alt-orchestra/talos
1
0
Fork 0
Code Issues Pull Requests Actions 27 Packages Projects Releases Wiki Activity

chore: use docker buildx

Browse Source 
This replaces buildkit and buildctl with the docker buildx plugin.

Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This commit is contained in:
Andrew Rynhard 2019-12-23 10:36:14 -08:00
parent da88d7bcb3
commit 6602a85976
3 changed files with 945 additions and 354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

955
.drone.yml
View File

File diff suppressed because it is too large Load Diff

254
Makefile
View File

@ -1,22 +1,9 @@
TOOLS ?= autonomy/tools:8fdb32d
# TODO(andrewrynhard): Move this logic to a shell script.
BUILDKIT_VERSION ?= v0.6.0
KUBECTL_VERSION ?= v1.17.0
GO_VERSION ?= 1.13
BUILDKIT_IMAGE ?= moby/buildkit:$(BUILDKIT_VERSION)
BUILDKIT_HOST ?= tcp://0.0.0.0:1234
BUILDKIT_CONTAINER_NAME ?= talos-buildkit
BUILDKIT_CONTAINER_STOPPED := $(shell docker ps --filter name=$(BUILDKIT_CONTAINER_NAME) --filter status=exited --format='{{.Names}}' 2>/dev/null)
BUILDKIT_CONTAINER_RUNNING := $(shell docker ps --filter name=$(BUILDKIT_CONTAINER_NAME) --filter status=running --format='{{.Names}}' 2>/dev/null)
UNAME_S := $(shell uname -s)
ifeq ($(UNAME_S),Linux)
BUILDCTL_ARCHIVE := https://github.com/moby/buildkit/releases/download/$(BUILDKIT_VERSION)/buildkit-$(BUILDKIT_VERSION).linux-amd64.tar.gz
endif
ifeq ($(UNAME_S),Darwin)
BUILDCTL_ARCHIVE := https://github.com/moby/buildkit/releases/download/$(BUILDKIT_VERSION)/buildkit-$(BUILDKIT_VERSION).darwin-amd64.tar.gz
endif
ifeq ($(UNAME_S),Linux)
KUBECTL_ARCHIVE := https://storage.googleapis.com/kubernetes-release/release/$(KUBECTL_VERSION)/bin/linux/amd64/kubectl
@ -42,21 +29,28 @@ OSCTL_COMMAND := build/osctl-darwin-amd64
endif
BINDIR ?= ./bin
CONFORM_VERSION ?= 57c9dbd
REGISTRY ?= docker.io
USERNAME ?= autonomy
SHA ?= $(shell $(BINDIR)/gitmeta git sha)
TAG ?= $(shell $(BINDIR)/gitmeta image tag)
BRANCH ?= $(shell $(BINDIR)/gitmeta git branch)
REGISTRY_AND_USERNAME := $(REGISTRY)/$(USERNAME)
COMMON_ARGS = --progress=plain
COMMON_ARGS += --frontend=dockerfile.v0
COMMON_ARGS += --allow security.insecure
COMMON_ARGS += --local context=.
COMMON_ARGS += --local dockerfile=.
COMMON_ARGS += --opt build-arg:TOOLS=$(TOOLS)
COMMON_ARGS += --opt build-arg:SHA=$(SHA)
COMMON_ARGS += --opt build-arg:TAG=$(TAG)
COMMON_ARGS += --opt build-arg:GO_VERSION=$(GO_VERSION)
PLATFORM ?= linux/amd64
PROGRESS ?= auto
PUSH ?= false
BUILD := docker buildx build
COMMON_ARGS := --file=Dockerfile
COMMON_ARGS += --progress=$(PROGRESS)
COMMON_ARGS += --platform=$(PLATFORM)
COMMON_ARGS += --push=$(PUSH)
COMMON_ARGS += --build-arg=TOOLS=$(TOOLS)
COMMON_ARGS += --build-arg=SHA=$(SHA)
COMMON_ARGS += --build-arg=TAG=$(TAG)
COMMON_ARGS += --build-arg=GO_VERSION=$(GO_VERSION)
COMMON_ARGS += .
DOCKER_ARGS ?=
@ -65,10 +59,10 @@ TESTPKGS ?= ./...
all: ci rootfs initramfs kernel osctl-linux osctl-darwin installer container
.PHONY: ci
ci: builddeps buildkitd
ci: builddeps
.PHONY: builddeps
builddeps: gitmeta buildctl
builddeps: gitmeta
gitmeta: $(BINDIR)/gitmeta
@ -77,12 +71,6 @@ $(BINDIR)/gitmeta:
@curl -L $(GITMETA) -o $(BINDIR)/gitmeta
@chmod +x $(BINDIR)/gitmeta
buildctl: $(BINDIR)/buildctl
$(BINDIR)/buildctl:
@mkdir -p $(BINDIR)
@curl -L $(BUILDCTL_ARCHIVE) | tar -zxf - -C $(BINDIR) --strip-components 1 bin/buildctl
kubectl: $(BINDIR)/kubectl
$(BINDIR)/kubectl:
@ -90,91 +78,61 @@ $(BINDIR)/kubectl:
@curl -L -o $(BINDIR)/kubectl $(KUBECTL_ARCHIVE)
@chmod +x $(BINDIR)/kubectl
.PHONY: buildkitd
buildkitd:
ifeq (tcp://0.0.0.0:1234,$(findstring tcp://0.0.0.0:1234,$(BUILDKIT_HOST)))
ifeq ($(BUILDKIT_CONTAINER_STOPPED),$(BUILDKIT_CONTAINER_NAME))
@echo "Removing exited talos-buildkit container"
@docker rm $(BUILDKIT_CONTAINER_NAME)
endif
ifneq ($(BUILDKIT_CONTAINER_RUNNING),$(BUILDKIT_CONTAINER_NAME))
@echo "Starting talos-buildkit container"
@docker run \
--name $(BUILDKIT_CONTAINER_NAME) \
-d \
--privileged \
-p 1234:1234 \
$(BUILDKIT_IMAGE) \
--addr $(BUILDKIT_HOST) \
--allow-insecure-entitlement security.insecure
@echo "Wait for buildkitd to become available"
@sleep 5
endif
endif
base: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=build/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
base:
@$(BUILD) \
--output type=docker,dest=build/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: generate
generate: buildkitd
$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
generate:
$(BUILD) \
--output type=local,dest=./ \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: docs
docs: buildkitd $(OSCTL_DEFAULT_TARGET)
$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
docs: $(OSCTL_DEFAULT_TARGET)
$(BUILD) \
--output type=local,dest=./ \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
@env HOME=/home/user $(OSCTL_COMMAND) docs docs/osctl
.PHONY: kernel
kernel: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
kernel:
@$(BUILD) \
--output type=local,dest=build \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
@-rm -rf ./build/modules
.PHONY: initramfs
initramfs: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
initramfs:
@$(BUILD) \
--output type=local,dest=build \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: squashfs
squashfs: buildkitd osd trustd ntpd networkd apid
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
squashfs: osd trustd ntpd networkd apid
@$(BUILD) \
--output type=local,dest=build \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: rootfs
rootfs: buildkitd osd trustd ntpd networkd apid
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
rootfs: osd trustd ntpd networkd apid
@$(BUILD) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: installer
installer: buildkitd
installer:
@mkdir -p build
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=build/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
@$(BUILD) \
--output type=docker,dest=build/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
@docker load < build/$@.tar
@ -281,11 +239,10 @@ iso:
@docker run --rm -i -v $(PWD)/build:/out autonomy/installer:$(TAG) iso
.PHONY: container
container: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=build/$@.tar,name=docker.io/autonomy/talos:$(TAG) \
--opt target=$@ \
container:
@$(BUILD) \
--output type=docker,dest=build/$@.tar,name=$(REGISTRY_AND_USERNAME)/talos:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
@docker load < build/$@.tar
@ -302,28 +259,26 @@ e2e-integration:
@TAG=$(TAG) SHA=$(SHA) ./hack/test/$@.sh
.PHONY: unit-tests
unit-tests: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
unit-tests:
@$(BUILD) \
--target=$@ \
--output type=local,dest=./ \
--opt build-arg:TESTPKGS=$(TESTPKGS) \
--build-arg=TESTPKGS=$(TESTPKGS) \
--allow security.insecure \
$(COMMON_ARGS)
.PHONY: unit-tests-race
unit-tests-race: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
--opt build-arg:TESTPKGS=$(TESTPKGS) \
unit-tests-race:
@$(BUILD) \
--target=$@ \
--build-arg=TESTPKGS=$(TESTPKGS) \
$(COMMON_ARGS)
.PHONY: integration-test
integration-test: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
integration-test:
@$(BUILD) \
--output type=local,dest=bin \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: fmt
@ -331,87 +286,76 @@ fmt:
@docker run --rm -it -v $(PWD):/src -w /src golang:$(GO_VERSION) bash -c "export GO111MODULE=on; export GOPROXY=https://proxy.golang.org; cd /tmp && go mod init tmp && go get mvdan.cc/gofumpt/gofumports && cd - && gofumports -w -local github.com/talos-systems/talos ."
.PHONY: lint
lint: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
lint:
@$(BUILD) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: protolint
protolint: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
protolint:
@$(BUILD) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: markdownlint
markdownlint: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
markdownlint:
@$(BUILD) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: osctl-linux
osctl-linux: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
osctl-linux:
@$(BUILD) \
--output type=local,dest=build \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: osctl-darwin
osctl-darwin: buildkitd
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
osctl-darwin:
@$(BUILD) \
--output type=local,dest=build \
--opt target=$@ \
--target=$@ \
$(COMMON_ARGS)
.PHONY: machined
machined: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--opt target=$@ \
machined: images
@$(BUILD) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: osd
osd: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=images/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
osd: images
@$(BUILD) \
--output type=docker,dest=images/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: apid
apid: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=images/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
apid: images
@$(BUILD) \
--output type=docker,dest=images/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: trustd
trustd: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=images/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
trustd: images
@$(BUILD) \
--output type=docker,dest=images/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: ntpd
ntpd: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=images/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
ntpd: images
@$(BUILD) \
--output type=docker,dest=images/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
.PHONY: networkd
networkd: buildkitd images
@$(BINDIR)/buildctl --addr $(BUILDKIT_HOST) \
build \
--output type=docker,dest=images/$@.tar,name=docker.io/autonomy/$@:$(TAG) \
--opt target=$@ \
networkd: images
@$(BUILD) \
--output type=docker,dest=images/$@.tar,name=$(REGISTRY_AND_USERNAME)/$@:$(TAG) \
--target=$@ \
$(COMMON_ARGS)
images:

90
hack/drone.jsonnet
View File

@ -6,6 +6,15 @@
local build_container = 'autonomy/build-container:latest';
local secret = {
kind: 'secret',
name: 'kubeconfig',
get: {
path: 'buildx',
name: 'kubeconfig'
},
};
local volumes = {
dockersock: {
pipeline: {
@ -18,6 +27,28 @@ local volumes = {
},
},
docker: {
pipeline: {
name: 'docker',
temp: {},
},
step: {
name: $.docker.pipeline.name,
path: '/root/.docker/buildx',
},
},
kube: {
pipeline: {
name: 'kube',
temp: {},
},
step: {
name: $.kube.pipeline.name,
path: '/root/.kube',
},
},
dev: {
pipeline: {
name: 'dev',
@ -44,12 +75,16 @@ local volumes = {
ForStep(): [
self.dockersock.step,
self.docker.step,
self.kube.step,
self.dev.step,
self.tmp.step,
],
ForPipeline(): [
self.dockersock.pipeline,
self.docker.pipeline,
self.kube.pipeline,
self.dev.pipeline,
self.tmp.pipeline,
],
@ -70,18 +105,21 @@ local docker = {
volumes: volumes.ForStep(),
};
// This step is used only when `drone exec` is executed.
local buildkit = {
name: 'buildkit',
image: 'moby/buildkit:v0.6.0',
// Sets up the buildx backend
local buildx = {
name: 'buildx',
image: 'autonomy/build-container:latest',
privileged: true,
detach: true,
commands: ['buildkitd --addr tcp://0.0.0.0:1234 --allow-insecure-entitlement security.insecure'],
when: {
event: {
include: [''],
},
environment: {
BUILDX_KUBECONFIG: { from_secret: secret.name },
},
commands: [
"apk add coreutils",
'echo -e "$BUILDX_KUBECONFIG" > /root/.kube/config',
'docker buildx create --driver kubernetes --driver-opt replicas=2 --driver-opt namespace=ci --driver-opt image=moby/buildkit:v0.6.2 --name ci --buildkitd-flags="--allow-insecure-entitlement security.insecure" --use',
'docker buildx inspect --bootstrap'
],
volumes: volumes.ForStep(),
};
// Step standardizes the creation of build steps. The name of the step is used
@ -94,7 +132,6 @@ local Step(name, image='', target='', depends_on=[], environment={}) = {
local make = if target == '' then std.format('make %s', name) else std.format('make %s', target),
local common_env_vars = {
BUILDKIT_HOST: '${BUILDKIT_HOST=tcp://buildkitd.ci.svc:1234}',
BINDIR: '/usr/local/bin',
},
@ -109,7 +146,7 @@ local Step(name, image='', target='', depends_on=[], environment={}) = {
// Pipeline is a way to standardize the creation of pipelines. It supports
// using and existing pipeline as a base.
local Pipeline(name, steps=[], depends_on=[], with_buildkit=false, with_docker=true, disable_clone=false) = {
local Pipeline(name, steps=[], depends_on=[], with_docker=true, disable_clone=false) = {
local node = { 'node-role.kubernetes.io/ci': '' },
kind: 'pipeline',
@ -117,7 +154,6 @@ local Pipeline(name, steps=[], depends_on=[], with_buildkit=false, with_docker=t
node: node,
services: [
if with_docker then docker,
if with_buildkit then buildkit,
],
[ if disable_clone then 'clone']: {
disable: true,
@ -136,22 +172,22 @@ local fetchtags = {
],
};
local machined = Step("machined", depends_on=[fetchtags]);
local osd = Step("osd", depends_on=[fetchtags]);
local trustd = Step("trustd", depends_on=[fetchtags]);
local ntpd = Step("ntpd", depends_on=[fetchtags]);
local networkd = Step("networkd", depends_on=[fetchtags]);
local apid = Step("apid", depends_on=[fetchtags]);
local osctl_linux = Step("osctl-linux", depends_on=[fetchtags]);
local osctl_darwin = Step("osctl-darwin", depends_on=[fetchtags]);
local integration_test = Step("integration-test", depends_on=[fetchtags]);
local machined = Step("machined", depends_on=[buildx]);
local osd = Step("osd", depends_on=[buildx]);
local trustd = Step("trustd", depends_on=[buildx]);
local ntpd = Step("ntpd", depends_on=[buildx]);
local networkd = Step("networkd", depends_on=[buildx]);
local apid = Step("apid", depends_on=[buildx]);
local osctl_linux = Step("osctl-linux", depends_on=[buildx]);
local osctl_darwin = Step("osctl-darwin", depends_on=[buildx]);
local integration_test = Step("integration-test", depends_on=[buildx]);
local rootfs = Step("rootfs", depends_on=[machined, osd, trustd, ntpd, networkd, apid]);
local initramfs = Step("initramfs", depends_on=[rootfs]);
local installer = Step("installer", depends_on=[rootfs]);
local container = Step("container", depends_on=[rootfs]);
local lint = Step("lint");
local protolint = Step("protolint");
local markdownlint = Step("markdownlint");
local lint = Step("lint", depends_on=[buildx]);
local protolint = Step("protolint", depends_on=[buildx]);
local markdownlint = Step("markdownlint", depends_on=[buildx]);
local image_test = Step("image-test", depends_on=[installer]);
local unit_tests = Step("unit-tests", depends_on=[rootfs]);
local unit_tests_race = Step("unit-tests-race", depends_on=[lint]);
@ -193,6 +229,7 @@ local push_latest = {
local default_steps = [
fetchtags,
buildx,
machined,
osd,
apid,
@ -438,11 +475,12 @@ local notify_depends_on = {
],
};
local notify_pipeline = Pipeline('notify', notify_steps, [default_pipeline, e2e_pipeline, conformance_pipeline, nightly_pipeline, release_pipeline], false, false, true) + notify_trigger;
local notify_pipeline = Pipeline('notify', notify_steps, [default_pipeline, e2e_pipeline, conformance_pipeline, nightly_pipeline, release_pipeline], false, true) + notify_trigger;
// Final configuration file definition.
[
secret,
default_pipeline,
e2e_pipeline,
conformance_pipeline,