ci(docker): use Depot for multiarch images #10039
Conversation
michaelfig
force-pushed
the
mfig-docker-depot
branch
from
8817440 to
a083021
Compare
Deploying agoric-sdk with
|
| Latest commit: |
91d2990
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://99e7711b.agoric-sdk.pages.dev |
| Branch Preview URL: | https://mfig-docker-depot.agoric-sdk.pages.dev |
michaelfig
force-pushed
the
mfig-docker-depot
branch
from
a083021 to
02aa9e2
Compare
michaelfig
force-pushed
the
mfig-docker-depot
branch
2 times, most recently
from
82c3e3f to
e7fb573
Compare
| - fromTag: "latest" | ||
| + fromTag: "latest", | ||
| + repositoryColon: "ghcr.io/agoric/agoric-3-proposals:", | ||
| + sdkRepositoryColon: "ghcr.io/agoric/agoric-sdk:", |
There was a problem hiding this comment.
where is this value changed?
or repositoryColon for that matter?
| // Must match the Bake file and CI config | ||
| - fromTag: "latest" | ||
| + fromTag: "latest", | ||
| + repositoryColon: "ghcr.io/agoric/agoric-3-proposals:", |
There was a problem hiding this comment.
why is the colon necessary to include?
There was a problem hiding this comment.
given there are multiple repositories in play, both git and Docker, please give this a more descriptive name. assuming we can drop the colon,
| + repositoryColon: "ghcr.io/agoric/agoric-3-proposals:", | |
| + a3pDockerRepository: "ghcr.io/agoric/agoric-3-proposals", |
| RESUME(fromTag) { | ||
| return ` | ||
| ## RESUME | ||
| -FROM ghcr.io/agoric/agoric-3-proposals:${fromTag} as use-${fromTag} |
There was a problem hiding this comment.
why are these Docker vars necessary? the Dockerfile is generated by the CI job. Couldn't it just produce the desired file contents?
There was a problem hiding this comment.
The buildConfig is part of the package.json. Would you prefer that CI edited that before prepare-build instead of creating a docker-bake.override.json to modify the Dockerfile's behaviour at build time?
There was a problem hiding this comment.
I've removed any dependencies on a synthetic-chain patch, and reduced the postprocessing of the prepare-build-generated files to a single sed. Let's talk about the best way to make that change robust.
michaelfig
force-pushed
the
mfig-docker-depot
branch
14 times, most recently
from
62d8aaf to
d901bda
Compare
a3p-integration/package.json
Outdated
| @@ -12,7 +12,7 @@ | |||
| "doctor": "yarn synthetic-chain doctor" | |||
| }, | |||
| "dependencies": { | |||
| "@agoric/synthetic-chain": "patch:@agoric/synthetic-chain@npm%3A0.1.0#~/.yarn/patches/@agoric-synthetic-chain-npm-0.1.0-148de716a6.patch", | |||
| "@agoric/synthetic-chain": "^0.1.1", | |||
michaelfig
changed the title
michaelfig
force-pushed
the
mfig-docker-depot
branch
from
d901bda to
5820004
Compare
|
I extracted the controversial "publish |
| - name: Save BUILD_TAG | ||
| run: | | ||
| ARCH=$(echo '${{ matrix.platform }}' | tr / _) | ||
| echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}-$ARCH" >> $GITHUB_ENV |
There was a problem hiding this comment.
Are we still generating -$ARCH tags? I have used those in the past, but mostly because the arm64 and thus combined image took forever to publish, so possibly this is no longer necessary.
There was a problem hiding this comment.
You're right; building and publishing the combined image now takes about the same time as the -linux_amd64 tag used to take. So, no more -$ARCH tags.
.github/workflows/docker.yml
Outdated
| PREFIX="$REGISTRY/agoric/cosmic-swingset-solo:" | ||
| for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | ||
| PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | ||
| PREFIXED="$PREFIXED$sep$PREFIX$TAG" |
There was a problem hiding this comment.
why this change? the previous was more clear. please revert or justify.
michaelfig
force-pushed
the
mfig-docker-depot
branch
from
5820004 to
91d2990
Compare
michaelfig
added
tooling
Project ID file accidentally missing from #10039 which caused the following error in CI: ``` Error: could not configure buildx: unknown project ID (run `depot init` or use --project or $DEPOT_PROJECT_ID) ``` This was confirmed fixed with a manual run of `Docker Build Release Images`.
closes: #9043
Description
Update
docker.ymlimage publishing to use Depot for efficient multiarch builds.Before (~2h):
After (~15m):
Also, stop building the
agoric/agoric-sdk:ibc-alphatag since it is no longer relevant (only was needed by an IBC test long, long ago).Security Considerations
Introduces CI dependency on Depot.
agoric-3-proposalsalready uses this successfully, so it is not new to our organisation.Scaling Considerations
Improves scalability of our CI system (2h Docker multiarch build times are reduced to 15m).
Documentation Considerations
n/a
Testing Considerations
Manually launched Docker builds show that the new CI works correctly.
Upgrade Considerations
n/a