[Merged by Bors] - Self hosted docker builds

[realbigsean]

Issue Addressed

We're OOM'ing on Docker builds on the Deneb branch #3929

Are we ok to self host automated docker builds?

[realbigsean]

I'm going to test this out on the deneb branch #4599

[realbigsean]

Ok looks like it's failing, my guess is due to permissions. I'm gonna give this a shot (looks like there's better support for this type of thing nowadays): https://docs.docker.com/build/ci/github-actions/multi-platform/

[realbigsean]

We must go deeper: docker/setup-qemu-action#67

[realbigsean]

This looks promising on the deneb branch following the guidance of the previously linked issue. Here's the action where it's running https://github.com/sigp/lighthouse/actions/runs/5824054179/job/15792273258

One thing to note is that this doesn't currently include --provenance=false, but I can add it if we want it. I'm not sure why it was there, maybe to speed things up? It looks like the build and push step is something like 4 minutes slower without that flag.

[realbigsean]

Obviosly jinxed the last one. Looks like it failed on creation of the multiarch image. From what I can gather, we're using an old way to do this: docker manifest, where we can now use docker buildx imagetools create. Testing this again on deneb https://github.com/sigp/lighthouse/actions/runs/5825468485

[realbigsean]

It worked! 🎉 https://hub.docker.com/layers/sigp/lighthouse/deneb/images/sha256-9f56a6534cb183a4a568b095d8e3ee9b1c558674e5709abef681764f23ed4d5d?context=explore

[paulhauner]

This is really cool, but I think we should do the Docker builds on the new release-only runner that @antondlr is working on.

I am concerned about using the testing runners for building binaries (or Docker images) that are expected to run in production.

I've also experienced the ARM OOMs, generally it works after a few tries. It's a crappy solution I know, but I think we should have the release-only boxes soon!

[antondlr]

One thing to note is that this doesn't currently include --provenance=false, but I can add it if we want it. I'm not sure why it was there, maybe to speed things up? It looks like the build and push step is something like 4 minutes slower without that flag.

the flag was introduced here; tldr: buildx v0.10.0 added provenance attestations to images but they are packed in a way that's incompatible with docker manifest

[antondlr]

This is really cool, but I think we should do the Docker builds on the new release-only runner that @antondlr is working on.

agree; I'll try to get some runners up Soon ™️ , iirc box is basically ready and idling
only the weird windows setup is still pending (I have to copy over a large file from age's network for that)

[realbigsean]

This is really cool, but I think we should do the Docker builds on the new release-only runner that @antondlr is working on.

makes sense!

the flag was introduced #3902; tldr: buildx v0.10.0 added provenance attestations to images but they are packed in a way that's incompatible with docker manifest

Since switching to imagetools instead of manifest seems to make it work without that flag, I guess I'll leave it off.

I'll leave this PR open and switch it to the release runner whenever it's ready

[jimmygchen]

Looks good 👍
It's been working well for Deneb as well (using the dev runners though).

[antondlr]

the DinD instance has this buildx builder pre-set as default:
(installed through docker run --privileged tonistiigi/binfmt --install all)

runner$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS  BUILDKIT             PLATFORMS
default * docker
  default default         running v0.11.6+0a15675913b7 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/386

so I think we can skip those 2 steps on self-hosted

[paulhauner]

Nice work, looks good to me! Keen to see it in action for v4.5.0!

[michaelsproul]

bors r+

[bors]

Build failed (retrying...):

• release-tests-ubuntu

[bors]

Build failed (retrying...):

• release-tests-ubuntu

[michaelsproul]

bors r-
bors r+

[bors]

Canceled.

[bors]

Build failed (retrying...):

• release-tests-windows

[michaelsproul]

bors r-

[bors]

Canceled.

[michaelsproul]

bors r+

[bors]

Build failed (retrying...):

• release-tests-ubuntu

[bors]

Pull request successfully merged into unstable.

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

• arbitrary-check
• beacon-chain-tests
• cargo-audit
• cargo-fmt
• cargo-udeps
• cargo-vendor
• check-benchmarks
• check-msrv
• clippy
• compile-with-beta-compiler
• debug-tests-ubuntu
• dockerfile-ubuntu
• doppelganger-protection-test
• ef-tests-ubuntu
• eth1-simulator-ubuntu
• execution-engine-integration-ubuntu
• merge-transition-ubuntu
• no-eth1-simulator-ubuntu
• op-pool-tests
• release-tests-ubuntu
• release-tests-windows
• slasher-tests
• state-transition-vectors-ubuntu
• syncing-simulator-ubuntu