-
Notifications
You must be signed in to change notification settings - Fork 127
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Combine a nix layer ontop of a ubuntu image for easy to use toolchain for building buck2.
- Loading branch information
Adam Singer
committed
Aug 24, 2024
1 parent
c21d59f
commit 9670750
Showing
3 changed files
with
154 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Copyright 2022-2024 The NativeLink Authors. All rights reserved. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da AS dependencies | ||
| # hadolint ignore=DL3009,DL3015 | ||
| RUN apt-get update && DEBIAN_FRONTEND=noninteractive \ | ||
| apt-get install -y \ | ||
| git=1:2.34.1-1ubuntu1.11 \ | ||
| ca-certificates=20230311ubuntu0.22.04.1 \ | ||
| curl=7.81.0-1ubuntu1.17 \ | ||
| xz-utils=5.2.5-2ubuntu1 \ | ||
| python3=3.10.6-1~22.04.1 \ | ||
| unzip=6.0-26ubuntu3.2 && \ | ||
| update-ca-certificates | ||
|
|
||
| RUN curl -L https://go.dev/dl/go1.23.0.linux-amd64.tar.gz -o go1.23.0.linux-amd64.tar.gz | ||
| RUN rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.0.linux-amd64.tar.gz | ||
|
|
||
| RUN curl -L https://nixos.org/nix/install -o install-nix.sh && \ | ||
| sh install-nix.sh --yes --daemon && \ | ||
| rm install-nix.sh | ||
|
|
||
| RUN echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf | ||
|
|
||
| # hadolint ignore=DL3003,DL3059 | ||
| RUN git clone https://github.com/TraceMachina/buck2 | ||
| # hadolint ignore=DL3059,SC2028 | ||
| RUN echo 'if [ -d "/buck2" ]; then\n nix develop "/buck2" --impure --command bash\nfi' >> /etc/profile | ||
| # hadolint ignore=DL3059 | ||
| RUN bash -c 'source /etc/profile && cd buck2 && nix develop' | ||
|
|
||
| # Ensure /etc/profile is always read | ||
| ENTRYPOINT ["bash", "-l"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -xeuo pipefail | ||
|
|
||
| ECR=${ECR:?Error: ECR is not set} | ||
| ECR_PROFILE=${ECR_PROFILE:?Error: ECR_PROFILE is not set} | ||
| ECR_USER=${ECR_USER:?Error: ECR_USER is not set} | ||
| ECR_REGION=${ECR_REGION:?Error: ECR_REGION is not set} | ||
| BUILDX_NO_CACHE=${BUILDX_NO_CACHE:-true} | ||
|
|
||
| SRC_ROOT=$(git rev-parse --show-toplevel) | ||
| FLAKE_NIX_FILE="${SRC_ROOT}/flake.nix" | ||
| echo "WARNING: This script will modify and revert the flake.nix" | ||
| sleep 3 | ||
|
|
||
| function ecr_login() { | ||
| aws ecr get-login-password --profile ${ECR_PROFILE} --region ${ECR_REGION} | docker login --username ${ECR_USER} --password-stdin ${ECR} | ||
| } | ||
|
|
||
| # Build a base image for buck2 actions. | ||
| docker buildx build --no-cache=${BUILDX_NO_CACHE} \ | ||
| --platform linux/amd64 \ | ||
| -t localhost:5001/toolchain-buck2:latest \ | ||
| --push \ | ||
| ${SRC_ROOT}/tools/toolchain-buck2 | ||
|
|
||
| # Parse out the repo digests sha hash to be used as image digest. | ||
| FULL_IMAGE_PATH=$(docker inspect localhost:5001/toolchain-buck2:latest | jq '.[].RepoDigests[0]') | ||
| IMAGE_DIGEST=$(echo $FULL_IMAGE_PATH | awk -F'[@"]' '{print $3}') | ||
| if [ -z "$IMAGE_DIGEST" ]; then | ||
| echo "Unable to parse RepoDigests" | ||
| exit 1 | ||
| fi | ||
|
|
||
| # Capture unpatched flake file for test. | ||
| ORIGINAL_FLAKE_CONTENT=$(cat "${FLAKE_NIX_FILE}") | ||
|
|
||
| # Patch flake.nix with image digest. | ||
| sed -i -E "s|imageDigest = \"\"; # DO NOT COMMIT BUCK2 IMAGE_DIGEST VALUE|imageDigest = \"${IMAGE_DIGEST}\"; # DO NOT COMMIT BUCK2 IMAGE_DIGEST VALUE|" "${FLAKE_NIX_FILE}" | ||
|
|
||
| # Bail if flake wasn't updated | ||
| PATCHED_FLAKE_CONTENT=$(cat "${FLAKE_NIX_FILE}") | ||
| if [ "$ORIGINAL_FLAKE_CONTENT" == "$PATCHED_FLAKE_CONTENT" ]; then | ||
| echo "No changes were made to ${FLAKE_NIX_FILE}" | ||
| exit 1 | ||
| else | ||
| echo "Changes made" | ||
| pushd $SRC_ROOT | ||
| git --no-pager diff "${FLAKE_NIX_FILE}" | ||
| sleep 3 | ||
| popd | ||
| fi | ||
|
|
||
| # Get the sha256 value, this will fail due to empty string in the sha256 field. | ||
| set +o pipefail | ||
| SHA256_HASH=$( | ||
| nix run .#nativelink-worker-toolchain-buck2.copyTo docker://localhost:5001/nativelink-toolchain-buck2:latest -- --dest-tls-verify=false 2>&1 | | ||
| grep "got:" | | ||
| grep -o 'sha256-[^[:space:]]*' | ||
| ) | ||
| set -o pipefail | ||
|
|
||
| # Capture unpatched flake file for test. | ||
| ORIGINAL_FLAKE_CONTENT=$(cat "${FLAKE_NIX_FILE}") | ||
|
|
||
| # Patch flake.nix with sha256 value. | ||
| sed -i -E "s|sha256 = \"\"; # DO NOT COMMIT BUCK2 SHA256 VALUE|sha256 = \"${SHA256_HASH}\"; # DO NOT COMMIT BUCK2 SHA256 VALUE|" "${FLAKE_NIX_FILE}" | ||
|
|
||
| # Bail if flake wasn't updated. | ||
| PATCHED_FLAKE_CONTENT=$(cat "${FLAKE_NIX_FILE}") | ||
| if [ "$ORIGINAL_FLAKE_CONTENT" == "$PATCHED_FLAKE_CONTENT" ]; then | ||
| echo "No changes were made to ${FLAKE_NIX_FILE}" | ||
| exit 1 | ||
| else | ||
| echo "Changes made" | ||
| pushd $SRC_ROOT | ||
| git --no-pager diff "${FLAKE_NIX_FILE}" | ||
| sleep 3 | ||
| popd | ||
| fi | ||
|
|
||
| # Wrap it with nativelink to turn it into a worker. | ||
| nix run .#nativelink-worker-toolchain-buck2.copyTo \ | ||
| docker://localhost:5001/nativelink-toolchain-buck2:latest \ | ||
| -- \ | ||
| --dest-tls-verify=false | ||
|
|
||
| # Pull in to local docker and tag. | ||
| docker pull localhost:5001/nativelink-toolchain-buck2:latest | ||
| docker tag localhost:5001/nativelink-toolchain-buck2:latest ${ECR} | ||
|
|
||
| # Push to ECR. | ||
| ecr_login | ||
| docker push ${ECR} | ||
|
|
||
| # Restore changes. | ||
| git restore "${FLAKE_NIX_FILE}" |