From cdbd4fc24422e805cf2d100e4c7d03cf95c9620a Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Mon, 22 Mar 2021 15:08:51 -0700 Subject: [PATCH] Ensure Github workflows use up-to-date base Docker images (#1951) Relying on a CRON job to update the Antrea base images has proven sub-optimal: we sometimes push base images manually which do not match the checked-in Dockerfiles and CI tests run for PRs which update the Dockerfiles ignore these updates (making the tests worthless). We now ensure that Github workflows always build the base images before building the Antrea image, thanks to a new helper script. By relying on Docker caching (using the Dockerhub registry as the cache), we ensure that build times are not increased: in the absence of any change, we only add a handful of seconds to the build time. For now, we only update CI jobs run as Github workflow. Once this is merged, we should consider doing the same for Jenkins scripts. We could add support for DOCKER_REGISTRY to the new helper script (hack/build-antrea-ubuntu-all.sh). One question that we could ask now is whether these base images are even necessary: if caching works well, using one large Dockerfile should be just as fast, while simplifying build architecture. This is something we may want to revisit in the future. Maybe using base images only makes sense if we are going to share them across multiple images. See #1540 --- .github/workflows/build.yml | 9 ++- .github/workflows/build_tag.yml | 4 +- .github/workflows/kind.yml | 8 +- .github/workflows/kind_upgrade.yml | 4 +- .github/workflows/update_ovs_image.yml | 33 -------- Makefile | 20 +++-- build/images/base/build.sh | 11 ++- build/images/ovs/build.sh | 2 + hack/build-antrea-ubuntu-all.sh | 107 +++++++++++++++++++++++++ 9 files changed, 149 insertions(+), 49 deletions(-) delete mode 100644 .github/workflows/update_ovs_image.yml create mode 100755 hack/build-antrea-ubuntu-all.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bba0a7fa20a..ba37423b4d8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,15 +31,18 @@ jobs: runs-on: [ubuntu-latest] steps: - uses: actions/checkout@v2 - - name: Build Antrea Docker image - run: make - - name: Push Antrea amd64 Docker image to registry + - name: Build Antrea amd64 Docker image without pushing to registry + if: ${{ github.repository != 'vmware-tanzu/antrea' || github.event_name != 'push' || github.ref != 'refs/heads/main' }} + run: | + ./hack/build-antrea-ubuntu-all.sh --pull + - name: Build and push Antrea amd64 Docker image to registry if: ${{ github.repository == 'vmware-tanzu/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }} env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} run: | echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + ./hack/build-antrea-ubuntu-all.sh --pull --push-base-images docker tag antrea/antrea-ubuntu:latest antrea/antrea-ubuntu-amd64:latest docker push antrea/antrea-ubuntu-amd64:latest - name: Trigger Antrea arm builds and multi-arch manifest update diff --git a/.github/workflows/build_tag.yml b/.github/workflows/build_tag.yml index 7acf061fcc7..f63476839ce 100644 --- a/.github/workflows/build_tag.yml +++ b/.github/workflows/build_tag.yml @@ -24,13 +24,13 @@ jobs: needs: get-version steps: - uses: actions/checkout@v2 - - name: Build Antrea amd64 Docker image and push to registry + - name: Build and push Antrea amd64 Docker image to registry env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} VERSION: ${{ needs.get-version.outputs.version }} run: | - make + ./hack/build-antrea-ubuntu-all.sh --pull echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin docker tag antrea/antrea-ubuntu:"${VERSION}" antrea/antrea-ubuntu-amd64:"${VERSION}" docker push antrea/antrea-ubuntu-amd64:"${VERSION}" diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index 4ea11154e85..c0794cdd8bb 100755 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -34,7 +34,9 @@ jobs: runs-on: [ubuntu-latest] steps: - uses: actions/checkout@v2 - - run: make build-ubuntu-coverage + - name: Build Antrea Docker image with code coverage support + run: | + ./hack/build-antrea-ubuntu-all.sh --pull --coverage - name: Save Antrea image to tarball run: docker save -o antrea-ubuntu.tar antrea/antrea-ubuntu-coverage:latest - name: Upload Antrea image for subsequent jobs @@ -385,7 +387,9 @@ jobs: runs-on: [ubuntu-latest] steps: - uses: actions/checkout@v2 - - run: make + - name: Build Antrea Docker image + run: | + ./hack/build-antrea-ubuntu-all.sh --pull - name: Save Antrea image to tarball run: docker save -o antrea-ubuntu.tar projects.registry.vmware.com/antrea/antrea-ubuntu:latest - name: Upload Antrea image for subsequent jobs diff --git a/.github/workflows/kind_upgrade.yml b/.github/workflows/kind_upgrade.yml index f06cc389db4..ef4255061d6 100644 --- a/.github/workflows/kind_upgrade.yml +++ b/.github/workflows/kind_upgrade.yml @@ -34,7 +34,9 @@ jobs: runs-on: [ubuntu-latest] steps: - uses: actions/checkout@v2 - - run: make + - name: Build Antrea Docker image + run: | + ./hack/build-antrea-ubuntu-all.sh --pull - name: Save Antrea image to tarball run: docker save -o antrea-ubuntu.tar projects.registry.vmware.com/antrea/antrea-ubuntu:latest - name: Upload Antrea image for subsequent jobs diff --git a/.github/workflows/update_ovs_image.yml b/.github/workflows/update_ovs_image.yml deleted file mode 100644 index 8e5ccaa57d8..00000000000 --- a/.github/workflows/update_ovs_image.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Update the antrea/openvswitch image every 12 hours - -on: - schedule: - # every 12 hours - - cron: '0 */12 * * *' - -jobs: - build: - if: github.repository == 'vmware-tanzu/antrea' - runs-on: [ubuntu-latest] - steps: - - uses: actions/checkout@v2 - - name: Build antrea/openvswitch Docker image and push to registry - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - OVS_VERSION: 2.14.0 - run: | - cd build/images/ovs/ - docker pull antrea/openvswitch-debs:$OVS_VERSION || true - docker pull antrea/openvswitch:$OVS_VERSION || true - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - ./build.sh --pull --push - cd ../base/ - ./build.sh --pull --push - skip: - if: github.repository != 'vmware-tanzu/antrea' - runs-on: [ubuntu-latest] - steps: - - name: Skip - run: | - echo "Skipping OVS image update because workflow cannot be run from fork" diff --git a/Makefile b/Makefile index 0b13a5d4e53..173a07e5c7e 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,12 @@ UNAME_S := $(shell uname -s) USERID := $(shell id -u) GRPID := $(shell id -g) +# If NO_PULL is set, base Docker images will not be pulled. +# If DOCKER_REGISTRY is set, we always set NO_PULL. +ifneq ($(DOCKER_REGISTRY),) + NO_PULL := 1 +endif + .PHONY: bin bin: @mkdir -p $(BINDIR) @@ -142,7 +148,7 @@ docker-test-unit: $(DOCKER_CACHE) .PHONY: docker-test-integration docker-test-integration: .coverage @echo "===> Building Antrea Integration Test Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/test -f build/images/test/Dockerfile . else docker build --pull -t antrea/test -f build/images/test/Dockerfile . @@ -266,7 +272,7 @@ codegen: .PHONY: ubuntu ubuntu: @echo "===> Building antrea/antrea-ubuntu Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.ubuntu . else docker build --pull -t antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.ubuntu . @@ -279,7 +285,7 @@ endif .PHONY: build-ubuntu build-ubuntu: @echo "===> Building Antrea bins and antrea/antrea-ubuntu Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.ubuntu . else docker build --pull -t antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.ubuntu . @@ -291,7 +297,7 @@ endif .PHONY: build-windows build-windows: @echo "===> Building Antrea bins and antrea/antrea-windows Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/antrea-windows:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.windows . else docker build --pull -t antrea/antrea-windows:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.windows . @@ -303,7 +309,7 @@ endif .PHONY: build-ubuntu-coverage build-ubuntu-coverage: @echo "===> Building Antrea bins and antrea/antrea-ubuntu-coverage Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/antrea-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.coverage . else docker build --pull -t antrea/antrea-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.coverage . @@ -350,7 +356,7 @@ octant-antrea-ubuntu: .PHONY: flow-aggregator-ubuntu flow-aggregator-ubuntu: @echo "===> Building antrea/flow-aggregator Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/flow-aggregator:$(DOCKER_IMG_VERSION) -f build/images/flow-aggregator/Dockerfile . else docker build --pull -t antrea/flow-aggregator:$(DOCKER_IMG_VERSION) -f build/images/flow-aggregator/Dockerfile . @@ -362,7 +368,7 @@ endif .PHONY: flow-aggregator-ubuntu-coverage flow-aggregator-ubuntu-coverage: @echo "===> Building antrea/flow-aggregator-coverage Docker image <===" -ifneq ($(DOCKER_REGISTRY),"") +ifneq ($(NO_PULL),) docker build -t antrea/flow-aggregator-coverage:$(DOCKER_IMG_VERSION) -f build/images/flow-aggregator/Dockerfile.coverage . else docker build --pull -t antrea/flow-aggregator-coverage:$(DOCKER_IMG_VERSION) -f build/images/flow-aggregator/Dockerfile.coverage . diff --git a/build/images/base/build.sh b/build/images/base/build.sh index 25746f50f6c..0c92e7bae80 100755 --- a/build/images/base/build.sh +++ b/build/images/base/build.sh @@ -87,14 +87,23 @@ pushd $THIS_DIR > /dev/null if $PULL; then docker pull $PLATFORM_ARG ubuntu:20.04 docker pull $PLATFORM_ARG antrea/openvswitch:$OVS_VERSION + docker pull $PLATFORM_ARG antrea/cni-binaries || true + docker pull $PLATFORM_ARG antrea/base-ubuntu:$OVS_VERSION || true fi +docker build $PLATFORM_ARG --target cni-binaries \ + --cache-from antrea/cni-binaries \ + -t antrea/cni-binaries \ + --build-arg OVS_VERSION=$OVS_VERSION . + docker build $PLATFORM_ARG \ + --cache-from antrea/cni-binaries \ + --cache-from antrea/base-ubuntu:$OVS_VERSION \ -t antrea/base-ubuntu:$OVS_VERSION \ - -f Dockerfile \ --build-arg OVS_VERSION=$OVS_VERSION . if $PUSH; then + docker push antrea/cni-binaries:$OVS_VERSION docker push antrea/base-ubuntu:$OVS_VERSION fi diff --git a/build/images/ovs/build.sh b/build/images/ovs/build.sh index e718c59879f..c5f647eb552 100755 --- a/build/images/ovs/build.sh +++ b/build/images/ovs/build.sh @@ -93,6 +93,8 @@ pushd $THIS_DIR > /dev/null if $PULL; then docker pull $PLATFORM_ARG ubuntu:20.04 + docker pull antrea/openvswitch-debs:$OVS_VERSION || true + docker pull antrea/openvswitch:$OVS_VERSION || true fi docker build $PLATFORM_ARG --target ovs-debs \ diff --git a/hack/build-antrea-ubuntu-all.sh b/hack/build-antrea-ubuntu-all.sh new file mode 100755 index 00000000000..9292603a3c7 --- /dev/null +++ b/hack/build-antrea-ubuntu-all.sh @@ -0,0 +1,107 @@ +#!/usr/bin/env bash + +# Copyright 2021 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eo pipefail + +# Change this when updating the OVS version! +: "${OVS_VERSION:=2.14.0}" +export OVS_VERSION + +function echoerr { + >&2 echo "$@" +} + +_usage="Usage: $0 [--pull] [--push-base-images] [--coverage] [--platform ] +Build the antrea/antrea-ubuntu image, as well as all the base images in the build chain. This is +typically used in CI to build the image with the latest version of all dependencies, taking into +account changes to all Dockerfiles. + --pull Always attempt to pull a newer version of the base images. + --push-base-images Push built images to the registry. Only base images will be pushed. + --coverage Build the image with support for code coverage. + --platform Target platform for the images if server is multi-platform capable." + +function print_usage { + echoerr "$_usage" +} + +PULL=false +PUSH=false +COVERAGE=false +PLATFORM="" + +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + --pull) + PULL=true + shift + ;; + --push-base-images) + PUSH=true + shift + ;; + --coverage) + COVERAGE=true + shift + ;; + --platform) + PLATFORM="$2" + shift 2 + ;; + -h|--help) + print_usage + exit 0 + ;; + *) # unknown option + echoerr "Unknown option $1" + exit 1 + ;; +esac +done + +THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +pushd "$THIS_DIR/.." > /dev/null + +ARGS="" +if $PUSH; then + ARGS="$ARGS --push" +fi +if $PULL; then + ARGS="$ARGS --pull" +fi +if [ "$PLATFORM" != "" ]; then + ARGS="$ARGS --platform $PLATFORM" +fi + +cd build/images/ovs +./build.sh $ARGS +cd - + +cd build/images/base +./build.sh $ARGS +cd - + +export NO_PULL=1 +if $COVERAGE; then + make build-ubuntu-coverage +else + make +fi + +popd > /dev/null