From 09f7127cbb811dba3a6296df0aeff360d24a5d1b Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Jul 2024 17:49:22 +0000 Subject: [PATCH] Use mirror.gcr.io as buildx pull-through cache Signed-off-by: Brad Davidson --- .github/workflows/build.yml | 25 +++++++++-- .github/workflows/pr.yml | 27 ++++++++++-- .github/workflows/release.yml | 70 +++++++++++++++++++++++++++---- .github/workflows/test-suite.yaml | 18 ++++++-- Dockerfile | 22 +++++----- Dockerfile.windows | 12 +++--- Makefile | 6 +-- scripts/build-image-runtime | 4 +- scripts/build-image-test | 2 +- scripts/dev-shell-build | 2 +- 10 files changed, 147 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5e0bbc5eb38..f775bcd64f5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,9 +19,17 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -35,17 +43,28 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | dapper -f Dockerfile --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -59,4 +78,4 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} - \ No newline at end of file + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3eb84d1e961..1f50f42ded2 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -15,26 +15,47 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | dapper -f Dockerfile --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} build-arm64: runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 steps: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci - \ No newline at end of file + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index abbf3ee746a..33ca60d6c3c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,16 +25,29 @@ jobs: - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Validate Release run: | dapper -f Dockerfile --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -46,26 +59,37 @@ jobs: - name: Package Images run: | dapper -f Dockerfile --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | dapper -f Dockerfile --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Test run: | dapper -f Dockerfile --target dapper make test + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum Artifacts run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -76,18 +100,31 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: Validate Release run: | dapper -f Dockerfile --target dapper make validate-release + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -99,22 +136,31 @@ jobs: - name: Package Images run: | dapper -f Dockerfile --target dapper make package-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Scan Images continue-on-error: true run: | dapper -f Dockerfile --target dapper make scan-images + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} - name: Publish Image Runtime run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime + dapper -f Dockerfile --target dapper make publish-image-runtime env: DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Checksum run: | - GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum + dapper -f Dockerfile --target dapper make checksum + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GITHUB_ACTION_TAG: ${{ github.ref_name }} - name: Publish Artifacts run: | @@ -126,9 +172,18 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set up buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] + - name: Install Dapper run: | - curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper - name: "Read secrets" @@ -144,3 +199,4 @@ jobs: PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} PATH_USERNAME: ${{ env.PAT_USERNAME }} GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }} + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 58d3588f156..3b4ce5d1ec3 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -28,6 +28,14 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + id: buildx + with: + driver: docker-container + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["mirror.gcr.io"] - name: Find Go Version for Build id: go-finder run: | @@ -39,8 +47,6 @@ jobs: uses: ./.github/actions/setup-go with: go-version: ${{ steps.go-finder.outputs.VERSION_GOLANG }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Install OS Packages run: sudo apt-get install -y libarchive-tools g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64 # Can only upload from a single path, so we need to copy the binary to the image directory @@ -48,11 +54,15 @@ jobs: # just compressed. We remove the rke2-runtime.tar as its not used by the install script. - name: Build RKE2 Binary and Compressed Runtime Image run: | - GOCOVER=true make package-bundle + make package-bundle make package-image-runtime cp ./bin/rke2 ./build/images/rke2 cp ./dist/artifacts/rke2.*-amd64.tar.gz ./build/images/ rm ./build/images/rke2-runtime.tar + env: + BUILDX_BUILDER: ${{ steps.buildx.outputs.name }} + GOCOVER: "true" + - name: Upload RKE2 Binary and Runtime Image uses: actions/upload-artifact@v4 with: @@ -175,4 +185,4 @@ jobs: with: ## If no one connects after 5 minutes, shut down server. wait-timeout-minutes: 5 - limit-access-to-actor: true \ No newline at end of file + limit-access-to-actor: true diff --git a/Dockerfile b/Dockerfile index 76c68c78f7a..24b46c160d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG KUBERNETES_VERSION=dev # Build environment FROM rancher/hardened-build-base:v1.22.4b1 AS build ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH +ENV ARCH="$DAPPER_HOST_ARCH" RUN set -x && \ apk --no-cache add \ bash \ @@ -31,13 +31,13 @@ RUN zypper install -y systemd-rpm-macros # Dapper/Drone/CI environment FROM build AS dapper -ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION BUILDX_BUILDER DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy" RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \ VERSION=0.56.10 OS=linux && \ curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \ @@ -95,8 +95,8 @@ RUN set -x && \ RUN go get github.com/onsi/ginkgo/v2 github.com/onsi/gomega/... RUN GO111MODULE=off GOBIN=/usr/local/bin go get github.com/go-delve/delve/cmd/dlv RUN echo 'alias abort="echo -e '\''q\ny\n'\'' | dlv connect :2345"' >> /root/.bashrc -ENV PATH=/var/lib/rancher/rke2/bin:$PATH -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" VOLUME /var/lib/rancher/rke2 # This makes it so we can run and debug k3s too VOLUME /var/lib/rancher/k3s @@ -156,9 +156,9 @@ COPY build/images/rke2-images.linux-amd64.tar.zst /var/lib/rancher/rke2/agent/im COPY build/images.txt /images.txt # use rke2 bundled binaries -ENV PATH=/var/lib/rancher/rke2/bin:$PATH +ENV PATH="/var/lib/rancher/rke2/bin:$PATH" # for kubectl -ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml +ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml" # for crictl ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock" # for ctr diff --git a/Dockerfile.windows b/Dockerfile.windows index 822e2363a25..91943e677f0 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -6,13 +6,13 @@ RUN apk --no-cache add \ # Dapper/Drone/CI environment FROM rancher/hardened-build-base:v1.21.5b2 AS dapper -ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY ARG DAPPER_HOST_ARCH -ENV ARCH $DAPPER_HOST_ARCH -ENV DAPPER_OUTPUT ./dist ./bin ./build -ENV DAPPER_DOCKER_SOCKET true -ENV DAPPER_TARGET dapper -ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" +ENV ARCH="$DAPPER_HOST_ARCH" +ENV DAPPER_ENV="GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY" +ENV DAPPER_OUTPUT="./dist ./bin ./build" +ENV DAPPER_DOCKER_SOCKET="true" +ENV DAPPER_TARGET="dapper" +ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build" RUN apk update RUN set -x && \ apk add --no-cache \ diff --git a/Makefile b/Makefile index 699d52cd248..0bd447a1026 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ ci-shell: clean .dapper ## Launch a shell in the CI environment @echo '# Run "make dapper-ci" to reproduce CI in this shell #' @echo '######################################################' @echo - ./.dapper -f Dockerfile --target dapper -s + ./.dapper --bake -f Dockerfile --target dapper -s .PHONY: dapper-ci dapper-ci: .ci ## Used by Drone CI, does the same as "ci" but in a Drone way @@ -157,14 +157,14 @@ checksum: ./.dapper: @echo Downloading dapper - @curl -sL https://releases.rancher.com/dapper/v0.5.8/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp + @curl -sL https://github.com/brandond/dapper/releases/download/v0.7.0-bd4/dapper-$$(uname -s)-$$(uname -m) > .dapper.tmp @@chmod +x .dapper.tmp @./.dapper.tmp -v @mv .dapper.tmp .dapper in-docker-%: .dapper ## Advanced: wraps any target in Docker environment, for example: in-docker-build-debug mkdir -p ./bin/ ./dist/ ./build - ./.dapper -f Dockerfile --target dapper make $* + ./.dapper --bake -f Dockerfile --target dapper make $* .PHONY: help help: ## this help diff --git a/scripts/build-image-runtime b/scripts/build-image-runtime index c11896735e3..f258154b28d 100755 --- a/scripts/build-image-runtime +++ b/scripts/build-image-runtime @@ -5,7 +5,7 @@ cd $(dirname $0)/.. source ./scripts/version.sh -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker build \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ @@ -19,7 +19,7 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ . if [ "${GOARCH}" != "s390x" ] && [ "${GOARCH}" != "arm64" ]; then - DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ + docker build \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg MAJOR=${VERSION_MAJOR} \ diff --git a/scripts/build-image-test b/scripts/build-image-test index a3b7ca670aa..aa47b8d311a 100755 --- a/scripts/build-image-test +++ b/scripts/build-image-test @@ -9,7 +9,7 @@ if [ "${GOARCH}" == "s390x" ] || [ "${GOARCH}" == "arm64" ]; then exit 0 fi -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build \ +docker build \ --build-arg TAG=${VERSION} \ --build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \ --build-arg CACHEBUST="$(date +%s%N)" \ diff --git a/scripts/dev-shell-build b/scripts/dev-shell-build index 48c8d1e0e27..0d2ce166ed5 100755 --- a/scripts/dev-shell-build +++ b/scripts/dev-shell-build @@ -10,4 +10,4 @@ if [ ! -d build/images ]; then fi # build the dev shell image -DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker image build -t ${PROG}-dev --target shell . +docker build -t ${PROG}-dev --target shell .