Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[wip] github-actions: use cache-image in devshell workflow #3798

Draft
wants to merge 11 commits into
base: master
Choose a base branch
from
Draft
67 changes: 67 additions & 0 deletions .github/workflows/dbld-images.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Compile dbld-images

on:
pull_request:
push:
paths:
- .github/workflows/dbld-images.yml
# List is from dbld/rules cache-image-% "WATCHED_FILES"
- "dbld/**"
- "packaging/rhel/syslog-ng.spec"
- "packaging/debian/control"
schedule:
- cron: '00 03 * * *'
workflow_dispatch:
inputs:
upload_images:
description: Should we upload the images into GitHub Packages? (true/false)
required: false
default: "false"

jobs:

build:
runs-on: ubuntu-latest
env:
CONTAINER_REGISTRY: "ghcr.io/${{ github.repository_owner }}"

steps:
- name: Checkout source code
uses: actions/checkout@v2

- name: Build the images
run: dbld/rules images -j $(nproc)

- name: Should we upload the images?
run: |
if [ "${{ github.event.inputs.upload_images }}" = "true" ] || \
( \
[ "${{ github.repository_owner }}" = "syslog-ng" ] && \
[ "${{ github.ref }}" = "refs/heads/master" ] && \
[ "${{ github.event_name }}" = "push" ] \
)
then
UPLOAD_IMAGES_INTERNAL="true"
else
UPLOAD_IMAGES_INTERNAL="false"
fi

. .github/workflows/gh-tools.sh
gh_export UPLOAD_IMAGES_INTERNAL

- name: Log in to the Container registry
if: env.UPLOAD_IMAGES_INTERNAL == 'true'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push the images
if: env.UPLOAD_IMAGES_INTERNAL == 'true'
run: |
IMAGES=$(docker image ls --filter "reference=${{ env.CONTAINER_REGISTRY }}/dbld-*:latest" --format '{{.Repository}}:{{.Tag}}')
for IMAGE in $IMAGES; do
echo "Pushing image: $IMAGE"
docker push $IMAGE
done
95 changes: 84 additions & 11 deletions .github/workflows/devshell.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,77 @@
name: CI @ devshell

on:
pull_request:
pull_request_target:
push:
schedule:
- cron: '00 21 * * *'

jobs:
cache-image-devshell:
runs-on: ubuntu-latest

outputs:
docker-image: ${{ steps.determine-actual-image.outputs.docker-image }}

env:
CACHED_IMAGE_NAME: ghcr.io/syslog-ng/dbld-devshell:latest

steps:
- name: Checkout syslog-ng source
uses: actions/checkout@v2

- name: Determine cached image ID
run: |
./dbld/rules pull-image-devshell || true # remove the || true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a left-in TODO?

CACHED_IMAGE_ID=$(docker images -q ${CACHED_IMAGE_NAME})

. .github/workflows/gh-tools.sh
gh_export CACHED_IMAGE_ID

- name: cache-image-devshell
run: |
./dbld/rules cache-image-devshell

- name: Determine actual image
id: determine-actual-image
run: |
CURRENT_IMAGE_ID=$(docker images -q ${CACHED_IMAGE_NAME})
if [[ "${CURRENT_IMAGE_ID}" == "${CACHED_IMAGE_ID}" ]]
then
DOCKER_IMAGE=${CACHED_IMAGE_NAME}
USE_CACHED_IMAGE=true
else
DOCKER_IMAGE=ghcr.io/${{ github.actor }}/dbld-devshell:ci-${{ github.run_id }}
USE_CACHED_IMAGE=false
docker tag ${CACHED_IMAGE_NAME} ${DOCKER_IMAGE}
fi

echo "Using image: ${DOCKER_IMAGE}"

. .github/workflows/gh-tools.sh
gh_export USE_CACHED_IMAGE
echo "::set-output name=docker-image::${DOCKER_IMAGE}"

- name: Log in to the Container registry
if: env.USE_CACHED_IMAGE == 'false'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Upload the temporary docker image
if: env.USE_CACHED_IMAGE == 'false'
run: |
docker push ${{ steps.determine-actual-image.outputs.docker-image }}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we push this logic into dbld/rules itself?

I mean:

  1. we already have a pull-image invoked from cache-image, and we have a separate step here. I'd love to see a single cache-image here and do anything to produce an image (potentially form cache) within dbld/rules
  2. we seem to do a lot of back and forth deciding whether we are using the pulled or the rebuilt image, which is then used to decide if we need to push the temporary image.
  • What if dbld/rules cache-image would be able to return information that we need here, without having to do a prefetch
  • also what if cache-image would be able to push to the registry, if a specific make variable is set (and if we did a rebuild)

I hope I make sense here, my point is if we push this entire logic to dbld/rules, and add a means to communicate information in a structured form, then we might be able to use the same cache-image-* target in all similar cases, avoiding the need to copy steps between github workflows files.

What do you think?

general:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest

needs: cache-image-devshell

container:
image: balabit/syslog-ng-devshell:latest
image: ${{ needs.cache-image-devshell.outputs.docker-image }}
options: --privileged --ulimit core=-1

strategy:
Expand Down Expand Up @@ -144,9 +205,12 @@ jobs:
path: ${{ env.COREFILES_DIR }}

distcheck:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest

needs: cache-image-devshell

container:
image: balabit/syslog-ng-devshell:latest
image: ${{ needs.cache-image-devshell.outputs.docker-image }}

steps:
- name: Checkout syslog-ng source
Expand Down Expand Up @@ -184,9 +248,12 @@ jobs:
exec_prop_check "make distcheck -j 3 V=1"

style-check:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest

needs: cache-image-devshell

container:
image: balabit/syslog-ng-devshell:latest
image: ${{ needs.cache-image-devshell.outputs.docker-image }}

steps:
- name: Checkout syslog-ng source
Expand Down Expand Up @@ -235,9 +302,12 @@ jobs:
path: light-style-problems.diff

copyright-check:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest

needs: cache-image-devshell

container:
image: balabit/syslog-ng-devshell:latest
image: ${{ needs.cache-image-devshell.outputs.docker-image }}
env:
COPYRIGHTVERBOSITY: 1

Expand All @@ -256,9 +326,12 @@ jobs:
path: copyright-run.log

commits-check:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest

needs: cache-image-devshell

container:
image: balabit/syslog-ng-devshell:latest
image: ${{ needs.cache-image-devshell.outputs.docker-image }}

steps:
- name: Checkout syslog-ng source
Expand Down
2 changes: 1 addition & 1 deletion dbld/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ command (without parameters it will run without any side effect), or read
the source code on [GitHub](rules).

Almost every `dbld/rules` command runs in a Docker container. You can use
the pre-built containers from [DockerHub](https://hub.docker.com/u/balabit/)
the pre-built containers from [GitHub](https://github.com/syslog-ng?tab=packages&repo_name=syslog-ng)
or build your own images with the `dbld/rules image-<os>` command.

The source code and build products are mounted externally in the following locations:
Expand Down
3 changes: 2 additions & 1 deletion dbld/images/devshell.dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM balabit/syslog-ng-tarball:latest
ARG CONTAINER_REGISTRY
FROM $CONTAINER_REGISTRY/dbld-tarball:latest

ARG ARG_IMAGE_PLATFORM
ARG COMMIT
Expand Down
3 changes: 2 additions & 1 deletion dbld/images/kira.dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM balabit/syslog-ng-ubuntu-focal
ARG CONTAINER_REGISTRY
FROM $CONTAINER_REGISTRY/dbld-ubuntu-focal
LABEL maintainer="Andras Mitzki <andras.mitzki@balabit.com>, Laszlo Szemere <laszlo.szemere@balabit.com>, Balazs Scheidler <balazs.scheidler@oneidentity.com>"

ARG ARG_IMAGE_PLATFORM
Expand Down
3 changes: 2 additions & 1 deletion dbld/images/tarball.dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM balabit/syslog-ng-debian-testing:latest
ARG CONTAINER_REGISTRY
FROM $CONTAINER_REGISTRY/dbld-debian-testing:latest

ARG ARG_IMAGE_PLATFORM
ARG COMMIT
Expand Down
33 changes: 17 additions & 16 deletions dbld/rules
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ TARBALL_IMAGE ?= tarball
DEFAULT_DEB_IMAGE=ubuntu-bionic
DEFAULT_RPM_IMAGE=centos-7
DOCKER=docker
CONTAINER_REGISTRY ?= ghcr.io/syslog-ng
MODE ?= snapshot
VERSION ?= $(shell MODE=${MODE} scripts/version.sh)
DOCKER_RUN_ARGS=-e USER_NAME_ON_HOST=$(shell whoami) \
Expand Down Expand Up @@ -49,7 +50,7 @@ GIT_RELEASE_TAG=syslog-ng-$(VERSION)
CONFIGURE_OPTS=--enable-debug --enable-manpages --with-python=2 --prefix=/install $(CONFIGURE_ADD)
DBLD_RULES=$(MAKE) --no-print-directory -f $(DBLD_DIR)/rules

DOCKER_SHELL=$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -ti balabit/syslog-ng-$* /dbld/shell
DOCKER_SHELL=$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -ti ${CONTAINER_REGISTRY}/dbld-$* /dbld/shell

-include dbld/rules.conf

Expand Down Expand Up @@ -93,10 +94,10 @@ help:

bootstrap: bootstrap-$(DEFAULT_IMAGE)
bootstrap-%: setup
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/bootstrap
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/bootstrap

make-%: setup
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$(DEFAULT_IMAGE) /dbld/make $(MAKE_ARGS) $*
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$(DEFAULT_IMAGE) /dbld/make $(MAKE_ARGS) $*

tarball-from-root: setup
@if [ -f $(ROOT_DIR)/../$(TARBALL_BASENAME) ] && [ ! -f $(TARBALL) ]; then \
Expand All @@ -118,7 +119,7 @@ tarball-%: tarball-from-root
fi; \
echo "Git status follows:" && \
( $(GIT) status || echo "Git not found..." ) && \
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/tarball; \
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/tarball; \
else \
echo "Tarball $(TARBALL) is up to date (except files excluded by $(DBLD_DIR)/tarball-changes.ignore)"; \
fi
Expand All @@ -137,20 +138,20 @@ pkg-tarball: pkg-tarball-$(TARBALL_IMAGE)
#
pkg-tarball-%: tarball-%
@if ! tar --strip-components=1 --show-transformed-names -tvf $(TARBALL) | grep ' debian/rules$$' > /dev/null; then \
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/pkg-tarball; \
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/pkg-tarball; \
fi

package: package-$(DEFAULT_IMAGE)
package-%: pkg-tarball
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/package
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/package

deb: deb-$(DEFAULT_DEB_IMAGE)
deb-%: pkg-tarball
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/deb
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/deb

rpm: rpm-$(DEFAULT_RPM_IMAGE)
rpm-%: pkg-tarball
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$* /dbld/rpm
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$* /dbld/rpm

validate-tree-clean:
@if ! $(GIT) diff-index --quiet HEAD; then \
Expand All @@ -165,10 +166,10 @@ validate-version-format:
fi

prepare-release: setup validate-tree-clean validate-version-format
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$(TARBALL_IMAGE) /dbld/prepare-release $(VERSION)
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$(TARBALL_IMAGE) /dbld/prepare-release $(VERSION)

validate-release: validate-tree-clean validate-version-format
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i balabit/syslog-ng-$(TARBALL_IMAGE) /dbld/validate-release-version $(VERSION)
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -i ${CONTAINER_REGISTRY}/dbld-$(TARBALL_IMAGE) /dbld/validate-release-version $(VERSION)

@if $(GIT) rev-parse --verify -q "$(GIT_RELEASE_TAG)" > /dev/null; then \
echo "Your git tree already has $(GIT_RELEASE_TAG), this might indicate a duplicate release, please remove that first."; \
Expand Down Expand Up @@ -198,7 +199,7 @@ clean:
run: run-$(DEFAULT_IMAGE)
run: RUN_COMMAND=echo Specify RUN_COMMAND to do something sensible here
run-%: setup
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -ti balabit/syslog-ng-$* bash -c "$(RUN_COMMAND)"
$(DOCKER) run $(DOCKER_RUN_ARGS) --rm -ti ${CONTAINER_REGISTRY}/dbld-$* bash -c "$(RUN_COMMAND)"

shell: shell-$(DEFAULT_IMAGE)
shell-%: setup
Expand All @@ -212,19 +213,19 @@ image-devshell: image-tarball
image-tarball: image-debian-testing
image-%:
$(DBLD_DIR)/prepare-image-build $* && \
$(DOCKER) build $(DOCKER_BUILD_ARGS) --build-arg=ARG_IMAGE_PLATFORM=$* --build-arg=COMMIT=$$($(GIT) rev-parse --short HEAD || echo "") --network=host -t balabit/syslog-ng-$* -f $(DBLD_DIR)/images/$*.dockerfile $(DBLD_DIR)
$(DOCKER) build $(DOCKER_BUILD_ARGS) --build-arg=ARG_IMAGE_PLATFORM=$* --build-arg=COMMIT=$$($(GIT) rev-parse --short HEAD || echo "") --build-arg=CONTAINER_REGISTRY=${CONTAINER_REGISTRY} --network=host -t ${CONTAINER_REGISTRY}/dbld-$* -f $(DBLD_DIR)/images/$*.dockerfile $(DBLD_DIR)

pull-images: $(foreach image,$(BUILDER_IMAGES), pull-image-$(image))
pull-image: pull-image-$(DEFAULT_IMAGE)
pull-image-%:
$(DOCKER) pull balabit/syslog-ng-$*
$(DOCKER) pull ${CONTAINER_REGISTRY}/dbld-$*

cache-image-%:
@IMAGE=balabit/syslog-ng-$*:latest; \
@IMAGE=${CONTAINER_REGISTRY}/dbld-$*:latest; \
IMAGE_ID=$$(docker images -q $$IMAGE | head -1); \
WATCHED_FILES="dbld packaging/rhel/syslog-ng.spec packaging/debian/control"; \
if [ "$$IMAGE_ID" = "" ]; then \
$(DBLD_RULES) pull-image-$*; \
$(DBLD_RULES) pull-image-$* || echo "Image pull failed, continuing..."; \
fi; \
IMAGE_ID=$$(docker images -q $$IMAGE | head -1); \
if [ "$$IMAGE_ID" != "" ]; then \
Expand All @@ -248,7 +249,7 @@ cache-image-%:
exec: exec-$(DEFAULT_IMAGE)
exec: EXEC_COMMAND=echo Specify EXEC_COMMAND to do something sensible here
exec-%: setup
@container=`$(DOCKER) ps | grep syslog-ng-$* | head -1 | cut -d ' ' -f1`; \
@container=`$(DOCKER) ps | grep dbld-$* | head -1 | cut -d ' ' -f1`; \
$(DOCKER) exec -ti $$container $(EXEC_COMMAND)

login: login-$(DEFAULT_IMAGE)
Expand Down
5 changes: 5 additions & 0 deletions news/developer-note-3782.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
`dbld`: move dbld image cache from DockerHub to GitHub

In 2021, GitHub introduced the GitHub Packages service. Among other
repositories - it provides a standard Docker registry. DBLD can use
such a regsistry, to avoid unnecessary rebuilding of the images.