Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build arm containers with new github actions arm runner (PP-2139) #2280

Merged
merged 6 commits into from
Feb 11, 2025
Merged

Build arm containers with new github actions arm runner (PP-2139) #2280

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9173a3c
Try running with new arm based runner
jonathangreen Feb 7, 2025
5457906
Fix up some comments
jonathangreen Feb 10, 2025
de23853
Cleanup more comments
jonathangreen Feb 10, 2025
a7b47bf
roll back docker-compose changes
jonathangreen Feb 10, 2025
a110c6c
Update another comment
jonathangreen Feb 10, 2025
b76b858
Use ubuntu 24.04 image everywhere
jonathangreen Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/actions/poetry/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ runs:
id: cache
with:
path: ${{ steps.poetry-dir.outputs.home }}
key: ${{ runner.os }}-poetry${{ inputs.version }}-install-py${{ steps.python-version.outputs.version }}
key: ${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-install-py${{ steps.python-version.outputs.version }}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be broken out to a separate PR if we want. Our action to install poetry didn't take into account the runners architecture before, so it tried to use the same cache for both intel and arm, causing poetry installs to fail on whichever platform wasn't in the cache.

This adds the platform to the cache key, so it will work with new arm based runners.


- run: curl -sSL https://install.python-poetry.org | python - --yes --version ${{ inputs.version }}
env:
Expand All @@ -72,18 +72,18 @@ runs:
with:
path: ${{ steps.poetry-info.outputs.cache-dir }}
key: |
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
if: inputs.cache != 'false' && inputs.cache-restore-only == 'false'

- uses: actions/cache/restore@v4
with:
path: ${{ steps.poetry-info.outputs.cache-dir }}
key: |
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
${{ runner.os }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-${{ inputs.cache-name }}-
${{ runner.os }}-${{ runner.arch }}-poetry${{ inputs.version }}-cache-py${{ steps.python-version.outputs.version }}-
if: inputs.cache != 'false' && inputs.cache-restore-only != 'false'
96 changes: 82 additions & 14 deletions .github/workflows/build-base-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,13 @@ on:
schedule:
# Every Monday at 6:22am Eastern Time
- cron: '22 10 * * 1'
push:
# Build base image when the Dockerfile or the workflow file changes
branches:
- main
paths:
- .github/workflows/build-base-image.yml
- docker/Dockerfile.baseimage
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We now update the base image on pushes to main that modify the base-image workflow or dockerfile. Previously this was done as part of build.yml, but based on the new structure, pushing this within its own workflow made more sense to me.

workflow_dispatch:
# Allow us to manually trigger build

Expand All @@ -12,18 +19,28 @@ concurrency:
cancel-in-progress: true

jobs:
docker-build-baseimage:
name: Build Base Image
# Some issue with the ubuntu-latest image is causing gcc to segfault with building
# an emulated arm64 target. Downgrading to 22.04 seems to fix this.
# See https://github.com/actions/runner-images/issues/11471
# runs-on: ubuntu-latest
runs-on: ubuntu-22.04
build:
name: Build Base Image (${{ matrix.arch.name }})
strategy:
fail-fast: false
matrix:
arch:
- name: "amd64"
runner: "ubuntu-22.04"
- name: "arm64"
runner: "ubuntu-22.04-arm"

runs-on: ${{ matrix.arch.runner }}

timeout-minutes: 120
permissions:
contents: read
packages: write

outputs:
repo: ${{ steps.ghcr-repo.outputs.baseimage }}
meta: ${{ steps.meta.outputs.json }}

steps:
- uses: actions/checkout@v4
with:
Expand All @@ -33,9 +50,6 @@ jobs:
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

Expand All @@ -46,11 +60,19 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set GHCR repos
# Docker doesn't support uppercase letters in repo names, so we need to lowercase the owner
id: ghcr-repo
run: |
baseimage="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/circ-baseimage"
echo "$baseimage"
echo "baseimage=$baseimage" >> "$GITHUB_OUTPUT"

- name: Generate tags for image
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/circ-baseimage
images: ${{ steps.ghcr-repo.outputs.baseimage }}
# Generate tags for the image
# We use the following tags:
# - The date in YYYYww format, which is the year and week number. 202052 is the last week of 2020.
Expand All @@ -60,13 +82,59 @@ jobs:
type=raw,value=latest

- name: Build base image
id: build
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/Dockerfile.baseimage
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
target: baseimage
cache-to: type=inline
platforms: linux/amd64, linux/arm64
outputs: type=image,"name=${{ steps.ghcr-repo.outputs.baseimage }}",push-by-digest=true,name-canonical=true,push=true

- name: Export digests
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"

- name: Upload digests
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.arch.name }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1

push:
name: Tag & Push Images
runs-on: ubuntu-22.04
needs: [build]
permissions:
contents: read
packages: write

steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Create manifest & push images
working-directory: ${{ runner.temp }}/digests
run: >
docker buildx imagetools create
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ needs.build.outputs.meta }}')
$(printf '${{ needs.build.outputs.repo }}@sha256:%s ' *)
Loading
Loading