rebase-insiders.yml | 68 ------ .github/workflows/rebase-release-branch.yml | 63 ------ .github/workflows/release.yml | 64 ------ ...yaml => smoke-test-pr-check.yaml.disabled} | 32 ++- .github/workflows/try-in-web-ide.yaml | 36 ---- build/dockerfiles/dev.ssh.Dockerfile | 70 ++++++ build/sshd.connect | 6 + build/sshd.start | 13 ++ devfile.pr-327.yaml | 45 ++++ devfile.yaml | 1 + 15 files changed, 305 insertions(+), 728 deletions(-) delete mode 100644 .github/workflows/image-publish.yml create mode 100644 .github/workflows/pr-check-build-che-code-image.yaml delete mode 100644 .github/workflows/pull-request-check-publish.yml delete mode 100644 .github/workflows/pull-request-check.yml delete mode 100644 .github/workflows/rebase-insiders.yml delete mode 100644 .github/workflows/rebase-release-branch.yml delete mode 100644 .github/workflows/release.yml rename .github/workflows/{smoke-test-pr-check.yaml => smoke-test-pr-check.yaml.disabled} (82%) delete mode 100644 .github/workflows/try-in-web-ide.yaml create mode 100644 build/dockerfiles/dev.ssh.Dockerfile create mode 100755 build/sshd.connect create mode 100755 build/sshd.start create mode 100644 devfile.pr-327.yaml diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml deleted file mode 100644 index dd7da149455..00000000000 --- a/.github/workflows/image-publish.yml +++ /dev/null @@ -1,201 +0,0 @@ -# -# Copyright (c) 2021-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -name: image-publish - -on: - push: - branches: - - main - tags: - - '7.*.*' - -jobs: - - build: - name: build - strategy: - fail-fast: false - matrix: - dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] - runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] - runs-on: ${{matrix.runners}} - steps: - - name: Set arch environment variable - run: | - if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then - echo arch="amd64" >> $GITHUB_ENV - else - echo arch="arm64" >> $GITHUB_ENV - fi - - name: Checkout - uses: actions/checkout@v4 - - name: Docker Build - env: - # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - docker buildx build --memory-swap -1 --memory 10g --platform linux/${{env.arch}} -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile --load -t linux-${{matrix.dist}}-${{env.arch}} . - - name: Upload image - uses: ishworkh/container-image-artifact-upload@v2.0.0 - with: - image: "linux-${{matrix.dist}}-${{env.arch}}" - - assemble: - name: assemble - needs: build - strategy: - fail-fast: false - matrix: - runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] - runs-on: ${{matrix.runners}} - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set branch environment variable - run: | - BRANCH_NAME=${{ github.ref }} - echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV - - name: Set arch environment variable - run: | - if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then - echo arch="amd64" >> $GITHUB_ENV - else - echo arch="arm64" >> $GITHUB_ENV - fi - - name: Set tag suffix environment variable - run: | - SHORT_SHA1=$(git rev-parse --short=7 HEAD) - if [[ ${{env.BRANCH_NAME}} == main ]]; then - echo "tag_suffix=${SHORT_SHA1}" >> $GITHUB_ENV - elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then - echo "tag_suffix=${{ env.BRANCH_NAME }}" >> $GITHUB_ENV - fi - - name: Download linux-libc-ubi8-amd64 image - uses: ishworkh/container-image-artifact-download@v2.0.0 - with: - image: "linux-libc-ubi8-${{env.arch}}" - - name: Download linux-libc-ubi9-amd64 image - uses: ishworkh/container-image-artifact-download@v2.0.0 - with: - image: "linux-libc-ubi9-${{env.arch}}" - - name: Download linux-musl image - uses: ishworkh/container-image-artifact-download@v2.0.0 - with: - image: "linux-musl-${{env.arch}}" - - name: Display docker images - run: docker images - - name: Update assembly.Dockerfile - run: | - sed "s|FROM linux-libc-ubi8|FROM linux-libc-ubi8-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - sed "s|FROM linux-libc-ubi9|FROM linux-libc-ubi9-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - sed "s|FROM linux-musl|FROM linux-musl-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} - - name: Assemble che-code - run: | - docker buildx build \ - --platform linux/${{env.arch}} \ - --progress=plain \ - --push \ - -f build/dockerfiles/assembly.Dockerfile \ - -t quay.io/che-incubator/che-code:${{env.arch}}-${{env.tag_suffix}} . - - publish: - name: publish - needs: assemble - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set branch environment variable - run: | - BRANCH_NAME=${{ github.ref }} - echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV - - name: Set tag suffix environment variable - run: | - SHORT_SHA1=$(git rev-parse --short=7 HEAD) - if [[ ${{env.BRANCH_NAME}} == main ]]; then - echo "tag_suffix=${SHORT_SHA1}" >> $GITHUB_ENV - elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then - echo "tag_suffix=${{ env.BRANCH_NAME }}" >> $GITHUB_ENV - fi - - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} - - name: publish - run: | - SHORT_SHA1=$(git rev-parse --short=7 HEAD) - if [[ ${{env.BRANCH_NAME}} == main ]]; then - docker manifest create quay.io/che-incubator/che-code:next --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} - docker manifest annotate quay.io/che-incubator/che-code:next quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 - docker manifest annotate quay.io/che-incubator/che-code:next quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 - docker manifest push quay.io/che-incubator/che-code:next - - docker manifest create quay.io/che-incubator/che-code:insiders --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} - docker manifest annotate quay.io/che-incubator/che-code:insiders quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 - docker manifest annotate quay.io/che-incubator/che-code:insiders quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 - docker manifest push quay.io/che-incubator/che-code:insiders - - docker manifest create quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} - docker manifest annotate quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 - docker manifest annotate quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 - docker manifest push quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} - elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then - docker manifest create quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} - docker manifest annotate quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 - docker manifest annotate quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 - docker manifest push quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} - - docker manifest create quay.io/che-incubator/che-code:latest --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} - docker manifest annotate quay.io/che-incubator/che-code:latest quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 - docker manifest annotate quay.io/che-incubator/che-code:latest quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 - docker manifest push quay.io/che-incubator/che-code:latest - fi - - release-finish: - name: release-finish - needs: [build, assemble, publish] - runs-on: ubuntu-22.04 - # don't notify for cancelled builds - if: (success() || failure()) && github.ref != 'refs/heads/main' - steps: - - name: Set variables - run: | - BRANCH_NAME=${{ github.ref }} - echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV - - dev: - name: dev - runs-on: ubuntu-22.04 - if: github.ref == 'refs/heads/main' - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} - - name: Docker Build and Push - env: - # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - SHORT_SHA1=$(git rev-parse --short=7 HEAD) - docker buildx build --platform linux/amd64 -f build/dockerfiles/dev.Dockerfile --push -t quay.io/che-incubator/che-code-dev:insiders -t quay.io/che-incubator/che-code-dev:next -t quay.io/che-incubator/che-code-dev:insiders-${SHORT_SHA1} . - diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml new file mode 100644 index 00000000000..89d2a4e0308 --- /dev/null +++ b/.github/workflows/pr-check-build-che-code-image.yaml @@ -0,0 +1,155 @@ +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +name: Pull Request Check + +# Trigger the workflow on pull request +on: [pull_request] + +jobs: + # build: + # name: build + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # matrix: + # dist: [ 'musl', 'libc' ] + # arch: ['amd64'] + # steps: + + # - name: Checkout che-code source code + # uses: actions/checkout@v3 + + # - name: Compile che-code + # run: | + # docker buildx build \ + # --platform linux/${{matrix.arch}} \ + # --progress=plain \ + # -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ + # -t linux-${{matrix.dist}}-${{matrix.arch}} . + + # - name: Upload image + # uses: ishworkh/docker-image-artifact-upload@v1 + # with: + # image: "linux-${{matrix.dist}}-${{matrix.arch}}" + + # assemble: + # name: assemble + # runs-on: ubuntu-22.04 + # needs: build + # steps: + + # - name: Checkout che-code source code + # uses: actions/checkout@v3 + + # - name: Cleanup docker images + # run: | + # docker system prune -af + + # - name: Download linux-libc-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-libc-amd64" + + # - name: Download linux-musl-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-musl-amd64" + + # - name: Login to Quay.io + # uses: docker/login-action@v2 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} + # password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} + + # - name: Display docker images + # run: | + # docker images + + # - name: Assemble che-code + # run: | + # PR_NUMBER="${{ github.event.number }}" + # echo "Pull request $PR_NUMBER" + + # IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code:pr-$PR_NUMBER-amd64" + # echo "_IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV + + # docker buildx build \ + # --platform linux/amd64 \ + # --progress=plain \ + # --push \ + # -f build/dockerfiles/assembly.Dockerfile \ + # -t ${IMAGE_NAME} . + + # - name: Display docker images (final) + # run: | + # docker images + + # - name: 'Comment PR' + # uses: actions/github-script@v6 + # with: + # script: | + # const { repo: { owner, repo } } = context; + # await github.rest.issues.createComment({ + # issue_number: context.issue.number, + # owner: context.repo.owner, + # repo: context.repo.repo, + # body: `Pull Request Che-Code image published:\nšŸ‘‰ [${process.env._IMAGE_NAME}](https://${process.env._IMAGE_NAME})` + # }) + + dev: + name: dev + runs-on: ubuntu-22.04 + steps: + + - name: Checkout che-code source code + uses: actions/checkout@v2 + + - name: Login to Quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} + password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} + + - name: Build Che-Code Docker image + run: | + PR_NUMBER="${{ github.event.number }}" + echo "Pull request $PR_NUMBER" + + DEV_IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code-dev:pr-$PR_NUMBER-dev-amd64" + echo "Dev image $DEV_IMAGE_NAME" + echo "_DEV_IMAGE_NAME=${DEV_IMAGE_NAME}" >> $GITHUB_ENV + + docker buildx build \ + --platform linux/amd64 \ + --progress=plain \ + --push \ + -f build/dockerfiles/dev.ssh.Dockerfile \ + -t ${DEV_IMAGE_NAME} . + + - name: Display docker images + run: | + docker images + + - name: 'Comment PR' + uses: actions/github-script@v6 + with: + script: | + const { repo: { owner, repo } } = context; + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `Pull Request Dev image published:\nšŸ‘‰ [${process.env._DEV_IMAGE_NAME}](https://${process.env._DEV_IMAGE_NAME})` + }) diff --git a/.github/workflows/pull-request-check-licenses.yml b/.github/workflows/pull-request-check-licenses.yml index 4c7e75e4521..f283169e560 100644 --- a/.github/workflows/pull-request-check-licenses.yml +++ b/.github/workflows/pull-request-check-licenses.yml @@ -10,12 +10,11 @@ name: License Check # Trigger the workflow on pull request -on: [pull_request] +on: workflow_dispatch jobs: check-che-extensions-licenses: runs-on: ubuntu-22.04 - if: ${{ github.base_ref == 'main' }} steps: - name: Checkout che-code source code uses: actions/checkout@v4 diff --git a/.github/workflows/pull-request-check-publish.yml b/.github/workflows/pull-request-check-publish.yml deleted file mode 100644 index 90a998a3380..00000000000 --- a/.github/workflows/pull-request-check-publish.yml +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (c) 2021-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -name: Publish Image PR check - -on: - workflow_run: - workflows: ["Pull Request Check"] - types: - - completed - -jobs: - - publish-images: - name: publish image from the pull request - runs-on: ubuntu-22.04 - steps: - - - name: Download Pull Request Number artifact - uses: actions/download-artifact@v4 - with: - name: pull-request-number - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ github.token }} - - - name: Grab Pull Request number - run: | - pr_number=$(cat "PR_NUMBER") - echo "Pull Request: ${pr_number}" - if ! [[ "$pr_number" =~ ^[0-9]+$ ]]; then - echo "Wrong Pull Request number" - exit 1 - fi - echo "_PR_NUMBER=$pr_number" >> $GITHUB_ENV - - - name: Cleanup docker images - run: | - docker system prune -af - - - name: Download che-code docker image artifact - uses: actions/download-artifact@v4 - with: - pattern: che-* - merge-multiple: true - path: . - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ github.token }} - - - name: List downloaded files - run: | - ls -lahR - - - name: Load Docker images - run: | - docker load -i che-code-amd64.tgz - docker load -i che-code-arm64.tgz - docker load -i che-dev.tgz - - - name: Login to Quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} - password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} - - - name: Push che-code-amd64 docker image - run: | - export IMAGE=quay.io/che-incubator-pull-requests/che-code:pr-${{env._PR_NUMBER}}-amd64 - docker tag che-code-amd64 ${IMAGE} - docker push ${IMAGE} - echo "_CHE_CODE_AMD64_IMAGE=${IMAGE}" >> $GITHUB_ENV - - - name: Push che-code-arm64 docker image - run: | - export IMAGE=quay.io/che-incubator-pull-requests/che-code:pr-${{env._PR_NUMBER}}-arm64 - docker tag che-code-arm64 ${IMAGE} - docker push ${IMAGE} - echo "_CHE_CODE_ARM64_IMAGE=${IMAGE}" >> $GITHUB_ENV - - - name: Push che-dev docker image - run: | - export IMAGE=quay.io/che-incubator-pull-requests/che-code-dev:pr-${{env._PR_NUMBER}}-dev-amd64 - docker tag che-dev ${IMAGE} - docker push ${IMAGE} - echo "_CHE_DEV_IMAGE=${IMAGE}" >> $GITHUB_ENV - - - name: 'Comment PR' - uses: actions/github-script@v7 - with: - script: | - const { repo: { owner, repo } } = context; - await github.rest.issues.createComment({ - issue_number: process.env._PR_NUMBER, - owner: context.repo.owner, - repo: context.repo.repo, - body: `Pull Request images published āœØ\n\nEditor amd64: [${process.env._CHE_CODE_AMD64_IMAGE}](https://${process.env._CHE_CODE_AMD64_IMAGE})\nEditor arm64: [${process.env._CHE_CODE_ARM64_IMAGE}](https://${process.env._CHE_CODE_ARM64_IMAGE})\nDev image: [${process.env._CHE_DEV_IMAGE}](https://${process.env._CHE_DEV_IMAGE})` - }) diff --git a/.github/workflows/pull-request-check.yml b/.github/workflows/pull-request-check.yml deleted file mode 100644 index 12b6e3b4acd..00000000000 --- a/.github/workflows/pull-request-check.yml +++ /dev/null @@ -1,173 +0,0 @@ -# -# Copyright (c) 2021-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -name: Pull Request Check - -# Trigger the workflow on pull request -on: [pull_request] - -jobs: - check-artifacts: - runs-on: ubuntu-22.04 - steps: - - name: Checkout che-code source code - uses: actions/checkout@v4 - - name: Install jq - uses: dcarbone/install-jq-action@v3 - with: - version: 1.7 - force: true - - name: Generate artifacts - run: ./build/artifacts/generate.sh - - name: Check if artifacts are up to date - run: | - if [[ $(git diff --name-only | wc -l) != 0 ]]; then - # Print difference - git --no-pager diff - - echo "[ERROR] Artifacts is not up to date." - echo "[ERROR] Run './build/artifacts/generate.sh' and include file into the commit." - exit 1 - fi - - build: - name: build - strategy: - fail-fast: false - matrix: - dist: ['libc-ubi8', 'libc-ubi9', 'musl'] - runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] - runs-on: ${{matrix.runners}} - steps: - - name: Set arch environment variable - run: | - if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then - echo arch="amd64" >> $GITHUB_ENV - else - echo arch="arm64" >> $GITHUB_ENV - fi - - name: Checkout che-code source code - uses: actions/checkout@v4 - - name: Cleanup docker images - run: docker system prune -af - - name: Compile che-code - run: | - docker buildx build \ - --platform linux/${{env.arch}} \ - --progress=plain \ - -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ - -t linux-${{matrix.dist}}-${{env.arch}} . - - name: Display docker images - run: docker images - - name: Compress image to a file - run: docker save linux-${{matrix.dist}}-${{env.arch}} | gzip > linux-${{matrix.dist}}-${{env.arch}}.tgz - - name: Upload image artifact - uses: actions/upload-artifact@v4 - with: - name: linux-${{matrix.dist}}-${{env.arch}} - path: linux-${{matrix.dist}}-${{env.arch}}.tgz - - assemble: - name: assemble - needs: build - strategy: - fail-fast: false - matrix: - runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] - runs-on: ${{matrix.runners}} - steps: - - name: Set arch environment variable - run: | - if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then - echo arch="amd64" >> $GITHUB_ENV - else - echo arch="arm64" >> $GITHUB_ENV - fi - - name: Checkout che-code source code - uses: actions/checkout@v4 - - name: Cleanup docker images - run: docker system prune -af - - name: Download editor artifacts - uses: actions/download-artifact@v4 - with: - pattern: linux-* - merge-multiple: true - path: . - - name: List downloaded files - run: ls -lah - - name: Load docker images - run: | - docker load -i linux-libc-ubi8-${{env.arch}}.tgz - docker load -i linux-libc-ubi9-${{env.arch}}.tgz - docker load -i linux-musl-${{env.arch}}.tgz - - name: Display docker images - run: docker images - - name: Update assembly.Dockerfile - run: | - sed "s|FROM linux-libc-ubi8|FROM linux-libc-ubi8-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - sed "s|FROM linux-libc-ubi9|FROM linux-libc-ubi9-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - sed "s|FROM linux-musl|FROM linux-musl-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" - - name: Assemble che-code - run: | - docker buildx build \ - --platform linux/${{env.arch}} \ - --progress=plain \ - -f build/dockerfiles/assembly.Dockerfile \ - -t che-code-${{env.arch}} . - - name: Display docker images - run: docker images - - name: Compress image to a file - run: docker save che-code-${{env.arch}} | gzip > che-code-${{env.arch}}.tgz - - name: Upload image artifact - uses: actions/upload-artifact@v4 - with: - name: che-code-${{env.arch}} - path: che-code-${{env.arch}}.tgz - - name: Store PR info - run: echo "${{ github.event.number }}" > PR_NUMBER - # Upload PR number artifact only once - - name: Upload PR Number artifact - uses: actions/upload-artifact@v4 - if: ${{ env.arch == 'amd64' }} - with: - name: pull-request-number - path: PR_NUMBER - - dev: - name: build-che-dev-image - runs-on: ubuntu-22.04 - steps: - - name: Checkout che-code source code - uses: actions/checkout@v4 - - - name: Cleanup docker images - run: | - docker system prune -af - - - name: Build Che-Code Docker image - run: | - docker buildx build \ - --platform linux/amd64 \ - --progress=plain \ - -f build/dockerfiles/dev.Dockerfile \ - -t che-dev . - - - name: Display docker images - run: | - docker images - - - name: Compress che-dev image to a file - run: | - docker save che-dev | gzip > che-dev.tgz - - - name: Upload che-dev docker image artifact - uses: actions/upload-artifact@v4 - with: - name: che-dev - path: che-dev.tgz diff --git a/.github/workflows/rebase-insiders.yml b/.github/workflows/rebase-insiders.yml deleted file mode 100644 index dfc044f4dc4..00000000000 --- a/.github/workflows/rebase-insiders.yml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Copyright (c) 2021-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -name: rebase-insiders - -# Trigger on demand or every 4 hour -on: - workflow_dispatch: - schedule: - - cron: "10 */4 * * *" - -jobs: - - rebase-insiders: - name: rebase - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: configure git - run: | - git config --global user.email "fbenoit+sync-checode@redhat.com" - git config --global user.name "Eclipse Che Sync" - - name: add upstream remote and fetch main branch - run: | - git remote add upstream-code https://github.com/microsoft/vscode - git fetch upstream-code main - - name: rebase - run: | - ./rebase.sh - - name: Disable the Workflow - if: failure() - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh api \ - --method PUT \ - -H "Accept: application/vnd.github+json" \ - /repos/che-incubator/che-code/actions/workflows/rebase-insiders.yml/disable - - name: Validate tests on libc-ubi9 image - env: - # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - docker buildx build --memory-swap -1 --memory 10g --platform linux/amd64 -f build/dockerfiles/linux-libc-ubi9.Dockerfile . - - name: Generate artifacts.lock.yaml - run: ./build/artifacts/generate.sh - - name: push changes - run: | - set -e - git add ./build/artifacts/artifacts.lock.yaml - git commit -m "Update artifacts.lock.yaml" --signoff - git push origin main - - diff --git a/.github/workflows/rebase-release-branch.yml b/.github/workflows/rebase-release-branch.yml deleted file mode 100644 index 0c4d732a214..00000000000 --- a/.github/workflows/rebase-release-branch.yml +++ /dev/null @@ -1,63 +0,0 @@ -# -# Copyright (c) 2021-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -name: rebase-release - -# Trigger on demand or every 12 hour -on: - workflow_dispatch: - schedule: - - cron: "10 */12 * * *" - -jobs: - - rebase-release: - name: rebase - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: configure git - run: | - git config --global user.email "fbenoit+sync-checode@redhat.com" - git config --global user.name "Eclipse Che Sync" - - name: pickup-latest-release branch - run: | - LATEST_REMOTE_RELEASE_BRANCH=$(git branch -r --sort=-committerdate -l 'origin/1.*.x' | head -n 1 | tr -d '[:space:]') - LATEST_RELEASE_BRANCH=$(echo "${LATEST_REMOTE_RELEASE_BRANCH/origin\//}") - UPSTREAM_CODE_VERSION=$(sed 's|origin\/\(.*\).x|\1|' <<< "${LATEST_REMOTE_RELEASE_BRANCH}") - UPSTREAM_CODE_BRANCH="release/${UPSTREAM_CODE_VERSION}" - echo "Checkouting latest release branch ${LATEST_RELEASE_BRANCH}" - git checkout ${LATEST_RELEASE_BRANCH} - git remote add upstream-code https://github.com/microsoft/vscode - echo "Fetch the branch ${UPSTREAM_CODE_BRANCH} from upstream-code" - git fetch upstream-code ${UPSTREAM_CODE_BRANCH} - - name: rebase - run: | - ./rebase.sh - - name: Validate tests on libc-ubi9 image - env: - # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - docker buildx build --memory-swap -1 --memory 10g --platform linux/amd64 -f build/dockerfiles/linux-libc-ubi9.Dockerfile . - - name: push changes - run: | - set -e - CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) - git push origin ${CURRENT_BRANCH} - - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 010337b5b69..00000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (c) 2022-2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -# This Workflow performs a full release of Che Code -name: Release Che Code -on: - workflow_dispatch: - inputs: - version: - description: 'The version that is going to be released. Should be in format 7.y.z' - required: true - default: '7.y.z' - forceRecreateTags: - description: If true, tags will be recreated. Use with caution - required: false - default: 'false' - -jobs: - tag-release: - runs-on: ubuntu-22.04 - steps: - - - name: "Checkout Che Code source code" - uses: actions/checkout@v4 - with: - token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} - - - name: "Setup Node" - uses: actions/setup-node@v4 - with: - node-version: "18" - - - name: Check existing tags - run: | - set +e - RECREATE_TAGS=${{ github.event.inputs.forceRecreateTags }} - VERSION=${{ github.event.inputs.version }} - EXISTING_TAG=$(git ls-remote --exit-code origin refs/tags/${VERSION}) - if [[ -n ${EXISTING_TAG} ]]; then - if [[ ${RECREATE_TAGS} == "true" ]]; then - echo "[INFO] Removing tag for ${VERSION} version. New tag will be recreated during release." - git push origin :$VERSION - else - echo "[ERROR] Cannot proceed with release - tag ${EXISTING_TAG} already exists." - exit 1 - fi - else - echo "[INFO] No existing tags detected for $VERSION" - fi - - - name: "Tag release" - run: | - git config --global user.name "Mykhailo Kuznietsov" - git config --global user.email "mkuznets@redhat.com" - git config --global pull.rebase true - export GITHUB_TOKEN=${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} - /bin/bash make-release.sh --version ${{ github.event.inputs.version }} --tag-release - diff --git a/.github/workflows/smoke-test-pr-check.yaml b/.github/workflows/smoke-test-pr-check.yaml.disabled similarity index 82% rename from .github/workflows/smoke-test-pr-check.yaml rename to .github/workflows/smoke-test-pr-check.yaml.disabled index 51638c63a0d..fd8803209ab 100644 --- a/.github/workflows/smoke-test-pr-check.yaml +++ b/.github/workflows/smoke-test-pr-check.yaml.disabled @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2025 Red Hat, Inc. +# Copyright (c) 2023 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -28,30 +28,30 @@ jobs: steps: - name: Checkout che-code source code - uses: actions/checkout@v4 + uses: actions/checkout@v3 - name: Prepare Che-Code Dockerfile ( remove tests ) run: | # # truncate Dockerfile, remove section that runs tests # - cp -f build/dockerfiles/linux-libc-ubi9.Dockerfile build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile + cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile REMOVE_FROM="### Beginning of tests" REMOVE_TO="### Ending of tests" - sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/{/${REMOVE_FROM}/n;/${REMOVE_TO}/!d;}" build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile + sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/{/${REMOVE_FROM}/n;/${REMOVE_TO}/!d;}" build/dockerfiles/linux-libc.no-test.Dockerfile # # show the Dockerfile # - cat build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile + cat build/dockerfiles/linux-libc.no-test.Dockerfile - name: Compile Che-Code editor run: | # - # build linux-libc-ubi9:latest docker image + # build linux-libc-amd64:latest docker image # docker image prune -a -f - docker build --memory-swap -1 --memory 12g -f build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile -t linux-libc-ubi9 . + docker build --memory-swap -1 --memory 12g -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . - name: Build Che-Code Docker image run: | @@ -59,14 +59,10 @@ jobs: # build che-code:latest docker image # cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.copy.Dockerfile - REPLACE_FROM="FROM linux-musl as linux-musl-content" + REPLACE_FROM="FROM linux-musl-amd64 as linux-musl-content" sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile REPLACE_FROM="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile - REPLACE_FROM="FROM linux-libc-ubi8 as linux-libc-ubi8-content" - sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile - REPLACE_FROM="COPY --from=linux-libc-ubi8-content --chown=0:0 /checode-linux-libc/ubi8 /mnt/rootfs/checode-linux-libc/ubi8" - sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile export DOCKER_BUILDKIT=1 docker build -f build/dockerfiles/assembly.copy.Dockerfile -t che-code . @@ -93,7 +89,7 @@ jobs: minikube-version: v1.23.2 - name: Install chectl - run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next + run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next - name: Deploy Che run: | @@ -108,8 +104,8 @@ jobs: chectl server:deploy \ --batch \ --platform minikube \ - --k8spodwaittimeout=480000 \ - --k8spodreadytimeout=480000 \ + --k8spodwaittimeout=120000 \ + --k8spodreadytimeout=120000 \ --che-operator-cr-patch-yaml "${GITHUB_WORKSPACE}/build/test/github-minikube-checluster-patch.yaml" # @@ -122,7 +118,7 @@ jobs: - name: Pull Universal Base Image run: | - minikube image pull quay.io/devfile/universal-developer-image:ubi9-latest + minikube image pull quay.io/devfile/universal-developer-image:ubi8-latest - name: Run Smoke test run: | @@ -167,14 +163,14 @@ jobs: - name: Store e2e artifacts if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v3 with: name: e2e-artifacts path: /tmp/tests - name: Store k8s logs if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v3 with: name: k8s-logs path: /tmp/devworkspace-happy-path-artifacts/admin-che-info diff --git a/.github/workflows/try-in-web-ide.yaml b/.github/workflows/try-in-web-ide.yaml deleted file mode 100644 index 400b01bdac6..00000000000 --- a/.github/workflows/try-in-web-ide.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2022 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# -# Contributors: -# Red Hat, Inc. - initial API and implementation -# - -name: Try in Web IDE - -on: - pull_request_target: - types: opened - -jobs: - add-link: - runs-on: ubuntu-22.04 - steps: - - name: Add DevSandbox link - uses: redhat-actions/try-in-web-ide@v1.4 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - add_comment: true - add_status: false - - name: Add Dogfooding link - uses: redhat-actions/try-in-web-ide@v1.4 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - add_comment: true - add_status: false - web_ide_instance: https://che-dogfooding.apps.che-dev.x6e0.p1.openshiftapps.com - comment_badge: https://img.shields.io/static/v1?label=Eclipse%20Che%20(nightly)&message=Dev%20cluster%20(for%20maintainers)&logo=eclipseche&color=525C86&labelColor=FDB940 diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile new file mode 100644 index 00000000000..31edfd23e66 --- /dev/null +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -0,0 +1,70 @@ +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +FROM quay.io/devfile/universal-developer-image:latest + +USER 0 + +RUN dnf -y install libsecret openssh-server dropbear && \ + dnf -y clean all --enablerepo='*' + +# Follow the sample https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/ + +# Step 1. Generate SSH Host keys + +RUN mkdir /opt/ssh + +RUN ssh-keygen -q -N "" -t dsa -f /opt/ssh/ssh_host_dsa_key && \ + ssh-keygen -q -N "" -t rsa -b 4096 -f /opt/ssh/ssh_host_rsa_key && \ + ssh-keygen -q -N "" -t ecdsa -f /opt/ssh/ssh_host_ecdsa_key && \ + ssh-keygen -q -N "" -t ed25519 -f /opt/ssh/ssh_host_ed25519_key + +RUN ls -l /opt/ssh/ + +# Step 2. Configure SSHH as non-root user + +RUN cp /etc/ssh/sshd_config /opt/ssh/ + +# Use a non-privileged port +RUN sed -i 's|#Port 22|Port 2022|' /opt/ssh/sshd_config + +# provide the new path containing these host keys +RUN sed -i 's|HostKey /etc/ssh/ssh_host_rsa_key|HostKey /opt/ssh/ssh_host_rsa_key|' /opt/ssh/sshd_config +RUN sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /opt/ssh/ssh_host_ecdsa_key|' /opt/ssh/sshd_config +RUN sed -i 's|HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /opt/ssh/ssh_host_ed25519_key|' /opt/ssh/sshd_config + +RUN sed -i 's|#PubkeyAuthentication yes|PubkeyAuthentication yes|' /opt/ssh/sshd_config +RUN sed -i 's|AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile /home/user/ssh/authorized_keys|' /opt/ssh/sshd_config + +# Enable DEBUG log. You can ignore this but this may help you debug any issue while enabling SSHD for the first time +RUN sed -i 's|#LogLevel INFO|LogLevel DEBUG3|' /opt/ssh/sshd_config + +RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config + + +# Provide a path to store PID file which is accessible by normal user for write purpose +RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config + +RUN echo "account include base-account" > /etc/pam.d/sshd.pam + + +# Add script to start and stop the service +COPY --chown=0:0 /build/sshd.start / +COPY --chown=0:0 /build/sshd.connect / + + +# Step 4. Fix permissions +RUN chmod 644 /opt/ssh/* +RUN chmod 664 /opt/ssh/sshd_config +RUN chown -R user:root /opt/ssh/ + +RUN chmod 774 /opt/ssh + +EXPOSE 2022 + +USER 10001 diff --git a/build/sshd.connect b/build/sshd.connect new file mode 100755 index 00000000000..412978ef6d7 --- /dev/null +++ b/build/sshd.connect @@ -0,0 +1,6 @@ +#!/bin/bash + +rm -rf /home/user/.ssh +mkdir -p /home/user/.ssh + +ssh -l user -p 2022 -i /home/user/ssh/host_ed25519_key 127.0.0.1 diff --git a/build/sshd.start b/build/sshd.start new file mode 100755 index 00000000000..8069718ae1c --- /dev/null +++ b/build/sshd.start @@ -0,0 +1,13 @@ +#!/bin/bash + +# should prepare ssh keys +rm -rf /home/user/ssh +mkdir -p /home/user/ssh +ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key +cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys + +# start +/usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log + +# stop +# /usr/sbin/sshd -t -f /opt/ssh/sshd_config -E /tmp/sshd.log diff --git a/devfile.pr-327.yaml b/devfile.pr-327.yaml new file mode 100644 index 00000000000..d2685211c43 --- /dev/null +++ b/devfile.pr-327.yaml @@ -0,0 +1,45 @@ +# +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +schemaVersion: 2.1.0 +metadata: + name: ssh-test + +projects: + - name: recommended-extensions-sample + git: + remotes: + origin: https://github.com/vitaliy-guliy/recommended-extensions-sample + checkoutFrom: + revision: master + +components: + + - name: dev + container: + image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 + memoryLimit: 8Gi + memoryRequest: 512Mi + cpuRequest: 500m + cpuLimit: 3500m + endpoints: + - exposure: public + name: dev + secure: true + protocol: http + targetPort: 8000 + + - exposure: public + name: sshd + targetPort: 2022 + protocol: tcp + + - name: projects + volume: + size: 7Gi diff --git a/devfile.yaml b/devfile.yaml index 50278da3364..1cd599165be 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -10,6 +10,7 @@ schemaVersion: 2.2.2 metadata: name: che-code + components: - name: dev From 9862dca5d450b5dcfec03fd074470b7094c79019 Mon Sep 17 00:00:00 2001 From: Roland Grunberg Date: Wed, 23 Jul 2025 16:33:36 -0400 Subject: [PATCH 2/3] More changes to support VS Code (local) to Devworkspace over SSH. - Custom image based on UDI that contains the non-root SSH daemon, basic web server to show webpage on startup to guide the user - che-code-sshd.yaml file as entrypoint to configure the custom image Signed-off-by: Roland Grunberg --- .../pr-check-build-che-code-image.yaml | 21 +----- build/dockerfiles/dev.ssh.Dockerfile | 70 ------------------ build/dockerfiles/dev.sshd.Dockerfile | 62 ++++++++++++++++ build/scripts/server.js | 74 +++++++++++++++++++ build/scripts/sshd.start | 20 +++++ build/sshd.connect | 6 -- build/sshd.start | 13 ---- che-code-sshd.yaml | 64 ++++++++++++++++ devfile.pr-327.yaml | 45 ----------- devfile.yaml | 1 - 10 files changed, 223 insertions(+), 153 deletions(-) delete mode 100644 build/dockerfiles/dev.ssh.Dockerfile create mode 100644 build/dockerfiles/dev.sshd.Dockerfile create mode 100644 build/scripts/server.js create mode 100755 build/scripts/sshd.start delete mode 100755 build/sshd.connect delete mode 100755 build/sshd.start create mode 100644 che-code-sshd.yaml delete mode 100644 devfile.pr-327.yaml diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml index 89d2a4e0308..b2fffa79f51 100644 --- a/.github/workflows/pr-check-build-che-code-image.yaml +++ b/.github/workflows/pr-check-build-che-code-image.yaml @@ -13,7 +13,7 @@ name: Pull Request Check # Trigger the workflow on pull request -on: [pull_request] +on: [workflow_dispatch] jobs: # build: @@ -124,10 +124,7 @@ jobs: - name: Build Che-Code Docker image run: | - PR_NUMBER="${{ github.event.number }}" - echo "Pull request $PR_NUMBER" - - DEV_IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code-dev:pr-$PR_NUMBER-dev-amd64" + DEV_IMAGE_NAME="quay.io/rgrunber/che-code-sshd:latest" echo "Dev image $DEV_IMAGE_NAME" echo "_DEV_IMAGE_NAME=${DEV_IMAGE_NAME}" >> $GITHUB_ENV @@ -135,21 +132,9 @@ jobs: --platform linux/amd64 \ --progress=plain \ --push \ - -f build/dockerfiles/dev.ssh.Dockerfile \ + -f build/dockerfiles/dev.sshd.Dockerfile \ -t ${DEV_IMAGE_NAME} . - name: Display docker images run: | docker images - - - name: 'Comment PR' - uses: actions/github-script@v6 - with: - script: | - const { repo: { owner, repo } } = context; - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `Pull Request Dev image published:\nšŸ‘‰ [${process.env._DEV_IMAGE_NAME}](https://${process.env._DEV_IMAGE_NAME})` - }) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile deleted file mode 100644 index 31edfd23e66..00000000000 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright (c) 2022 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -FROM quay.io/devfile/universal-developer-image:latest - -USER 0 - -RUN dnf -y install libsecret openssh-server dropbear && \ - dnf -y clean all --enablerepo='*' - -# Follow the sample https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/ - -# Step 1. Generate SSH Host keys - -RUN mkdir /opt/ssh - -RUN ssh-keygen -q -N "" -t dsa -f /opt/ssh/ssh_host_dsa_key && \ - ssh-keygen -q -N "" -t rsa -b 4096 -f /opt/ssh/ssh_host_rsa_key && \ - ssh-keygen -q -N "" -t ecdsa -f /opt/ssh/ssh_host_ecdsa_key && \ - ssh-keygen -q -N "" -t ed25519 -f /opt/ssh/ssh_host_ed25519_key - -RUN ls -l /opt/ssh/ - -# Step 2. Configure SSHH as non-root user - -RUN cp /etc/ssh/sshd_config /opt/ssh/ - -# Use a non-privileged port -RUN sed -i 's|#Port 22|Port 2022|' /opt/ssh/sshd_config - -# provide the new path containing these host keys -RUN sed -i 's|HostKey /etc/ssh/ssh_host_rsa_key|HostKey /opt/ssh/ssh_host_rsa_key|' /opt/ssh/sshd_config -RUN sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /opt/ssh/ssh_host_ecdsa_key|' /opt/ssh/sshd_config -RUN sed -i 's|HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /opt/ssh/ssh_host_ed25519_key|' /opt/ssh/sshd_config - -RUN sed -i 's|#PubkeyAuthentication yes|PubkeyAuthentication yes|' /opt/ssh/sshd_config -RUN sed -i 's|AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile /home/user/ssh/authorized_keys|' /opt/ssh/sshd_config - -# Enable DEBUG log. You can ignore this but this may help you debug any issue while enabling SSHD for the first time -RUN sed -i 's|#LogLevel INFO|LogLevel DEBUG3|' /opt/ssh/sshd_config - -RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config - - -# Provide a path to store PID file which is accessible by normal user for write purpose -RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config - -RUN echo "account include base-account" > /etc/pam.d/sshd.pam - - -# Add script to start and stop the service -COPY --chown=0:0 /build/sshd.start / -COPY --chown=0:0 /build/sshd.connect / - - -# Step 4. Fix permissions -RUN chmod 644 /opt/ssh/* -RUN chmod 664 /opt/ssh/sshd_config -RUN chown -R user:root /opt/ssh/ - -RUN chmod 774 /opt/ssh - -EXPOSE 2022 - -USER 10001 diff --git a/build/dockerfiles/dev.sshd.Dockerfile b/build/dockerfiles/dev.sshd.Dockerfile new file mode 100644 index 00000000000..8573a00c417 --- /dev/null +++ b/build/dockerfiles/dev.sshd.Dockerfile @@ -0,0 +1,62 @@ +# Copyright (c) 2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +FROM quay.io/devfile/universal-developer-image:latest + +USER 0 + +RUN dnf -y install libsecret openssh-server && \ + dnf -y clean all --enablerepo='*' + +# Step 1. Generate SSH Host keys +RUN mkdir /opt/ssh +RUN chmod 755 /opt/ssh +RUN chown -R root:root /opt/ssh/ + +RUN ssh-keygen -q -N "" -t dsa -f /opt/ssh/ssh_host_dsa_key && \ + ssh-keygen -q -N "" -t rsa -b 4096 -f /opt/ssh/ssh_host_rsa_key && \ + ssh-keygen -q -N "" -t ecdsa -f /opt/ssh/ssh_host_ecdsa_key && \ + ssh-keygen -q -N "" -t ed25519 -f /opt/ssh/ssh_host_ed25519_key + +# Step 2. Configure SSH as non-root user +RUN cp /etc/ssh/sshd_config /opt/ssh/ + +# Step 3. Fix permissions +RUN chmod 644 /opt/ssh/ssh_host_* /opt/ssh/sshd_config + +# Use non-privileged port, set user authorized keys, disable strict checks +RUN sed -i \ +-e 's|#Port 22|Port 2022|' \ +-e 's|AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile /home/user/ssh/authorized_keys|' \ +-e 's|#StrictModes yes|StrictModes=no|' \ +-e 's|#PidFile /var/run/sshd.pid|PidFile /tmp/sshd.pid|' \ +-e 's|#LogLevel INFO|LogLevel DEBUG3|' \ + /opt/ssh/sshd_config + +# Provide new path containing host keys +RUN sed -i \ +-e 's|#HostKey /etc/ssh/ssh_host_rsa_key|HostKey /opt/ssh/ssh_host_rsa_key|' \ +-e 's|#HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /opt/ssh/ssh_host_ecdsa_key|' \ +-e 's|#HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /opt/ssh/ssh_host_ed25519_key|' \ + /opt/ssh/sshd_config + +# Prepare SSH Keys +RUN ssh-keygen -q -N "" -t ed25519 -f /opt/ssh/ssh_client_ed25519_key +RUN chmod 644 /opt/ssh/ssh_client_* + +# Add script to start and stop the service +COPY --chown=0:0 /build/scripts/sshd.start / + +RUN mkdir /opt/www +COPY /build/scripts/server.js /opt/www/ + +ENV USER_NAME=dev + +EXPOSE 2022 3400 + +USER 10001 diff --git a/build/scripts/server.js b/build/scripts/server.js new file mode 100644 index 00000000000..e77f8934599 --- /dev/null +++ b/build/scripts/server.js @@ -0,0 +1,74 @@ +/* + Copyright (c) 2025 Red Hat, Inc. + This program and the accompanying materials are made + available under the terms of the Eclipse Public License 2.0 + which is available at https://www.eclipse.org/legal/epl-2.0/ + + SPDX-License-Identifier: EPL-2.0 +*/ + +const http = require('http'); +const fs = require('fs'); +const hostname = '127.0.0.1'; +const port = 3400; + +const server = http.createServer((req, res) => { + res.statusCode = 200; + res.setHeader('Content-Type', 'text/html'); + + let hasUserPrefSSHKey = fs.existsSync('/etc/ssh/dwo_ssh_key.pub'); + + let pubKey = "PUBLIC KEY COULD NOT BE DISPLAYED"; + try { + pubKey = fs.readFileSync('/etc/ssh/dwo_ssh_key.pub', 'utf8'); + } catch (err) { + // continue + } + + let genKey = "PRIVATE KEY NOT FOUND"; + try { + genKey = fs.readFileSync('/opt/ssh/ssh_client_ed25519_key', 'utf8'); + } catch (err) { + // continue + } + + let keyMessage = ` + 
${hasUserPrefSSHKey ? pubKey : genKey}
+

+

+ This can also be configured locally in $HOME/.ssh/config with the following :`; + + res.end(` + + + + ${process.env["DEVWORKSPACE_NAME"]} + + +

Workspace ${process.env["DEVWORKSPACE_NAME"]} is running

+
+
    +
  1. Make sure your local oc client is logged in to your OpenShift cluster
    2. +

  2. Run oc port-forward ${process.env["HOSTNAME"]} 2022:2022. This establishes a connection to the workspace.

    3. +
  3. +

    In your local VS Code, connect to localhost on port 2022 with user ${process.env["USER_NAME"]} ${hasUserPrefSSHKey ? `. The SSH key, corresponding to the following public key, configured in the "SSH Keys" tab of "User Preferences" has been authorized to connect :` : `and the following identity file :`} ${keyMessage} + 

    +Host localhost
+  HostName 127.0.0.1
+  User ${process.env["USER_NAME"]}
+  Port 2022
+  IdentityFile /path/to/the/ssh_client_ed25519_key
+
    +

    +
    4. +
+

If the connection fails with "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED", it may be necessary to remove the localhost or 127.0.0.1 entries from $HOME/.ssh/known_hosts. This is because the SSHD service container (to which oc port-forward is forwarding) may change.

+
+ + + `); +}); + +server.listen(port, hostname, () => { + console.log(`Server running at http://${hostname}:${port}/`); +}); diff --git a/build/scripts/sshd.start b/build/scripts/sshd.start new file mode 100755 index 00000000000..5f8598e35d8 --- /dev/null +++ b/build/scripts/sshd.start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright (c) 2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +rm -rf /home/user/ssh +mkdir -p /home/user/ssh +if [ -f /etc/ssh/dwo_ssh_key.pub ]; then + cp /etc/ssh/dwo_ssh_key.pub /home/user/ssh/authorized_keys +else + cp /opt/ssh/ssh_client_ed25519_key.pub /home/user/ssh/authorized_keys +fi + +# start +/usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log diff --git a/build/sshd.connect b/build/sshd.connect deleted file mode 100755 index 412978ef6d7..00000000000 --- a/build/sshd.connect +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -rm -rf /home/user/.ssh -mkdir -p /home/user/.ssh - -ssh -l user -p 2022 -i /home/user/ssh/host_ed25519_key 127.0.0.1 diff --git a/build/sshd.start b/build/sshd.start deleted file mode 100755 index 8069718ae1c..00000000000 --- a/build/sshd.start +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# should prepare ssh keys -rm -rf /home/user/ssh -mkdir -p /home/user/ssh -ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key -cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys - -# start -/usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log - -# stop -# /usr/sbin/sshd -t -f /opt/ssh/sshd_config -E /tmp/sshd.log diff --git a/che-code-sshd.yaml b/che-code-sshd.yaml new file mode 100644 index 00000000000..71ff72c8552 --- /dev/null +++ b/che-code-sshd.yaml @@ -0,0 +1,64 @@ +# +# Copyright (c) 2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +schemaVersion: 2.3.0 +metadata: + name: che-code-sshd + displayName: Visual Studio Code (desktop) (SSH) + description: Visual Studio Code server for Eclipse Che over SSH - latest + tags: + - ssh + - CLI + - vscode + attributes: + arch: + - x86_64 + - arm64 + - s390x + - ppc64le + publisher: che-incubator + version: latest + provider: Provided by [Microsoft](https://www.microsoft.com/) under [License](https://code.visualstudio.com/License) + title: Visual Studio Code server for Eclipse Che over SSH - latest + repository: https://github.com/rgrunber/che-code + firstPublicationDate: '2025-08-01' + +components: + - name: che-code-sshd + container: + image: quay.io/rgrunber/che-code-sshd:latest + memoryLimit: 1024Mi + memoryRequest: 256Mi + cpuLimit: 500m + cpuRequest: 30m + command: + - sh + - -c + - "nohup /entrypoint.sh & nohup /sshd.start & nohup node /opt/www/server.js & tail -f /dev/null" + endpoints: + - name: che-code-sshd + attributes: + type: main + discoverable: false + urlRewriteSupported: true + targetPort: 3400 + exposure: public + secure: true + protocol: https + volumeMounts: + - name: m2 + path: /home/user/.m2 + attributes: + app.kubernetes.io/component: che-code-sshd + app.kubernetes.io/part-of: che-code-server.eclipse.org + - name: m2 + volume: {} diff --git a/devfile.pr-327.yaml b/devfile.pr-327.yaml deleted file mode 100644 index d2685211c43..00000000000 --- a/devfile.pr-327.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (c) 2022 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -schemaVersion: 2.1.0 -metadata: - name: ssh-test - -projects: - - name: recommended-extensions-sample - git: - remotes: - origin: https://github.com/vitaliy-guliy/recommended-extensions-sample - checkoutFrom: - revision: master - -components: - - - name: dev - container: - image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 - memoryLimit: 8Gi - memoryRequest: 512Mi - cpuRequest: 500m - cpuLimit: 3500m - endpoints: - - exposure: public - name: dev - secure: true - protocol: http - targetPort: 8000 - - - exposure: public - name: sshd - targetPort: 2022 - protocol: tcp - - - name: projects - volume: - size: 7Gi diff --git a/devfile.yaml b/devfile.yaml index 1cd599165be..50278da3364 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -10,7 +10,6 @@ schemaVersion: 2.2.2 metadata: name: che-code - components: - name: dev From 9bda3ee895b3b8e66e87bdf2b74f9b123c8dccad Mon Sep 17 00:00:00 2001 From: Roland Grunberg Date: Wed, 27 Aug 2025 08:33:12 -0400 Subject: [PATCH 3/3] Add che-code-sshd image to publishing workflow - restore the disabled workflows. - editor definition to be re-located into che-operator Signed-off-by: Roland Grunberg --- .github/workflows/image-publish.yml | 202 ++++++++++++++++++ .../pr-check-build-che-code-image.yaml | 140 ------------ .../workflows/pull-request-check-licenses.yml | 3 +- .../workflows/pull-request-check-publish.yml | 103 +++++++++ .github/workflows/pull-request-check.yml | 173 +++++++++++++++ .github/workflows/rebase-insiders.yml | 68 ++++++ .github/workflows/rebase-release-branch.yml | 63 ++++++ .github/workflows/release.yml | 64 ++++++ ...yaml.disabled => smoke-test-pr-check.yaml} | 32 +-- .github/workflows/try-in-web-ide.yaml | 36 ++++ che-code-sshd.yaml | 64 ------ 11 files changed, 729 insertions(+), 219 deletions(-) create mode 100644 .github/workflows/image-publish.yml delete mode 100644 .github/workflows/pr-check-build-che-code-image.yaml create mode 100644 .github/workflows/pull-request-check-publish.yml create mode 100644 .github/workflows/pull-request-check.yml create mode 100644 .github/workflows/rebase-insiders.yml create mode 100644 .github/workflows/rebase-release-branch.yml create mode 100644 .github/workflows/release.yml rename .github/workflows/{smoke-test-pr-check.yaml.disabled => smoke-test-pr-check.yaml} (82%) create mode 100644 .github/workflows/try-in-web-ide.yaml delete mode 100644 che-code-sshd.yaml diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml new file mode 100644 index 00000000000..9a58e298869 --- /dev/null +++ b/.github/workflows/image-publish.yml @@ -0,0 +1,202 @@ +# +# Copyright (c) 2021-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +name: image-publish + +on: + push: + branches: + - main + tags: + - '7.*.*' + +jobs: + + build: + name: build + strategy: + fail-fast: false + matrix: + dist: [ 'musl', 'libc-ubi8', 'libc-ubi9' ] + runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] + runs-on: ${{matrix.runners}} + steps: + - name: Set arch environment variable + run: | + if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then + echo arch="amd64" >> $GITHUB_ENV + else + echo arch="arm64" >> $GITHUB_ENV + fi + - name: Checkout + uses: actions/checkout@v4 + - name: Docker Build + env: + # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + docker buildx build --memory-swap -1 --memory 10g --platform linux/${{env.arch}} -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile --load -t linux-${{matrix.dist}}-${{env.arch}} . + - name: Upload image + uses: ishworkh/container-image-artifact-upload@v2.0.0 + with: + image: "linux-${{matrix.dist}}-${{env.arch}}" + + assemble: + name: assemble + needs: build + strategy: + fail-fast: false + matrix: + runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] + runs-on: ${{matrix.runners}} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set branch environment variable + run: | + BRANCH_NAME=${{ github.ref }} + echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV + - name: Set arch environment variable + run: | + if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then + echo arch="amd64" >> $GITHUB_ENV + else + echo arch="arm64" >> $GITHUB_ENV + fi + - name: Set tag suffix environment variable + run: | + SHORT_SHA1=$(git rev-parse --short=7 HEAD) + if [[ ${{env.BRANCH_NAME}} == main ]]; then + echo "tag_suffix=${SHORT_SHA1}" >> $GITHUB_ENV + elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then + echo "tag_suffix=${{ env.BRANCH_NAME }}" >> $GITHUB_ENV + fi + - name: Download linux-libc-ubi8-amd64 image + uses: ishworkh/container-image-artifact-download@v2.0.0 + with: + image: "linux-libc-ubi8-${{env.arch}}" + - name: Download linux-libc-ubi9-amd64 image + uses: ishworkh/container-image-artifact-download@v2.0.0 + with: + image: "linux-libc-ubi9-${{env.arch}}" + - name: Download linux-musl image + uses: ishworkh/container-image-artifact-download@v2.0.0 + with: + image: "linux-musl-${{env.arch}}" + - name: Display docker images + run: docker images + - name: Update assembly.Dockerfile + run: | + sed "s|FROM linux-libc-ubi8|FROM linux-libc-ubi8-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + sed "s|FROM linux-libc-ubi9|FROM linux-libc-ubi9-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + sed "s|FROM linux-musl|FROM linux-musl-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + - name: Login to Quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + - name: Assemble che-code + run: | + docker buildx build \ + --platform linux/${{env.arch}} \ + --progress=plain \ + --push \ + -f build/dockerfiles/assembly.Dockerfile \ + -t quay.io/che-incubator/che-code:${{env.arch}}-${{env.tag_suffix}} . + + publish: + name: publish + needs: assemble + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set branch environment variable + run: | + BRANCH_NAME=${{ github.ref }} + echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV + - name: Set tag suffix environment variable + run: | + SHORT_SHA1=$(git rev-parse --short=7 HEAD) + if [[ ${{env.BRANCH_NAME}} == main ]]; then + echo "tag_suffix=${SHORT_SHA1}" >> $GITHUB_ENV + elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then + echo "tag_suffix=${{ env.BRANCH_NAME }}" >> $GITHUB_ENV + fi + - name: Login to Quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + - name: publish + run: | + SHORT_SHA1=$(git rev-parse --short=7 HEAD) + if [[ ${{env.BRANCH_NAME}} == main ]]; then + docker manifest create quay.io/che-incubator/che-code:next --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} + docker manifest annotate quay.io/che-incubator/che-code:next quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 + docker manifest annotate quay.io/che-incubator/che-code:next quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 + docker manifest push quay.io/che-incubator/che-code:next + + docker manifest create quay.io/che-incubator/che-code:insiders --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} + docker manifest annotate quay.io/che-incubator/che-code:insiders quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 + docker manifest annotate quay.io/che-incubator/che-code:insiders quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 + docker manifest push quay.io/che-incubator/che-code:insiders + + docker manifest create quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} + docker manifest annotate quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 + docker manifest annotate quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 + docker manifest push quay.io/che-incubator/che-code:insiders-${SHORT_SHA1} + elif [[ ${{env.BRANCH_NAME}} =~ ^7\.[0-9]+\.[0-9]+$ ]]; then + docker manifest create quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} + docker manifest annotate quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 + docker manifest annotate quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 + docker manifest push quay.io/che-incubator/che-code:${{ env.BRANCH_NAME }} + + docker manifest create quay.io/che-incubator/che-code:latest --amend quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --amend quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} + docker manifest annotate quay.io/che-incubator/che-code:latest quay.io/che-incubator/che-code:amd64-${{env.tag_suffix}} --os linux --arch amd64 + docker manifest annotate quay.io/che-incubator/che-code:latest quay.io/che-incubator/che-code:arm64-${{env.tag_suffix}} --os linux --arch arm64 + docker manifest push quay.io/che-incubator/che-code:latest + fi + + release-finish: + name: release-finish + needs: [build, assemble, publish] + runs-on: ubuntu-22.04 + # don't notify for cancelled builds + if: (success() || failure()) && github.ref != 'refs/heads/main' + steps: + - name: Set variables + run: | + BRANCH_NAME=${{ github.ref }} + echo "BRANCH_NAME=${BRANCH_NAME##*/}" >> $GITHUB_ENV + + dev: + name: dev + runs-on: ubuntu-22.04 + if: github.ref == 'refs/heads/main' + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Login to Quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + - name: Docker Build and Push + env: + # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + SHORT_SHA1=$(git rev-parse --short=7 HEAD) + docker buildx build --platform linux/amd64 -f build/dockerfiles/dev.Dockerfile --push -t quay.io/che-incubator/che-code-dev:insiders -t quay.io/che-incubator/che-code-dev:next -t quay.io/che-incubator/che-code-dev:insiders-${SHORT_SHA1} . + docker buildx build --platform linux/amd64 -f build/dockerfiles/dev.sshd.Dockerfile --push -t quay.io/che-incubator/che-code-sshd:insiders -t quay.io/che-incubator/che-code-sshd:next -t quay.io/che-incubator/che-code-sshd:insiders-${SHORT_SHA1} . + diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml deleted file mode 100644 index b2fffa79f51..00000000000 --- a/.github/workflows/pr-check-build-che-code-image.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# -# Copyright (c) 2023 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# -# Contributors: -# Red Hat, Inc. - initial API and implementation -# - -name: Pull Request Check - -# Trigger the workflow on pull request -on: [workflow_dispatch] - -jobs: - # build: - # name: build - # runs-on: ubuntu-22.04 - # strategy: - # fail-fast: false - # matrix: - # dist: [ 'musl', 'libc' ] - # arch: ['amd64'] - # steps: - - # - name: Checkout che-code source code - # uses: actions/checkout@v3 - - # - name: Compile che-code - # run: | - # docker buildx build \ - # --platform linux/${{matrix.arch}} \ - # --progress=plain \ - # -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ - # -t linux-${{matrix.dist}}-${{matrix.arch}} . - - # - name: Upload image - # uses: ishworkh/docker-image-artifact-upload@v1 - # with: - # image: "linux-${{matrix.dist}}-${{matrix.arch}}" - - # assemble: - # name: assemble - # runs-on: ubuntu-22.04 - # needs: build - # steps: - - # - name: Checkout che-code source code - # uses: actions/checkout@v3 - - # - name: Cleanup docker images - # run: | - # docker system prune -af - - # - name: Download linux-libc-amd64 image - # uses: ishworkh/docker-image-artifact-download@v1 - # with: - # image: "linux-libc-amd64" - - # - name: Download linux-musl-amd64 image - # uses: ishworkh/docker-image-artifact-download@v1 - # with: - # image: "linux-musl-amd64" - - # - name: Login to Quay.io - # uses: docker/login-action@v2 - # with: - # registry: quay.io - # username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} - # password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} - - # - name: Display docker images - # run: | - # docker images - - # - name: Assemble che-code - # run: | - # PR_NUMBER="${{ github.event.number }}" - # echo "Pull request $PR_NUMBER" - - # IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code:pr-$PR_NUMBER-amd64" - # echo "_IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - - # docker buildx build \ - # --platform linux/amd64 \ - # --progress=plain \ - # --push \ - # -f build/dockerfiles/assembly.Dockerfile \ - # -t ${IMAGE_NAME} . - - # - name: Display docker images (final) - # run: | - # docker images - - # - name: 'Comment PR' - # uses: actions/github-script@v6 - # with: - # script: | - # const { repo: { owner, repo } } = context; - # await github.rest.issues.createComment({ - # issue_number: context.issue.number, - # owner: context.repo.owner, - # repo: context.repo.repo, - # body: `Pull Request Che-Code image published:\nšŸ‘‰ [${process.env._IMAGE_NAME}](https://${process.env._IMAGE_NAME})` - # }) - - dev: - name: dev - runs-on: ubuntu-22.04 - steps: - - - name: Checkout che-code source code - uses: actions/checkout@v2 - - - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} - password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} - - - name: Build Che-Code Docker image - run: | - DEV_IMAGE_NAME="quay.io/rgrunber/che-code-sshd:latest" - echo "Dev image $DEV_IMAGE_NAME" - echo "_DEV_IMAGE_NAME=${DEV_IMAGE_NAME}" >> $GITHUB_ENV - - docker buildx build \ - --platform linux/amd64 \ - --progress=plain \ - --push \ - -f build/dockerfiles/dev.sshd.Dockerfile \ - -t ${DEV_IMAGE_NAME} . - - - name: Display docker images - run: | - docker images diff --git a/.github/workflows/pull-request-check-licenses.yml b/.github/workflows/pull-request-check-licenses.yml index f283169e560..4c7e75e4521 100644 --- a/.github/workflows/pull-request-check-licenses.yml +++ b/.github/workflows/pull-request-check-licenses.yml @@ -10,11 +10,12 @@ name: License Check # Trigger the workflow on pull request -on: workflow_dispatch +on: [pull_request] jobs: check-che-extensions-licenses: runs-on: ubuntu-22.04 + if: ${{ github.base_ref == 'main' }} steps: - name: Checkout che-code source code uses: actions/checkout@v4 diff --git a/.github/workflows/pull-request-check-publish.yml b/.github/workflows/pull-request-check-publish.yml new file mode 100644 index 00000000000..90a998a3380 --- /dev/null +++ b/.github/workflows/pull-request-check-publish.yml @@ -0,0 +1,103 @@ +# +# Copyright (c) 2021-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +name: Publish Image PR check + +on: + workflow_run: + workflows: ["Pull Request Check"] + types: + - completed + +jobs: + + publish-images: + name: publish image from the pull request + runs-on: ubuntu-22.04 + steps: + + - name: Download Pull Request Number artifact + uses: actions/download-artifact@v4 + with: + name: pull-request-number + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ github.token }} + + - name: Grab Pull Request number + run: | + pr_number=$(cat "PR_NUMBER") + echo "Pull Request: ${pr_number}" + if ! [[ "$pr_number" =~ ^[0-9]+$ ]]; then + echo "Wrong Pull Request number" + exit 1 + fi + echo "_PR_NUMBER=$pr_number" >> $GITHUB_ENV + + - name: Cleanup docker images + run: | + docker system prune -af + + - name: Download che-code docker image artifact + uses: actions/download-artifact@v4 + with: + pattern: che-* + merge-multiple: true + path: . + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ github.token }} + + - name: List downloaded files + run: | + ls -lahR + + - name: Load Docker images + run: | + docker load -i che-code-amd64.tgz + docker load -i che-code-arm64.tgz + docker load -i che-dev.tgz + + - name: Login to Quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} + password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} + + - name: Push che-code-amd64 docker image + run: | + export IMAGE=quay.io/che-incubator-pull-requests/che-code:pr-${{env._PR_NUMBER}}-amd64 + docker tag che-code-amd64 ${IMAGE} + docker push ${IMAGE} + echo "_CHE_CODE_AMD64_IMAGE=${IMAGE}" >> $GITHUB_ENV + + - name: Push che-code-arm64 docker image + run: | + export IMAGE=quay.io/che-incubator-pull-requests/che-code:pr-${{env._PR_NUMBER}}-arm64 + docker tag che-code-arm64 ${IMAGE} + docker push ${IMAGE} + echo "_CHE_CODE_ARM64_IMAGE=${IMAGE}" >> $GITHUB_ENV + + - name: Push che-dev docker image + run: | + export IMAGE=quay.io/che-incubator-pull-requests/che-code-dev:pr-${{env._PR_NUMBER}}-dev-amd64 + docker tag che-dev ${IMAGE} + docker push ${IMAGE} + echo "_CHE_DEV_IMAGE=${IMAGE}" >> $GITHUB_ENV + + - name: 'Comment PR' + uses: actions/github-script@v7 + with: + script: | + const { repo: { owner, repo } } = context; + await github.rest.issues.createComment({ + issue_number: process.env._PR_NUMBER, + owner: context.repo.owner, + repo: context.repo.repo, + body: `Pull Request images published āœØ\n\nEditor amd64: [${process.env._CHE_CODE_AMD64_IMAGE}](https://${process.env._CHE_CODE_AMD64_IMAGE})\nEditor arm64: [${process.env._CHE_CODE_ARM64_IMAGE}](https://${process.env._CHE_CODE_ARM64_IMAGE})\nDev image: [${process.env._CHE_DEV_IMAGE}](https://${process.env._CHE_DEV_IMAGE})` + }) diff --git a/.github/workflows/pull-request-check.yml b/.github/workflows/pull-request-check.yml new file mode 100644 index 00000000000..12b6e3b4acd --- /dev/null +++ b/.github/workflows/pull-request-check.yml @@ -0,0 +1,173 @@ +# +# Copyright (c) 2021-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +name: Pull Request Check + +# Trigger the workflow on pull request +on: [pull_request] + +jobs: + check-artifacts: + runs-on: ubuntu-22.04 + steps: + - name: Checkout che-code source code + uses: actions/checkout@v4 + - name: Install jq + uses: dcarbone/install-jq-action@v3 + with: + version: 1.7 + force: true + - name: Generate artifacts + run: ./build/artifacts/generate.sh + - name: Check if artifacts are up to date + run: | + if [[ $(git diff --name-only | wc -l) != 0 ]]; then + # Print difference + git --no-pager diff + + echo "[ERROR] Artifacts is not up to date." + echo "[ERROR] Run './build/artifacts/generate.sh' and include file into the commit." + exit 1 + fi + + build: + name: build + strategy: + fail-fast: false + matrix: + dist: ['libc-ubi8', 'libc-ubi9', 'musl'] + runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] + runs-on: ${{matrix.runners}} + steps: + - name: Set arch environment variable + run: | + if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then + echo arch="amd64" >> $GITHUB_ENV + else + echo arch="arm64" >> $GITHUB_ENV + fi + - name: Checkout che-code source code + uses: actions/checkout@v4 + - name: Cleanup docker images + run: docker system prune -af + - name: Compile che-code + run: | + docker buildx build \ + --platform linux/${{env.arch}} \ + --progress=plain \ + -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ + -t linux-${{matrix.dist}}-${{env.arch}} . + - name: Display docker images + run: docker images + - name: Compress image to a file + run: docker save linux-${{matrix.dist}}-${{env.arch}} | gzip > linux-${{matrix.dist}}-${{env.arch}}.tgz + - name: Upload image artifact + uses: actions/upload-artifact@v4 + with: + name: linux-${{matrix.dist}}-${{env.arch}} + path: linux-${{matrix.dist}}-${{env.arch}}.tgz + + assemble: + name: assemble + needs: build + strategy: + fail-fast: false + matrix: + runners: ['ubuntu-22.04', 'ubuntu-22.04-arm'] + runs-on: ${{matrix.runners}} + steps: + - name: Set arch environment variable + run: | + if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then + echo arch="amd64" >> $GITHUB_ENV + else + echo arch="arm64" >> $GITHUB_ENV + fi + - name: Checkout che-code source code + uses: actions/checkout@v4 + - name: Cleanup docker images + run: docker system prune -af + - name: Download editor artifacts + uses: actions/download-artifact@v4 + with: + pattern: linux-* + merge-multiple: true + path: . + - name: List downloaded files + run: ls -lah + - name: Load docker images + run: | + docker load -i linux-libc-ubi8-${{env.arch}}.tgz + docker load -i linux-libc-ubi9-${{env.arch}}.tgz + docker load -i linux-musl-${{env.arch}}.tgz + - name: Display docker images + run: docker images + - name: Update assembly.Dockerfile + run: | + sed "s|FROM linux-libc-ubi8|FROM linux-libc-ubi8-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + sed "s|FROM linux-libc-ubi9|FROM linux-libc-ubi9-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + sed "s|FROM linux-musl|FROM linux-musl-${{env.arch}}|" -i "build/dockerfiles/assembly.Dockerfile" + - name: Assemble che-code + run: | + docker buildx build \ + --platform linux/${{env.arch}} \ + --progress=plain \ + -f build/dockerfiles/assembly.Dockerfile \ + -t che-code-${{env.arch}} . + - name: Display docker images + run: docker images + - name: Compress image to a file + run: docker save che-code-${{env.arch}} | gzip > che-code-${{env.arch}}.tgz + - name: Upload image artifact + uses: actions/upload-artifact@v4 + with: + name: che-code-${{env.arch}} + path: che-code-${{env.arch}}.tgz + - name: Store PR info + run: echo "${{ github.event.number }}" > PR_NUMBER + # Upload PR number artifact only once + - name: Upload PR Number artifact + uses: actions/upload-artifact@v4 + if: ${{ env.arch == 'amd64' }} + with: + name: pull-request-number + path: PR_NUMBER + + dev: + name: build-che-dev-image + runs-on: ubuntu-22.04 + steps: + - name: Checkout che-code source code + uses: actions/checkout@v4 + + - name: Cleanup docker images + run: | + docker system prune -af + + - name: Build Che-Code Docker image + run: | + docker buildx build \ + --platform linux/amd64 \ + --progress=plain \ + -f build/dockerfiles/dev.Dockerfile \ + -t che-dev . + + - name: Display docker images + run: | + docker images + + - name: Compress che-dev image to a file + run: | + docker save che-dev | gzip > che-dev.tgz + + - name: Upload che-dev docker image artifact + uses: actions/upload-artifact@v4 + with: + name: che-dev + path: che-dev.tgz diff --git a/.github/workflows/rebase-insiders.yml b/.github/workflows/rebase-insiders.yml new file mode 100644 index 00000000000..dfc044f4dc4 --- /dev/null +++ b/.github/workflows/rebase-insiders.yml @@ -0,0 +1,68 @@ +# +# Copyright (c) 2021-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +name: rebase-insiders + +# Trigger on demand or every 4 hour +on: + workflow_dispatch: + schedule: + - cron: "10 */4 * * *" + +jobs: + + rebase-insiders: + name: rebase + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: configure git + run: | + git config --global user.email "fbenoit+sync-checode@redhat.com" + git config --global user.name "Eclipse Che Sync" + - name: add upstream remote and fetch main branch + run: | + git remote add upstream-code https://github.com/microsoft/vscode + git fetch upstream-code main + - name: rebase + run: | + ./rebase.sh + - name: Disable the Workflow + if: failure() + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api \ + --method PUT \ + -H "Accept: application/vnd.github+json" \ + /repos/che-incubator/che-code/actions/workflows/rebase-insiders.yml/disable + - name: Validate tests on libc-ubi9 image + env: + # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + docker buildx build --memory-swap -1 --memory 10g --platform linux/amd64 -f build/dockerfiles/linux-libc-ubi9.Dockerfile . + - name: Generate artifacts.lock.yaml + run: ./build/artifacts/generate.sh + - name: push changes + run: | + set -e + git add ./build/artifacts/artifacts.lock.yaml + git commit -m "Update artifacts.lock.yaml" --signoff + git push origin main + + diff --git a/.github/workflows/rebase-release-branch.yml b/.github/workflows/rebase-release-branch.yml new file mode 100644 index 00000000000..0c4d732a214 --- /dev/null +++ b/.github/workflows/rebase-release-branch.yml @@ -0,0 +1,63 @@ +# +# Copyright (c) 2021-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +name: rebase-release + +# Trigger on demand or every 12 hour +on: + workflow_dispatch: + schedule: + - cron: "10 */12 * * *" + +jobs: + + rebase-release: + name: rebase + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: configure git + run: | + git config --global user.email "fbenoit+sync-checode@redhat.com" + git config --global user.name "Eclipse Che Sync" + - name: pickup-latest-release branch + run: | + LATEST_REMOTE_RELEASE_BRANCH=$(git branch -r --sort=-committerdate -l 'origin/1.*.x' | head -n 1 | tr -d '[:space:]') + LATEST_RELEASE_BRANCH=$(echo "${LATEST_REMOTE_RELEASE_BRANCH/origin\//}") + UPSTREAM_CODE_VERSION=$(sed 's|origin\/\(.*\).x|\1|' <<< "${LATEST_REMOTE_RELEASE_BRANCH}") + UPSTREAM_CODE_BRANCH="release/${UPSTREAM_CODE_VERSION}" + echo "Checkouting latest release branch ${LATEST_RELEASE_BRANCH}" + git checkout ${LATEST_RELEASE_BRANCH} + git remote add upstream-code https://github.com/microsoft/vscode + echo "Fetch the branch ${UPSTREAM_CODE_BRANCH} from upstream-code" + git fetch upstream-code ${UPSTREAM_CODE_BRANCH} + - name: rebase + run: | + ./rebase.sh + - name: Validate tests on libc-ubi9 image + env: + # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + docker buildx build --memory-swap -1 --memory 10g --platform linux/amd64 -f build/dockerfiles/linux-libc-ubi9.Dockerfile . + - name: push changes + run: | + set -e + CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) + git push origin ${CURRENT_BRANCH} + + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..010337b5b69 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,64 @@ +# +# Copyright (c) 2022-2025 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +# This Workflow performs a full release of Che Code +name: Release Che Code +on: + workflow_dispatch: + inputs: + version: + description: 'The version that is going to be released. Should be in format 7.y.z' + required: true + default: '7.y.z' + forceRecreateTags: + description: If true, tags will be recreated. Use with caution + required: false + default: 'false' + +jobs: + tag-release: + runs-on: ubuntu-22.04 + steps: + - + name: "Checkout Che Code source code" + uses: actions/checkout@v4 + with: + token: ${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} + - + name: "Setup Node" + uses: actions/setup-node@v4 + with: + node-version: "18" + - + name: Check existing tags + run: | + set +e + RECREATE_TAGS=${{ github.event.inputs.forceRecreateTags }} + VERSION=${{ github.event.inputs.version }} + EXISTING_TAG=$(git ls-remote --exit-code origin refs/tags/${VERSION}) + if [[ -n ${EXISTING_TAG} ]]; then + if [[ ${RECREATE_TAGS} == "true" ]]; then + echo "[INFO] Removing tag for ${VERSION} version. New tag will be recreated during release." + git push origin :$VERSION + else + echo "[ERROR] Cannot proceed with release - tag ${EXISTING_TAG} already exists." + exit 1 + fi + else + echo "[INFO] No existing tags detected for $VERSION" + fi + - + name: "Tag release" + run: | + git config --global user.name "Mykhailo Kuznietsov" + git config --global user.email "mkuznets@redhat.com" + git config --global pull.rebase true + export GITHUB_TOKEN=${{ secrets.CHE_INCUBATOR_BOT_TOKEN }} + /bin/bash make-release.sh --version ${{ github.event.inputs.version }} --tag-release + diff --git a/.github/workflows/smoke-test-pr-check.yaml.disabled b/.github/workflows/smoke-test-pr-check.yaml similarity index 82% rename from .github/workflows/smoke-test-pr-check.yaml.disabled rename to .github/workflows/smoke-test-pr-check.yaml index fd8803209ab..51638c63a0d 100644 --- a/.github/workflows/smoke-test-pr-check.yaml.disabled +++ b/.github/workflows/smoke-test-pr-check.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023 Red Hat, Inc. +# Copyright (c) 2023-2025 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -28,30 +28,30 @@ jobs: steps: - name: Checkout che-code source code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Prepare Che-Code Dockerfile ( remove tests ) run: | # # truncate Dockerfile, remove section that runs tests # - cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile + cp -f build/dockerfiles/linux-libc-ubi9.Dockerfile build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile REMOVE_FROM="### Beginning of tests" REMOVE_TO="### Ending of tests" - sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/{/${REMOVE_FROM}/n;/${REMOVE_TO}/!d;}" build/dockerfiles/linux-libc.no-test.Dockerfile + sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/{/${REMOVE_FROM}/n;/${REMOVE_TO}/!d;}" build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile # # show the Dockerfile # - cat build/dockerfiles/linux-libc.no-test.Dockerfile + cat build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile - name: Compile Che-Code editor run: | # - # build linux-libc-amd64:latest docker image + # build linux-libc-ubi9:latest docker image # docker image prune -a -f - docker build --memory-swap -1 --memory 12g -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . + docker build --memory-swap -1 --memory 12g -f build/dockerfiles/linux-libc-ubi9.no-test.Dockerfile -t linux-libc-ubi9 . - name: Build Che-Code Docker image run: | @@ -59,10 +59,14 @@ jobs: # build che-code:latest docker image # cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.copy.Dockerfile - REPLACE_FROM="FROM linux-musl-amd64 as linux-musl-content" + REPLACE_FROM="FROM linux-musl as linux-musl-content" sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile REPLACE_FROM="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile + REPLACE_FROM="FROM linux-libc-ubi8 as linux-libc-ubi8-content" + sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile + REPLACE_FROM="COPY --from=linux-libc-ubi8-content --chown=0:0 /checode-linux-libc/ubi8 /mnt/rootfs/checode-linux-libc/ubi8" + sed -i -r -e "s|${REPLACE_FROM}||" build/dockerfiles/assembly.copy.Dockerfile export DOCKER_BUILDKIT=1 docker build -f build/dockerfiles/assembly.copy.Dockerfile -t che-code . @@ -89,7 +93,7 @@ jobs: minikube-version: v1.23.2 - name: Install chectl - run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next + run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next - name: Deploy Che run: | @@ -104,8 +108,8 @@ jobs: chectl server:deploy \ --batch \ --platform minikube \ - --k8spodwaittimeout=120000 \ - --k8spodreadytimeout=120000 \ + --k8spodwaittimeout=480000 \ + --k8spodreadytimeout=480000 \ --che-operator-cr-patch-yaml "${GITHUB_WORKSPACE}/build/test/github-minikube-checluster-patch.yaml" # @@ -118,7 +122,7 @@ jobs: - name: Pull Universal Base Image run: | - minikube image pull quay.io/devfile/universal-developer-image:ubi8-latest + minikube image pull quay.io/devfile/universal-developer-image:ubi9-latest - name: Run Smoke test run: | @@ -163,14 +167,14 @@ jobs: - name: Store e2e artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: e2e-artifacts path: /tmp/tests - name: Store k8s logs if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: k8s-logs path: /tmp/devworkspace-happy-path-artifacts/admin-che-info diff --git a/.github/workflows/try-in-web-ide.yaml b/.github/workflows/try-in-web-ide.yaml new file mode 100644 index 00000000000..400b01bdac6 --- /dev/null +++ b/.github/workflows/try-in-web-ide.yaml @@ -0,0 +1,36 @@ +# +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +name: Try in Web IDE + +on: + pull_request_target: + types: opened + +jobs: + add-link: + runs-on: ubuntu-22.04 + steps: + - name: Add DevSandbox link + uses: redhat-actions/try-in-web-ide@v1.4 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + add_comment: true + add_status: false + - name: Add Dogfooding link + uses: redhat-actions/try-in-web-ide@v1.4 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + add_comment: true + add_status: false + web_ide_instance: https://che-dogfooding.apps.che-dev.x6e0.p1.openshiftapps.com + comment_badge: https://img.shields.io/static/v1?label=Eclipse%20Che%20(nightly)&message=Dev%20cluster%20(for%20maintainers)&logo=eclipseche&color=525C86&labelColor=FDB940 diff --git a/che-code-sshd.yaml b/che-code-sshd.yaml deleted file mode 100644 index 71ff72c8552..00000000000 --- a/che-code-sshd.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (c) 2025 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# -# Contributors: -# Red Hat, Inc. - initial API and implementation -# - -schemaVersion: 2.3.0 -metadata: - name: che-code-sshd - displayName: Visual Studio Code (desktop) (SSH) - description: Visual Studio Code server for Eclipse Che over SSH - latest - tags: - - ssh - - CLI - - vscode - attributes: - arch: - - x86_64 - - arm64 - - s390x - - ppc64le - publisher: che-incubator - version: latest - provider: Provided by [Microsoft](https://www.microsoft.com/) under [License](https://code.visualstudio.com/License) - title: Visual Studio Code server for Eclipse Che over SSH - latest - repository: https://github.com/rgrunber/che-code - firstPublicationDate: '2025-08-01' - -components: - - name: che-code-sshd - container: - image: quay.io/rgrunber/che-code-sshd:latest - memoryLimit: 1024Mi - memoryRequest: 256Mi - cpuLimit: 500m - cpuRequest: 30m - command: - - sh - - -c - - "nohup /entrypoint.sh & nohup /sshd.start & nohup node /opt/www/server.js & tail -f /dev/null" - endpoints: - - name: che-code-sshd - attributes: - type: main - discoverable: false - urlRewriteSupported: true - targetPort: 3400 - exposure: public - secure: true - protocol: https - volumeMounts: - - name: m2 - path: /home/user/.m2 - attributes: - app.kubernetes.io/component: che-code-sshd - app.kubernetes.io/part-of: che-code-server.eclipse.org - - name: m2 - volume: {}