From 1f40fd970fabd73eb60a0e40aa1cf2cd94f88920 Mon Sep 17 00:00:00 2001 From: Sorin Sbarnea Date: Mon, 30 Sep 2024 14:27:43 +0100 Subject: [PATCH] Refactor devspaces image build to produce smaller image --- .config/dictionary.txt | 1 + .github/workflows/tox.yml | 23 ++++++++++++++++++--- .gitignore | 1 + devspaces/Containerfile | 4 ++-- devspaces/context/setup.sh | 41 +++++++++++++++++++------------------- tools/devspaces.sh | 23 +++++++++++++++++++++ tox.ini | 27 ++++++++++++++++++++----- 7 files changed, 90 insertions(+), 30 deletions(-) create mode 100755 tools/devspaces.sh diff --git a/.config/dictionary.txt b/.config/dictionary.txt index 8a29aadf..08ae28dd 100644 --- a/.config/dictionary.txt +++ b/.config/dictionary.txt @@ -16,6 +16,7 @@ containerfile devcontainer devel devfile +devspaces endgroup gunicorn libera diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index 66638392..b85ae607 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -21,7 +21,11 @@ concurrency: jobs: tox: - uses: ansible/team-devtools/.github/workflows/tox.yml@main + uses: ansible/team-devtools/.github/workflows/tox.yml@fix/tox + with: + other_names_also: | + devspaces + secrets: inherit # needed for logging to the ghcr.io registry build-image: runs-on: ${{ matrix.builder }} name: ${{ matrix.name }} @@ -89,6 +93,19 @@ jobs: with: registry: ghcr.io + publish-devspaces: + runs-on: ubuntu-24.04 + needs: + - build-image + - tox + if: github.event_name == 'release' && github.event.action == 'published' + steps: + - name: Push image to ghcr.io as ${{ github.event.release.tag_name }} + run: | + docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" + docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-workspace-env-reference-image:${{ github.event.release.tag_name }}" + docker push "ghcr.io/ansible/ansible-devspaces-tmp:${{ github.event.release.tag_name }}" + devspaces: runs-on: devtools-multiarch-builder steps: @@ -114,7 +131,7 @@ jobs: - tox if: github.event_name == 'release' && github.event.action == 'published' environment: release # approval - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write @@ -151,7 +168,7 @@ jobs: needs: - pypi - publish-image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Retreive the forum post script from team-devtools diff --git a/.gitignore b/.gitignore index 03ae4d12..143f2dd6 100644 --- a/.gitignore +++ b/.gitignore @@ -177,3 +177,4 @@ _readthedocs # ansible-builder /context /collections +out diff --git a/devspaces/Containerfile b/devspaces/Containerfile index dcab2efd..43fddf9d 100644 --- a/devspaces/Containerfile +++ b/devspaces/Containerfile @@ -1,8 +1,8 @@ -FROM quay.io/devfile/universal-developer-image:ubi8-latest +FROM quay.io/devfile/base-developer-image:ubi8-latest ARG PYV=3.11 -LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-workspace-env-reference-image +LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-dev-tools LABEL org.opencontainers.image.authors="Ansible DevTools" LABEL org.opencontainers.image.vendor="Red Hat" LABEL org.opencontainers.image.licenses="GPL-3.0" diff --git a/devspaces/context/setup.sh b/devspaces/context/setup.sh index 06e7278d..5f047668 100755 --- a/devspaces/context/setup.sh +++ b/devspaces/context/setup.sh @@ -3,33 +3,34 @@ set -eux pipefail set -e -dnf -y makecache -dnf -y update -dnf install -y \ - tar \ - podman \ - fuse-overlayfs \ - openssh-clients \ - zsh \ - util-linux-user \ - which \ - git \ +dnf --noplugins remove -y -q subscription-manager dnf-plugin-subscription-manager +dnf -y -q makecache +dnf -y -q update +dnf install -y -q \ dumb-init \ + fuse-overlayfs \ gcc \ + git \ git-core \ libssh-devel \ - python3-markupsafe \ ncurses \ - python3-bcrypt \ - python3-cffi \ - python3-pip \ - python3-pyyaml \ - python3-ruamel-yaml \ - python3-wheel \ + openssh-clients \ + podman \ + python${PYV} \ + python${PYV}-cffi \ + python${PYV}-markupsafe \ + python${PYV}-pip \ + python${PYV}-pyyaml \ + python${PYV}-wheel \ + tar \ + util-linux-user \ + which \ + zsh \ --exclude container-selinux -dnf clean all +# python${PYV}-ruamel-yaml \ +dnf -y -q clean all -/usr/bin/python${PYV} -m pip install --no-cache-dir -r requirements.txt +/usr/bin/python${PYV} -m pip install --root-user-action=ignore -r requirements.txt ansible-galaxy collection install -r requirements.yml diff --git a/tools/devspaces.sh b/tools/devspaces.sh new file mode 100755 index 00000000..5479976b --- /dev/null +++ b/tools/devspaces.sh @@ -0,0 +1,23 @@ +#!/bin/bash -e +# cspell: ignore euxo buildx +set -euxo pipefail +ADT_CONTAINER_ENGINE=${ADT_CONTAINER_ENGINE:-docker} +CONTAINER_NAME=ansible/ansible-workspace-env-reference:test +env + +mkdir -p out +# we force use of linux/amd64 platform because source image supports only this +# platform and without it, it will fail to cross-build when task runs on arm64. +# --metadata-file=out/devspaces.meta --no-cache +$ADT_CONTAINER_ENGINE buildx build --tag=$CONTAINER_NAME --platform=linux/amd64 devspaces/context -f devspaces/Containerfile + +mk containers check $CONTAINER_NAME --engine="${ADT_CONTAINER_ENGINE}" --max-size=1600 --max-layers=23 + +if [[ -n "${GITHUB_SHA:-}" ]]; then + $ADT_CONTAINER_ENGINE tag $CONTAINER_NAME "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" + # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry + if [[ -n "${GITHUB_TOKEN:-}" ]]; then + echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin + fi + $ADT_CONTAINER_ENGINE push "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" +fi diff --git a/tox.ini b/tox.ini index 4dde7b64..d5476c22 100644 --- a/tox.ini +++ b/tox.ini @@ -10,6 +10,7 @@ env_list = milestone pkg image + devspaces skip_missing_interpreters = true [testenv] @@ -18,6 +19,7 @@ package = editable extras = test pass_env = + ADT_CONTAINER_ENGINE CI CONTAINER_* DOCKER_* @@ -30,9 +32,11 @@ pass_env = XDG_RUNTIME_DIR set_env = !milestone: PIP_CONSTRAINT = {toxinidir}/.config/constraints.txt + BUILDKIT_PROGRESS = plain COVERAGE_COMBINED = {envdir}/.coverage COVERAGE_FILE = {env:COVERAGE_FILE:{envdir}/.coverage.{envname}} COVERAGE_PROCESS_START = {toxinidir}/pyproject.toml + DOCKER_CLI_HINTS = false FORCE_COLOR = 1 PRE_COMMIT_COLOR = always TERM = xterm-256color @@ -46,9 +50,13 @@ commands = coverage lcov --data-file={env:COVERAGE_COMBINED} -o {toxinidir}/.cache/.coverage/lcov.info --fail-under=0 coverage report --data-file={env:COVERAGE_COMBINED} allowlist_externals = + ./tools/devspaces.sh + docker git + podman rm sh + {env:ADT_CONTAINER_ENGINE:docker} [testenv:deps] description = Bump all dependencies @@ -118,17 +126,26 @@ skip_install = true deps = ansible-builder build + mk + pytest setuptools # https://github.com/ansible/ansible-builder/issues/644 commands_pre = commands = python -m build --outdir {toxinidir}/final/dist/ --wheel {toxinidir} ansible-builder create -f execution-environment.yml --output-filename Containerfile -v3 - podman build --squash-all context/ --tag community-ansible-dev-tools-base:latest - podman build --squash-all final/ --tag community-ansible-dev-tools:test + {env:ADT_CONTAINER_ENGINE:podman} build --squash-all context/ --tag community-ansible-dev-tools-base:latest + {env:ADT_CONTAINER_ENGINE:podman} build --squash-all final/ --tag community-ansible-dev-tools:test + mk containers check community-ansible-dev-tools:test --engine={env:ADT_CONTAINER_ENGINE:podman} --max-size=600 --max-layers=1 pytest --only-container --image-name community-ansible-dev-tools:test -allowlist_externals = - podman - pytest + +[testenv:devspaces] +description = Build devspaces image for current architecture +skip_install = true +deps = + mk +commands_pre = +commands = + ./tools/devspaces.sh [testenv:test-image] description =