Refactor devspaces image build to produce smaller image

# Conflicts: # .github/workflows/tox.yml # devspaces/context/setup.sh # tox.ini
ansible · Oct 6, 2024 · 77e7882 · 77e7882
1 parent b878b39
commit 77e7882
Show file tree

Hide file tree

Showing 8 changed files with 79 additions and 46 deletions.
diff --git a/.config/dictionary.txt b/.config/dictionary.txt
@@ -16,6 +16,7 @@ containerfile
 devcontainer
 devel
 devfile
+devspaces
 endgroup
 gunicorn
 libera

diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
@@ -24,8 +24,9 @@ jobs:
     uses: ansible/team-devtools/.github/workflows/tox.yml@main
     with:
       run_pre: ./tools/test-setup.sh
-      other_names: ""
-      jobs_producing_coverage: 5
+      other_names_also: |
+        devspaces
+    secrets: inherit # needed for logging to the ghcr.io registry
   build-image:
     runs-on: ${{ matrix.builder }}
     name: ${{ matrix.name }}
@@ -94,23 +95,19 @@ jobs:
         with:
           registry: ghcr.io
 
-  devspaces:
-    runs-on: devtools-multiarch-builder
+  publish-devspaces:
+    runs-on: ubuntu-24.04
+    needs:
+      - build-image
+      - tox
+    # if: github.event_name == 'release' && github.event.action == 'published'
     steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build the devspaces image
-        uses: ./.github/actions/build-release
-        with:
-          publish: "{{ github.event_name == 'release' && github.event.action == 'published' && 'true' || 'false' }}"
+      - name: Push image to ghcr.io as ${{ github.event.release.tag_name }}
+        run: |
+          echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin
+          docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+          docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-workspace-env-reference-image:${{ github.event.release.tag_name }}"
+        # docker push "ghcr.io/ansible/ansible-devspaces-tmp:${{ github.event.release.tag_name }}"
 
   pypi:
     name: Publish to PyPI registry
@@ -119,7 +116,7 @@ jobs:
       - tox
     if: github.event_name == 'release' && github.event.action == 'published'
     environment: release # approval
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
 
@@ -156,7 +153,7 @@ jobs:
     needs:
       - pypi
       - publish-image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Retreive the forum post script from team-devtools

diff --git a/.gitignore b/.gitignore
@@ -177,3 +177,4 @@ _readthedocs
 # ansible-builder
 /context
 /collections
+out
diff --git a/devspaces/Containerfile b/devspaces/Containerfile
@@ -1,8 +1,8 @@
-FROM quay.io/devfile/universal-developer-image:ubi8-latest
+FROM quay.io/devfile/base-developer-image:ubi8-latest
 
 ARG PYV=3.11
 
-LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-workspace-env-reference-image
+LABEL org.opencontainers.image.source=https://github.com/ansible/ansible-dev-tools
 LABEL org.opencontainers.image.authors="Ansible DevTools"
 LABEL org.opencontainers.image.vendor="Red Hat"
 LABEL org.opencontainers.image.licenses="GPL-3.0"

diff --git a/devspaces/context/setup.sh b/devspaces/context/setup.sh
@@ -1,35 +1,36 @@
 #!/bin/bash -e
-# cspell: ignore makecache overlayfs libssh chgrp
+# cspell: ignore makecache overlayfs libssh chgrp noplugins
 set -eux pipefail
 
 set -e
-dnf -y makecache
-dnf -y update
-dnf install -y \
-    tar \
-    podman \
-    fuse-overlayfs \
-    openssh-clients \
-    zsh \
-    util-linux-user \
-    which \
-    git \
+dnf --noplugins remove -y -q subscription-manager dnf-plugin-subscription-manager
+dnf -y -q makecache
+dnf -y -q update
+dnf install -y -q \
     dumb-init \
+    fuse-overlayfs \
     gcc \
+    git \
     git-core \
     libssh-devel \
-    python3-markupsafe \
     ncurses \
-    python3-bcrypt \
-    python3-cffi \
-    python3-pip \
-    python3-pyyaml \
-    python3-ruamel-yaml \
-    python3-wheel \
+    openssh-clients \
+    podman \
+    python${PYV} \
+    python${PYV}-cffi \
+    python${PYV}-markupsafe \
+    python${PYV}-pip \
+    python${PYV}-pyyaml \
+    python${PYV}-wheel \
+    tar \
+    util-linux-user \
+    which \
+    zsh \
     --exclude container-selinux
-dnf clean all
+#     python${PYV}-ruamel-yaml \
+dnf -y -q clean all
 
-/usr/bin/python${PYV} -m pip install -r requirements.txt
+/usr/bin/python${PYV} -m pip install --root-user-action=ignore -r requirements.txt
 
 ansible-galaxy collection install -r requirements.yml
 

diff --git a/tests/integration/test_server_creator.py b/tests/integration/test_server_creator.py
@@ -22,7 +22,7 @@ def test_error(server_url: str, resource: str) -> None:
         server_url: The server URL.
         resource: The resource to test.
     """
-    response = requests.post(f"{server_url}/v1/creator/{resource}", timeout=1)
+    response = requests.post(f"{server_url}/v1/creator/{resource}", timeout=10)
     assert response.status_code == requests.codes.get("bad_request")
     assert response.text == "Missing required request body"
 
@@ -41,7 +41,7 @@ def test_playbook_v1(server_url: str, tmp_path: Path) -> None:
             "scm_org": "ansible",
             "scm_project": "devops",
         },
-        timeout=1,
+        timeout=10,
     )
     assert response.status_code == requests.codes.get("created")
     assert response.headers["Content-Disposition"] == 'attachment; filename="ansible-devops.tar.gz"'
@@ -69,7 +69,7 @@ def test_collection_v1(server_url: str, tmp_path: Path) -> None:
             "collection": "namespace.name",
             "project": "collection",
         },
-        timeout=1,
+        timeout=10,
     )
     assert response.status_code == requests.codes.get("created")
     assert response.headers["Content-Disposition"] == 'attachment; filename="namespace.name.tar.gz"'

diff --git a/tools/devspaces.sh b/tools/devspaces.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -e
+# cspell: ignore euxo buildx
+set -euxo pipefail
+ADT_CONTAINER_ENGINE=${ADT_CONTAINER_ENGINE:-docker}
+CONTAINER_NAME=ansible/ansible-workspace-env-reference:test
+env
+
+mkdir -p out
+# we force use of linux/amd64 platform because source image supports only this
+# platform and without it, it will fail to cross-build when task runs on arm64.
+# --metadata-file=out/devspaces.meta --no-cache
+$ADT_CONTAINER_ENGINE buildx build --tag=$CONTAINER_NAME --platform=linux/amd64 devspaces/context -f devspaces/Containerfile
+
+mk containers check $CONTAINER_NAME --engine="${ADT_CONTAINER_ENGINE}" --max-size=1600 --max-layers=23
+
+if [[ -n "${GITHUB_SHA:-}" ]]; then
+    $ADT_CONTAINER_ENGINE tag $CONTAINER_NAME "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+    # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin
+    fi
+    $ADT_CONTAINER_ENGINE push "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
+fi
diff --git a/tox.ini b/tox.ini
@@ -10,6 +10,7 @@ env_list =
     milestone
     pkg
     image
+    devspaces
 skip_missing_interpreters = true
 
 [testenv]
@@ -125,6 +126,15 @@ commands =
 allowlist_externals =
     ./tools/image.sh
 
+[testenv:devspaces]
+description = Build devspaces image for current architecture
+skip_install = true
+deps =
+    mk
+commands_pre =
+commands =
+    ./tools/devspaces.sh
+
 [testenv:test-image]
 description =
     Run tests in the container image