build: Optionally use git for all docker builds with BUILDKIT #11513
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrajahalme
added
kind/enhancement
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
from
5b899d0
to
232658f
Compare
|
test-me-please |
|
Failed on K8s-1.11-Kernel-netnext: I did see this once locally as well, maybe DOCKER_BUILDKIT is not good for prime time yet? |
aanm
reviewed
May 13, 2020
| @@ -1,6 +1,9 @@ | |||
| # | |||
There was a problem hiding this comment.
I have to ask, why the # on top of all files?
There was a problem hiding this comment.
It makes it a bit easier to add the required stanza to the first line without risk of doing it if the Dockerfile already contains it.
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
from
232658f
to
9e183d2
Compare
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
from
9e183d2
to
5999d7a
Compare
|
test-me-please |
1 similar comment
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
2 times, most recently
from
0ed7685
to
00f14f3
Compare
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
from
00f14f3
to
f4d9fd2
Compare
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
from
f4d9fd2
to
10c0579
Compare
|
test-me-please |
Makefile
Outdated
| ifdef DOCKER_BUILDKIT | ||
| # Export with value expected by docker | ||
| export DOCKER_BUILDKIT=1 | ||
| BUILDKIT_DOCKERFILE_FILTER := | sed -e "1s|^\#.*|\# syntax = docker/dockerfile:experimental|" -e "s|^RUN\(.*\)make|RUN --mount=type=cache,target=/root/.cache/go-build\1make|" |
There was a problem hiding this comment.
I would much rather see this added permanently, what earliest version of Docker supports this option?
There was a problem hiding this comment.
I spoke with @nebril and it sounds like upgrading Docker in Jenkins wouldn't be a big deal :)
There was a problem hiding this comment.
dev VM has docker 19.03 and it still has a bug where it sometimes fails to pull the base image on the FROM line, behaving as if it was pulled, but then "make" or "/bin/sh" can't be found (see @joestringer's comments below). At the least, enabling DOCKER_BUILDKIT in the CI takes some testing in addition updates (if needed).
|
@tklauser This is ready to merge. |
joestringer
deleted the
pr/jrajahalme/docker-use-buildkit-also-for-non-dev-builds
branch
jrajahalme
added a commit
that referenced
this pull request
Jun 16, 2020
Remove support for user-defined build dir paths when using Docker buildkit. This was dangerous as there was no easy way to make sure the user supplied paths were pointing to directories that can be safely deleted and overwritten. Expand the BUILD_DIR and DOCKER_BUILD_DIR in Makefile.buildkit to make it easier to understand and to protect against accidental damage when BUILD_DIR = '.', which would mess up user's main git repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
added a commit
that referenced
this pull request
Jun 16, 2020
Docker buildkit often fails to actaully pull the FROM image and then fails wit errors like: > [builder 4/4] RUN make ... clean-container build-container install-container: #13 0.344 /bin/sh: 1: make: not found Fix this by pulling all FROM images before docker build. This depends on the FROM image names not be based on build ARGs, which is the case for all the current Dockerfiles in the repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
added a commit
that referenced
this pull request
Jun 16, 2020
'make' builds the first target, make sure 'all' is the first target regardless what is defined in the included makefiles. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
added a commit
that referenced
this pull request
Jun 16, 2020
Use BPF_SRCFILES to compute CILIUM_DATAPATH_SHA as BPF_FILES is not available in the buildkit context due to buildkit context not having the '.git' directory. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
added a commit
that referenced
this pull request
Jun 16, 2020
_build directory may already exist, and the shallow clone may already have been applied, so don't fail if git clone fails. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
nebril
pushed a commit
that referenced
this pull request
Jun 20, 2020
Remove support for user-defined build dir paths when using Docker buildkit. This was dangerous as there was no easy way to make sure the user supplied paths were pointing to directories that can be safely deleted and overwritten. Expand the BUILD_DIR and DOCKER_BUILD_DIR in Makefile.buildkit to make it easier to understand and to protect against accidental damage when BUILD_DIR = '.', which would mess up user's main git repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
nebril
pushed a commit
that referenced
this pull request
Jun 20, 2020
Docker buildkit often fails to actaully pull the FROM image and then fails wit errors like: > [builder 4/4] RUN make ... clean-container build-container install-container: #13 0.344 /bin/sh: 1: make: not found Fix this by pulling all FROM images before docker build. This depends on the FROM image names not be based on build ARGs, which is the case for all the current Dockerfiles in the repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
nebril
pushed a commit
that referenced
this pull request
Jun 20, 2020
'make' builds the first target, make sure 'all' is the first target regardless what is defined in the included makefiles. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
nebril
pushed a commit
that referenced
this pull request
Jun 20, 2020
Use BPF_SRCFILES to compute CILIUM_DATAPATH_SHA as BPF_FILES is not available in the buildkit context due to buildkit context not having the '.git' directory. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
nebril
pushed a commit
that referenced
this pull request
Jun 20, 2020
_build directory may already exist, and the shallow clone may already have been applied, so don't fail if git clone fails. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
aanm
pushed a commit
that referenced
this pull request
Jun 21, 2020
[ upstream commit 4167a4c ] Remove support for user-defined build dir paths when using Docker buildkit. This was dangerous as there was no easy way to make sure the user supplied paths were pointing to directories that can be safely deleted and overwritten. Expand the BUILD_DIR and DOCKER_BUILD_DIR in Makefile.buildkit to make it easier to understand and to protect against accidental damage when BUILD_DIR = '.', which would mess up user's main git repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
aanm
pushed a commit
that referenced
this pull request
Jun 21, 2020
[ upstream commit ae5d7c1 ] Docker buildkit often fails to actaully pull the FROM image and then fails wit errors like: > [builder 4/4] RUN make ... clean-container build-container install-container: #13 0.344 /bin/sh: 1: make: not found Fix this by pulling all FROM images before docker build. This depends on the FROM image names not be based on build ARGs, which is the case for all the current Dockerfiles in the repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
aanm
pushed a commit
that referenced
this pull request
Jun 22, 2020
[ upstream commit 4167a4c ] Remove support for user-defined build dir paths when using Docker buildkit. This was dangerous as there was no easy way to make sure the user supplied paths were pointing to directories that can be safely deleted and overwritten. Expand the BUILD_DIR and DOCKER_BUILD_DIR in Makefile.buildkit to make it easier to understand and to protect against accidental damage when BUILD_DIR = '.', which would mess up user's main git repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
aanm
pushed a commit
that referenced
this pull request
Jun 22, 2020
[ upstream commit ae5d7c1 ] Docker buildkit often fails to actaully pull the FROM image and then fails wit errors like: > [builder 4/4] RUN make ... clean-container build-container install-container: #13 0.344 /bin/sh: 1: make: not found Fix this by pulling all FROM images before docker build. This depends on the FROM image names not be based on build ARGs, which is the case for all the current Dockerfiles in the repo. Fixes: #11513 Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: André Martins <andre@cilium.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make building with DOCKER_BUILDKIT and using a shallow git clone as
the build context opt-in: the developer must define DOCKER_BUILDKIT to
use these. When DOCKER_BUILDKIT is defined, the following takes place:
used. This makes sure the build context only contains the files in git
and none of the other files that may exist in the working
directory. '_build' in the repo is used as the root of the build
directory by default (can be overridden by defining BUILD_DIR). A
shallow bare git clone of the main repo is created in '_build/.git',
which is checked out into '_build/context'.
The build context is subsequently synced with git fetch to avoid
overwriting all files. This makes docker build context sync much
faster and allows docker to use cached build stages.
The .git directory is left out of the build context, so that any
changes in there will not affect docker build stage caching. During
the build context sync a file '_build/context/.git' points to
'build.git', but that is removed before the context is handed to
docker.
BUILD_DIR can be passed in to specify an alternate build root
(replacing the default '_build'). This is beneficial in keeping the
main repo directory cleaner, and also to avoid slow file I/O in a
shared file system (e.g, between the host and a CI VM).
A new make target
verycleanthat guts docker caches has been added.This may help resolve the issue where Docker fails to actually load an image
(e.g., cilium-builder) which leads to weird issues like
/bin/shnot found.Testing this on a MacBook Pro yielded the following results:
Before these changes:
$ time make docker-image
8m17.558s
After:
$ time make docker-image
5m35.515s
$ DOCKER_BUILDKIT=1 time make docker-image
2m49.41s
Fixes: #11443