experiment with using artifacts as cache

Author: daler

.github/workflows/build-images.yml

@@ -17,27 +17,46 @@ images. It also has some helper functions. It should be sourced before running
 
 Then run `build.sh`, providing it an image directory.
 
-When building locally for testing, you need podman installed. Then do the
-following:
+Building locally has the following requirements:
+
+- podman installed
+- docker installed
+- docker registry running on localhost:5000
+    - i.e. with `docker run -p 5000:5000 --rm --name registry registry`
+- bioconda-utils installed, along with test dependencies
+    - i.e. with `conda create -p ./env --file bioconda_utils/bioconda_utils-requirements.txt --file test-requirements.txt -y`
+    - followed by `conda activate ./env && pip install -e .`
 
 ```bash
+
+cd images
 source versions.sh
 
-# When running on GitHub Actions, this would be ghcr.io or quay.io
 export BUILD_ENV_REGISTRY="localhost"
 
-# Similarly, when running on GitHub Actions, this would normally pull the
-# manifest (which does not have the -amd64 suffix) from ghcr.io or quay.io. There
-# does not seem to be a way to get podman-created manifests over to docker, or
-# even to make local docker manifests. So we need to reference the image
-# directly including the arch suffix.
-export BUILD_ENV_IMAGE="localhost/${BUILD_ENV_IMAGE_NAME}:${BIOCONDA_IMAGE_TAG}-amd64"
-
-# Each takes 3-10 min (build-env takes the longest)
-bash build.sh base-glibc-busybox-bash
-bash build.sh base-glibc-debian-bash
-bash build.sh build-env
-bash build.sh create-env
+time bash build.sh base-glibc-busybox-bash
+time bash build.sh base-glibc-debian-bash
+time bash build.sh build-env
+time bash build.sh create-env
+
+build_and_push_manifest ${BASE_DEBIAN_IMAGE_NAME} ${BASE_TAG} docker://localhost:5000
+build_and_push_manifest ${BASE_BUSYBOX_IMAGE_NAME} ${BASE_TAG} docker://localhost:5000
+build_and_push_manifest ${CREATE_ENV_IMAGE_NAME} ${BIOCONDA_IMAGE_TAG} docker://localhost:5000
+build_and_push_manifest ${BUILD_ENV_IMAGE_NAME} ${BIOCONDA_IMAGE_TAG} docker://localhost:5000
+
+# Run bioconda-utils tests
+cd ../
+export DEFAULT_BASE_IMAGE="localhost:5000/${BASE_BUSYBOX_IMAGE_NAME}:${BASE_TAG}"
+export DEFAULT_EXTENDED_BASE_IMAGE="localhost:5000/${BASE_DEBIAN_IMAGE_NAME}:${BASE_TAG}"
+export BUILD_ENV_IMAGE="localhost:5000/${BUILD_ENV_IMAGE_NAME}:${BIOCONDA_IMAGE_TAG}"
+export CREATE_ENV_IMAGE="localhost:5000/${CREATE_ENV_IMAGE_NAME}:${BIOCONDA_IMAGE_TAG}"
+
+docker pull $DEFAULT_BASE_IMAGE
+docker pull $DEFAULT_EXTENDED_BASE_IMAGE
+docker pull $BUILD_ENV_IMAGE
+docker pull $CREATE_ENV_IMAGE
+
+py.test --durations=0 test/ -v --log-level=DEBUG -k "docker" --tb=native
 ```
 
 # Details

docs/workflow-dag.txt

@@ -10,12 +10,12 @@ TAG="$BASE_TAG"
 BUILD_ARGS=()
 BUILD_ARGS+=("--build-arg=debian_version=${DEBIAN_VERSION}")
 BUILD_ARGS+=("--build-arg=busybox_version=${BUSYBOX_VERSION}")
-iidfile="$( mktemp )"
+iidfile="$(mktemp)"
 buildah bud \
   --iidfile="${iidfile}" \
   --file=Dockerfile.busybox \
   ${BUILD_ARGS[@]}
-busybox_image="$( cat "${iidfile}" )"
+busybox_image="$(cat "${iidfile}")"
 rm "${iidfile}"
 
 # Override build args for what's needed in main Dockerfile

images/README.md

@@ -8,7 +8,7 @@ TAG="${BIOCONDA_UTILS_VERSION}_base$BASE_TAG"
 cp -r ../locale/C.utf8 .
 
 # We are aiming to get the entire repo into the container so that versioneer
-# can correctly determine the version. But the direc
+# can correctly determine the version.
 if [ -e "./bioconda-utils" ]; then
   rm -rf "./bioconda-utils"
 fi

images/base-glibc-busybox-bash/prepare.sh

@@ -19,16 +19,23 @@
 # ARCHS: space-separated string of archs to build
 # IMAGE_NAME: name of image; created manifest will be IMAGE_NAME:tag
 # BUILD_ARGS: array of arguments like ("--build-arg=argument1=the-value", "--build-arg=arg2=a")
+#
+# Output is:
+#   - images for each arch
+#   - manifest containing those images
+#   - tar files of images ready to upload as artifacts
+#   - tar files built by podman loaded into docker
 
 set -xeu
 
 IMAGE_DIR=$1
 
+echo === BUILDING $IMAGE_DIR ===
+
 cd $IMAGE_DIR
 
 [ -e prepare.sh ] && source prepare.sh
 
-
 # Clean up any manifests before we start.
 # IMAGE_NAME and TAG should be created by prepare.sh
 buildah manifest rm "${IMAGE_NAME}:${TAG}" || true
@@ -50,29 +57,33 @@ for arch in $ARCHS; do
     fi
   fi
 
+  # Make arch available as an environment variable and source prepare.sh again
+  export CURRENT_ARCH="$arch"
+  [ -e prepare.sh ] && source prepare.sh
+
   source ../env_var_inventory.sh
 
   # Actual building happens here. We will keep track of the built image in
   # $image_id.
-  iidfile="$( mktemp )"
+  iidfile="$(mktemp)"
   buildah bud \
     --arch="${arch}" \
     --iidfile="${iidfile}" \
     --file=Dockerfile \
     ${BUILD_ARGS[@]} \
     $BASE_IMAGE_BUILD_ARG
-  image_id="$( cat "${iidfile}" )"
+  image_id="$(cat "${iidfile}")"
   rm "${iidfile}"
 
   # In order for GitHub Actions to inherit container permissions from the repo
   # permissions, we need to add a special label. However `buildah config
   # --label` operates on a container, not an image. So we add the label to
   # a temporary container and then save the resulting image.
-  container="$( buildah from "${image_id}" )"
+  container="$(buildah from "${image_id}")"
   buildah config \
     --label="org.opencontainers.image.source=https://github.com/bioconda/bioconda-utils" \
     "${container}"
-  image_id="$( buildah commit "${container}" )"
+  image_id="$(buildah commit "${container}")"
   buildah rm "${container}"
 
   # Add -$arch suffix to image's tag
@@ -81,9 +92,9 @@ for arch in $ARCHS; do
   # Add it to the manifest, which has no -$arch suffix
   buildah manifest add "${IMAGE_NAME}:${TAG}" "${image_id}"
 
-  # copy image over to local docker registry, when running locally. Otherwise,
-  # the CI will use ghcr.io as an intermediate registry.
-  if [ "${CI:-false}" == "false" ]; then
-    podman save "${IMAGE_NAME}:${TAG}-${arch}" | docker load
-  fi
+  # Save image for storing as artifact or to load into docker
+  mkdir -p ../../image-artifacts
+  podman save "${IMAGE_NAME}:${TAG}-${arch}" >"../../image-artifacts/${IMAGE_NAME}-${arch}.tar"
+  ls ../../image-artifacts
+
 done

images/build-env/prepare.sh

@@ -3,35 +3,21 @@ IMAGE_NAME="${CREATE_ENV_IMAGE_NAME}"
 TAG=$BIOCONDA_IMAGE_TAG
 BUILD_ARGS=()
 
-
-
 # Get the exact versions of mamba and conda that were installed in build-env.
 #
-# If this tag exists on quay.io (that is, this create-env is being built in
-# a subsequent run), then use that. Otherwise, we assume this tag has already
-# been built and pushed to GitHub Container Registry (and the GitHub Actions job
-# dependency should reflect this)
-BUILD_ENV_REGISTRY=${BUILD_ENV_REGISTRY:="ghcr.io/bioconda"}
-if [ $(tag_exists $BUILD_ENV_IMAGE_NAME $BIOCONDA_IMAGE_TAG) ]; then
-  BUILD_ENV_REGISTRY=quay.io/bioconda
-fi
-
+# TODO: here we're hard-coding the amd64 on the reasonable assumption that it
+# matches the arm64
 CONDA_VERSION=$(
-        podman run -t $BUILD_ENV_REGISTRY/${BUILD_ENV_IMAGE_NAME}:${BIOCONDA_IMAGE_TAG} \
-        bash -c "/opt/conda/bin/conda list --export '^conda$'| sed -n 's/=[^=]*$//p'"
+        podman run -t ${BUILD_ENV_IMAGE_NAME}:${BIOCONDA_IMAGE_TAG}-amd64 \
+                bash -c "/opt/conda/bin/conda list --export '^conda$'| sed -n 's/=[^=]*$//p'"
 )
 # Remove trailing \r with parameter expansion
 export CONDA_VERSION=${CONDA_VERSION%$'\r'}
 
 BUILD_ARGS+=("--build-arg=CONDA_VERSION=$CONDA_VERSION")
 
-# Needs busybox image to copy some items over
-BASE_BUSYBOX_REGISTRY=${BASE_BUSYBOX_REGISTRY:="ghcr.io/bioconda"}
-if [ $(tag_exists $BASE_BUSYBOX_IMAGE_NAME $BASE_TAG) ]; then
-  BASE_BUSYBOX_REGISTRY=quay.io/bioconda
-fi
-
-BUILD_ARGS+=("--build-arg=BUSYBOX_IMAGE=${BASE_BUSYBOX_REGISTRY}/${BASE_BUSYBOX_IMAGE_NAME}:${BASE_TAG}")
+# Arguments to buildah bud are architecture-dependent
+BUILD_ARGS+=("--build-arg=BUSYBOX_IMAGE=localhost/${BASE_BUSYBOX_IMAGE_NAME}:${BASE_TAG}-${CURRENT_ARCH}")
 
 # TEST_BUILD_ARGS=()
 # TEST_BUILD_ARGS+=("--build-arg=BUSYBOX_IMAGE=$BUSYBOX_IMAGE")

images/build.sh

@@ -3,7 +3,7 @@
 # There are a lot of environment variables used here. This script aims to
 # document them as well as provide a mechanism (e.g., in CI workflows) to show
 # their current values.
-# 
+#
 # Typical usage:
 #
 #   source versions.sh
@@ -14,7 +14,7 @@ while read -r name description; do
     description="${description//\"/}"
     value="${!name:-}"
     echo -e "${name}\t${value}\t$description"
-done << 'EOF' | column -t -s $'\t'
+done <<'EOF' | column -t -s $'\t'
 ARCHS "architectures to build images for"
 DEBIAN_VERSION "version of debian for extended base image"
 BUSYBOX_VERSION "version of busybox for base image"
@@ -23,6 +23,7 @@ BASE_DEBIAN_IMAGE_NAME "name for debian image"
 BASE_BUSYBOX_IMAGE_NAME "name for busybox image"
 BUILD_ENV_IMAGE_NAME "name for build image"
 CREATE_ENV_IMAGE_NAME "name for create image"
+CURRENT_ARCH "Arch for current iteration of loop"
 BASE_TAG "the base version tag to add to image tags"
 BIOCONDA_IMAGE_TAG "full bioconda + image version"
 BUILD_ENV_REGISTRY "where the build image should come from (used in CI)"

images/create-env/prepare.sh

@@ -1,29 +1,38 @@
 #!/bin/bash
 
-# Configures various versions to be used throughout infrastructure
-ARCHS="amd64 arm64"
-DEBIAN_VERSION=12.5
-BUSYBOX_VERSION=1.36.1
-BASE_DEBIAN_IMAGE_NAME="tmp-base-debian"
-BASE_BUSYBOX_IMAGE_NAME="tmp-base-busybox"
-BUILD_ENV_IMAGE_NAME="tmp-build-env"
-CREATE_ENV_IMAGE_NAME="tmp-create-env"
-BASE_TAG="0.2"
-BASE_IMAGE_CONDAFORGE_AMD64="quay.io/condaforge/linux-anvil-x86_64:cos7"
-BASE_IMAGE_CONDAFORGE_ARM64="quay.io/condaforge/linux-anvil-aarch64:cos7"
-
+# Configures various versions to be used throughout infrastructure.
+#
+# Anything with GITHUB_ENV at the end of the line will be exported to $GITHUB_ENV during GitHub Actions jobs.
+ARCHS="amd64 arm64"                                                       # GITHUB_ENV
+DEBIAN_VERSION=12.5                                                       # GITHUB_ENV
+BUSYBOX_VERSION=1.36.1                                                    # GITHUB_ENV
+BASE_DEBIAN_IMAGE_NAME="tmp-base-debian"                                  # GITHUB_ENV
+BASE_BUSYBOX_IMAGE_NAME="tmp-base-busybox"                                # GITHUB_ENV
+BUILD_ENV_IMAGE_NAME="tmp-build-env"                                      # GITHUB_ENV
+CREATE_ENV_IMAGE_NAME="tmp-create-env"                                    # GITHUB_ENV
+BASE_TAG="0.2"                                                            # GITHUB_ENV
+BASE_IMAGE_CONDAFORGE_AMD64="quay.io/condaforge/linux-anvil-x86_64:cos7"  # GITHUB_ENV
+BASE_IMAGE_CONDAFORGE_ARM64="quay.io/condaforge/linux-anvil-aarch64:cos7" # GITHUB_ENV
+CURRENT_ARCH=${CURRENT_ARCH:-""}                                          # GITHUB_ENV
+function export_github_env() {
+  HERE=$1
+  GITHUB_ENV=${GITHUB_ENV:-/dev/null}
+  for var in $(grep "# GITHUB_ENV$" $HERE | cut -f1 -d "="); do
+    echo "$var=\"${!var}\"" >>$GITHUB_ENV
+  done
+}
 
 # Inspect this repo to get the currently-checked-out version, but if
 # BIOCONDA_UTILS_VERSION was set outside this script, use that instead.
-BIOCONDA_UTILS_VERSION=${BIOCONDA_UTILS_VERSION:-$(git describe --tags --dirty --always)}
+BIOCONDA_UTILS_VERSION=${BIOCONDA_UTILS_VERSION:-$(git describe --tags --dirty --always)} # GITHUB_ENV
 
 # This will be used as the tag for create-env and build-env images, which
 # depend on bioconda-utils
-BIOCONDA_IMAGE_TAG=${BIOCONDA_UTILS_VERSION}_base${BASE_TAG}
+BIOCONDA_IMAGE_TAG=${BIOCONDA_UTILS_VERSION}_base${BASE_TAG} # GITHUB_ENV
 
 # FUNCTIONS --------------------------------------------------------------------
 
-function tag_exists () {
+function tag_exists() {
   # Returns 0 if the tag for the image exists on quay.io, otherwise returns 1.
   # Skips "latest" tags (likely they will always be present)
   # $1: image name
@@ -35,49 +44,65 @@ function tag_exists () {
 
   # Images can be set to expire; the jq query selects only non-expired images.
   existing_tags="$(
-    printf %s "${response}" \
-      | jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name'
-    )" \
-    || {
+    printf %s "${response}" |
+      jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name'
+  )" ||
+    {
       printf %s\\n \
         'Could not get list of image tags.' \
         'Does the repository exist on Quay.io?' \
         'Quay.io REST API response was:' \
         "${response}" >&2
       return 1
     }
-  for tag in $TAGS ; do
+  for tag in $TAGS; do
     case "${tag}" in
-      "latest" ) ;;
-      * )
-        if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then
-          printf 'Tag %s already exists for %s on quay.io!\n' "${tag}" "${IMAGE_NAME}" >&2
-          echo "exists"
-        fi
+    "latest") ;;
+    *)
+      if printf %s "${existing_tags}" | grep -qxF "${tag}"; then
+        printf 'Tag %s already exists for %s on quay.io!\n' "${tag}" "${IMAGE_NAME}" >&2
+        echo "exists"
+      fi
+      ;;
     esac
   done
 }
 
-# Helper function to push a just-built image to GitHub Container
-# Respository, which is used as a temporary storage mechanism.
-function push_to_ghcr () {
-  podman manifest push --all localhost/${1}:${2} ghcr.io/bioconda/${1}:${2}
-}
+function build_and_push_manifest() {
+  # Builds a local manifest containing multiple archs for an image/tag, and
+  # pushes to a registry. E.g.,
+  #
+  #   build_and_push_manifest ${BASE_BUSYBOX_IMAGE_NAME}:${BASE_TAG} docker://localhost:5000
+  #
+  # or
+  #
+  #   build_and_push_manifest ${BASE_BUSYBOX_IMAGE_NAME}:${BASE_TAG} quay.io/bioconda
+  #
+  local image=$1
+  local registry=$2
 
-# Helper function to move an image from gchr to quay.io for public use.
-function move_from_ghcr_to_quay () {
-  local image_name=$1
-  local tag=$2
+  buildah manifest rm "local_${image}" || true
 
   # Locally-named manifest to which we'll add the different archs.
-  buildah manifest create "local_${image_name}:${tag}"
+  buildah manifest create "local_${image}"
 
-  # Expects images for archs to be built already; add them to local manifest.
+  # Expects images for archs to be built already; here we add them to local
+  # manifest.
   for arch in $ARCHS; do
-    imgid=$(buildah pull --arch=$arch "ghcr.io/bioconda/${image_name}:${tag}")
-    buildah manifest add "local_${image_name}:${tag}" "${imgid}"
+    imgid=$(buildah pull --arch=$arch "${image}-${arch}")
+    buildah manifest add "local_${image}" "${imgid}"
   done
 
-  # Publish
-  podman manifest push "local_${image_name}:${tag}" "quay.io/bioconda/${image_name}:${tag}"
+  if [ "$registry" == "docker://localhost:5000" ]; then 
+    if ! curl -X GET http://localhost:5000/v2/_catalog; then
+      echo "Local docker registry does not appear to be running on localhost:5000!"
+      return 1
+    fi
+    # To avoid setting up TLS certs for local registry which seems like overkill
+    additional_args="--tls-verify=false"
+  else
+    additional_args=""
+  fi
+
+  podman manifest push --all $additional_args "local_${image}" "$registry/${image}"
 }