Skip to content

Commit

Permalink
Use mirror.gcr.io as buildx pull-through cache
Browse files Browse the repository at this point in the history
Signed-off-by: Brad Davidson <[email protected]>
  • Loading branch information
brandond committed Jul 17, 2024
1 parent 1ba1b52 commit 09f7127
Show file tree
Hide file tree
Showing 10 changed files with 147 additions and 41 deletions.
25 changes: 22 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,17 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -35,17 +43,28 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
build-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -59,4 +78,4 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}

BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
27 changes: 24 additions & 3 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,26 +15,47 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
build-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
70 changes: 63 additions & 7 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,29 @@ jobs:

- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -46,26 +59,37 @@ jobs:
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Scan Images
continue-on-error: true
run: |
dapper -f Dockerfile --target dapper make scan-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Publish Image Runtime
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime
dapper -f Dockerfile --target dapper make publish-image-runtime
env:
DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Checksum Artifacts
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
dapper -f Dockerfile --target dapper make checksum
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Publish Artifacts
run: |
Expand All @@ -76,18 +100,31 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -99,22 +136,31 @@ jobs:
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Scan Images
continue-on-error: true
run: |
dapper -f Dockerfile --target dapper make scan-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Publish Image Runtime
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime
dapper -f Dockerfile --target dapper make publish-image-runtime
env:
DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Checksum
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
dapper -f Dockerfile --target dapper make checksum
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Publish Artifacts
run: |
Expand All @@ -126,9 +172,18 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
Expand All @@ -144,3 +199,4 @@ jobs:
PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PATH_USERNAME: ${{ env.PAT_USERNAME }}
GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
18 changes: 14 additions & 4 deletions .github/workflows/test-suite.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Find Go Version for Build
id: go-finder
run: |
Expand All @@ -39,20 +47,22 @@ jobs:
uses: ./.github/actions/setup-go
with:
go-version: ${{ steps.go-finder.outputs.VERSION_GOLANG }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install OS Packages
run: sudo apt-get install -y libarchive-tools g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64
# Can only upload from a single path, so we need to copy the binary to the image directory
# Additionally, we have a rke2-runtime.tar and a rke2-images.linux-amd64.tar.zst which are the same thing
# just compressed. We remove the rke2-runtime.tar as its not used by the install script.
- name: Build RKE2 Binary and Compressed Runtime Image
run: |
GOCOVER=true make package-bundle
make package-bundle
make package-image-runtime
cp ./bin/rke2 ./build/images/rke2
cp ./dist/artifacts/rke2.*-amd64.tar.gz ./build/images/
rm ./build/images/rke2-runtime.tar
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GOCOVER: "true"

- name: Upload RKE2 Binary and Runtime Image
uses: actions/upload-artifact@v4
with:
Expand Down Expand Up @@ -175,4 +185,4 @@ jobs:
with:
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
limit-access-to-actor: true
limit-access-to-actor: true
22 changes: 11 additions & 11 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ ARG KUBERNETES_VERSION=dev
# Build environment
FROM rancher/hardened-build-base:v1.22.4b1 AS build
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV ARCH="$DAPPER_HOST_ARCH"
RUN set -x && \
apk --no-cache add \
bash \
Expand Down Expand Up @@ -31,13 +31,13 @@ RUN zypper install -y systemd-rpm-macros

# Dapper/Drone/CI environment
FROM build AS dapper
ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV DAPPER_OUTPUT ./dist ./bin ./build
ENV DAPPER_DOCKER_SOCKET true
ENV DAPPER_TARGET dapper
ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy"
ENV ARCH="$DAPPER_HOST_ARCH"
ENV DAPPER_ENV="GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION BUILDX_BUILDER DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD"
ENV DAPPER_OUTPUT="./dist ./bin ./build"
ENV DAPPER_DOCKER_SOCKET="true"
ENV DAPPER_TARGET="dapper"
ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy"
RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \
VERSION=0.56.10 OS=linux && \
curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \
Expand Down Expand Up @@ -95,8 +95,8 @@ RUN set -x && \
RUN go get github.com/onsi/ginkgo/v2 github.com/onsi/gomega/...
RUN GO111MODULE=off GOBIN=/usr/local/bin go get github.com/go-delve/delve/cmd/dlv
RUN echo 'alias abort="echo -e '\''q\ny\n'\'' | dlv connect :2345"' >> /root/.bashrc
ENV PATH=/var/lib/rancher/rke2/bin:$PATH
ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml
ENV PATH="/var/lib/rancher/rke2/bin:$PATH"
ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
VOLUME /var/lib/rancher/rke2
# This makes it so we can run and debug k3s too
VOLUME /var/lib/rancher/k3s
Expand Down Expand Up @@ -156,9 +156,9 @@ COPY build/images/rke2-images.linux-amd64.tar.zst /var/lib/rancher/rke2/agent/im
COPY build/images.txt /images.txt

# use rke2 bundled binaries
ENV PATH=/var/lib/rancher/rke2/bin:$PATH
ENV PATH="/var/lib/rancher/rke2/bin:$PATH"
# for kubectl
ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml
ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
# for crictl
ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock"
# for ctr
Expand Down
12 changes: 6 additions & 6 deletions Dockerfile.windows
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ RUN apk --no-cache add \

# Dapper/Drone/CI environment
FROM rancher/hardened-build-base:v1.21.5b2 AS dapper
ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV DAPPER_OUTPUT ./dist ./bin ./build
ENV DAPPER_DOCKER_SOCKET true
ENV DAPPER_TARGET dapper
ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
ENV ARCH="$DAPPER_HOST_ARCH"
ENV DAPPER_ENV="GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY"
ENV DAPPER_OUTPUT="./dist ./bin ./build"
ENV DAPPER_DOCKER_SOCKET="true"
ENV DAPPER_TARGET="dapper"
ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
RUN apk update
RUN set -x && \
apk add --no-cache \
Expand Down
Loading

0 comments on commit 09f7127

Please sign in to comment.