diff --git a/.github/workflows/kata-deploy-push.yaml b/.github/workflows/kata-deploy-push.yaml index c7d7e8cb4..548391fb5 100644 --- a/.github/workflows/kata-deploy-push.yaml +++ b/.github/workflows/kata-deploy-push.yaml @@ -28,6 +28,13 @@ jobs: - virtiofsd - nydus steps: + - name: Login to Kata Containers quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} + - uses: actions/checkout@v2 - name: Install docker if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} @@ -44,6 +51,7 @@ jobs: sudo cp -r --preserve=all "${build_dir}" "kata-build" env: KATA_ASSET: ${{ matrix.asset }} + PUSH_TO_REGISTRY: yes - name: store-artifact ${{ matrix.asset }} if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh index 164dbf864..defb338d9 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh @@ -47,8 +47,17 @@ docker build -q -t build-kata-deploy \ docker run \ -v $HOME/.docker:/root/.docker \ -v /var/run/docker.sock:/var/run/docker.sock \ + -v "${kata_dir}:${kata_dir}" \ --env CI="${CI:-}" \ - --env USER=${USER} -v "${kata_dir}:${kata_dir}" \ + --env USER=${USER} \ + --env PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}" \ + --env INITRAMFS_CONTAINER_BUILDER="${INITRAMFS_CONTAINER_BUILDER:-}" \ + --env KERNEL_CONTAINER_BUILDER="${KERNEL_CONTAINER_BUILDER:-}" \ + --env OVMF_CONTAINER_BUILDER="${OVMF_CONTAINER_BUILDER:-}" \ + --env QEMU_CONTAINER_BUILDER="${QEMU_CONTAINER_BUILDER:-}" \ + --env SHIM_V2_CONTAINER_BUILDER="${SHIM_V2_CONTAINER_BUILDER:-}" \ + --env TDSHIM_CONTAINER_BUILDER="${TDSHIM_CONTAINER_BUILDER:-}" \ + --env VIRTIOFSD_CONTAINER_BUILDER="${VIRTIOFSD_CONTAINER_BUILDER:-}" \ --rm \ -w ${script_dir} \ build-kata-deploy "${kata_deploy_create}" $@ diff --git a/tools/packaging/scripts/lib.sh b/tools/packaging/scripts/lib.sh index d53159a8c..5ac31d0e3 100644 --- a/tools/packaging/scripts/lib.sh +++ b/tools/packaging/scripts/lib.sh @@ -8,6 +8,8 @@ export GOPATH=${GOPATH:-${HOME}/go} export tests_repo="${tests_repo:-github.com/kata-containers/tests}" export tests_repo_dir="$GOPATH/src/$tests_repo" +export BUILDER_REGISTRY="quay.io/kata-containers/builders" +export PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-"no"}" this_script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -97,3 +99,33 @@ get_kata_hash() { ref=$2 git ls-remote --heads --tags "https://github.com/${project}/${repo}.git" | grep "${ref}" | awk '{print $1}' } + +# $1 - Repo's root dir +# $2 - The file we're looking for the last modification +get_last_modification() { + local repo_root_dir="${1}" + local file="${2}" + + # This is a workaround needed for when running this code on Jenkins + git config --global --add safe.directory ${repo_root_dir} &> /dev/null + + dirty="" + [ $(git status --porcelain | grep "${file#${repo_root_dir}/}" | wc -l) -gt 0 ] && dirty="-dirty" + + echo "$(git log -1 --pretty=format:"%H" ${file})${dirty}" +} + +# $1 - The tag to be pushed to the registry +# $2 - "yes" to use sudo, "no" otherwise +push_to_registry() { + local tag="${1}" + local use_sudo="${2:-"yes"}" + + if [ "${PUSH_TO_REGISTRY}" == "yes" ]; then + if [ "${use_sudo}" == "yes" ]; then + sudo docker push ${tag} + else + docker push ${tag} + fi + fi +} diff --git a/tools/packaging/static-build/kernel/build.sh b/tools/packaging/static-build/kernel/build.sh index 1aa6c1cd4..8235ba22f 100755 --- a/tools/packaging/static-build/kernel/build.sh +++ b/tools/packaging/static-build/kernel/build.sh @@ -12,12 +12,16 @@ script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" readonly kernel_builder="${repo_root_dir}/tools/packaging/kernel/build-kernel.sh" +source "${script_dir}/../../scripts/lib.sh" DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} -container_image="kata-kernel-builder" +container_image="${KERNEL_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:kernel-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" -sudo docker build -t "${container_image}" "${script_dir}" +sudo docker pull ${container_image} || \ + (sudo docker build -t "${container_image}" "${script_dir}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ -w "${PWD}" \ diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh index fcbbd9321..256a89249 100755 --- a/tools/packaging/static-build/ovmf/build.sh +++ b/tools/packaging/static-build/ovmf/build.sh @@ -16,7 +16,7 @@ source "${script_dir}/../../scripts/lib.sh" DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} -container_image="kata-ovmf-builder" +container_image="${OVMF_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:ovmf-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" ovmf_build="${ovmf_build:-x86_64}" kata_version="${kata_version:-}" ovmf_repo="${ovmf_repo:-}" @@ -52,7 +52,10 @@ fi [ -n "$ovmf_package" ] || die "failed to get ovmf package or commit" [ -n "$package_output_dir" ] || die "failed to get ovmf package or commit" -sudo docker build -t "${container_image}" "${script_dir}" +sudo docker pull ${container_image} || \ + (sudo docker build -t "${container_image}" "${script_dir}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ -w "${PWD}" \ diff --git a/tools/packaging/static-build/qemu/build-base-qemu.sh b/tools/packaging/static-build/qemu/build-base-qemu.sh index 4ad6e0f95..d5ac3e259 100755 --- a/tools/packaging/static-build/qemu/build-base-qemu.sh +++ b/tools/packaging/static-build/qemu/build-base-qemu.sh @@ -39,13 +39,17 @@ CACHE_TIMEOUT=$(date +"%Y-%m-%d") [ -n "${build_suffix}" ] && HYPERVISOR_NAME="kata-qemu-${build_suffix}" || HYPERVISOR_NAME="kata-qemu" [ -n "${build_suffix}" ] && PKGVERSION="kata-static-${build_suffix}" || PKGVERSION="kata-static" -sudo "${container_engine}" build \ +container_image="${QEMU_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:qemu-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" + +sudo docker pull ${container_image} || (sudo "${container_engine}" build \ --build-arg CACHE_TIMEOUT="${CACHE_TIMEOUT}" \ --build-arg http_proxy="${http_proxy}" \ --build-arg https_proxy="${https_proxy}" \ "${packaging_dir}" \ -f "${script_dir}/Dockerfile" \ - -t qemu-static + -t "${container_image}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") sudo "${container_engine}" run \ --rm \ @@ -59,7 +63,7 @@ sudo "${container_engine}" run \ --env QEMU_TARBALL="${qemu_tar}" \ --env PREFIX="${prefix}" \ -v "${repo_root_dir}:/root/kata-containers" \ - -v "${PWD}":/share qemu-static \ + -v "${PWD}":/share "${container_image}" \ bash -c "/root/kata-containers/tools/packaging/static-build/qemu/build-qemu.sh" sudo chown ${USER}:$(id -gn ${USER}) "${PWD}/${qemu_tar}" diff --git a/tools/packaging/static-build/shim-v2/build.sh b/tools/packaging/static-build/shim-v2/build.sh index 6cbb0a41b..2164cf9d1 100755 --- a/tools/packaging/static-build/shim-v2/build.sh +++ b/tools/packaging/static-build/shim-v2/build.sh @@ -10,7 +10,8 @@ set -o pipefail script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" -readonly kernel_builder="${repo_root_dir}/tools/packaging/kernel/build-kernel.sh" + +source "${script_dir}/../../scripts/lib.sh" VMM_CONFIGS="qemu fc" @@ -19,9 +20,15 @@ RUST_VERSION=${RUST_VERSION} DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} -container_image="shim-v2-builder" +container_image="${SHIM_V2_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:shim-v2-go-${GO_VERSION}-rust-${RUST_VERSION}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" -sudo docker build --build-arg GO_VERSION="${GO_VERSION}" --build-arg RUST_VERSION="${RUST_VERSION}" -t "${container_image}" "${script_dir}" +sudo docker pull ${container_image} || \ + (sudo docker build \ + --build-arg GO_VERSION="${GO_VERSION}" \ + --build-arg RUST_VERSION="${RUST_VERSION}" \ + -t "${container_image}" \ + "${script_dir}" && \ + push_to_registry "${container_image}") arch=$(uname -m) if [ ${arch} = "ppc64le" ]; then diff --git a/tools/packaging/static-build/td-shim/build.sh b/tools/packaging/static-build/td-shim/build.sh index 580c4a337..f822fd827 100755 --- a/tools/packaging/static-build/td-shim/build.sh +++ b/tools/packaging/static-build/td-shim/build.sh @@ -16,7 +16,6 @@ source "${script_dir}/../../scripts/lib.sh" DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} -container_image="kata-td-shim-builder" kata_version="${kata_version:-}" tdshim_repo="${tdshim_repo:-}" tdshim_version="${tdshim_version:-}" @@ -31,9 +30,14 @@ package_output_dir="${package_output_dir:-}" [ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit" [ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project" -sudo docker build \ +container_image="${TDSHIM_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:td-shim-${tdshim_toolchain}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" + +sudo docker pull ${container_image} || (sudo docker build \ --build-arg RUST_TOOLCHAIN="${tdshim_toolchain}" \ - -t "${container_image}" "${script_dir}" + -t "${container_image}" \ + "${script_dir}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ -w "${PWD}" \ diff --git a/tools/packaging/static-build/virtiofsd/build.sh b/tools/packaging/static-build/virtiofsd/build.sh index 64441d2ae..3a41c1211 100755 --- a/tools/packaging/static-build/virtiofsd/build.sh +++ b/tools/packaging/static-build/virtiofsd/build.sh @@ -16,19 +16,21 @@ source "${script_dir}/../../scripts/lib.sh" DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} -container_image="kata-virtiofsd-builder" kata_version="${kata_version:-}" virtiofsd_repo="${virtiofsd_repo:-}" virtiofsd_version="${virtiofsd_version:-}" +virtiofsd_toolchain="${virtiofsd_toolchain:-}" virtiofsd_zip="${virtiofsd_zip:-}" package_output_dir="${package_output_dir:-}" [ -n "${virtiofsd_repo}" ] || virtiofsd_repo=$(get_from_kata_deps "externals.virtiofsd.url") [ -n "${virtiofsd_version}" ] || virtiofsd_version=$(get_from_kata_deps "externals.virtiofsd.version") +[ -n "${virtiofsd_toolchain}" ] || virtiofsd_toolchain=$(get_from_kata_deps "externals.virtiofsd.toolchain") [ -n "${virtiofsd_zip}" ] || virtiofsd_zip=$(get_from_kata_deps "externals.virtiofsd.meta.binary") [ -n "${virtiofsd_repo}" ] || die "Failed to get virtiofsd repo" [ -n "${virtiofsd_version}" ] || die "Failed to get virtiofsd version or commit" +[ -n "${virtiofsd_toolchain}" ] || die "Failed to get the rust toolchain to build virtiofsd" [ -n "${virtiofsd_zip}" ] || die "Failed to get virtiofsd binary URL" ARCH=$(uname -m) @@ -47,8 +49,14 @@ case ${ARCH} in ;; esac -sudo docker build \ - -t "${container_image}" "${script_dir}/${libc}" +container_image="${VIRTIOFSD_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:virtiofsd-${virtiofsd_toolchain}-${libc}-$(get_last_modification ${repo_root_dir} ${script_dir})-$(uname -m)}" + +sudo docker pull ${container_image} || \ + (sudo docker build \ + --build-arg RUST_TOOLCHAIN="${virtiofsd_toolchain}" \ + -t "${container_image}" "${script_dir}/${libc}" && \ + # No-op unless PUSH_TO_REGISTRY is exported as "yes" + push_to_registry "${container_image}") sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ -w "${PWD}" \ diff --git a/tools/packaging/static-build/virtiofsd/gnu/Dockerfile b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile index c214dfc41..c10b8db49 100644 --- a/tools/packaging/static-build/virtiofsd/gnu/Dockerfile +++ b/tools/packaging/static-build/virtiofsd/gnu/Dockerfile @@ -4,6 +4,7 @@ FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive +ARG RUST_TOOLCHAIN SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update && \ @@ -16,4 +17,4 @@ RUN apt-get update && \ libseccomp-dev \ unzip && \ apt-get clean && rm -rf /var/lib/lists/ && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} diff --git a/tools/packaging/static-build/virtiofsd/musl/Dockerfile b/tools/packaging/static-build/virtiofsd/musl/Dockerfile index 9b9bb93b9..1236010e0 100644 --- a/tools/packaging/static-build/virtiofsd/musl/Dockerfile +++ b/tools/packaging/static-build/virtiofsd/musl/Dockerfile @@ -3,6 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 FROM alpine:3.16.2 +ARG RUST_TOOLCHAIN SHELL ["/bin/ash", "-o", "pipefail", "-c"] RUN apk --no-cache add \ @@ -13,4 +14,4 @@ RUN apk --no-cache add \ libcap-ng-static \ libseccomp-static \ musl-dev && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} diff --git a/versions.yaml b/versions.yaml index f4188ad76..0099bd3be 100644 --- a/versions.yaml +++ b/versions.yaml @@ -291,6 +291,7 @@ externals: description: "vhost-user virtio-fs device backend written in Rust" url: "https://gitlab.com/virtio-fs/virtiofsd" version: "v1.3.0" + toolchain: "1.62.0" meta: # From https://gitlab.com/virtio-fs/virtiofsd/-/releases/v1.3.0, # this is the link labelled virtiofsd-v1.3.0.zip