Refactor Docker build #8527
Merged
Refactor Docker build #8527
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sschuberth
reviewed
Apr 16, 2024
mnonnenmacher
force-pushed
the
refactor-docker-build
branch
from
d09caa1 to
443a8b9
Compare
sschuberth
reviewed
Apr 16, 2024
Comment on lines
+144
to
+146
| # Change the ownership of the Gradle user home and the workspace to the user in the Docker container. | ||
| sudo chown -R 1000:1000 /home/runner/.gradle | ||
| sudo chown -R 1000:1000 ${{ github.workspace }} |
There was a problem hiding this comment.
Instead of this (and the restoring code below), would it be an alternative to use docker run --user 1001:121 ...?
There was a problem hiding this comment.
And probably use $(id -u) / $(id -g) instead of hard-coding the values.
There was a problem hiding this comment.
I wrote this part of the code several weeks ago, I don't remember exactly which options I tried, but I think I could not get it to work with the --user option (I think one tricky part was also that the Gradle cache works correctly). I would rather do any such changes in a follow-up PR, as currently I'm just happy that it works, and doing the changes in this PR might require a few additional rounds of testing.
sschuberth
reviewed
Apr 16, 2024
sschuberth
reviewed
Apr 16, 2024
sschuberth
reviewed
Apr 16, 2024
sschuberth
reviewed
Apr 16, 2024
The `--file` option was deprecated in Syft 0.93.0 [1]. [1]: https://github.com/anchore/syft/releases/tag/v0.93.0 Signed-off-by: Martin Nonnenmacher <[email protected]>
Add separate build stages to the end of the Dockerfile which add ORT to the images. This allows to build images which contain only the tools, but not ORT itself, which is useful when building the Docker image for the functional tests where ORT is not required. Signed-off-by: Martin Nonnenmacher <[email protected]>
Add a composite action [1] that removes unneeded Docker images and preinstalled tools to increase the available disk space. This will be used by jobs that build the ORT Docker image, as otherwise the 14 GB free disk space that GitHub guarantees [2] are not sufficient. After the action is executed there are approximately 40 GB disk space available. This action could later be replaced by an existing alternative like [3] or [4], but for now the custom action will be used in the following changes as it is proven to work for the Docker build jobs. [1]: https://docs.github.com/en/actions/creating-actions/creating-a-composite-action [2]: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories [3]: https://github.com/easimon/maximize-build-space [4]: https://github.com/AdityaGarg8/remove-unwanted-software Signed-off-by: Martin Nonnenmacher <[email protected]>
Replace the `docker-ort` workflow with the new `docker-build` workflow. Instead of the old approach to build separate Docker images for the different package managers, the new workflow uses the Docker registry cache [1] to cache the layers in the GitHub container registry. This dramatically simplifies the build process, as no additional logic for building the Docker images is required anymore. The workflow first builds the full Docker image and caches it to the registry. The minimal image is built afterwards and can reuse all layers but the last one from the previously populated cache. This commit also slightly changes the way that Docker images are tagged: * All published images are now tagged with the Git revision. Previously, the revision was only visible as part of the ORT version tag, which does not include the revision for release builds. * The latest build from the main branch is now tagged with the `main` tag. [1]: https://docs.docker.com/build/cache/backends/registry/ Signed-off-by: Martin Nonnenmacher <[email protected]>
Change the `build-and-test` workflow to run the functional tests in a newly built Docker image. Before that change, functional tests were executed in the nightly snapshot build of the ORT Docker image. This was problematic, as changes to the Dockerfile were not immediately reflected in the test results. To speed up the build of the Docker image, the workflow uses the registry cache and builds only the `all-tools` stage which does not include the ORT build itself. The ORT installation is not required, as the GitHub workspace is mounted into the Docker container for running the functional tests. Signed-off-by: Martin Nonnenmacher <[email protected]>
Signed-off-by: Martin Nonnenmacher <[email protected]>
mnonnenmacher
force-pushed
the
refactor-docker-build
branch
from
443a8b9 to
d8cd014
Compare
sschuberth
approved these changes
Apr 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactor the Docker build to use the registry cache instead of language specific images for speeding up the build. The out of disk space issue is solved by removing unneeded tools from the GitHub Actions runner.
The new approach has been tested on my private fork at https://github.com/mnonnenmacher/ort. The images built during testing can be found at https://github.com/mnonnenmacher/ort/pkgs/container/ort and https://github.com/mnonnenmacher/ort/pkgs/container/ort-minimal.
Note that in this PR the fun-test job will always have to do a full build of the Docker image, as the registry cache is not yet populated. Tests on my fork have shown that if no changes are done to the Dockerfile the build takes about 2 minutes, a full build takes about 10 minutes.
Please see the commit messages for further details.
I will update the documentation in a follow-up PR, also with information about how the registry cache can be used for local builds.