Merge pull request #9180 from cevich/v3.0_static_remote

openshift-merge-robot · web-flow · commit 67d48c56a61f · 2021-02-01T15:42:32.000-05:00
[v3.0] Use cachix for static build &amp; include podman-remote build
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -322,7 +322,7 @@ static_alt_build_task:
         - build
     # Community-maintained task, may fail on occasion.  If so, uncomment
     # the next line and file an issue with details about the failure.
-    allow_failures: $CI == $CI
+    # allow_failures: $CI == $CI
     gce_instance: *bigvm
     env:
         <<: *stdenvars
@@ -331,14 +331,13 @@ static_alt_build_task:
         ALT_NAME: 'Static build'
         # Do not use 'latest', fixed-version tag for runtime stability.
         CTR_FQIN: "docker.io/nixos/nix:2.3.6"
-    # This is critical, it helps to avoid a very lengthy process of
-    # statically building every dependency needed to build podman.
-    # Assuming the dependency and build description hasn't changed,
-    # this cache ensures only the static podman binary is built.
-    nix_cache:
-        folder: '/var/cache/nix'
-        # Cirrus will calculate/use sha of this output as the cache key
-        fingerprint_script: echo "${IMAGE_SUFFIX}" && cat nix/*
+        # Authentication token for pushing the build cache to cachix.
+        # This is critical, it helps to avoid a very lengthy process of
+        # statically building every dependency needed to build podman.
+        # Assuming the pinned nix dependencies in nix/nixpkgs.json have not
+        # changed, this cache will ensure that only the static podman binary is
+        # built.
+        CACHIX_AUTH_TOKEN: ENCRYPTED[df0d4d0a67474e8ea49cc503221dcb912b7e2ba45c8ec4bf2e5fd9c49a18ac21c24bacee59b5393355ed9e4358d2baef]
     setup_script: *setup
     main_script: *main
     always: *binary_artifacts
diff --git a/contrib/cirrus/required_host_ports.txt b/contrib/cirrus/required_host_ports.txt
@@ -2,3 +2,4 @@ github.com 22
 docker.io 443
 quay.io 443
 registry.fedoraproject.org 443
+podman.cachix.org 443
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
@@ -178,15 +178,14 @@ function _run_altbuild() {
             req_env_vars CTR_FQIN
             [[ "$UID" -eq 0 ]] || \
                 die "Static build must execute nixos container as root on host"
-            mkdir -p /var/cache/nix
-            podman run -i --rm -v /var/cache/nix:/mnt/nix:Z \
-                $CTR_FQIN cp -rfT /nix /mnt/nix
-            podman run -i --rm -v /var/cache/nix:/nix:Z \
-                -v $PWD:$PWD:Z -w $PWD $CTR_FQIN \
-                nix --print-build-logs --option cores 4 --option max-jobs 4 \
-                    build --file ./nix/
-            # result symlink is absolute from container perspective :(
-            cp /var/cache/$(readlink result)/bin/podman ./  # for cirrus-ci artifact
+            podman run -i --rm \
+                -e CACHIX_AUTH_TOKEN \
+                -v $PWD:$PWD:Z -w $PWD $CTR_FQIN sh -c \
+                "nix-env -iA cachix -f https://cachix.org/api/v1/install && \
+                 cachix use podman && \
+                 nix-build nix && \
+                 nix-store -qR --include-outputs \$(nix-instantiate nix/default.nix) | grep -v podman | cachix push podman && \
+                 cp -R result/bin ."
             rm result  # makes cirrus puke
             ;;
         *)
diff --git a/nix/default.nix b/nix/default.nix
@@ -49,9 +49,11 @@ let
     buildPhase = ''
       patchShebangs .
       make bin/podman
+      make bin/podman-remote
     '';
     installPhase = ''
       install -Dm755 bin/podman $out/bin/podman
+      install -Dm755 bin/podman-remote $out/bin/podman-remote
     '';
   };
 in self
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/nixos/nixpkgs",
-  "rev": "4a75203f0270f96cbc87f5dfa5d5185690237d87",
-  "date": "2020-12-29T03:18:48+01:00",
-  "path": "/nix/store/scswsm6r4jnhp9ki0f6s81kpj5x6jkn7-nixpkgs",
-  "sha256": "0h70fm9aa7s06wkalbadw70z5rscbs3p6nblb47z523nhlzgjxk9",
+  "rev": "ce7b327a52d1b82f82ae061754545b1c54b06c66",
+  "date": "2021-01-25T11:28:05+01:00",
+  "path": "/nix/store/dpsa6a1sy8hwhwjkklc52brs9z1k5fx9-nixpkgs",
+  "sha256": "1rc4if8nmy9lrig0ddihdwpzg2s8y36vf20hfywb8hph5hpsg4vj",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false
