From 77994eb6ea335970a7b7113a63a7d0dfbec96606 Mon Sep 17 00:00:00 2001 From: apostasie Date: Sun, 20 Oct 2024 23:09:22 -0700 Subject: [PATCH] GHA cache image build dependencies Signed-off-by: apostasie --- .github/workflows/test.yml | 57 ++++++++++++++++++++++++++++++++++---- Dockerfile | 37 +++++++++++++------------ 2 files changed, 71 insertions(+), 23 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5eff7064fa9..75a5a091561 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,36 @@ env: GO_VERSION: 1.23.x jobs: + build-deps: + runs-on: "${{ matrix.runner }}" + timeout-minutes: 40 + strategy: + fail-fast: false + matrix: + # ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2 + include: + - runner: ubuntu-24.04 + containerd: v1.6.36 + - runner: ubuntu-24.04 + containerd: v1.7.23 + - runner: ubuntu-24.04 + containerd: v2.0.0-rc.5 + - runner: github-arm64-2c-8gb + containerd: v2.0.0-rc.5 + env: + CONTAINERD_VERSION: "${{ matrix.containerd }}" + RUNNER: "${{ matrix.runner }}" + steps: + - uses: actions/checkout@v4.2.1 + with: + fetch-depth: 1 + - name: "Prepare integration test environment" + run: | + docker build \ + --cache-to type=gha,mode=max,scope=${RUNNER}-${CONTAINERD_VERSION} \ + --cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \ + --target build-deps --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} . + test-unit: timeout-minutes: 5 name: unit | ${{ matrix.goos }} @@ -51,6 +81,7 @@ jobs: run: go test -v ./pkg/... test-integration: + needs: build-deps runs-on: "${{ matrix.runner }}" timeout-minutes: 40 strategy: @@ -71,14 +102,18 @@ jobs: containerd: v2.0.0-rc.5 runner: github-arm64-2c-8gb env: - UBUNTU_VERSION: "${{ matrix.ubuntu }}" CONTAINERD_VERSION: "${{ matrix.containerd }}" + RUNNER: "${{ matrix.runner }}" + UBUNTU_VERSION: "${{ matrix.ubuntu }}" steps: - uses: actions/checkout@v4.2.1 with: fetch-depth: 1 - name: "Prepare integration test environment" - run: docker build -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} . + run: | + docker build \ + --cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \ + -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} . - name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)" run: | sudo systemctl disable --now snapd.service snapd.socket @@ -103,6 +138,7 @@ jobs: command: docker run -t --rm --privileged test-integration test-integration-ipv6: + needs: build-deps runs-on: "ubuntu-${{ matrix.ubuntu }}" timeout-minutes: 40 strategy: @@ -113,8 +149,9 @@ jobs: - ubuntu: 24.04 containerd: v1.7.23 env: - UBUNTU_VERSION: "${{ matrix.ubuntu }}" CONTAINERD_VERSION: "${{ matrix.containerd }}" + RUNNER: "ubuntu-${{ matrix.ubuntu }}" + UBUNTU_VERSION: "${{ matrix.ubuntu }}" steps: - uses: actions/checkout@v4.2.1 with: @@ -129,7 +166,10 @@ jobs: echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker - name: "Prepare integration test environment" - run: docker build -t test-integration-ipv6 --target test-integration-ipv6 --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} . + run: | + docker build \ + --cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \ + -t test-integration-ipv6 --target test-integration-ipv6 --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} . - name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)" run: | sudo systemctl disable --now snapd.service snapd.socket @@ -159,6 +199,7 @@ jobs: command: docker run --network host -t --rm --privileged test-integration-ipv6 test-integration-rootless: + needs: build-deps runs-on: "ubuntu-${{ matrix.ubuntu }}" timeout-minutes: 60 strategy: @@ -183,8 +224,9 @@ jobs: rootlesskit: v2.3.1 target: test-integration-rootless-port-slirp4netns env: - UBUNTU_VERSION: "${{ matrix.ubuntu }}" CONTAINERD_VERSION: "${{ matrix.containerd }}" + RUNNER: "ubuntu-${{ matrix.ubuntu }}" + UBUNTU_VERSION: "${{ matrix.ubuntu }}" ROOTLESSKIT_VERSION: "${{ matrix.rootlesskit }}" TEST_TARGET: "${{ matrix.target }}" steps: @@ -216,7 +258,10 @@ jobs: docker run --privileged --rm tonistiigi/binfmt --install linux/arm64 docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7 - name: "Prepare (network driver=slirp4netns, port driver=builtin)" - run: docker build -t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} . + run: | + docker build \ + --cache-from type=gha,scope=${RUNNER}-${CONTAINERD_VERSION} \ + -t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} . - name: "Disable BuildKit for RootlessKit v1 (workaround for issue #622)" run: | # https://github.com/containerd/nerdctl/issues/622 diff --git a/Dockerfile b/Dockerfile index a594358aee4..ea098fd5770 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,6 +69,7 @@ RUN xx-apt-get update -qq && xx-apt-get install -qq --no-install-recommends \ libbtrfs-dev \ libseccomp-dev \ pkg-config +RUN git config --global advice.detachedHead false FROM build-base-debian AS build-containerd ARG TARGETARCH @@ -117,25 +118,19 @@ RUN xx-go --wrap && \ FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base RUN apk add --no-cache make git curl -COPY . /go/src/github.com/containerd/nerdctl -WORKDIR /go/src/github.com/containerd/nerdctl +RUN git config --global advice.detachedHead false FROM build-base AS build-minimal RUN BINDIR=/out/bin make binaries install # We do not set CMD to `go test` here, because it requires systemd -FROM build-base AS build-full +FROM build-base AS build-deps ARG TARGETARCH ENV GOARCH=${TARGETARCH} -RUN BINDIR=/out/bin make binaries install -WORKDIR /nowhere COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d -COPY README.md /out/share/doc/nerdctl/ -COPY docs /out/share/doc/nerdctl/docs +WORKDIR /nowhere RUN echo "${TARGETARCH:-amd64}" | sed -e s/amd64/x86_64/ -e s/arm64/aarch64/ | tee /target_uname_m -RUN mkdir -p /out/share/doc/nerdctl-full && \ - echo "# nerdctl (full distribution)" > /out/share/doc/nerdctl-full/README.md && \ - echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md +RUN mkdir -p /out/share/doc/nerdctl-full && touch /out/share/doc/nerdctl-full/README.md ARG CONTAINERD_VERSION COPY --from=build-containerd /out/${TARGETARCH:-amd64}/* /out/bin/ COPY --from=build-containerd /out/containerd.service /out/lib/systemd/system/containerd.service @@ -181,13 +176,6 @@ RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/cont git checkout "${IMGCRYPT_VERSION}" && \ CGO_ENABLED=0 make && DESTDIR=/out make install && \ echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md -ARG ROOTLESSKIT_VERSION -RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \ - curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \ - grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \ - tar xzf "${fname}" -C /out/bin && \ - rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \ - echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md ARG SLIRP4NETNS_VERSION RUN fname="slirp4netns-$(cat /target_uname_m)" && \ curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/${fname}" && \ @@ -225,6 +213,13 @@ RUN fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar. tar xzf "${fname}" -C /out/bin && \ rm -f "${fname}" && \ echo "- buildg: ${BUILDG_VERSION}" >> /out/share/doc/nerdctl-full/README.md +ARG ROOTLESSKIT_VERSION +RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \ + curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \ + tar xzf "${fname}" -C /out/bin && \ + rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \ + echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ echo "## License" >> /out/share/doc/nerdctl-full/README.md && \ @@ -237,6 +232,14 @@ RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS && \ chown -R 0:0 /out +FROM build-deps AS build-full +COPY . /go/src/github.com/containerd/nerdctl +RUN { echo "# nerdctl (full distribution)"; echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)"; cat /out/share/doc/nerdctl-full/README.md; } > /out/share/doc/nerdctl-full/README.md.new; mv /out/share/doc/nerdctl-full/README.md.new /out/share/doc/nerdctl-full/README.md +WORKDIR /go/src/github.com/containerd/nerdctl +RUN BINDIR=/out/bin make binaries install +COPY README.md /out/share/doc/nerdctl/ +COPY docs /out/share/doc/nerdctl/docs + FROM scratch AS out-full COPY --from=build-full /out /