Skip to content

Commit

Permalink
Support remote build execution on main and read-only remote cache on PRs
Browse files Browse the repository at this point in the history
  • Loading branch information
bclark8923 committed Aug 28, 2024
1 parent 0933c1a commit 48c671a
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 7 deletions.
64 changes: 57 additions & 7 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,30 +16,80 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
nativelink-dot-com-build-on-main-test:
nativelink-dot-com-cloud-rbe-main-legacy-dockerfile-test:
runs-on: ubuntu-22.04
environment: production
# Only run on main branch.
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: >- # v4.1.1
actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Set up AWS CLI
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.RBE_ECR_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.RBE_ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.RBE_ECR_AWS_ACCOUNT_REGION }}

- name: Calculate Dockerfile hash and Retrieve Image URI for RBE
run: |
DOCKERFILE_HASH=$(sha256sum "${GITHUB_WORKSPACE}/tools/toolchain-nativelink/Dockerfile" | awk '{print $1}')
IMAGE_DETAILS=$(aws ecr describe-images --repository-name ${{ secrets.RBE_ECR_REPOSITORY_NAME }} --image-ids imageTag=$DOCKERFILE_HASH)
if [ $? -ne 0 ]; then
exit 1;
fi
echo "RBE_IMAGE=${{ secrets.RBE_ECR_AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.RBE_ECR_AWS_ACCOUNT_REGION }}.amazonaws.com/${{ secrets.RBE_ECR_REPOSITORY_NAME }}:$DOCKERFILE_HASH" >> $GITHUB_ENV
- name: Setup Bazelisk
uses: >- # v0.8.1
bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29
with:
bazelisk-cache: true

- name: Run Bazel tests
shell: bash
run: |
bazel test \
--remote_cache=grpcs://cas-tracemachina-shared.build-faster.nativelink.net \
--remote_header=x-nativelink-api-key=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--remote_instance_name=main \
--bes_backend=grpcs://bes-tracemachina-shared.build-faster.nativelink.net \
--bes_header=x-nativelink-api-key=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--bes_results_url=https://app.nativelink.com/a/e3b1e0e0-4b73-45d6-85bc-5cb7b02edea5/build \
--remote_header=x-nativelink-project=nativelink-ci \
--remote_executor=grpcs://scheduler-tracemachina-shared.build-faster.nativelink.net:443 \
--remote_default_exec_properties="container-image=docker://${RBE_IMAGE}" \
//...
nativelink-dot-com-cloud-cache-legacy-dockerfile-test:
runs-on: ubuntu-22.04
environment: production
env:
NL_COM_API_KEY: ${{ secrets.NATIVELINK_COM_API_HEADER || '065f02f53f26a12331d5cfd00a778fb243bfb4e857b8fcd4c99273edfb15deae' }}
steps:
- name: Checkout
uses: >- # v4.1.1
actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Setup Bazelisk
uses: >- # v0.8.1
bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29
with:
bazelisk-cache: true

- name: Run Bazel tests
shell: bash
run: |
bazel test \
--remote_cache=${{ vars.NATIVELINK_COM_REMOTE_CACHE_URL }} \
--remote_header=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--bes_backend=${{ vars.NATIVELINK_COM_BES_URL }} \
--bes_header=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--bes_results_url=${{ vars.NATIVELINK_COM_BES_RESULTS_URL }} \
--remote_cache=grpcs://cas-tracemachina-shared.build-faster.nativelink.net \
--remote_header=x-nativelink-api-key=${NL_COM_API_KEY} \
--remote_instance_name=main \
--bes_backend=grpcs://bes-tracemachina-shared.build-faster.nativelink.net \
--bes_header=x-nativelink-api-key=${NL_COM_API_KEY} \
--bes_results_url=https://app.nativelink.com/a/e3b1e0e0-4b73-45d6-85bc-5cb7b02edea5/build \
--remote_header=x-nativelink-project=nativelink-ci \
${{ github.ref == 'refs/heads/main' && ' ' || '--nogenerate_json_trace_profile --remote_upload_local_results=false' }} \
//...
docker-compose-compiles-nativelink:
Expand Down
35 changes: 35 additions & 0 deletions tools/toolchain-nativelink/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright 2022-2024 The NativeLink Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da

# Set shell to bash and enable pipefail
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Get Ubuntu packages
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
gcc=4:11.2.0-1ubuntu1 \
g++=4:11.2.0-1ubuntu1 \
python3=3.10.6-1~22.04 \
python3-minimal=3.10.6-1~22.04 \
libpython3-stdlib=3.10.6-1~22.04 \
curl=7.81.0-1ubuntu1.17 \
ca-certificates=20230311ubuntu0.22.04.1 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Get Rust
RUN curl --proto "=https" --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.79.0

RUN echo "source \"$HOME/.cargo/env\"" >> "$HOME/.bashrc"
32 changes: 32 additions & 0 deletions tools/toolchain-nativelink/toolchain-nativelink.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/usr/bin/env bash

set -xeuo pipefail

ECR=${ECR:?Error: ECR is not set}
ECR_PROFILE=${ECR_PROFILE:?Error: ECR_PROFILE is not set}
ECR_USER=${ECR_USER:?Error: ECR_USER is not set}
ECR_REGION=${ECR_REGION:?Error: ECR_REGION is not set}
BUILDX_NO_CACHE=${BUILDX_NO_CACHE:-true}

function ecr_login() {
aws ecr get-login-password --profile ${ECR_PROFILE} --region ${ECR_REGION} | docker login --username ${ECR_USER} --password-stdin ${ECR}.dkr.ecr.${ECR_REGION}.amazonaws.com
}

# Check OS and calculate the SHA256 hash of the Dockerfile
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
IMAGE_TAG=$(sha256sum 'Dockerfile' | awk '{print $1}')
elif [[ "$OSTYPE" == "darwin"* ]]; then
IMAGE_TAG=$(shasum -a 256 'Dockerfile' | awk '{print $1}')
else
echo "Unsupported OS"
exit 1
fi

# Build the Docker image and tag it with the hash
docker buildx build --no-cache=${BUILDX_NO_CACHE} --platform linux/amd64 -t "${ECR}.dkr.ecr.${ECR_REGION}.amazonaws.com/nativelink-rbe:$IMAGE_TAG" -f 'Dockerfile' .

ecr_login
docker push ${ECR}.dkr.ecr.${ECR_REGION}.amazonaws.com/nativelink-rbe:$IMAGE_TAG

# Output the tag of the built image
echo "Docker image tagged as ${ECR}.dkr.ecr.${ECR_REGION}.amazonaws.com/nativelink-rbe:$IMAGE_TAG"

0 comments on commit 48c671a

Please sign in to comment.