Cache CI Docker images in ghcr registry #119290
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
A-testsuite
This comment has been minimized.
This comment has been minimized.
Kobzol
force-pushed
the
ci-docker-registry-cache
branch
from
9e9604b
to
6f90144
Compare
|
@bors try This broadly looks fine to me -- is there a reason I don't see try builds etc. on this PR? I think we should test out that it works on try + local builds (src/ci/docker/run.sh from your laptop or w/e), and perhaps get rustup CI working, and then we can merge. |
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 29, 2023
…try> Cache CI Docker images in ghcr registry This PR changes the way `rust-lang` caches Docker images used in CI workflows. Before, the intermediate Docker layers were manually exported from `docker history` and backed up in S3. However, this approach doesn't work any more with the Docker version used by GitHub Actions since August 2023. We had to revert to disabling Docker BuildKit to make the old caching work, but this workaround will stop working eventually, after GitHub updates Docker again and the old build backend will be removed. This PR changes the caching to use [Docker caching](https://docs.docker.com/build/cache/) instead. There are several backends for the cache, for our use-case S3 and Docker registry makes sense. This PR uses the Docker registry backend and uses the ghcr.io registry. The caching creates a Docker image labeled `rust-ci`, which is currently stored to the `ghcr.io/rust-lang-ci` package registry. This image appears [here](https://ghcr.io/rust-lang-ci/rust-ci). The image is stored in `rust-lang-ci` and not `rust-lang`, because `try` and `auto` builds run in the context of that repository, so the used `GITHUB_TOKEN` has permissions for it (unlike for `rust-lang`). For pull request CI runs, the provided `GITHUB_TOKEN` reduces its permissions automatically to `packages: read`, which means that we won't be able to write the Docker image. If we're not able to write, we won't have anything to read. So I disabled the caching entirely for PR runs (it makes it slightly faster to build the Docker image if we don't have to deal with exporting and using a separate build driver). Note that before this PR, we also weren't able to read or write the cache on PR runs. Related issue: rust-lang/infra-team#81 r? `@Mark-Simulacrum`
I tested a try build on a different PR, but we should of course also try it here. What I'm struggling with currently is how to use the cache as a |
|
☀️ Try build successful - checks-actions |
|
@bors try |
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 29, 2023
…try> Cache CI Docker images in ghcr registry This PR changes the way `rust-lang` caches Docker images used in CI workflows. Before, the intermediate Docker layers were manually exported from `docker history` and backed up in S3. However, this approach doesn't work any more with the Docker version used by GitHub Actions since August 2023. We had to revert to disabling Docker BuildKit to make the old caching work, but this workaround will stop working eventually, after GitHub updates Docker again and the old build backend will be removed. This PR changes the caching to use [Docker caching](https://docs.docker.com/build/cache/) instead. There are several backends for the cache, for our use-case S3 and Docker registry makes sense. This PR uses the Docker registry backend and uses the ghcr.io registry. The caching creates a Docker image labeled `rust-ci`, which is currently stored to the `ghcr.io/rust-lang-ci` package registry. This image appears [here](https://ghcr.io/rust-lang-ci/rust-ci). The image is stored in `rust-lang-ci` and not `rust-lang`, because `try` and `auto` builds run in the context of that repository, so the used `GITHUB_TOKEN` has permissions for it (unlike for `rust-lang`). For pull request CI runs, the provided `GITHUB_TOKEN` reduces its permissions automatically to `packages: read`, which means that we won't be able to write the Docker image. If we're not able to write, we won't have anything to read. So I disabled the caching entirely for PR runs (it makes it slightly faster to build the Docker image if we don't have to deal with exporting and using a separate build driver). Note that before this PR, we also weren't able to read or write the cache on PR runs. Related issue: rust-lang/infra-team#81 r? `@Mark-Simulacrum`
|
☀️ Try build successful - checks-actions |
|
@rustbot author Let me know if I can/should try to help here, otherwise will put this in waiting on author for now. |
rustbot
added
S-waiting-on-author
Kobzol
force-pushed
the
ci-docker-registry-cache
branch
2 times, most recently
from
7dae399
to
41ef4a5
Compare
|
@bors try |
Kobzol
force-pushed
the
ci-docker-registry-cache
branch
from
41ef4a5
to
8bb6a1b
Compare
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Jan 21, 2024
Cache CI Docker images in ghcr registry This PR changes the way `rust-lang` caches Docker images used in CI workflows. Before, the intermediate Docker layers were manually exported from `docker history` and backed up in S3. However, this approach doesn't work any more with the Docker version used by GitHub Actions since August 2023. We had to revert to disabling Docker BuildKit to make the old caching work, but this workaround will stop working eventually, after GitHub updates Docker again and the old build backend will be removed. This PR changes the caching to use [Docker caching](https://docs.docker.com/build/cache/) instead. There are several backends for the cache, for our use-case S3 and Docker registry makes sense. This PR uses the Docker registry backend and uses the ghcr.io registry. The caching creates a Docker image labeled `rust-ci`, which is currently stored to the `ghcr.io/rust-lang-ci` package registry. This image appears [here](https://ghcr.io/rust-lang-ci/rust-ci). The image is stored in `rust-lang-ci` and not `rust-lang`, because `try` and `auto` builds run in the context of that repository, so the used `GITHUB_TOKEN` has permissions for it (unlike for `rust-lang`). For pull request CI runs, the provided `GITHUB_TOKEN` reduces its permissions automatically to `packages: read`, which means that we won't be able to write the Docker image. If we're not able to write, we won't have anything to read. So I disabled the caching entirely for PR runs (it makes it slightly faster to build the Docker image if we don't have to deal with exporting and using a separate build driver). Note that before this PR, we also weren't able to read or write the cache on PR runs. Related issue: rust-lang/infra-team#81 r? `@Mark-Simulacrum`
Kobzol
force-pushed
the
ci-docker-registry-cache
branch
from
8bb6a1b
to
53a9eae
Compare
|
@bors try |
|
The Rustup part of this change is at: rust-lang/rustup#3648. Local build seems to work. |
This comment has been minimized.
This comment has been minimized.
bors
added
the
S-waiting-on-bors
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Jan 27, 2024
…ark-Simulacrum Cache CI Docker images in ghcr registry This PR changes the way `rust-lang` caches Docker images used in CI workflows. Before, the intermediate Docker layers were manually exported from `docker history` and backed up in S3. However, this approach doesn't work any more with the Docker version used by GitHub Actions since August 2023. We had to revert to disabling Docker BuildKit to make the old caching work, but this workaround will stop working eventually, after GitHub updates Docker again and the old build backend will be removed. This PR changes the caching to use [Docker caching](https://docs.docker.com/build/cache/) instead. There are several backends for the cache, for our use-case S3 and Docker registry makes sense. This PR uses the Docker registry backend and uses the ghcr.io registry. The caching creates a Docker image labeled `rust-ci`, which is currently stored to the `ghcr.io/rust-lang-ci` package registry. This image appears [here](https://ghcr.io/rust-lang-ci/rust-ci). The image is stored in `rust-lang-ci` and not `rust-lang`, because `try` and `auto` builds run in the context of that repository, so the used `GITHUB_TOKEN` has permissions for it (unlike for `rust-lang`). For pull request CI runs, the provided `GITHUB_TOKEN` reduces its permissions automatically to `packages: read`, which means that we won't be able to write the Docker image. If we're not able to write, we won't have anything to read. So I disabled the caching entirely for PR runs (it makes it slightly faster to build the Docker image if we don't have to deal with exporting and using a separate build driver). Note that before this PR, we also weren't able to read or write the cache on PR runs. Rustup part of this change is [here](rust-lang/rustup#3648). Related issue: rust-lang/infra-team#81 r? `@Mark-Simulacrum`
This comment has been minimized.
This comment has been minimized.
|
💔 Test failed - checks-actions |
bors
added
S-waiting-on-review
Mark-Simulacrum
added
S-waiting-on-author
|
@bors r=Mark-simulacrum (This run will fail, but I added additional logging to help me debug the used Docker version on our self-hosted runners). |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
|
Finished benchmarking commit (7e43442): comparison URL. Overall result: no relevant changes - no action needed@rustbot label: -perf-regression Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesThis benchmark run did not return any relevant results for this metric. Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 660.85s -> 661.466s (0.09%) |
This was referenced Feb 13, 2024
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Mar 15, 2024
…acrum CI: cache PR CI Docker builds An attempt to restore Docker caching for PR CI workflows that share the Docker image with an auto/try workflow. This was broken by my previous [PR](rust-lang#119290) that changed how we cache the Docker builds. [Before](rust-lang#122545):  After:  r? `@ghost`
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Mar 15, 2024
…acrum CI: cache PR CI Docker builds An attempt to restore Docker caching for PR CI workflows that share the Docker image with an auto/try workflow. This was broken by my previous [PR](rust-lang#119290) that changed how we cache the Docker builds. [Before](rust-lang#122545):  After:  r? ``@ghost``
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 15, 2024
Rollup merge of rust-lang#122563 - Kobzol:ci-pr-caching, r=Mark-Simulacrum CI: cache PR CI Docker builds An attempt to restore Docker caching for PR CI workflows that share the Docker image with an auto/try workflow. This was broken by my previous [PR](rust-lang#119290) that changed how we cache the Docker builds. [Before](rust-lang#122545):  After:  r? ``@ghost``
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR changes the way
rust-langcaches Docker images used in CI workflows. Before, the intermediate Docker layers were manually exported fromdocker historyand backed up in S3. However, this approach doesn't work any more with the Docker version used by GitHub Actions since August 2023. We had to revert to disabling Docker BuildKit to make the old caching work, but this workaround will stop working eventually, after GitHub updates Docker again and the old build backend will be removed.This PR changes the caching to use Docker caching instead. There are several backends for the cache, for our use-case S3 and Docker registry makes sense. This PR uses the Docker registry backend and uses the ghcr.io registry.
The caching creates a Docker image labeled
rust-ci, which is currently stored to theghcr.io/rust-lang-cipackage registry. This image appears here. The image is stored inrust-lang-ciand notrust-lang, becausetryandautobuilds run in the context of that repository, so the usedGITHUB_TOKENhas permissions for it (unlike forrust-lang).For pull request CI runs, the provided
GITHUB_TOKENreduces its permissions automatically topackages: read, which means that we won't be able to write the Docker image. If we're not able to write, we won't have anything to read. So I disabled the caching entirely for PR runs (it makes it slightly faster to build the Docker image if we don't have to deal with exporting and using a separate build driver). Note that before this PR, we also weren't able to read or write the cache on PR runs.Rustup part of this change is here.
Related issue: rust-lang/infra-team#81
r? @Mark-Simulacrum