From ee33f4cc989b10a5b83b350762cf3deb806964e1 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Fri, 22 Mar 2024 09:26:26 +0100 Subject: [PATCH 1/7] feat(build): use Docker Build Cloud for image build --- .github/workflows/sub-build-docker-image.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index dbf5ef10ea4..910adbe9eaf 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -118,11 +118,6 @@ jobs: type=edge,enable={{is_default_branch}} type=schedule - # Setup Docker Buildx to allow use of docker cache layers from GH - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - name: Authenticate to Google Cloud id: auth uses: google-github-actions/auth@v2.1.3 @@ -152,6 +147,18 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + # Setup Docker Buildx to allow use of docker cache layers from GH + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + version: "lab:latest" + driver: cloud + endpoint: "zfnd/zebra" + driver-opts: | + network=host + image=moby/buildkit:v0.13.0 + # Build and push image to Google Artifact Registry, and possibly DockerHub - name: Build & push id: docker_build From 5c7e39c144d6ea4d39d880cc27ade3d1b2fa8984 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Fri, 22 Mar 2024 11:13:37 +0100 Subject: [PATCH 2/7] fix(build): secrets, runner and conditional login --- .github/workflows/cd-deploy-nodes-gcp.yml | 2 ++ .github/workflows/ci-integration-tests-gcp.yml | 3 +++ .github/workflows/ci-unit-tests-docker.yml | 2 ++ .github/workflows/sub-build-docker-image.yml | 12 ++++-------- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd-deploy-nodes-gcp.yml b/.github/workflows/cd-deploy-nodes-gcp.yml index a439019776d..c4508e68f70 100644 --- a/.github/workflows/cd-deploy-nodes-gcp.yml +++ b/.github/workflows/cd-deploy-nodes-gcp.yml @@ -136,6 +136,8 @@ jobs: image_name: zebrad no_cache: ${{ inputs.no_cache || false }} rust_log: info + # This step needs access to Docker Hub secrets to run successfully + secrets: inherit # Test that Zebra works using the default config with the latest Zebra version. test-configuration-file: diff --git a/.github/workflows/ci-integration-tests-gcp.yml b/.github/workflows/ci-integration-tests-gcp.yml index 89544054709..41e2c70e470 100644 --- a/.github/workflows/ci-integration-tests-gcp.yml +++ b/.github/workflows/ci-integration-tests-gcp.yml @@ -149,6 +149,9 @@ jobs: rust_backtrace: full rust_lib_backtrace: full rust_log: info + # This step needs access to Docker Hub secrets to run successfully + secrets: inherit + # zebrad cached checkpoint state tests diff --git a/.github/workflows/ci-unit-tests-docker.yml b/.github/workflows/ci-unit-tests-docker.yml index 3b44aa4550c..c0e838d3674 100644 --- a/.github/workflows/ci-unit-tests-docker.yml +++ b/.github/workflows/ci-unit-tests-docker.yml @@ -111,6 +111,8 @@ jobs: rust_backtrace: full rust_lib_backtrace: full rust_log: info + # This step needs access to Docker Hub secrets to run successfully + secrets: inherit # Run all the zebra tests, including tests that are ignored by default. # diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 910adbe9eaf..e25f4c0ba15 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -68,7 +68,7 @@ jobs: build: name: Build images timeout-minutes: 210 - runs-on: ubuntu-latest-xl + runs-on: ubuntu-latest outputs: image_digest: ${{ steps.docker_build.outputs.digest }} image_name: ${{ fromJSON(steps.docker_build.outputs.metadata)['image.name'] }} @@ -92,6 +92,8 @@ jobs: uses: docker/metadata-action@v5.5.1 with: # list of Docker images to use as base name for tags + # We only publish images to DockerHub if a release is not a pre-release + # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177 images: | us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/${{ inputs.image_name }} zfnd/${{ inputs.image_name }},enable=${{ github.event_name == 'release' && !github.event.release.prerelease }} @@ -139,15 +141,12 @@ jobs: password: ${{ steps.auth.outputs.access_token }} - name: Login to DockerHub - # We only publish images to DockerHub if a release is not a pre-release - # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177 - if: ${{ github.event_name == 'release' && !github.event.release.prerelease }} uses: docker/login-action@v3.1.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Setup Docker Buildx to allow use of docker cache layers from GH + # Setup Docker Buildx to use Docker Build Cloud - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3 @@ -155,9 +154,6 @@ jobs: version: "lab:latest" driver: cloud endpoint: "zfnd/zebra" - driver-opts: | - network=host - image=moby/buildkit:v0.13.0 # Build and push image to Google Artifact Registry, and possibly DockerHub - name: Build & push From 489f707008a7195287d70b4414d2be0ebb08b9da Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Fri, 22 Mar 2024 11:30:37 +0100 Subject: [PATCH 3/7] ref(build): avoid using an external cache with Docker Build Cloud --- .github/workflows/sub-build-docker-image.yml | 32 ++++++-------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index e25f4c0ba15..54c3622cb36 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -120,6 +120,15 @@ jobs: type=edge,enable={{is_default_branch}} type=schedule + # Setup Docker Buildx to use Docker Build Cloud + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + version: "lab:latest" + driver: cloud + endpoint: "zfnd/zebra" + - name: Authenticate to Google Cloud id: auth uses: google-github-actions/auth@v2.1.3 @@ -146,15 +155,6 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # Setup Docker Buildx to use Docker Build Cloud - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: "lab:latest" - driver: cloud - endpoint: "zfnd/zebra" - # Build and push image to Google Artifact Registry, and possibly DockerHub - name: Build & push id: docker_build @@ -174,17 +174,3 @@ jobs: # Don't read from the cache if the caller disabled it. # https://docs.docker.com/engine/reference/commandline/buildx_build/#options no-cache: ${{ inputs.no_cache }} - # To improve build speeds, for each branch we push an additional image to the registry, - # to be used as the caching layer, using the `max` caching mode. - # - # We use multiple cache sources to confirm a cache hit, starting from a per-branch cache. - # If there's no hit, we continue with a `main` branch cache, which helps us avoid - # rebuilding cargo-chef, most dependencies, and possibly some Zebra crates. - # - # The caches are tried in top-down order, the first available cache is used: - # https://github.com/moby/moby/pull/26839#issuecomment-277383550 - cache-from: | - type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache - type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:main-cache - cache-to: | - type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=max From 2e8bfcc7e81960475704dfe29069c563db70ed2f Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Fri, 22 Mar 2024 11:33:32 +0100 Subject: [PATCH 4/7] fix(build): `buildx` setup must be after registry login --- .github/workflows/sub-build-docker-image.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 54c3622cb36..e477d2bba8a 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -120,15 +120,6 @@ jobs: type=edge,enable={{is_default_branch}} type=schedule - # Setup Docker Buildx to use Docker Build Cloud - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: "lab:latest" - driver: cloud - endpoint: "zfnd/zebra" - - name: Authenticate to Google Cloud id: auth uses: google-github-actions/auth@v2.1.3 @@ -155,6 +146,15 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + # Setup Docker Buildx to use Docker Build Cloud + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + version: "lab:latest" + driver: cloud + endpoint: "zfnd/zebra" + # Build and push image to Google Artifact Registry, and possibly DockerHub - name: Build & push id: docker_build From 3f8c5b367436d198bdba21623116df0a5bbb475c Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Tue, 11 Jun 2024 09:48:11 -0400 Subject: [PATCH 5/7] fix: merge --- .github/workflows/ci-tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index 2c8ce336706..997bf25eb00 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -130,6 +130,8 @@ jobs: rust_backtrace: full rust_lib_backtrace: full rust_log: info + # This step needs access to Docker Hub secrets to run successfully + secrets: inherit # Runs Zebra unit tests unit-tests: From 1639acf189c29c35d32862f92873797da38db224 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Tue, 11 Jun 2024 13:28:00 -0400 Subject: [PATCH 6/7] fix(login): always login to Docker --- .github/workflows/sub-build-docker-image.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 44d94487a9b..7612777dfd6 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -141,9 +141,6 @@ jobs: password: ${{ steps.auth.outputs.access_token }} - name: Login to DockerHub - # We only publish images to DockerHub if a release is not a pre-release - # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177 - if: ${{ github.event_name == 'release' && !github.event.release.prerelease }} uses: docker/login-action@v3.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} From 5c68bbf0415b4e437e62491bc236770a56d54b52 Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Tue, 11 Jun 2024 15:05:55 -0400 Subject: [PATCH 7/7] fix(build): remove extra build steps --- .../sub-ci-integration-tests-gcp.yml | 21 ------------------- .../workflows/sub-ci-unit-tests-docker.yml | 21 ------------------- 2 files changed, 42 deletions(-) diff --git a/.github/workflows/sub-ci-integration-tests-gcp.yml b/.github/workflows/sub-ci-integration-tests-gcp.yml index aebcf5fefd4..27f11f1f37d 100644 --- a/.github/workflows/sub-ci-integration-tests-gcp.yml +++ b/.github/workflows/sub-ci-integration-tests-gcp.yml @@ -61,27 +61,6 @@ jobs: with: network: 'Testnet' - # Build the docker image used by the tests. - # - # The default network in the Zebra config in the image is mainnet, unless a manually triggered - # workflow or repository variable is configured differently. Testnet jobs change that config to - # testnet when running the image. - build: - name: Build CI Docker - if: ${{ !startsWith(github.event_name, 'pull') || !github.event.pull_request.head.repo.fork }} - uses: ./.github/workflows/sub-build-docker-image.yml - with: - dockerfile_path: ./docker/Dockerfile - dockerfile_target: tests - image_name: ${{ vars.CI_IMAGE_NAME }} - no_cache: ${{ inputs.no_cache || false }} - rust_backtrace: full - rust_lib_backtrace: full - rust_log: info - # This step needs access to Docker Hub secrets to run successfully - secrets: inherit - - # zebrad cached checkpoint state tests # Regenerate mandatory checkpoint Zebra cached state disks. diff --git a/.github/workflows/sub-ci-unit-tests-docker.yml b/.github/workflows/sub-ci-unit-tests-docker.yml index 9893e32fc9c..3f80d24ebbd 100644 --- a/.github/workflows/sub-ci-unit-tests-docker.yml +++ b/.github/workflows/sub-ci-unit-tests-docker.yml @@ -37,27 +37,6 @@ env: #! The job names in `ci-unit-tests-docker.yml`, `ci-unit-tests-docker.patch.yml` and #! `ci-unit-tests-docker.patch-external.yml` must be kept in sync. jobs: - # Build the docker image used by the tests. - # - # The default network in the Zebra config in the image is mainnet, unless a manually triggered - # workflow or repository variable is configured differently. Testnet jobs change that config to - # testnet when running the image. - build: - name: Build CI Docker - # Skip PRs from external repositories, let them pass, and then Mergify will check them - if: ${{ !startsWith(github.event_name, 'pull') || !github.event.pull_request.head.repo.fork }} - uses: ./.github/workflows/sub-build-docker-image.yml - with: - dockerfile_path: ./docker/Dockerfile - dockerfile_target: tests - image_name: ${{ vars.CI_IMAGE_NAME }} - no_cache: ${{ inputs.no_cache || false }} - rust_backtrace: full - rust_lib_backtrace: full - rust_log: info - # This step needs access to Docker Hub secrets to run successfully - secrets: inherit - # Run all the zebra tests, including tests that are ignored by default. # # - We activate the gRPC feature to avoid recompiling `zebrad`, but we don't actually run any gRPC tests.