docker: Simplify build/install; dedup cargo commands; enable gc.

Signed-off-by: Jason Volk <jason@zemos.net>
2025-06-03 19:00:00 +00:00
parent 71748c3db9
commit 55c35fc840
17 changed files with 66 additions and 227 deletions
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -3,7 +3,7 @@
 The release pipeline `Main` (main.yml) and its subroutines defined in the other yamls form a high-level
 description for the underlying self-hosted build system in  `/docker`. In other words, this is a sort of
 terminal, a "thin-client" with a display and a keyboard for our docker mainframe. We minimize
-vendor-lockin and duplication with other frameworks by limiting everything here to only what is
+vendor-lockin and duplication with other services by limiting everything here to only what is
 essential for driving the docker builder.

 Though we slightly relax the above by specifying details of the actual CI pipeline, the 
--- a/.github/workflows/bake.yml
+++ b/.github/workflows/bake.yml
@@ -121,7 +121,7 @@ jobs:
        docker/bake.sh "${{matrix.bake_target}}"

    # Optionally extract an inner artifact
-    - name: Extract Artifact
+    - name: Extract Inner Artifact
      if: >
        !failure() && !cancelled()
        && fromJSON(inputs.artifact)[matrix.bake_target].dst
@@ -139,7 +139,7 @@ jobs:
        docker cp "$cid:$src" "_artifact/$dst"

    # Optionally extract the image itself as an artifact.
-    - name: Extract Image
+    - name: Extract Image Artifact
      if: >
        !failure() && !cancelled()
        && fromJSON(inputs.artifact)[matrix.bake_target].dst
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,7 +30,8 @@ jobs:
        [
          {"cargo_profile": "release-debuginfo", "rust_toolchain": "nightly"},
          {"cargo_profile": "release-max-perf", "rust_toolchain": "stable"},
-          {"cargo_profile": "release-max-perf", "feat_set": "none"}
+          {"cargo_profile": "release-max-perf", "feat_set": "none"},
+          {"cargo_profile": "test", "rust_toolchain": "stable", "feat_set": "none"}
        ]

    outputs:
@@ -56,12 +57,17 @@ jobs:
        set -e
        cat <<EOF > ./buildkitd.toml
          [system]
-          platformsCacheMaxAge = "504h"
-
+            platformsCacheMaxAge = "504h"
          [worker.oci]
-          enabled = true
-          rootless = true
-          gc = false
+            enabled = true
+            rootless = true
+            gc = true
+          [[worker.oci.gcpolicy]]
+            reservedSpace = "384GB"
+            maxUsedSpace = "768GB"
+            keepDuration = "504h"
+            filters = ["label!=cache==pin"]
+            all = true
        EOF

        docker buildx create \
@@ -160,7 +166,7 @@ jobs:
      !failure() && !cancelled()

    name: Publish
-    needs: [init, test, package]
+    needs: [package, test]
    uses: ./.github/workflows/publish.yml
    with:
      docker_repo: ${{vars.DOCKER_REPO}}