From 46ae8e9617334e32ad4dbc712243bbf839ac771a Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 14:49:29 +0100 Subject: [PATCH 1/9] Improve --- .github/workflows/docker-build.yml | 83 +++++++++++++++++++++++++----- etl-api/Dockerfile | 5 +- etl-replicator/Dockerfile | 5 +- 3 files changed, 77 insertions(+), 16 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 922a8a09..89ecef6f 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -36,9 +36,19 @@ permissions: contents: read jobs: - docker: - name: Build Docker Image - runs-on: ubuntu-latest + # Build each platform natively on its own runner + build-platform: + name: Build ${{ matrix.platform }} Image + runs-on: ${{ matrix.runner }} + strategy: + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + arch: amd64 + - platform: linux/arm64 + runner: ubuntu-24.04-arm + arch: arm64 steps: - name: Checkout (specific ref) if: inputs.checkout_ref != '' @@ -66,11 +76,11 @@ jobs: with: images: ${{ inputs.image }} tags: | - type=raw,value=latest - type=sha,format=long,prefix= - ${{ inputs.tag_with_version && format('type=raw,value=v{0}', inputs.version) || '' }} + type=raw,value=latest-${{ matrix.arch }} + type=sha,format=long,prefix=,suffix=-${{ matrix.arch }} + ${{ inputs.tag_with_version && format('type=raw,value=v{0}-{1}', inputs.version, matrix.arch) || '' }} - - name: Build and Push Image + - name: Build and Push Single-Platform Image id: build uses: docker/build-push-action@v5 with: @@ -78,21 +88,70 @@ jobs: file: ${{ inputs.file }} push: ${{ inputs.push }} tags: ${{ steps.meta.outputs.tags }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max + platforms: ${{ matrix.platform }} + cache-from: type=gha,scope=${{ matrix.arch }} + cache-to: type=gha,mode=max,scope=${{ matrix.arch }} + provenance: false + + # Create multi-arch manifest combining both platforms + create-manifest: + name: Create Multi-Arch Manifest + needs: build-platform + runs-on: ubuntu-latest + if: inputs.push == true + steps: + - name: Checkout (specific ref) + if: inputs.checkout_ref != '' + uses: actions/checkout@v4 + with: + ref: ${{ inputs.checkout_ref }} + + - name: Checkout (default) + if: inputs.checkout_ref == '' + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Create and Push Multi-Arch Manifest + run: | + IMAGE="${{ inputs.image }}" + FULL_SHA=$(git rev-parse HEAD) + + # Create manifest for latest + docker buildx imagetools create -t "${IMAGE}:latest" \ + "${IMAGE}:latest-amd64" \ + "${IMAGE}:latest-arm64" + + # Create manifest for SHA + docker buildx imagetools create -t "${IMAGE}:${FULL_SHA}" \ + "${IMAGE}:${FULL_SHA}-amd64" \ + "${IMAGE}:${FULL_SHA}-arm64" + + # Create manifest for version if needed + if [ "${{ inputs.tag_with_version }}" = "true" ] && [ -n "${{ inputs.version }}" ]; then + docker buildx imagetools create -t "${IMAGE}:v${{ inputs.version }}" \ + "${IMAGE}:v${{ inputs.version }}-amd64" \ + "${IMAGE}:v${{ inputs.version }}-arm64" + fi - name: Output Image Information run: | IMAGE="${{ inputs.image }}" NAME="${IMAGE##*/}" - # Derive SHA from the checked-out ref to ensure correctness. FULL_SHA=$(git rev-parse HEAD) TAGS="latest, ${FULL_SHA}" if [ "${{ inputs.tag_with_version }}" = "true" ] && [ -n "${{ inputs.version }}" ]; then TAGS="${TAGS}, v${{ inputs.version }}" fi HUB_PATH=$(echo "${IMAGE}" | sed -E 's@^docker\.io/@@') - echo "✅ Successfully built and pushed ${NAME} image" + echo "✅ Successfully built and pushed ${NAME} multi-arch image" echo "🏷️ Tags: ${TAGS}" + echo "🏗️ Platforms: linux/amd64, linux/arm64" echo "🔗 View at: https://hub.docker.com/r/${HUB_PATH}" diff --git a/etl-api/Dockerfile b/etl-api/Dockerfile index 757819e8..ebc2e751 100644 --- a/etl-api/Dockerfile +++ b/etl-api/Dockerfile @@ -1,5 +1,6 @@ # Build stage with cargo-chef for better layer caching -FROM --platform=$BUILDPLATFORM lukemathwalker/cargo-chef:latest-rust-1.88.0-slim-bookworm AS chef +# Native build: each runner builds for its own architecture +FROM lukemathwalker/cargo-chef:latest-rust-1.88.0-slim-bookworm AS chef WORKDIR /app # Install system dependencies @@ -11,7 +12,7 @@ RUN cargo chef prepare --recipe-path recipe.json FROM chef AS builder ARG TARGETPLATFORM ARG BUILDPLATFORM -RUN echo "Running on $BUILDPLATFORM, building for $TARGETPLATFORM" +RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/lib/apt/lists/* COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json diff --git a/etl-replicator/Dockerfile b/etl-replicator/Dockerfile index b8e20a34..abaa5ed2 100644 --- a/etl-replicator/Dockerfile +++ b/etl-replicator/Dockerfile @@ -1,5 +1,6 @@ # Build stage with cargo-chef for better layer caching -FROM --platform=$BUILDPLATFORM lukemathwalker/cargo-chef:latest-rust-1.88.0-slim-bookworm AS chef +# Native build: each runner builds for its own architecture +FROM lukemathwalker/cargo-chef:latest-rust-1.88.0-slim-bookworm AS chef WORKDIR /app # Install system dependencies @@ -11,7 +12,7 @@ RUN cargo chef prepare --recipe-path recipe.json FROM chef AS builder ARG TARGETPLATFORM ARG BUILDPLATFORM -RUN echo "Running on $BUILDPLATFORM, building for $TARGETPLATFORM" +RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" # TODO: remove protobuf-compiler once the upstream gcp-bigquery-client remove it from its deps RUN apt-get update && apt-get install -y pkg-config libssl-dev protobuf-compiler clang && rm -rf /var/lib/apt/lists/* COPY --from=planner /app/recipe.json recipe.json From 89d19cd1196570b1b498ea2e6698407068635e74 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 15:16:18 +0100 Subject: [PATCH 2/9] Improve --- .cargo/config.toml | 12 +++++ .github/workflows/docker-build.yml | 75 +++++++++++++++++++----------- Cargo.toml | 9 ++++ etl-api/Dockerfile | 20 ++++++-- etl-replicator/Dockerfile | 21 +++++++-- 5 files changed, 101 insertions(+), 36 deletions(-) create mode 100644 .cargo/config.toml diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 00000000..c1f88301 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,12 @@ +# Use mold linker on Linux for significantly faster linking (3-5x faster) +# mold must be installed: https://github.com/rui314/mold +[target.x86_64-unknown-linux-gnu] +linker = "clang" +rustflags = ["-C", "link-arg=-fuse-ld=mold"] + +[target.aarch64-unknown-linux-gnu] +linker = "clang" +rustflags = ["-C", "link-arg=-fuse-ld=mold"] + +# Increase incremental compilation cache (speeds up rebuilds) +incremental = true diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 89ecef6f..172ed1eb 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -49,6 +49,9 @@ jobs: - platform: linux/arm64 runner: ubuntu-24.04-arm arch: arm64 + outputs: + digest-amd64: ${{ steps.export-digest.outputs.digest-amd64 }} + digest-arm64: ${{ steps.export-digest.outputs.digest-arm64 }} steps: - name: Checkout (specific ref) if: inputs.checkout_ref != '' @@ -70,16 +73,6 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Docker Metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ inputs.image }} - tags: | - type=raw,value=latest-${{ matrix.arch }} - type=sha,format=long,prefix=,suffix=-${{ matrix.arch }} - ${{ inputs.tag_with_version && format('type=raw,value=v{0}-{1}', inputs.version, matrix.arch) || '' }} - - name: Build and Push Single-Platform Image id: build uses: docker/build-push-action@v5 @@ -87,11 +80,29 @@ jobs: context: ${{ inputs.context }} file: ${{ inputs.file }} push: ${{ inputs.push }} - tags: ${{ steps.meta.outputs.tags }} platforms: ${{ matrix.platform }} cache-from: type=gha,scope=${{ matrix.arch }} cache-to: type=gha,mode=max,scope=${{ matrix.arch }} provenance: false + outputs: type=image,name=${{ inputs.image }},push-by-digest=true,name-canonical=true + + - name: Export Digest + id: export-digest + if: inputs.push == true + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + echo "digest-${{ matrix.arch }}=$digest" >> "$GITHUB_OUTPUT" + + - name: Upload Digest + if: inputs.push == true + uses: actions/upload-artifact@v4 + with: + name: digests-${{ matrix.arch }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 # Create multi-arch manifest combining both platforms create-manifest: @@ -100,15 +111,12 @@ jobs: runs-on: ubuntu-latest if: inputs.push == true steps: - - name: Checkout (specific ref) - if: inputs.checkout_ref != '' - uses: actions/checkout@v4 + - name: Download Digests + uses: actions/download-artifact@v4 with: - ref: ${{ inputs.checkout_ref }} - - - name: Checkout (default) - if: inputs.checkout_ref == '' - uses: actions/checkout@v4 + path: /tmp/digests + pattern: digests-* + merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -119,26 +127,37 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Checkout (specific ref) + if: inputs.checkout_ref != '' + uses: actions/checkout@v4 + with: + ref: ${{ inputs.checkout_ref }} + + - name: Checkout (default) + if: inputs.checkout_ref == '' + uses: actions/checkout@v4 + - name: Create and Push Multi-Arch Manifest run: | IMAGE="${{ inputs.image }}" FULL_SHA=$(git rev-parse HEAD) + # Prepare digest list for imagetools + DIGEST_LIST="" + for digest_file in /tmp/digests/*; do + digest="sha256:$(basename "$digest_file")" + DIGEST_LIST="${DIGEST_LIST} ${IMAGE}@${digest}" + done + # Create manifest for latest - docker buildx imagetools create -t "${IMAGE}:latest" \ - "${IMAGE}:latest-amd64" \ - "${IMAGE}:latest-arm64" + docker buildx imagetools create -t "${IMAGE}:latest" ${DIGEST_LIST} # Create manifest for SHA - docker buildx imagetools create -t "${IMAGE}:${FULL_SHA}" \ - "${IMAGE}:${FULL_SHA}-amd64" \ - "${IMAGE}:${FULL_SHA}-arm64" + docker buildx imagetools create -t "${IMAGE}:${FULL_SHA}" ${DIGEST_LIST} # Create manifest for version if needed if [ "${{ inputs.tag_with_version }}" = "true" ] && [ -n "${{ inputs.version }}" ]; then - docker buildx imagetools create -t "${IMAGE}:v${{ inputs.version }}" \ - "${IMAGE}:v${{ inputs.version }}-amd64" \ - "${IMAGE}:v${{ inputs.version }}-arm64" + docker buildx imagetools create -t "${IMAGE}:v${{ inputs.version }}" ${DIGEST_LIST} fi - name: Output Image Information diff --git a/Cargo.toml b/Cargo.toml index c68c3fb3..095ee0ff 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -84,3 +84,12 @@ x509-cert = { version = "0.2.2", default-features = false } [profile.bench] debug = true + +[profile.release] +# Link-time optimization: enables better cross-crate optimizations +# "thin" provides ~80-90% of "fat" benefits with much faster compile times +lto = "thin" +# Default codegen-units for balanced build time and performance +codegen-units = 16 +# Maximum optimization level for best runtime performance +opt-level = 3 diff --git a/etl-api/Dockerfile b/etl-api/Dockerfile index ebc2e751..9ba0f98e 100644 --- a/etl-api/Dockerfile +++ b/etl-api/Dockerfile @@ -13,15 +13,27 @@ FROM chef AS builder ARG TARGETPLATFORM ARG BUILDPLATFORM RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" -RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/lib/apt/lists/* + +# Install build dependencies including mold linker for faster linking +RUN apt-get update && \ + apt-get install -y \ + pkg-config \ + libssl-dev \ + clang \ + mold && \ + rm -rf /var/lib/apt/lists/* + +# Copy cargo config for build optimizations (mold linker, etc.) +COPY .cargo/config.toml /app/.cargo/config.toml + COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json -# Build application +# Build application with optimizations +# The release profile in Cargo.toml handles: thin LTO, strip, opt-level=3 COPY . . ENV SQLX_OFFLINE=true -RUN cargo build --release -p etl-api && \ - strip target/release/etl-api +RUN cargo build --release -p etl-api # Runtime stage with distroless for security FROM gcr.io/distroless/cc-debian12:nonroot diff --git a/etl-replicator/Dockerfile b/etl-replicator/Dockerfile index abaa5ed2..c3eb7905 100644 --- a/etl-replicator/Dockerfile +++ b/etl-replicator/Dockerfile @@ -13,15 +13,28 @@ FROM chef AS builder ARG TARGETPLATFORM ARG BUILDPLATFORM RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" + +# Install build dependencies including mold linker for faster linking # TODO: remove protobuf-compiler once the upstream gcp-bigquery-client remove it from its deps -RUN apt-get update && apt-get install -y pkg-config libssl-dev protobuf-compiler clang && rm -rf /var/lib/apt/lists/* +RUN apt-get update && \ + apt-get install -y \ + pkg-config \ + libssl-dev \ + protobuf-compiler \ + clang \ + mold && \ + rm -rf /var/lib/apt/lists/* + +# Copy cargo config for build optimizations (mold linker, etc.) +COPY .cargo/config.toml /app/.cargo/config.toml + COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json -# Build application +# Build application with optimizations +# The release profile in Cargo.toml handles: thin LTO, strip, opt-level=3 COPY . . -RUN RUSTFLAGS="-C panic=abort" cargo build --release -p etl-replicator && \ - strip target/release/etl-replicator +RUN cargo build --release -p etl-replicator # Runtime stage with distroless for security FROM gcr.io/distroless/cc-debian12:nonroot From 8966ccf4524b1ace6b02872234eb1042ae7a7933 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 15:18:26 +0100 Subject: [PATCH 3/9] Improve --- .cargo/config.toml | 22 ++++++++++++++++++---- etl-api/Dockerfile | 4 +++- etl-replicator/Dockerfile | 4 +++- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index c1f88301..c0e0dc25 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,12 +1,26 @@ -# Use mold linker on Linux for significantly faster linking (3-5x faster) -# mold must be installed: https://github.com/rui314/mold +# Linker Configuration +# Using lld as default (widely available, 1.5-2x faster than ld) +# Upgrade to mold for 3-5x faster linking if available on your system + [target.x86_64-unknown-linux-gnu] linker = "clang" -rustflags = ["-C", "link-arg=-fuse-ld=mold"] +rustflags = ["-C", "link-arg=-fuse-ld=lld"] [target.aarch64-unknown-linux-gnu] linker = "clang" -rustflags = ["-C", "link-arg=-fuse-ld=mold"] +rustflags = ["-C", "link-arg=-fuse-ld=lld"] + +# Optional: Upgrade to mold linker (fastest, but requires installation) +# Uncomment these sections and comment out lld sections above if mold is installed +# Install: https://github.com/rui314/mold +# +# [target.x86_64-unknown-linux-gnu] +# linker = "clang" +# rustflags = ["-C", "link-arg=-fuse-ld=mold"] +# +# [target.aarch64-unknown-linux-gnu] +# linker = "clang" +# rustflags = ["-C", "link-arg=-fuse-ld=mold"] # Increase incremental compilation cache (speeds up rebuilds) incremental = true diff --git a/etl-api/Dockerfile b/etl-api/Dockerfile index 9ba0f98e..8ad287f6 100644 --- a/etl-api/Dockerfile +++ b/etl-api/Dockerfile @@ -20,11 +20,13 @@ RUN apt-get update && \ pkg-config \ libssl-dev \ clang \ + lld \ mold && \ rm -rf /var/lib/apt/lists/* -# Copy cargo config for build optimizations (mold linker, etc.) +# Copy cargo config and override linker to use mold (fastest option in controlled Docker environment) COPY .cargo/config.toml /app/.cargo/config.toml +RUN sed -i 's/link-arg=-fuse-ld=lld/link-arg=-fuse-ld=mold/g' /app/.cargo/config.toml COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json diff --git a/etl-replicator/Dockerfile b/etl-replicator/Dockerfile index c3eb7905..b731f745 100644 --- a/etl-replicator/Dockerfile +++ b/etl-replicator/Dockerfile @@ -22,11 +22,13 @@ RUN apt-get update && \ libssl-dev \ protobuf-compiler \ clang \ + lld \ mold && \ rm -rf /var/lib/apt/lists/* -# Copy cargo config for build optimizations (mold linker, etc.) +# Copy cargo config and override linker to use mold (fastest option in controlled Docker environment) COPY .cargo/config.toml /app/.cargo/config.toml +RUN sed -i 's/link-arg=-fuse-ld=lld/link-arg=-fuse-ld=mold/g' /app/.cargo/config.toml COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json From 039defe0d97fdf68f92d2f58ca39dae4e4d52fbd Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 15:19:51 +0100 Subject: [PATCH 4/9] Improve --- .cargo/config.toml | 18 ++---------------- etl-api/Dockerfile | 8 +++----- etl-replicator/Dockerfile | 8 +++----- 3 files changed, 8 insertions(+), 26 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index c0e0dc25..bb9764b3 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,7 +1,5 @@ -# Linker Configuration -# Using lld as default (widely available, 1.5-2x faster than ld) -# Upgrade to mold for 3-5x faster linking if available on your system - +# Use lld linker for faster linking (1.5-2x faster than default ld) +# lld is part of the LLVM toolchain and widely available [target.x86_64-unknown-linux-gnu] linker = "clang" rustflags = ["-C", "link-arg=-fuse-ld=lld"] @@ -10,17 +8,5 @@ rustflags = ["-C", "link-arg=-fuse-ld=lld"] linker = "clang" rustflags = ["-C", "link-arg=-fuse-ld=lld"] -# Optional: Upgrade to mold linker (fastest, but requires installation) -# Uncomment these sections and comment out lld sections above if mold is installed -# Install: https://github.com/rui314/mold -# -# [target.x86_64-unknown-linux-gnu] -# linker = "clang" -# rustflags = ["-C", "link-arg=-fuse-ld=mold"] -# -# [target.aarch64-unknown-linux-gnu] -# linker = "clang" -# rustflags = ["-C", "link-arg=-fuse-ld=mold"] - # Increase incremental compilation cache (speeds up rebuilds) incremental = true diff --git a/etl-api/Dockerfile b/etl-api/Dockerfile index 8ad287f6..3c4d7eb8 100644 --- a/etl-api/Dockerfile +++ b/etl-api/Dockerfile @@ -14,19 +14,17 @@ ARG TARGETPLATFORM ARG BUILDPLATFORM RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" -# Install build dependencies including mold linker for faster linking +# Install build dependencies including lld linker for faster linking RUN apt-get update && \ apt-get install -y \ pkg-config \ libssl-dev \ clang \ - lld \ - mold && \ + lld && \ rm -rf /var/lib/apt/lists/* -# Copy cargo config and override linker to use mold (fastest option in controlled Docker environment) +# Copy cargo config for build optimizations (lld linker, etc.) COPY .cargo/config.toml /app/.cargo/config.toml -RUN sed -i 's/link-arg=-fuse-ld=lld/link-arg=-fuse-ld=mold/g' /app/.cargo/config.toml COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json diff --git a/etl-replicator/Dockerfile b/etl-replicator/Dockerfile index b731f745..b0968f27 100644 --- a/etl-replicator/Dockerfile +++ b/etl-replicator/Dockerfile @@ -14,7 +14,7 @@ ARG TARGETPLATFORM ARG BUILDPLATFORM RUN echo "Native build on $BUILDPLATFORM for $TARGETPLATFORM" -# Install build dependencies including mold linker for faster linking +# Install build dependencies including lld linker for faster linking # TODO: remove protobuf-compiler once the upstream gcp-bigquery-client remove it from its deps RUN apt-get update && \ apt-get install -y \ @@ -22,13 +22,11 @@ RUN apt-get update && \ libssl-dev \ protobuf-compiler \ clang \ - lld \ - mold && \ + lld && \ rm -rf /var/lib/apt/lists/* -# Copy cargo config and override linker to use mold (fastest option in controlled Docker environment) +# Copy cargo config for build optimizations (lld linker, etc.) COPY .cargo/config.toml /app/.cargo/config.toml -RUN sed -i 's/link-arg=-fuse-ld=lld/link-arg=-fuse-ld=mold/g' /app/.cargo/config.toml COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json From 51d2af8c188cb138c4e05b7dc6eeb6eb80e88c43 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 15:29:05 +0100 Subject: [PATCH 5/9] Improve --- .cargo/config.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index bb9764b3..de20d2e0 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -7,6 +7,3 @@ rustflags = ["-C", "link-arg=-fuse-ld=lld"] [target.aarch64-unknown-linux-gnu] linker = "clang" rustflags = ["-C", "link-arg=-fuse-ld=lld"] - -# Increase incremental compilation cache (speeds up rebuilds) -incremental = true From 4fe19d81aa71fc1dc0ee61a2ba57e2d138b4d437 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 16:03:26 +0100 Subject: [PATCH 6/9] Improve --- .github/workflows/docker-build.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 172ed1eb..0a9b40e9 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -52,7 +52,15 @@ jobs: outputs: digest-amd64: ${{ steps.export-digest.outputs.digest-amd64 }} digest-arm64: ${{ steps.export-digest.outputs.digest-arm64 }} + image-name: ${{ steps.extract-name.outputs.name }} steps: + - name: Extract Image Name + id: extract-name + run: | + IMAGE="${{ inputs.image }}" + NAME="${IMAGE##*/}" + echo "name=$NAME" >> "$GITHUB_OUTPUT" + - name: Checkout (specific ref) if: inputs.checkout_ref != '' uses: actions/checkout@v4 @@ -99,7 +107,7 @@ jobs: if: inputs.push == true uses: actions/upload-artifact@v4 with: - name: digests-${{ matrix.arch }} + name: digests-${{ steps.extract-name.outputs.name }}-${{ matrix.arch }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -111,11 +119,18 @@ jobs: runs-on: ubuntu-latest if: inputs.push == true steps: + - name: Extract Image Name + id: extract-name + run: | + IMAGE="${{ inputs.image }}" + NAME="${IMAGE##*/}" + echo "name=$NAME" >> "$GITHUB_OUTPUT" + - name: Download Digests uses: actions/download-artifact@v4 with: path: /tmp/digests - pattern: digests-* + pattern: digests-${{ steps.extract-name.outputs.name }}-* merge-multiple: true - name: Set up Docker Buildx From 89d908df7251349f8fe79d71784d8ae87b8e4719 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Mon, 3 Nov 2025 17:46:51 +0100 Subject: [PATCH 7/9] Improve --- .github/workflows/docker-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 0a9b40e9..a8ae28c1 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -100,7 +100,7 @@ jobs: run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" + echo "$digest" > "/tmp/digests/${{ matrix.arch }}.txt" echo "digest-${{ matrix.arch }}=$digest" >> "$GITHUB_OUTPUT" - name: Upload Digest @@ -159,8 +159,8 @@ jobs: # Prepare digest list for imagetools DIGEST_LIST="" - for digest_file in /tmp/digests/*; do - digest="sha256:$(basename "$digest_file")" + for digest_file in /tmp/digests/*.txt; do + digest=$(cat "$digest_file") DIGEST_LIST="${DIGEST_LIST} ${IMAGE}@${digest}" done From 6c3b78eaebaa8c451e6a415a878f5ec665481b46 Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Tue, 4 Nov 2025 08:51:21 +0100 Subject: [PATCH 8/9] Improve --- .github/workflows/docker-build.yml | 1 + etl-api/Dockerfile | 3 ++- etl-replicator/Dockerfile | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index a8ae28c1..33bc80b0 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -34,6 +34,7 @@ on: permissions: contents: read + actions: write jobs: # Build each platform natively on its own runner diff --git a/etl-api/Dockerfile b/etl-api/Dockerfile index 3c4d7eb8..02e92a6f 100644 --- a/etl-api/Dockerfile +++ b/etl-api/Dockerfile @@ -33,7 +33,8 @@ RUN cargo chef cook --release --recipe-path recipe.json # The release profile in Cargo.toml handles: thin LTO, strip, opt-level=3 COPY . . ENV SQLX_OFFLINE=true -RUN cargo build --release -p etl-api +RUN cargo build --release -p etl-api && \ + strip target/release/etl-api # Runtime stage with distroless for security FROM gcr.io/distroless/cc-debian12:nonroot diff --git a/etl-replicator/Dockerfile b/etl-replicator/Dockerfile index b0968f27..56e8134e 100644 --- a/etl-replicator/Dockerfile +++ b/etl-replicator/Dockerfile @@ -34,7 +34,8 @@ RUN cargo chef cook --release --recipe-path recipe.json # Build application with optimizations # The release profile in Cargo.toml handles: thin LTO, strip, opt-level=3 COPY . . -RUN cargo build --release -p etl-replicator +RUN RUSTFLAGS="-C panic=abort" cargo build --release -p etl-replicator && \ + strip target/release/etl-replicator # Runtime stage with distroless for security FROM gcr.io/distroless/cc-debian12:nonroot From 4f0c587d7b6397bcfc2c3cc3237978fd282f4bec Mon Sep 17 00:00:00 2001 From: Riccardo Busetti Date: Tue, 4 Nov 2025 08:56:01 +0100 Subject: [PATCH 9/9] Improve --- .github/workflows/docker-ci.yml | 1 + .github/workflows/release.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index e032fa8e..d40b4295 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -12,6 +12,7 @@ on: permissions: contents: read + actions: write jobs: resolve-ref: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7366661f..56d9f3a4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,6 +17,7 @@ on: permissions: contents: write + actions: write jobs: version: