[igt-dev] [PATCH i-g-t 5/8] .gitlab-ci: Switch to podman/buildah/skopeo

Arkadiusz Hiler arkadiusz.hiler at intel.com
Tue Sep 3 08:36:11 UTC 2019


The current setup uses docker-inside-docker setup which seems to fail
quite often:
	WARNING: Service runner-HnMPegeT-project-3185-concurrent-0-docker-0 probably didn't start properly.
	Using docker image XYZ for docker:stable ...
	ERROR: Job failed (system failure): Error response from daemon: No such container: XYZ (executor_docker.go:743:0s)

Switching over to buildah (invoked via podman - docker's drop-in
replacement) everything will happen locally without the need to engage
any daemons, which should make the build more reliable.

We force using docker format for the containers as only the very latest
docker can understand OCI and it does not have widespread adoption yet.

Buildah can also use chroot for isolation which simplifies network
handling for nested containers and have a potential of being a tad bit
faster.

To query remotes and manage remote tags we can use skopeo, which saves
us from pulling full images from the remote without an actual need.

Fixes: https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/187
Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler at intel.com>
---
 .gitlab-ci.yml                | 64 ++++++++++-------------------------
 .gitlab-ci/pull-or-rebuild.sh | 20 +++++------
 2 files changed, 27 insertions(+), 57 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5b983618..07c9a628 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,7 @@
 image: $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
 variables:
+  BUILDAH_FORMAT: docker
+  BUILDAH_ISOLATION: chroot
   MESON_OPTIONS: >
     -Dlibdrm_drivers=intel,nouveau,amdgpu
     -Doverlay=enabled
@@ -22,65 +24,40 @@ stages:
 
 build-containers:build-debian:
   stage: build-containers
-  image: docker:stable
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-minimal build-debian-minimal
-    - docker pull $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA
-    - docker tag $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA build-debian-minimal:commit-$CI_COMMIT_SHA
+    - podman pull $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA
+    - podman tag $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA build-debian-minimal:commit-$CI_COMMIT_SHA
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian build-debian
 
 build-containers:build-debian-armhf:
   stage: build-containers
-  image: docker:stable
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-armhf build-debian-armhf
 
 build-containers:build-debian-arm64:
   stage: build-containers
-  image: docker:stable
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-arm64 build-debian-arm64
 
 build-containers:build-debian-mips:
   stage: build-containers
-  image: docker:stable
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-mips build-debian-mips
 
 build-containers:build-fedora:
   stage: build-containers
-  image: docker:stable
-  services:
-    - docker:dind
-  variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-fedora build-fedora
 
 #################### BUILD #########################
@@ -280,20 +257,15 @@ pages:
 
 ############## CONTAINERS ####################
 
-
 containers:igt:
   stage: containers
-  image: docker:stable
-  services:
-    - docker:dind
+  image: registry.freedesktop.org/wayland/ci-templates/buildah
   dependencies:
     - build:tests-fedora
   variables:
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_DRIVER: overlay2
     FORCE_REBUILD: 1
   script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-    - docker pull $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
-    - docker tag $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA build-fedora:commit-$CI_COMMIT_SHA
+    - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - podman pull $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
+    - podman tag $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA build-fedora:commit-$CI_COMMIT_SHA
     - .gitlab-ci/pull-or-rebuild.sh igt Dockerfile igt
diff --git a/.gitlab-ci/pull-or-rebuild.sh b/.gitlab-ci/pull-or-rebuild.sh
index 3f00e831..3d71e821 100755
--- a/.gitlab-ci/pull-or-rebuild.sh
+++ b/.gitlab-ci/pull-or-rebuild.sh
@@ -36,28 +36,26 @@ COMMITNAME=$IMAGENAME:commit-$CI_COMMIT_SHA
 
 if [ "$TYPE" = "base" ]; then
 	# base container (building, etc) - we rebuild only if changed or forced
-	docker pull $DOCKERNAME
+	skopeo inspect docker://$DOCKERNAME
 	IMAGE_PRESENT=$?
 
 	set -e
 	if [ $IMAGE_PRESENT -eq 0 ] && [ ${FORCE_REBUILD:-0} -eq 0 ] ; then
 		echo "Skipping, already built"
-		docker tag $DOCKERNAME $COMMITNAME
 	else
 		echo "Building!"
-		docker build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA \
-			     -t $DOCKERNAME -t $COMMITNAME -f $DOCKERFILE .
-		docker push $DOCKERNAME
-    fi
-    docker push $COMMITNAME
+		podman build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA -t $DOCKERNAME -f $DOCKERFILE .
+		podman push $DOCKERNAME
+	fi
+
+	skopeo copy docker://$DOCKERNAME docker://$COMMITNAME
 elif [ "$TYPE" = "igt" ]; then
 	# container with IGT, we don't care about Dockerfile changes
 	# we always rebuild
 	set -e
-	docker build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA \
-		     -t $REFNAME -t $COMMITNAME -f $DOCKERFILE .
-	docker push $REFNAME
-	docker push $COMMITNAME
+	podman build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA -t $COMMITNAME -f $DOCKERFILE .
+	podman push $COMMITNAME
+	skopeo copy docker://$COMMITNAME docker://$REFNAME
 else
 	echo "unknown build type $TYPE"
 	exit 1
-- 
2.21.0



More information about the igt-dev mailing list