docker: Fix target mount cache paths; relax locks on cargo home.
docker: Persist lychee cache. Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
@@ -122,4 +122,4 @@ policy.
|
||||
[cargo-audit]: https://github.com/RustSec/rustsec/tree/main/cargo-audit
|
||||
[direnv]: https://direnv.net/
|
||||
[mdbook]: https://rust-lang.github.io/mdBook/
|
||||
[documentation.yml]: https://github.com/matrix-construct/tuwunel/blob/main/.github/workflows/documentation.yml
|
||||
[documentation.yml]: https://github.com/matrix-construct/tuwunel/blob/main/.github/workflows/docs.yml
|
||||
|
||||
@@ -7,7 +7,9 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TARGET_DIR
|
||||
ARG CARGO_TARGET_CACHE
|
||||
ARG cargo_tgt_dst
|
||||
ARG cargo_tgt_sub
|
||||
ARG cargo_tgt_cache
|
||||
ARG cargo_profile
|
||||
ARG cargo_features
|
||||
ARG cargo_spec_features
|
||||
@@ -22,13 +24,14 @@ COPY --link --from=rocksdb . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/deps,id=${CARGO_TARGET_CACHE}/deps,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/build,id=${CARGO_TARGET_CACHE}/build,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/incremental,id=${CARGO_TARGET_CACHE}/incremental,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/.fingerprint,id=${CARGO_TARGET_CACHE}/fingerprint,sharing=shared \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},id=${cargo_tgt_dst}/${cargo_tgt_sub},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/deps,id=${cargo_tgt_cache}/deps,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/build,id=${cargo_tgt_cache}/build,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/incremental,id=${cargo_tgt_cache}/incremental,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/.fingerprint,id=${cargo_tgt_cache}/fingerprint,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup run ${rust_toolchain} \
|
||||
|
||||
@@ -7,10 +7,14 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG audit_args=""
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup run ${rust_toolchain} \
|
||||
|
||||
@@ -7,7 +7,9 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TARGET_DIR
|
||||
ARG CARGO_TARGET_CACHE
|
||||
ARG cargo_tgt_dst
|
||||
ARG cargo_tgt_sub
|
||||
ARG cargo_tgt_cache
|
||||
ARG cargo_profile
|
||||
ARG cargo_features
|
||||
ARG cargo_spec_features
|
||||
@@ -19,13 +21,15 @@ COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/deps,id=${CARGO_TARGET_CACHE}/deps,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/build,id=${CARGO_TARGET_CACHE}/build,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/incremental,id=${CARGO_TARGET_CACHE}/incremental,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/.fingerprint,id=${CARGO_TARGET_CACHE}/fingerprint,sharing=shared \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},id=${cargo_tgt_dst}/${cargo_tgt_sub},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/debian,id=${cargo_tgt_dst}/debian,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/deps,id=${cargo_tgt_cache}/deps,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/build,id=${cargo_tgt_cache}/build,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/incremental,id=${cargo_tgt_cache}/incremental,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/.fingerprint,id=${cargo_tgt_cache}/fingerprint,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
mkdir -p "${pkg_dir}"
|
||||
|
||||
@@ -7,38 +7,46 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TARGET_DIR
|
||||
ARG CARGO_TARGET_CACHE
|
||||
ARG cargo_tgt_dst
|
||||
ARG cargo_tgt_sub
|
||||
ARG cargo_tgt_cache
|
||||
ARG CARGO_BUILD_RUSTFLAGS
|
||||
ARG CARGO_PROFILE_test_DEBUG
|
||||
ARG CARGO_PROFILE_bench_DEBUG
|
||||
ARG CARGO_PROFILE_bench_LTO
|
||||
ARG CARGO_PROFILE_bench_CODEGEN_UNITS
|
||||
ARG CARGO_PROFILE_TEST_DEBUG
|
||||
ARG CARGO_PROFILE_BENCH_DEBUG
|
||||
ARG CARGO_PROFILE_BENCH_LTO
|
||||
ARG CARGO_PROFILE_BENCH_CODEGEN_UNITS
|
||||
ARG CARGO_PROFILE_RELEASE_BUILD_OVERRIDE_DEBUG
|
||||
ARG cargo_profile
|
||||
ARG cargo_features
|
||||
ARG cargo_spec_features
|
||||
ARG cook_args
|
||||
ARG git_checkout
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/lib/${sys_target}
|
||||
COPY --from=rocksdb . .
|
||||
COPY --link --from=rocksdb . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
COPY --from=recipe recipe.json .
|
||||
COPY --link --from=recipe recipe.json .
|
||||
|
||||
ENV CARGO_TARGET_DIR="${CARGO_TARGET_DIR}"
|
||||
ENV CARGO_BUILD_RUSTFLAGS="${CARGO_BUILD_RUSTFLAGS}"
|
||||
ENV CARGO_PROFILE_test_DEBUG="${CARGO_PROFILE_test_DEBUG}"
|
||||
ENV CARGO_PROFILE_bench_DEBUG="${CARGO_PROFILE_bench_DEBUG}"
|
||||
ENV CARGO_PROFILE_bench_LTO="${CARGO_PROFILE_bench_LTO}"
|
||||
ENV CARGO_PROFILE_bench_CODEGEN_UNITS="${CARGO_PROFILE_bench_CODEGEN_UNITS}"
|
||||
ENV CARGO_PROFILE_TEST_DEBUG="${CARGO_PROFILE_TEST_DEBUG}"
|
||||
ENV CARGO_PROFILE_BENCH_DEBUG="${CARGO_PROFILE_BENCH_DEBUG}"
|
||||
ENV CARGO_PROFILE_BENCH_LTO="${CARGO_PROFILE_BENCH_LTO}"
|
||||
ENV CARGO_PROFILE_BENCH_CODEGEN_UNITS="${CARGO_PROFILE_BENCH_CODEGEN_UNITS}"
|
||||
ENV CARGO_PROFILE_RELEASE_BUILD_OVERRIDE_DEBUG="${CARGO_PROFILE_RELEASE_BUILD_OVERRIDE_DEBUG}"
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/deps,id=${CARGO_TARGET_CACHE}/deps,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/build,id=${CARGO_TARGET_CACHE}/build,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/incremental,id=${CARGO_TARGET_CACHE}/incremental,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/.fingerprint,id=${CARGO_TARGET_CACHE}/fingerprint,sharing=shared \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},id=${cargo_tgt_dst}/${cargo_tgt_sub},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/deps,id=${cargo_tgt_cache}/deps,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/build,id=${cargo_tgt_cache}/build,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/incremental,id=${cargo_tgt_cache}/incremental,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/.fingerprint,id=${cargo_tgt_cache}/fingerprint,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup run ${rust_toolchain} \
|
||||
|
||||
@@ -7,10 +7,14 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG fmt_args=""
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup run ${rust_toolchain} \
|
||||
|
||||
@@ -7,7 +7,9 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TARGET_DIR
|
||||
ARG CARGO_TARGET_CACHE
|
||||
ARG cargo_tgt_dst
|
||||
ARG cargo_tgt_sub
|
||||
ARG cargo_tgt_cache
|
||||
ARG cargo_profile
|
||||
ARG cargo_features
|
||||
ARG cargo_spec_features
|
||||
@@ -24,13 +26,14 @@ COPY --link --from=rocksdb . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/deps,id=${CARGO_TARGET_CACHE}/deps,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/build,id=${CARGO_TARGET_CACHE}/build,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/incremental,id=${CARGO_TARGET_CACHE}/incremental,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/.fingerprint,id=${CARGO_TARGET_CACHE}/fingerprint,sharing=shared \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},id=${cargo_tgt_dst}/${cargo_tgt_sub},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/deps,id=${cargo_tgt_cache}/deps,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/build,id=${cargo_tgt_cache}/build,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/incremental,id=${cargo_tgt_cache}/incremental,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/.fingerprint,id=${cargo_tgt_cache}/fingerprint,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
case "$cargo_profile" in
|
||||
@@ -43,7 +46,7 @@ RUN \
|
||||
|
||||
rustup run ${rust_toolchain} \
|
||||
cargo install \
|
||||
--locked \
|
||||
--frozen \
|
||||
--no-track \
|
||||
"${cargo_spec_features}" \
|
||||
--features "${cargo_features}" \
|
||||
@@ -63,9 +66,6 @@ ARG sys_target
|
||||
ARG CARGO_INSTALL_ROOT
|
||||
ARG install_temp="/usr/src/tuwunel/install"
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
RUN \
|
||||
--mount=type=bind,from=output,src=${install_temp},dst=/mnt/install \
|
||||
<<EOF
|
||||
|
||||
@@ -7,23 +7,31 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG lychee_cache_age="7d"
|
||||
ARG lychee_mode="color"
|
||||
ARG lychee_args="docs *.md"
|
||||
# .lycheecache is hardcoded as path to reg file in the cwd so we execute lychee
|
||||
# in cache directory itself. all paths here should be absolute paths
|
||||
ARG lychee_args="/usr/src/tuwunel/docs /usr/src/tuwunel/*.md"
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=lychee,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
cd lychee
|
||||
rustup run ${rust_toolchain} \
|
||||
lychee \
|
||||
--verbose \
|
||||
--cache \
|
||||
--no-progress \
|
||||
--offline \
|
||||
--max-cache-age ${lychee_cache_age} \
|
||||
--mode ${lychee_mode} \
|
||||
--exclude development.md \
|
||||
--exclude contributing.md \
|
||||
--exclude testing.md \
|
||||
--cache \
|
||||
--max-cache-age "${lychee_cache_age}" \
|
||||
--mode "${lychee_mode}" \
|
||||
--exclude /usr/src/tuwunel/contributing.md \
|
||||
--exclude /usr/src/tuwunel/development/testing.md \
|
||||
${lychee_args}
|
||||
EOF
|
||||
|
||||
@@ -7,7 +7,9 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TARGET_DIR
|
||||
ARG CARGO_TARGET_CACHE
|
||||
ARG cargo_tgt_dst
|
||||
ARG cargo_tgt_sub
|
||||
ARG cargo_tgt_cache
|
||||
ARG cargo_profile
|
||||
ARG cargo_features
|
||||
ARG cargo_spec_features
|
||||
@@ -19,13 +21,14 @@ COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/deps,id=${CARGO_TARGET_CACHE}/deps,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/build,id=${CARGO_TARGET_CACHE}/build,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/incremental,id=${CARGO_TARGET_CACHE}/incremental,sharing=shared \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/.fingerprint,id=${CARGO_TARGET_CACHE}/fingerprint,sharing=shared \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR},id=${cargo_tgt_dst}/${cargo_tgt_sub},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/deps,id=${cargo_tgt_cache}/deps,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/build,id=${cargo_tgt_cache}/build,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/incremental,id=${cargo_tgt_cache}/incremental,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_TARGET_DIR}/${cargo_tgt_sub}/.fingerprint,id=${cargo_tgt_cache}/fingerprint,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
mkdir -p "${pkg_dir}"
|
||||
@@ -45,12 +48,15 @@ EOF
|
||||
FROM scratch AS package
|
||||
ARG pkg_dir
|
||||
|
||||
COPY --from=rpmbuild ${pkg_dir}/* .
|
||||
COPY --link --from=rpmbuild ${pkg_dir}/* .
|
||||
|
||||
|
||||
FROM redhat/ubi9 AS package-install
|
||||
ARG pkg_dir
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR ${pkg_dir}
|
||||
COPY --link --from=package . .
|
||||
RUN <<EOF
|
||||
|
||||
@@ -6,10 +6,14 @@ ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG typos_args=""
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=shared,ro \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=shared,ro \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup run ${rust_toolchain} \
|
||||
|
||||
@@ -4,6 +4,9 @@ FROM input AS key-gen-base
|
||||
ARG var_cache
|
||||
ARG var_lib_apt
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
RUN \
|
||||
--mount=type=cache,dst=${var_cache},sharing=locked \
|
||||
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
|
||||
@@ -116,6 +119,9 @@ EOF
|
||||
|
||||
FROM input AS complement-testee
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
EXPOSE 8008 8448
|
||||
RUN mkdir /database
|
||||
COPY --from=complement-config * /complement/
|
||||
@@ -125,6 +131,9 @@ ENTRYPOINT tuwunel -Oserver_name=\""$SERVER_NAME\""
|
||||
|
||||
FROM input AS complement-testee-valgrind
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
EXPOSE 8008 8448
|
||||
RUN mkdir /database
|
||||
COPY --from=complement-config * /complement/
|
||||
@@ -182,6 +191,10 @@ ARG complement_tags="conduwuit_blacklist"
|
||||
ARG complement_tests="./tests/..."
|
||||
ARG complement_base_image
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/complement
|
||||
ENV COMPLEMENT_DEBUG=$complement_debug
|
||||
ENV complement_parallel="$complement_parallel"
|
||||
ENV complement_shuffle="$complement_shuffle"
|
||||
@@ -198,7 +211,6 @@ ENV COMPLEMENT_HOST_MOUNTS="/var/run/docker.sock:/var/run/docker.sock"
|
||||
ENV jq_res='{Action: .Action, Test: .Test}'
|
||||
ENV jq_sel='select((.Action == \"pass\" or .Action == \"fail\" or .Action == \"skip\") and .Test != null)'
|
||||
ENV jq_tab='[.Action, .Test] | @tsv'
|
||||
WORKDIR /usr/src/complement
|
||||
COPY --from=complement-config /complement/old_results.jsonl .
|
||||
COPY <<EOF uwu.sh
|
||||
env;
|
||||
@@ -240,6 +252,10 @@ ARG complement_tags="conduwuit_blacklist"
|
||||
ARG complement_tests="./tests/..."
|
||||
ARG complement_base_image
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/complement
|
||||
ENV COMPLEMENT_DEBUG=$complement_debug
|
||||
ENV complement_parallel="$complement_parallel"
|
||||
ENV complement_shuffle="$complement_shuffle"
|
||||
@@ -252,7 +268,6 @@ ENV complement_run="$complement_run"
|
||||
ENV complement_tests="$complement_tests"
|
||||
ENV COMPLEMENT_HOSTNAME_RUNNING_COMPLEMENT="host.docker.internal"
|
||||
ENV COMPLEMENT_HOST_MOUNTS="/var/run/docker.sock:/var/run/docker.sock"
|
||||
WORKDIR /usr/src/complement
|
||||
COPY <<EOF valgrind.sh
|
||||
env;
|
||||
set -eux;
|
||||
|
||||
@@ -2,74 +2,76 @@
|
||||
|
||||
FROM input AS cookware
|
||||
ARG rust_toolchain
|
||||
ARG rust_target
|
||||
ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TERM_VERBOSE
|
||||
ARG rustup_version="1.28.1"
|
||||
ARG rustup_components
|
||||
ARG rustup_profile="minimal"
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
ENV RUSTUP_HOME="${RUSTUP_HOME}"
|
||||
ENV CARGO_HOME="${CARGO_HOME}"
|
||||
ENV CARGO_TARGET="${CARGO_TARGET}"
|
||||
ENV CARGO_TERM_VERBOSE="${CARGO_TERM_VERBOSE}"
|
||||
ENV CARGO_TARGET="${rust_target}"
|
||||
WORKDIR /opt
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
<<EOF
|
||||
RUN <<EOF
|
||||
set -eux
|
||||
|
||||
url="https://static.rust-lang.org/rustup/archive/${rustup_version}/${CARGO_TARGET}/rustup-init"
|
||||
url="https://static.rust-lang.org/rustup/archive/${rustup_version}/${rust_target}/rustup-init"
|
||||
curl -S -O -s "$url"
|
||||
chmod o+x rustup-init
|
||||
EOF
|
||||
|
||||
ENV RUSTUP_HOME="${RUSTUP_HOME}"
|
||||
ENV CARGO_HOME="${CARGO_HOME}"
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
./rustup-init -y \
|
||||
--verbose \
|
||||
--profile minimal \
|
||||
--no-modify-path \
|
||||
--quiet \
|
||||
--profile "${rustup_profile}" \
|
||||
--default-host "${CARGO_TARGET}" \
|
||||
--default-toolchain "${rust_toolchain}" \
|
||||
--no-update-default-toolchain \
|
||||
--default-host ${CARGO_TARGET} \
|
||||
--default-toolchain ${rust_toolchain}
|
||||
--no-modify-path
|
||||
|
||||
chmod -R go+rw $CARGO_HOME $RUSTUP_HOME
|
||||
rm rustup-init
|
||||
EOF
|
||||
ENV PATH="${CARGO_HOME}/bin:$PATH"
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup component add \
|
||||
--toolchain ${rust_toolchain} \
|
||||
--target ${CARGO_TARGET} \
|
||||
${rustup_components} \
|
||||
;
|
||||
EOF
|
||||
|
||||
|
||||
FROM input AS chef
|
||||
ARG rust_toolchain
|
||||
ARG rust_target
|
||||
ARG RUSTUP_HOME
|
||||
ARG CARGO_HOME
|
||||
ARG CARGO_TARGET
|
||||
ARG CARGO_TERM_VERBOSE
|
||||
ARG rustup_components
|
||||
ARG cargo_installs
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
rustup component add \
|
||||
--toolchain ${rust_toolchain} \
|
||||
--target ${rust_target} \
|
||||
${rustup_components} \
|
||||
;
|
||||
|
||||
rustup run --install ${rust_toolchain} \
|
||||
cargo install \
|
||||
--quiet \
|
||||
--locked \
|
||||
--target ${CARGO_TARGET} \
|
||||
--target ${rust_target} \
|
||||
${cargo_installs} \
|
||||
;
|
||||
EOF
|
||||
|
||||
@@ -11,6 +11,9 @@ ARG var_cache
|
||||
ARG var_lib_apt
|
||||
ARG packages
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
ENV packages="ca-certificates ${packages}"
|
||||
RUN \
|
||||
--mount=type=cache,dst=${var_cache},sharing=locked \
|
||||
@@ -31,6 +34,9 @@ FROM input AS valgrind
|
||||
ARG var_cache
|
||||
ARG var_lib_apt
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
RUN \
|
||||
--mount=type=cache,dst=${var_cache},sharing=locked \
|
||||
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
|
||||
@@ -44,6 +50,9 @@ FROM input AS perf
|
||||
ARG var_cache
|
||||
ARG var_lib_apt
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
RUN \
|
||||
--mount=type=cache,dst=${var_cache},sharing=locked \
|
||||
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
|
||||
|
||||
@@ -8,7 +8,9 @@ COPY --link --from=input . .
|
||||
|
||||
ADD --link --keep-git-dir . /usr/src/tuwunel
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN <<EOF
|
||||
RUN \
|
||||
--mount=type=cache,dst=/var/lock/uwu/source,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
git reset \
|
||||
--hard \
|
||||
@@ -41,8 +43,9 @@ ENV JEMALLOC_OVERRIDE="${JEMALLOC_OVERRIDE}"
|
||||
#ENV ZSTD_SYS_USE_PKG_CONFIG="${ZSTD_SYS_USE_PKG_CONFIG}"
|
||||
ENV ROCKSDB_LIB_DIR="${ROCKSDB_LIB_DIR}"
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
git submodule update \
|
||||
@@ -70,8 +73,9 @@ COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/tuwunel
|
||||
RUN \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
|
||||
--mount=type=cache,dst=${RUSTUP_HOME}/downloads,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/registry,sharing=locked \
|
||||
--mount=type=cache,dst=${CARGO_HOME}/git,sharing=locked \
|
||||
<<EOF
|
||||
set -euxo pipefail
|
||||
rustup run ${rust_toolchain} \
|
||||
@@ -91,5 +95,5 @@ EOF
|
||||
FROM scratch AS recipe
|
||||
|
||||
WORKDIR /
|
||||
COPY --from=preparing /usr/src/tuwunel/recipe.json .
|
||||
COPY --from=preparing /usr/src/tuwunel/rocksdb.url .
|
||||
COPY --link --from=preparing /usr/src/tuwunel/recipe.json .
|
||||
COPY --link --from=preparing /usr/src/tuwunel/rocksdb.url .
|
||||
|
||||
@@ -2,8 +2,12 @@
|
||||
|
||||
FROM input AS rocksdb-fetch
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src
|
||||
COPY --link --from=recipe rocksdb.url .
|
||||
|
||||
RUN <<EOF
|
||||
set -eux
|
||||
submodule="librocksdb-sys/rocksdb"
|
||||
@@ -33,12 +37,15 @@ ARG rocksdb_zlib=0
|
||||
ARG rocksdb_snappy=0
|
||||
ARG nprocs
|
||||
|
||||
WORKDIR /
|
||||
COPY --link --from=input . .
|
||||
|
||||
WORKDIR /usr/src/rocksdb/librocksdb-sys/rocksdb
|
||||
ENV CC="clang"
|
||||
ENV CXX="clang++"
|
||||
WORKDIR /usr/src/rocksdb/librocksdb-sys/rocksdb
|
||||
ENV nprocs=${nprocs}
|
||||
RUN \
|
||||
--mount=type=cache,dst=/var/lock/uwu/${rocksdb_jemalloc}/${rocksdb_iouring}/${rocksdb_portable},sharing=locked \
|
||||
--mount=type=cache,dst=/var/lock/uwu/rocksdb,sharing=locked \
|
||||
<<EOF
|
||||
set -eux
|
||||
|
||||
|
||||
@@ -55,7 +55,7 @@ so please be patient.
|
||||
2. Some unsavory options are required for some targets. It might be possible to omit these if
|
||||
you're not building the full tree. Otherwise I've included them in the create command below.
|
||||
|
||||
- To run the complement compliance suite we need the `--allow-insecure-entitlement netwok.host`.
|
||||
- To run the complement compliance suite we need the `--allow-insecure-entitlement network.host`.
|
||||
This requirement is probably a defect in Complement.
|
||||
|
||||
Finally create
|
||||
@@ -84,3 +84,48 @@ cues from the primary user of this system, the [GitHub CI](https://github.com/ma
|
||||
building the targets for `complement-tester` and `complement-testee` using `bake.sh` and then
|
||||
invoking `complement.sh`. You can take cues again from another user of this in the
|
||||
[GitHub CI](https://github.com/matrix-construct/tuwunel/blob/main/.github/workflows/test.yml#L79).
|
||||
|
||||
## Notes
|
||||
|
||||
- For CI our builders are more persistent rather than being created and destroyed for
|
||||
each invocation. The builder is meant to be safely reused across operations, but
|
||||
for concurrent operations this is tricky, see the next point.
|
||||
|
||||
- For CI our builders are isolated only by actor/user. This will probably change to
|
||||
`actor/repo/branch` as it's easy to cause issues with concurrent builds right now.
|
||||
However we can't accept destroying the builder after each use, so we'll likely
|
||||
choose `actor/repo/branch` with the expectation of one build at a time under those
|
||||
constraints. Some external caching might need to be contrived between builders for
|
||||
deduplication but with care such that malicious actors cannot poison data used
|
||||
by other actors, otherwise it defeats the purpose of builder isolation.
|
||||
|
||||
#### On Target Caches
|
||||
|
||||
The challenge here is to get all aspects of the target directory perfectly optimal
|
||||
within the many constraints including cargo issues and our goals. This is highly complex
|
||||
because we have to provide each image being built with a safe environment yet share as
|
||||
much as possible between builds. This includes maximum reuse of prior builds but without
|
||||
unnecessary dirtying or more serious unexpected conflicts.
|
||||
|
||||
We first create a hausdorff space based on builds which could never benefit from sharing
|
||||
and would always be unsound (even silently) if they came into contact; so all cache id's
|
||||
are prefixed by the matrix components:
|
||||
`${sys_name}/${sys_version}/${rust_target}/${rust_toolchain}/${cargo_profile}`. This is
|
||||
important because we can simplify the mount path inside the image which is important for
|
||||
the absolute paths generated by fingerprints and dependency files. We need to keep those
|
||||
the same if any builds expect to share them.
|
||||
|
||||
The top-level of target directory is immediately partitioned by cargo into different
|
||||
profiles. Note that we already imposed separation based on profile but we still have to
|
||||
deal with that subdirectory in the mount, which has special-cases for the dev, test, and
|
||||
bench profiles. These directories at their top-level are the final artifact area which is
|
||||
not concurrency safe and there are open issues in cargo for explicit artifact directories.
|
||||
Within these unsafe directories are sub-directories which contain hash-sharded components
|
||||
making them safe again for shared caching, so long as the path to them remains consistent
|
||||
for all images mounting.
|
||||
|
||||
As you can see this is already getting very complicated. If this is done wrong lots of
|
||||
different bad things can happen such as broken builds from bad conflicts, constant
|
||||
rebuilds from modest conflicts, or over-use of resources from too much separation.
|
||||
|
||||
TODO
|
||||
|
||||
@@ -200,7 +200,6 @@ group "lints" {
|
||||
"audit",
|
||||
"check",
|
||||
"clippy",
|
||||
"docs",
|
||||
"fmt",
|
||||
"lychee",
|
||||
]
|
||||
@@ -305,7 +304,6 @@ target "tuwunel" {
|
||||
target = "tuwunel"
|
||||
dockerfile-inline =<<EOF
|
||||
FROM input AS tuwunel
|
||||
COPY --link --from=input . .
|
||||
EXPOSE 8008 8448
|
||||
ENTRYPOINT ["${cargo_install_root}/bin/tuwunel"]
|
||||
EOF
|
||||
@@ -551,8 +549,6 @@ target "standalone" {
|
||||
]
|
||||
target = "standalone"
|
||||
labels = install_labels
|
||||
output = ["type=docker,compression=zstd,mode=min"]
|
||||
cache_to = ["type=local,compression=zstd,mode=min"]
|
||||
matrix = cargo_rust_feat_sys
|
||||
inherits = [
|
||||
elem("install", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target]),
|
||||
@@ -613,6 +609,8 @@ target "installer" {
|
||||
|
||||
group "pkg" {
|
||||
targets = [
|
||||
"pkg-deb",
|
||||
"pkg-rpm",
|
||||
"pkg-deb-install",
|
||||
"pkg-rpm-install",
|
||||
]
|
||||
@@ -1050,6 +1048,10 @@ target "deps-check" {
|
||||
}
|
||||
}
|
||||
|
||||
variable "cargo_tgt_dir_base" {
|
||||
default = "/usr/src/tuwunel/target"
|
||||
}
|
||||
|
||||
target "deps-base" {
|
||||
name = elem("deps-base", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
|
||||
tags = [
|
||||
@@ -1071,12 +1073,22 @@ target "deps-base" {
|
||||
args = {
|
||||
cargo_profile = cargo_profile
|
||||
cook_args = "--all-targets --no-build"
|
||||
CARGO_TARGET_DIR = "/usr/src/tuwunel/target/${sys_name}/${sys_version}/${rust_toolchain}/${cargo_profile}/${feat_set}"
|
||||
CARGO_TARGET_CACHE = "/usr/src/tuwunel/target/${sys_name}/${sys_version}/_shared_cache"
|
||||
CARGO_PROFILE_test_DEBUG = "0"
|
||||
CARGO_PROFILE_bench_DEBUG = "0"
|
||||
CARGO_PROFILE_bench_LTO = "0"
|
||||
CARGO_PROFILE_bench_CODEGEN_UNITS = "1"
|
||||
|
||||
CARGO_TARGET_DIR = "${cargo_tgt_dir_base}"
|
||||
cargo_tgt_cache = "${cargo_tgt_dir_base}/${sys_name}/${sys_version}/${rust_target}/${rust_toolchain}/${cargo_profile}/_shared_cache"
|
||||
cargo_tgt_dst = "${cargo_tgt_dir_base}/${sys_name}/${sys_version}/${rust_target}/${rust_toolchain}/${cargo_profile}/${feat_set}"
|
||||
cargo_tgt_sub = (
|
||||
(cargo_profile == "dev" || cargo_profile == "test")? "debug":
|
||||
(cargo_profile == "release" || cargo_profile == "bench")? "release":
|
||||
cargo_profile
|
||||
)
|
||||
|
||||
CARGO_PROFILE_TEST_DEBUG = "false"
|
||||
CARGO_PROFILE_BENCH_DEBUG = "false"
|
||||
CARGO_PROFILE_BENCH_LTO = "false"
|
||||
CARGO_PROFILE_BENCH_CODEGEN_UNITS = "1"
|
||||
CARGO_PROFILE_RELEASE_BUILD_OVERRIDE_DEBUG = "true"
|
||||
|
||||
CARGO_BUILD_RUSTFLAGS = (
|
||||
cargo_profile == "release-max-perf"?
|
||||
join(" ", [
|
||||
@@ -1345,6 +1357,11 @@ target "chef" {
|
||||
contexts = {
|
||||
input = elem("target:cookware", [rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
|
||||
}
|
||||
args = {
|
||||
CARGO_TERM_VERBOSE = CARGO_TERM_VERBOSE
|
||||
rustup_components = join(" ", rustup_components)
|
||||
cargo_installs = join(" ", cargo_installs)
|
||||
}
|
||||
}
|
||||
|
||||
target "cookware" {
|
||||
@@ -1363,12 +1380,9 @@ target "cookware" {
|
||||
}
|
||||
args = {
|
||||
rust_toolchain = rust_toolchain
|
||||
RUSTUP_HOME = "/opt/rustup"
|
||||
CARGO_HOME = "/opt/${sys_name}/${sys_target}/cargo"
|
||||
CARGO_TARGET = rust_target
|
||||
CARGO_TERM_VERBOSE = CARGO_TERM_VERBOSE
|
||||
cargo_installs = join(" ", cargo_installs)
|
||||
rustup_components = join(" ", rustup_components)
|
||||
rust_target = rust_target
|
||||
RUSTUP_HOME = "/opt/rustup/${sys_name}"
|
||||
CARGO_HOME = "/opt/cargo/${sys_name}/${sys_target}"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1506,7 +1520,7 @@ target "system" {
|
||||
]
|
||||
target = "system"
|
||||
output = ["type=cacheonly,compression=zstd,mode=min"]
|
||||
cache_to = ["type=local,compression=zstd,mode=max"]
|
||||
cache_to = ["type=local,compression=zstd,mode=min"]
|
||||
cache_from = ["type=local"]
|
||||
dockerfile = "${docker_dir}/Dockerfile.diner"
|
||||
matrix = sys
|
||||
|
||||
Reference in New Issue
Block a user