Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't pull and save all the images every build #6345

Closed
wants to merge 2 commits into from
Closed

Don't pull and save all the images every build #6345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1ba1b52
Don't pull and save all the images every build
brandond Jul 16, 2024
385e784
Use mirror.gcr.io as buildx pull-through cache
brandond Jul 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
Expand All @@ -35,14 +45,27 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
build-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
Expand All @@ -59,4 +82,4 @@ jobs:
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}

BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
27 changes: 26 additions & 1 deletion .github/workflows/pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,26 +15,51 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
build-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci

env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
70 changes: 66 additions & 4 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,28 @@ jobs:
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper

- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]

- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -46,26 +61,37 @@ jobs:
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Scan Images
continue-on-error: true
run: |
dapper -f Dockerfile --target dapper make scan-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Test
run: |
dapper -f Dockerfile --target dapper make test
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Publish Image Runtime
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime
dapper -f Dockerfile --target dapper make publish-image-runtime
env:
DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Checksum Artifacts
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
dapper -f Dockerfile --target dapper make checksum
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Publish Artifacts
run: |
Expand All @@ -76,6 +102,17 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]

- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
Expand All @@ -84,10 +121,14 @@ jobs:
- name: Validate Release
run: |
dapper -f Dockerfile --target dapper make validate-release
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
Expand All @@ -99,22 +140,31 @@ jobs:
- name: Package Images
run: |
dapper -f Dockerfile --target dapper make package-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Scan Images
continue-on-error: true
run: |
dapper -f Dockerfile --target dapper make scan-images
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}

- name: Publish Image Runtime
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make publish-image-runtime
dapper -f Dockerfile --target dapper make publish-image-runtime
env:
DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Checksum
run: |
GITHUB_ACTION_TAG=${{ github.ref_name }} dapper -f Dockerfile --target dapper make checksum
dapper -f Dockerfile --target dapper make checksum
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GITHUB_ACTION_TAG: ${{ github.ref_name }}

- name: Publish Artifacts
run: |
Expand All @@ -126,6 +176,17 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]

- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
Expand All @@ -144,3 +205,4 @@ jobs:
PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PATH_USERNAME: ${{ env.PAT_USERNAME }}
GITHUB_ACTION_TAG: ${{ env.GITHUB_ACTION_TAG }}
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
20 changes: 16 additions & 4 deletions .github/workflows/test-suite.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,16 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
driver: docker-container
driver-opts: |
default-load=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
- name: Find Go Version for Build
id: go-finder
run: |
Expand All @@ -39,20 +49,22 @@ jobs:
uses: ./.github/actions/setup-go
with:
go-version: ${{ steps.go-finder.outputs.VERSION_GOLANG }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install OS Packages
run: sudo apt-get install -y libarchive-tools g++-mingw-w64-x86-64 gcc-mingw-w64-x86-64
# Can only upload from a single path, so we need to copy the binary to the image directory
# Additionally, we have a rke2-runtime.tar and a rke2-images.linux-amd64.tar.zst which are the same thing
# just compressed. We remove the rke2-runtime.tar as its not used by the install script.
- name: Build RKE2 Binary and Compressed Runtime Image
run: |
GOCOVER=true make package-bundle
make package-bundle
make package-image-runtime
cp ./bin/rke2 ./build/images/rke2
cp ./dist/artifacts/rke2.*-amd64.tar.gz ./build/images/
rm ./build/images/rke2-runtime.tar
env:
BUILDX_BUILDER: ${{ steps.buildx.outputs.name }}
GOCOVER: "true"

- name: Upload RKE2 Binary and Runtime Image
uses: actions/upload-artifact@v4
with:
Expand Down Expand Up @@ -175,4 +187,4 @@ jobs:
with:
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
limit-access-to-actor: true
limit-access-to-actor: true
23 changes: 12 additions & 11 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ ARG KUBERNETES_VERSION=dev
# Build environment
FROM rancher/hardened-build-base:v1.22.4b1 AS build
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV ARCH="$DAPPER_HOST_ARCH"
RUN set -x && \
apk --no-cache add \
bash \
Expand All @@ -14,6 +14,7 @@ RUN set -x && \
rsync \
gcc \
bsd-compat-headers \
skopeo \
py-pip \
py3-pip \
pigz \
Expand All @@ -30,13 +31,13 @@ RUN zypper install -y systemd-rpm-macros

# Dapper/Drone/CI environment
FROM build AS dapper
ENV DAPPER_ENV GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV DAPPER_OUTPUT ./dist ./bin ./build
ENV DAPPER_DOCKER_SOCKET true
ENV DAPPER_TARGET dapper
ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy"
ENV ARCH="$DAPPER_HOST_ARCH"
ENV DAPPER_ENV="GODEBUG GOCOVER REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY DOCKER_USERNAME DOCKER_PASSWORD"
ENV DAPPER_OUTPUT="./dist ./bin ./build"
ENV DAPPER_DOCKER_SOCKET="true"
ENV DAPPER_TARGET="dapper"
ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build -v trivy-cache:/root/.cache/trivy"
RUN if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "arm64" ]; then \
VERSION=0.56.10 OS=linux && \
curl -sL "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${VERSION}/sonobuoy_${VERSION}_${OS}_${ARCH}.tar.gz" | \
Expand Down Expand Up @@ -94,8 +95,8 @@ RUN set -x && \
RUN go get github.com/onsi/ginkgo/v2 github.com/onsi/gomega/...
RUN GO111MODULE=off GOBIN=/usr/local/bin go get github.com/go-delve/delve/cmd/dlv
RUN echo 'alias abort="echo -e '\''q\ny\n'\'' | dlv connect :2345"' >> /root/.bashrc
ENV PATH=/var/lib/rancher/rke2/bin:$PATH
ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml
ENV PATH="/var/lib/rancher/rke2/bin:$PATH"
ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
VOLUME /var/lib/rancher/rke2
# This makes it so we can run and debug k3s too
VOLUME /var/lib/rancher/k3s
Expand Down Expand Up @@ -155,9 +156,9 @@ COPY build/images/rke2-images.linux-amd64.tar.zst /var/lib/rancher/rke2/agent/im
COPY build/images.txt /images.txt

# use rke2 bundled binaries
ENV PATH=/var/lib/rancher/rke2/bin:$PATH
ENV PATH="/var/lib/rancher/rke2/bin:$PATH"
# for kubectl
ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml
ENV KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
# for crictl
ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock"
# for ctr
Expand Down
12 changes: 6 additions & 6 deletions Dockerfile.windows
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ RUN apk --no-cache add \

# Dapper/Drone/CI environment
FROM rancher/hardened-build-base:v1.21.5b2 AS dapper
ENV DAPPER_ENV GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DOCKER_BUILDKIT DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY
ARG DAPPER_HOST_ARCH
ENV ARCH $DAPPER_HOST_ARCH
ENV DAPPER_OUTPUT ./dist ./bin ./build
ENV DAPPER_DOCKER_SOCKET true
ENV DAPPER_TARGET dapper
ENV DAPPER_RUN_ARGS "--privileged --network host -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
ENV ARCH="$DAPPER_HOST_ARCH"
ENV DAPPER_ENV="GODEBUG REPO TAG GITHUB_ACTION_TAG PAT_USERNAME PAT_TOKEN KUBERNETES_VERSION DRONE_BUILD_EVENT IMAGE_NAME AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID ENABLE_REGISTRY"
ENV DAPPER_OUTPUT="./dist ./bin ./build"
ENV DAPPER_DOCKER_SOCKET="true"
ENV DAPPER_TARGET="dapper"
ENV DAPPER_RUN_ARGS="--privileged --network host -v /home/runner/.docker:/root/.docker -v /tmp:/tmp -v rke2-pkg:/go/pkg -v rke2-cache:/root/.cache/go-build"
RUN apk update
RUN set -x && \
apk add --no-cache \
Expand Down
Loading
Loading