Skip to content

Commit

Permalink
GHA cache image build dependencies
Browse files Browse the repository at this point in the history 
Signed-off-by: apostasie <[email protected]>
  • Loading branch information
@apostasie
apostasie committed Oct 21, 2024
1 parent 7e4f77d commit 77994eb
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 23 deletions.
57 changes: 51 additions & 6 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,36 @@ env:
GO_VERSION: 1.23.x

jobs:
build-deps:
runs-on: "${{ matrix.runner }}"
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- runner: ubuntu-24.04
containerd: v1.6.36
- runner: ubuntu-24.04
containerd: v1.7.23
- runner: ubuntu-24.04
containerd: v2.0.0-rc.5
- runner: github-arm64-2c-8gb
containerd: v2.0.0-rc.5
env:
CONTAINERD_VERSION: "${{ matrix.containerd }}"
RUNNER: "${{ matrix.runner }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Prepare integration test environment"
run: |
docker build \
--cache-to type=gha,mode=max,scope=${RUNNER}-${CONTAINERD_VERSION} \
--cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \
--target build-deps --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
test-unit:
timeout-minutes: 5
name: unit | ${{ matrix.goos }}
Expand Down Expand Up @@ -51,6 +81,7 @@ jobs:
run: go test -v ./pkg/...

test-integration:
needs: build-deps
runs-on: "${{ matrix.runner }}"
timeout-minutes: 40
strategy:
Expand All @@ -71,14 +102,18 @@ jobs:
containerd: v2.0.0-rc.5
runner: github-arm64-2c-8gb
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
RUNNER: "${{ matrix.runner }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Prepare integration test environment"
run: docker build -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
run: |
docker build \
--cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \
-t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
Expand All @@ -103,6 +138,7 @@ jobs:
command: docker run -t --rm --privileged test-integration

test-integration-ipv6:
needs: build-deps
runs-on: "ubuntu-${{ matrix.ubuntu }}"
timeout-minutes: 40
strategy:
Expand All @@ -113,8 +149,9 @@ jobs:
- ubuntu: 24.04
containerd: v1.7.23
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
RUNNER: "ubuntu-${{ matrix.ubuntu }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
steps:
- uses: actions/[email protected]
with:
Expand All @@ -129,7 +166,10 @@ jobs:
echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: "Prepare integration test environment"
run: docker build -t test-integration-ipv6 --target test-integration-ipv6 --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
run: |
docker build \
--cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \
-t test-integration-ipv6 --target test-integration-ipv6 --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
Expand Down Expand Up @@ -159,6 +199,7 @@ jobs:
command: docker run --network host -t --rm --privileged test-integration-ipv6

test-integration-rootless:
needs: build-deps
runs-on: "ubuntu-${{ matrix.ubuntu }}"
timeout-minutes: 60
strategy:
Expand All @@ -183,8 +224,9 @@ jobs:
rootlesskit: v2.3.1
target: test-integration-rootless-port-slirp4netns
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
RUNNER: "ubuntu-${{ matrix.ubuntu }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
ROOTLESSKIT_VERSION: "${{ matrix.rootlesskit }}"
TEST_TARGET: "${{ matrix.target }}"
steps:
Expand Down Expand Up @@ -216,7 +258,10 @@ jobs:
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare (network driver=slirp4netns, port driver=builtin)"
run: docker build -t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} .
run: |
docker build \
--cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \
-t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} .
- name: "Disable BuildKit for RootlessKit v1 (workaround for issue #622)"
run: |
# https://github.com/containerd/nerdctl/issues/622
Expand Down
37 changes: 20 additions & 17 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ RUN xx-apt-get update -qq && xx-apt-get install -qq --no-install-recommends \
libbtrfs-dev \
libseccomp-dev \
pkg-config
RUN git config --global advice.detachedHead false

FROM build-base-debian AS build-containerd
ARG TARGETARCH
Expand Down Expand Up @@ -117,25 +118,19 @@ RUN xx-go --wrap && \

FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base
RUN apk add --no-cache make git curl
COPY . /go/src/github.com/containerd/nerdctl
WORKDIR /go/src/github.com/containerd/nerdctl
RUN git config --global advice.detachedHead false

FROM build-base AS build-minimal
RUN BINDIR=/out/bin make binaries install
# We do not set CMD to `go test` here, because it requires systemd

FROM build-base AS build-full
FROM build-base AS build-deps
ARG TARGETARCH
ENV GOARCH=${TARGETARCH}
RUN BINDIR=/out/bin make binaries install
WORKDIR /nowhere
COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d
COPY README.md /out/share/doc/nerdctl/
COPY docs /out/share/doc/nerdctl/docs
WORKDIR /nowhere
RUN echo "${TARGETARCH:-amd64}" | sed -e s/amd64/x86_64/ -e s/arm64/aarch64/ | tee /target_uname_m
RUN mkdir -p /out/share/doc/nerdctl-full && \
echo "# nerdctl (full distribution)" > /out/share/doc/nerdctl-full/README.md && \
echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md
RUN mkdir -p /out/share/doc/nerdctl-full && touch /out/share/doc/nerdctl-full/README.md
ARG CONTAINERD_VERSION
COPY --from=build-containerd /out/${TARGETARCH:-amd64}/* /out/bin/
COPY --from=build-containerd /out/containerd.service /out/lib/systemd/system/containerd.service
Expand Down Expand Up @@ -181,13 +176,6 @@ RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/cont
git checkout "${IMGCRYPT_VERSION}" && \
CGO_ENABLED=0 make && DESTDIR=/out make install && \
echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md
ARG ROOTLESSKIT_VERSION
RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \
grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \
tar xzf "${fname}" -C /out/bin && \
rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \
echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md
ARG SLIRP4NETNS_VERSION
RUN fname="slirp4netns-$(cat /target_uname_m)" && \
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/${fname}" && \
Expand Down Expand Up @@ -225,6 +213,13 @@ RUN fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.
tar xzf "${fname}" -C /out/bin && \
rm -f "${fname}" && \
echo "- buildg: ${BUILDG_VERSION}" >> /out/share/doc/nerdctl-full/README.md
ARG ROOTLESSKIT_VERSION
RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \
curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \
grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \
tar xzf "${fname}" -C /out/bin && \
rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \
echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md

RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \
echo "## License" >> /out/share/doc/nerdctl-full/README.md && \
Expand All @@ -237,6 +232,14 @@ RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \
mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS && \
chown -R 0:0 /out

FROM build-deps AS build-full
COPY . /go/src/github.com/containerd/nerdctl
RUN { echo "# nerdctl (full distribution)"; echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)"; cat /out/share/doc/nerdctl-full/README.md; } > /out/share/doc/nerdctl-full/README.md.new; mv /out/share/doc/nerdctl-full/README.md.new /out/share/doc/nerdctl-full/README.md
WORKDIR /go/src/github.com/containerd/nerdctl
RUN BINDIR=/out/bin make binaries install
COPY README.md /out/share/doc/nerdctl/
COPY docs /out/share/doc/nerdctl/docs

FROM scratch AS out-full
COPY --from=build-full /out /

Expand Down

0 comments on commit 77994eb

Please sign in to comment.