[igt-dev] [PATCH i-g-t 5/8] .gitlab-ci: Switch to podman/buildah/skopeo
Arkadiusz Hiler
arkadiusz.hiler at intel.com
Tue Sep 3 08:36:11 UTC 2019
The current setup uses docker-inside-docker setup which seems to fail
quite often:
WARNING: Service runner-HnMPegeT-project-3185-concurrent-0-docker-0 probably didn't start properly.
Using docker image XYZ for docker:stable ...
ERROR: Job failed (system failure): Error response from daemon: No such container: XYZ (executor_docker.go:743:0s)
Switching over to buildah (invoked via podman - docker's drop-in
replacement) everything will happen locally without the need to engage
any daemons, which should make the build more reliable.
We force using docker format for the containers as only the very latest
docker can understand OCI and it does not have widespread adoption yet.
Buildah can also use chroot for isolation which simplifies network
handling for nested containers and have a potential of being a tad bit
faster.
To query remotes and manage remote tags we can use skopeo, which saves
us from pulling full images from the remote without an actual need.
Fixes: https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/187
Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler at intel.com>
---
.gitlab-ci.yml | 64 ++++++++++-------------------------
.gitlab-ci/pull-or-rebuild.sh | 20 +++++------
2 files changed, 27 insertions(+), 57 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5b983618..07c9a628 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,7 @@
image: $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
variables:
+ BUILDAH_FORMAT: docker
+ BUILDAH_ISOLATION: chroot
MESON_OPTIONS: >
-Dlibdrm_drivers=intel,nouveau,amdgpu
-Doverlay=enabled
@@ -22,65 +24,40 @@ stages:
build-containers:build-debian:
stage: build-containers
- image: docker:stable
- services:
- - docker:dind
- variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-minimal build-debian-minimal
- - docker pull $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA
- - docker tag $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA build-debian-minimal:commit-$CI_COMMIT_SHA
+ - podman pull $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA
+ - podman tag $CI_REGISTRY/$CI_PROJECT_PATH/build-debian-minimal:commit-$CI_COMMIT_SHA build-debian-minimal:commit-$CI_COMMIT_SHA
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian build-debian
build-containers:build-debian-armhf:
stage: build-containers
- image: docker:stable
- services:
- - docker:dind
- variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-armhf build-debian-armhf
build-containers:build-debian-arm64:
stage: build-containers
- image: docker:stable
- services:
- - docker:dind
- variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-arm64 build-debian-arm64
build-containers:build-debian-mips:
stage: build-containers
- image: docker:stable
- services:
- - docker:dind
- variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-debian-mips build-debian-mips
build-containers:build-fedora:
stage: build-containers
- image: docker:stable
- services:
- - docker:dind
- variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- .gitlab-ci/pull-or-rebuild.sh base Dockerfile.build-fedora build-fedora
#################### BUILD #########################
@@ -280,20 +257,15 @@ pages:
############## CONTAINERS ####################
-
containers:igt:
stage: containers
- image: docker:stable
- services:
- - docker:dind
+ image: registry.freedesktop.org/wayland/ci-templates/buildah
dependencies:
- build:tests-fedora
variables:
- DOCKER_HOST: tcp://docker:2375
- DOCKER_DRIVER: overlay2
FORCE_REBUILD: 1
script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- - docker pull $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
- - docker tag $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA build-fedora:commit-$CI_COMMIT_SHA
+ - podman login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+ - podman pull $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA
+ - podman tag $CI_REGISTRY/$CI_PROJECT_PATH/build-fedora:commit-$CI_COMMIT_SHA build-fedora:commit-$CI_COMMIT_SHA
- .gitlab-ci/pull-or-rebuild.sh igt Dockerfile igt
diff --git a/.gitlab-ci/pull-or-rebuild.sh b/.gitlab-ci/pull-or-rebuild.sh
index 3f00e831..3d71e821 100755
--- a/.gitlab-ci/pull-or-rebuild.sh
+++ b/.gitlab-ci/pull-or-rebuild.sh
@@ -36,28 +36,26 @@ COMMITNAME=$IMAGENAME:commit-$CI_COMMIT_SHA
if [ "$TYPE" = "base" ]; then
# base container (building, etc) - we rebuild only if changed or forced
- docker pull $DOCKERNAME
+ skopeo inspect docker://$DOCKERNAME
IMAGE_PRESENT=$?
set -e
if [ $IMAGE_PRESENT -eq 0 ] && [ ${FORCE_REBUILD:-0} -eq 0 ] ; then
echo "Skipping, already built"
- docker tag $DOCKERNAME $COMMITNAME
else
echo "Building!"
- docker build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA \
- -t $DOCKERNAME -t $COMMITNAME -f $DOCKERFILE .
- docker push $DOCKERNAME
- fi
- docker push $COMMITNAME
+ podman build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA -t $DOCKERNAME -f $DOCKERFILE .
+ podman push $DOCKERNAME
+ fi
+
+ skopeo copy docker://$DOCKERNAME docker://$COMMITNAME
elif [ "$TYPE" = "igt" ]; then
# container with IGT, we don't care about Dockerfile changes
# we always rebuild
set -e
- docker build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA \
- -t $REFNAME -t $COMMITNAME -f $DOCKERFILE .
- docker push $REFNAME
- docker push $COMMITNAME
+ podman build --build-arg=CI_COMMIT_SHA=$CI_COMMIT_SHA -t $COMMITNAME -f $DOCKERFILE .
+ podman push $COMMITNAME
+ skopeo copy docker://$COMMITNAME docker://$REFNAME
else
echo "unknown build type $TYPE"
exit 1
--
2.21.0
More information about the igt-dev
mailing list