Refactor devspaces image build to produce smaller image

ansible · Oct 2, 2024 · 1f40fd9 · 1f40fd9
1 parent b73f692
commit 1f40fd9
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 30 deletions.
diff --git a/.config/dictionary.txt b/.config/dictionary.txt
@@ -16,6 +16,7 @@ containerfile
 devcontainer
 devel
 devfile
+devspaces
 endgroup
 gunicorn
 libera

diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
@@ -21,7 +21,11 @@ concurrency:
 
 jobs:
   tox:
-    uses: ansible/team-devtools/.github/workflows/tox.yml@main
+    uses: ansible/team-devtools/.github/workflows/tox.yml@fix/tox
+    with:
+      other_names_also: |
+        devspaces
+    secrets: inherit # needed for logging to the ghcr.io registry
   build-image:
     runs-on: ${{ matrix.builder }}
     name: ${{ matrix.name }}
@@ -89,6 +93,19 @@ jobs:
         with:
           registry: ghcr.io
 
+  publish-devspaces:
+    runs-on: ubuntu-24.04
+    needs:
+      - build-image
+      - tox
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Push image to ghcr.io as ${{ github.event.release.tag_name }}
+        run: |
+          docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+          docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-workspace-env-reference-image:${{ github.event.release.tag_name }}"
+          docker push "ghcr.io/ansible/ansible-devspaces-tmp:${{ github.event.release.tag_name }}"
+
   devspaces:
     runs-on: devtools-multiarch-builder
     steps:
@@ -114,7 +131,7 @@ jobs:
       - tox
     if: github.event_name == 'release' && github.event.action == 'published'
     environment: release # approval
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
 
@@ -151,7 +168,7 @@ jobs:
     needs:
       - pypi
       - publish-image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Retreive the forum post script from team-devtools

diff --git a/.gitignore b/.gitignore
@@ -177,3 +177,4 @@ _readthedocs
 # ansible-builder
 /context
 /collections
+out
diff --git a/devspaces/Containerfile b/devspaces/Containerfile
@@ -1,8 +1,8 @@
-FROM quay.io/devfile/universal-developer-image:ubi8-latest
+FROM quay.io/devfile/base-developer-image:ubi8-latest
 
 ARG PYV=3.11
 
-LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-workspace-env-reference-image
+LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-dev-tools
 LABEL org.opencontainers.image.authors="Ansible DevTools"
 LABEL org.opencontainers.image.vendor="Red Hat"
 LABEL org.opencontainers.image.licenses="GPL-3.0"

diff --git a/devspaces/context/setup.sh b/devspaces/context/setup.sh
@@ -3,33 +3,34 @@
 set -eux pipefail
 
 set -e
-dnf -y makecache
-dnf -y update
-dnf install -y \
-    tar \
-    podman \
-    fuse-overlayfs \
-    openssh-clients \
-    zsh \
-    util-linux-user \
-    which \
-    git \
+dnf --noplugins remove -y -q subscription-manager dnf-plugin-subscription-manager
+dnf -y -q makecache
+dnf -y -q update
+dnf install -y -q \
     dumb-init \
+    fuse-overlayfs \
     gcc \
+    git \
     git-core \
     libssh-devel \
-    python3-markupsafe \
     ncurses \
-    python3-bcrypt \
-    python3-cffi \
-    python3-pip \
-    python3-pyyaml \
-    python3-ruamel-yaml \
-    python3-wheel \
+    openssh-clients \
+    podman \
+    python${PYV} \
+    python${PYV}-cffi \
+    python${PYV}-markupsafe \
+    python${PYV}-pip \
+    python${PYV}-pyyaml \
+    python${PYV}-wheel \
+    tar \
+    util-linux-user \
+    which \
+    zsh \
     --exclude container-selinux
-dnf clean all
+#     python${PYV}-ruamel-yaml \
+dnf -y -q clean all
 
-/usr/bin/python${PYV} -m pip install --no-cache-dir -r requirements.txt
+/usr/bin/python${PYV} -m pip install --root-user-action=ignore -r requirements.txt
 
 ansible-galaxy collection install -r requirements.yml
 

diff --git a/tools/devspaces.sh b/tools/devspaces.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -e
+# cspell: ignore euxo buildx
+set -euxo pipefail
+ADT_CONTAINER_ENGINE=${ADT_CONTAINER_ENGINE:-docker}
+CONTAINER_NAME=ansible/ansible-workspace-env-reference:test
+env
+
+mkdir -p out
+# we force use of linux/amd64 platform because source image supports only this
+# platform and without it, it will fail to cross-build when task runs on arm64.
+# --metadata-file=out/devspaces.meta --no-cache
+$ADT_CONTAINER_ENGINE buildx build --tag=$CONTAINER_NAME --platform=linux/amd64 devspaces/context -f devspaces/Containerfile
+
+mk containers check $CONTAINER_NAME --engine="${ADT_CONTAINER_ENGINE}" --max-size=1600 --max-layers=23
+
+if [[ -n "${GITHUB_SHA:-}" ]]; then
+    $ADT_CONTAINER_ENGINE tag $CONTAINER_NAME "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+    # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin
+    fi
+    $ADT_CONTAINER_ENGINE push "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+fi
diff --git a/tox.ini b/tox.ini
@@ -10,6 +10,7 @@ env_list =
     milestone
     pkg
     image
+    devspaces
 skip_missing_interpreters = true
 
 [testenv]
@@ -18,6 +19,7 @@ package = editable
 extras =
     test
 pass_env =
+    ADT_CONTAINER_ENGINE
     CI
     CONTAINER_*
     DOCKER_*
@@ -30,9 +32,11 @@ pass_env =
     XDG_RUNTIME_DIR
 set_env =
     !milestone: PIP_CONSTRAINT = {toxinidir}/.config/constraints.txt
+    BUILDKIT_PROGRESS = plain
     COVERAGE_COMBINED = {envdir}/.coverage
     COVERAGE_FILE = {env:COVERAGE_FILE:{envdir}/.coverage.{envname}}
     COVERAGE_PROCESS_START = {toxinidir}/pyproject.toml
+    DOCKER_CLI_HINTS = false
     FORCE_COLOR = 1
     PRE_COMMIT_COLOR = always
     TERM = xterm-256color
@@ -46,9 +50,13 @@ commands =
     coverage lcov --data-file={env:COVERAGE_COMBINED} -o {toxinidir}/.cache/.coverage/lcov.info --fail-under=0
     coverage report --data-file={env:COVERAGE_COMBINED}
 allowlist_externals =
+    ./tools/devspaces.sh
+    docker
     git
+    podman
     rm
     sh
+    {env:ADT_CONTAINER_ENGINE:docker}
 
 [testenv:deps]
 description = Bump all dependencies
@@ -118,17 +126,26 @@ skip_install = true
 deps =
     ansible-builder
     build
+    mk
+    pytest
     setuptools # https://github.com/ansible/ansible-builder/issues/644
 commands_pre =
 commands =
     python -m build --outdir {toxinidir}/final/dist/ --wheel {toxinidir}
     ansible-builder create -f execution-environment.yml --output-filename Containerfile -v3
-    podman build --squash-all context/ --tag community-ansible-dev-tools-base:latest
-    podman build --squash-all final/ --tag community-ansible-dev-tools:test
+    {env:ADT_CONTAINER_ENGINE:podman} build --squash-all context/ --tag community-ansible-dev-tools-base:latest
+    {env:ADT_CONTAINER_ENGINE:podman} build --squash-all final/ --tag community-ansible-dev-tools:test
+    mk containers check community-ansible-dev-tools:test --engine={env:ADT_CONTAINER_ENGINE:podman} --max-size=600 --max-layers=1
     pytest --only-container --image-name community-ansible-dev-tools:test
-allowlist_externals =
-    podman
-    pytest
+
+[testenv:devspaces]
+description = Build devspaces image for current architecture
+skip_install = true
+deps =
+    mk
+commands_pre =
+commands =
+    ./tools/devspaces.sh
 
 [testenv:test-image]
 description =