GHA cache image build dependencies#3583
Conversation
apostasie
force-pushed
the
optimize-build-time
branch
7 times, most recently
from
4fd4147 to
ed7df0b
Compare
| libbtrfs-dev \ | ||
| libseccomp-dev \ | ||
| pkg-config | ||
| RUN git config --global advice.detachedHead false |
There was a problem hiding this comment.
Silence useless / noisy git messages.
| # We do not set CMD to `go test` here, because it requires systemd | ||
|
|
||
| FROM build-base AS build-full | ||
| FROM build-base AS build-deps |
There was a problem hiding this comment.
This is the part that splits out third-party dependencies from nerdctl.
apostasie
force-pushed
the
optimize-build-time
branch
from
ed7df0b to
3215ecc
Compare
|
@AkihiroSuda @djdongjin this should not go in before #3535, but this looks really promising in term of minimizing transactions with Hub / third party services. LMK your thoughts overall and I will polish it and rebase on top of ^ after it merges |
apostasie
force-pushed
the
optimize-build-time
branch
from
3215ecc to
d38e4b5
Compare
| FROM build-base AS build-dependencies | ||
| ARG TARGETARCH | ||
| ENV GOARCH=${TARGETARCH} | ||
| RUN BINDIR=/out/bin make binaries install |
There was a problem hiding this comment.
Move down nerdctl, which is the part that changes (almost) all the time.
| git checkout "${IMGCRYPT_VERSION}" && \ | ||
| CGO_ENABLED=0 make && DESTDIR=/out make install && \ | ||
| echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md | ||
| ARG ROOTLESSKIT_VERSION |
There was a problem hiding this comment.
Move down rootless kit, as we support two versions.
| mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS && \ | ||
| chown -R 0:0 /out | ||
|
|
||
| FROM build-dependencies AS build-full |
There was a problem hiding this comment.
Restore nerdctl from above.
|
|
||
| test-integration: | ||
| timeout-minutes: 60 | ||
| timeout-minutes: 30 |
| go-version: ${{ env.GO_VERSION }} | ||
| cache: true | ||
| check-latest: true | ||
| - name: "Print docker info" |
There was a problem hiding this comment.
Debugging remnants.
|
|
||
| steps: | ||
| - uses: actions/checkout@v4.2.2 | ||
| with: |
apostasie
force-pushed
the
optimize-build-time
branch
from
d38e4b5 to
b187986
Compare
apostasie
changed the title
|
@AkihiroSuda at your convenience. Would like to get this is in for a few PRs to better evaluate how the cache behaves. |
| run: | | ||
| sudo mkdir -p /etc/docker | ||
| echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json | ||
| echo '{"features": {"containerd-snapshotter": true}, "ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json |
There was a problem hiding this comment.
containerd-snapshotter isn't necessary if you use docker buildx ? (probably with docker buildx create to create a standalone non-moby buildkitd instance)
There was a problem hiding this comment.
Interesting.
That would certainly be better.
Let me look into that later today.
There was a problem hiding this comment.
Done. Thanks for the tips.
apostasie
force-pushed
the
optimize-build-time
branch
from
aa5862c to
5d836d6
Compare
apostasie
force-pushed
the
optimize-build-time
branch
from
5d836d6 to
8dc03b7
Compare
| fetch-depth: 1 | ||
| - name: "Expose GitHub Runtime variables for gha" | ||
| uses: crazy-max/ghaction-github-runtime@v3 | ||
| - name: "Enable containerd to be able to use gha cache" |
There was a problem hiding this comment.
Right. Thanks.
Removed the separate step altogether with the latest push.
apostasie
force-pushed
the
optimize-build-time
branch
from
8dc03b7 to
3b1d250
Compare
|
@AkihiroSuda failure is likely #3556 |
Signed-off-by: apostasie <spam_blackhole@farcloser.world>
apostasie
force-pushed
the
optimize-build-time
branch
from
3b1d250 to
de193b3
Compare
No problem @ktock. |
|
While working on something else, I am quickly getting 429s from gha cache, and jobs failing / timeouting because of throttled requests. I am not optimistic about this overall. Suggesting we give it a couple of weeks and consider reverting this / tweak it / going back to other ideas (eg: proxy caching). |
3 participants
Folllow-on to discussion in #3580
What this does:
The result is:
The key benefit here is about reducing the network traffic required to produce out test images (hence reducing the opportunity for failure due to third-party server hiccups). It is similar in intent to #3580 .
Incidentally, we will also get a small speed boost for the overall run.
Obviously, GHA cache is not "free": it takes time to retrieve and time to store - so, part of the speed gains from not-building are negated by the cache r/w.
Nevertheless, this looks promising for increased reliability (and reduced transactions with docker hub / debian / ubuntu).
This PR also has a couple of minor changes to the workflow file (reduced timeouts, cosmetic comments, along with bumping the size of the arm64 instance as previously discussed). If preferable, I can split these out.
Further refactoring / changes to the Dockerfile could bring more stuff in the dependencies stage.
This PR has been conservative on that front and staid with the minimal possible changes to the Dockerfile, so that we can decide separately if we want a more in-depth restructuring of it or not.
Finally note that GHA cache is rather limited (10G), and going over the limit will prune prior entries indiscriminately - we might want to keep an eye on that and check that this proposed implementation here stays under the limit to fully benefit from it.