[Mesa-dev] [PATCH 2/3] gitlab-ci: build base images if dependencies changed

Juan A. Suarez Romero jasuarez at igalia.com
Wed Aug 8 15:44:42 UTC 2018 

Most of times, the base and LLVM images do not require to be rebuilt,
as the dependencies remains the same.

To avoid rebuilding these images everytime, store in the image the
Dockerfile's sha256sum: if the Dockerfile changes (because new
dependencies were added or changed), then rebuild the image and push it.

Signed-off-by: Juan A. Suarez Romero <jasuarez at igalia.com>
---
 .gitlab-ci.yml                    |  9 ++++++---
 gitlab-ci/Rockerfile.base         |  4 +++-
 gitlab-ci/Rockerfile.llvm         |  4 +++-
 gitlab-ci/inspect-remote-image.sh | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100755 gitlab-ci/inspect-remote-image.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5cee333dd45..31f69ceb29e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -23,7 +23,7 @@ before_script:
   - rm -fr ../ccache
   - mv ccache ../
   - export MAKEFLAGS=-j$(nproc)
-  - apk --no-cache add libc6-compat
+  - apk --no-cache add libc6-compat curl jq
   - wget https://github.com/grammarly/rocker/releases/download/1.3.1/rocker-1.3.1-linux_amd64.tar.gz
   - tar xvf rocker-1.3.1-linux_amd64.tar.gz
   - rm rocker-1.3.1-linux_amd64.tar.gz
@@ -37,8 +37,11 @@ after_script:
   stage: llvm
   cache: {}
   script:
-    - ../rocker build -f gitlab-ci/Rockerfile.llvm --var LLVM=$LLVM
-    - docker push $CI_REGISTRY_IMAGE:llvm-$LLVM
+    - DOCKERFILE_SHA256=$(cat gitlab-ci/Rockerfile.base gitlab-ci/Rockerfile.llvm | sha256sum | cut -c-64)
+    - IMAGE_DOCKERFILE_SHA256=$(./gitlab-ci/inspect-remote-image.sh gitlab-ci-token $CI_BUILD_TOKEN $CI_PROJECT_PATH "llvm-$LLVM" ".config.Labels[\"dockerfile.sha256\"]" || echo -n "<notfound>")
+    - if [ "$DOCKERFILE_SHA256" != "$IMAGE_DOCKERFILE_SHA256" ] ; then FORCE_BUILD=true ; fi
+    - if [ "$FORCE_BUILD" ] ; then ../rocker build -f gitlab-ci/Rockerfile.llvm --var DOCKERFILE_SHA256=$DOCKERFILE_SHA256 --var LLVM=$LLVM ; fi
+    - if [ "$FORCE_BUILD" ] ; then docker push $CI_REGISTRY_IMAGE:llvm-$LLVM ; fi
 
 .build_mesa: &build_mesa
   stage: mesa
diff --git a/gitlab-ci/Rockerfile.base b/gitlab-ci/Rockerfile.base
index a0cb5e5290d..2056aceacdf 100644
--- a/gitlab-ci/Rockerfile.base
+++ b/gitlab-ci/Rockerfile.base
@@ -2,7 +2,8 @@
 # Base image for building Mesa.
 #
 # ~~~
-#  rocker build -f Rockerfile.base [--attach] [--pull]
+#  rocker build -f Rockerfile.base [--attach] [--pull]   \
+#    --var DOCKERFILE_SHA256=`sha256sum Rockerfile.base | cut -c-64)`
 # ~~~
 #
 # Environment variables that are used in the build:
@@ -16,6 +17,7 @@
 FROM ubuntu:xenial
 
 LABEL maintainer "Juan A. Suarez Romero <jasuarez at igalia.com>"
+LABEL dockerfile.sha256 {{ .DOCKERFILE_SHA256 }}
 
 ENV LC_ALL=C.UTF-8
 
diff --git a/gitlab-ci/Rockerfile.llvm b/gitlab-ci/Rockerfile.llvm
index ed75f4f0f02..cb2906d9a40 100644
--- a/gitlab-ci/Rockerfile.llvm
+++ b/gitlab-ci/Rockerfile.llvm
@@ -2,7 +2,8 @@
 # This builds the base image for building Mesa.
 #
 # ~~~
-#  rocker build -f Rockerfile.llvm [--pull]     \
+#  rocker build -f Rockerfile.llvm [--pull]                             \
+#    --var DOCKERFILE_SHA256=`sha256sum Rockerfile.base | cut -c-64)`   \
 #    --var LLVM=3.3             # 3.3, 3.6, 3.8, 3.9, 4.0, 5.0, 6.0
 # ~~~
 #
@@ -30,6 +31,7 @@
 FROM {{ $image }}:base
 
 LABEL maintainer "Juan A. Suarez Romero <jasuarez at igalia.com>"
+LABEL dockerfile.sha256 {{ .DOCKERFILE_SHA256 }}
 
 {{ if ge .LLVM "3.9" }}
 RUN apt-get update                                                            \
diff --git a/gitlab-ci/inspect-remote-image.sh b/gitlab-ci/inspect-remote-image.sh
new file mode 100755
index 00000000000..e3810023b00
--- /dev/null
+++ b/gitlab-ci/inspect-remote-image.sh
@@ -0,0 +1,21 @@
+if [ $# != 5 ]; then
+    echo "Usage: $0 <username> <password> <image> <tag> <property>"
+    exit 0
+fi
+
+USERNAME=$1
+PASSWORD=$2
+IMAGE=$3
+TAG=$4
+PROPERTY=$5
+
+AUTHPOINT=$(curl -L -D - -s https://${CI_REGISTRY}/v2/ | grep Www-Authenticate)
+
+REALM=$(echo -n ${AUTHPOINT} | cut -d \" -f 2)
+SERVICE=$(echo -n ${AUTHPOINT} | cut -d \" -f 4)
+
+TOKEN=$(curl -L -s --user "${USERNAME}:${PASSWORD}" "${REALM}?client_id=docker&offline_token=true&service=${SERVICE}&scope=repository:${IMAGE}:pull" | jq -r ".token")
+
+DIGEST=$(curl -L -s -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer ${TOKEN}" "https://${CI_REGISTRY}/v2/${IMAGE}/manifests/${TAG}" | jq -r ".config.digest")
+
+curl -L -s -H "Authorization: Bearer ${TOKEN}" "https://${CI_REGISTRY}/v2/${IMAGE}/blobs/${DIGEST}" | jq -r "${PROPERTY}"
-- 
2.17.1

More information about the mesa-dev mailing list