Extract toolchain build from the CI

This commit is contained in:
Quentin 2021-10-28 10:04:14 +02:00
parent cc1caa87fb
commit 93f8d59e4c
Signed by untrusted user: quentin
GPG key ID: A98E9B769E4FF428
6 changed files with 232 additions and 291 deletions

View file

@ -80,38 +80,6 @@ steps:
- nix-build --no-build-output --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT - nix-build --no-build-output --argstr target x86_64-unknown-linux-musl --arg release false --argstr git_version $DRONE_COMMIT
- nix-shell --arg release false --run ./script/test-smoke.sh || (cat /tmp/garage.log; false) - nix-shell --arg release false --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
- name: update cache
image: nixpkgs/nix:nixos-21.05
environment:
AWS_ACCESS_KEY_ID:
from_secret: cache_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cache_aws_secret_access_key
NIX_PRIV_KEY:
from_secret: nix_priv_key
volumes:
- name: nix_store
path: /nix
- name: nix_config
path: /etc/nix
commands:
- (umask 377 && echo $NIX_PRIV_KEY > /etc/nix/signing-key.sec)
- |
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR --include-outputs \
$(nix-build --no-out-link shell.nix --arg release false -A inputDerivation))
- |
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR --include-outputs \
$(nix-instantiate --argstr target x86_64-unknown-linux-musl --argstr compileMode test))
- |
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR --include-outputs \
$(nix-instantiate --argstr target x86_64-unknown-linux-musl --arg release false))
when:
event:
- cron
trigger: trigger:
event: event:
- custom - custom
@ -212,27 +180,6 @@ steps:
commands: commands:
- nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false) - nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
- name: update cache
image: nixpkgs/nix:nixos-21.05
environment:
AWS_ACCESS_KEY_ID:
from_secret: cache_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cache_aws_secret_access_key
NIX_PRIV_KEY:
from_secret: nix_priv_key
volumes:
- name: nix_store
path: /nix
- name: nix_config
path: /etc/nix
commands:
- (umask 377 && echo $NIX_PRIV_KEY > /etc/nix/signing-key.sec)
- |
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR --include-outputs \
$(nix-instantiate --argstr target $TARGET --arg release true))
- name: push static binary - name: push static binary
image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
volumes: volumes:
@ -276,115 +223,94 @@ trigger:
node: node:
nix: 1 nix: 1
# --- ---
# kind: pipeline kind: pipeline
# type: docker type: docker
# name: release-linux-i686 name: release-linux-i686
#
# volumes: volumes:
# - name: nix_store - name: nix_store
# host: host:
# path: /var/lib/drone/nix path: /var/lib/drone/nix
# - name: nix_config - name: nix_config
# temp: {} temp: {}
#
# environment: environment:
# TARGET: i686-unknown-linux-musl TARGET: i686-unknown-linux-musl
#
# steps: steps:
# - name: setup nix - name: setup nix
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# volumes: volumes:
# - name: nix_store - name: nix_store
# path: /nix path: /nix
# - name: nix_config - name: nix_config
# path: /etc/nix path: /etc/nix
# commands: commands:
# - cp nix/nix.conf /etc/nix/nix.conf - cp nix/nix.conf /etc/nix/nix.conf
# - nix-build --no-build-output --no-out-link shell.nix -A inputDerivation - nix-build --no-build-output --no-out-link shell.nix -A inputDerivation
#
# - name: build - name: build
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# volumes: volumes:
# - name: nix_store - name: nix_store
# path: /nix path: /nix
# - name: nix_config - name: nix_config
# path: /etc/nix path: /etc/nix
# commands: commands:
# - nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT - nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
#
# - name: integration - name: integration
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# volumes: volumes:
# - name: nix_store - name: nix_store
# path: /nix path: /nix
# - name: nix_config - name: nix_config
# path: /etc/nix path: /etc/nix
# commands: commands:
# - nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false) - nix-shell --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
#
# - name: update cache - name: push static binary
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# environment: volumes:
# AWS_ACCESS_KEY_ID: - name: nix_store
# from_secret: cache_aws_access_key_id path: /nix
# AWS_SECRET_ACCESS_KEY: - name: nix_config
# from_secret: cache_aws_secret_access_key path: /etc/nix
# NIX_PRIV_KEY: environment:
# from_secret: nix_priv_key AWS_ACCESS_KEY_ID:
# volumes: from_secret: garagehq_aws_access_key_id
# - name: nix_store AWS_SECRET_ACCESS_KEY:
# path: /nix from_secret: garagehq_aws_secret_access_key
# - name: nix_config commands:
# path: /etc/nix - nix-shell --arg rust false --arg integration false --run "to_s3"
# commands:
# - (umask 377 && echo $NIX_PRIV_KEY > /etc/nix/signing-key.sec) - name: docker build and publish
# - | image: nixpkgs/nix:nixos-21.05
# nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \ volumes:
# $(nix-store -qR --include-outputs \ - name: nix_store
# $(nix-instantiate --argstr target $TARGET --arg release true)) path: /nix
# - name: nix_config
# - name: push static binary path: /etc/nix
# image: nixpkgs/nix:nixos-21.05 environment:
# volumes: DOCKER_AUTH:
# - name: nix_store from_secret: docker_auth
# path: /nix DOCKER_PLATFORM: "linux/386"
# - name: nix_config CONTAINER_NAME: "dxflrs/386_garage"
# path: /etc/nix HOME: "/kaniko"
# environment: commands:
# AWS_ACCESS_KEY_ID: - mkdir -p /kaniko/.docker
# from_secret: garagehq_aws_access_key_id - echo $DOCKER_AUTH > /kaniko/.docker/config.json
# AWS_SECRET_ACCESS_KEY: - export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
# from_secret: garagehq_aws_secret_access_key - nix-shell --arg rust false --arg integration false --run "to_docker"
# commands:
# - nix-shell --arg rust false --arg integration false --run "to_s3" trigger:
# event:
# - name: docker build and publish - promote
# image: nixpkgs/nix:nixos-21.05 - cron
# volumes:
# - name: nix_store node:
# path: /nix nix: 1
# - name: nix_config
# path: /etc/nix
# environment:
# DOCKER_AUTH:
# from_secret: docker_auth
# DOCKER_PLATFORM: "linux/386"
# CONTAINER_NAME: "dxflrs/386_garage"
# HOME: "/kaniko"
# commands:
# - mkdir -p /kaniko/.docker
# - echo $DOCKER_AUTH > /kaniko/.docker/config.json
# - export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
# - nix-shell --arg rust false --arg integration false --run "to_docker"
#
# trigger:
# event:
# - promote
# - cron
#
# node:
# nix: 1
--- ---
kind: pipeline kind: pipeline
@ -423,27 +349,6 @@ steps:
commands: commands:
- nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT - nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
- name: update cache
image: nixpkgs/nix:nixos-21.05
environment:
AWS_ACCESS_KEY_ID:
from_secret: cache_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cache_aws_secret_access_key
NIX_PRIV_KEY:
from_secret: nix_priv_key
volumes:
- name: nix_store
path: /nix
- name: nix_config
path: /etc/nix
commands:
- (umask 377 && echo $NIX_PRIV_KEY > /etc/nix/signing-key.sec)
- |
nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR --include-outputs \
$(nix-instantiate --argstr target $TARGET --arg release true))
- name: push static binary - name: push static binary
image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
volumes: volumes:
@ -486,105 +391,84 @@ trigger:
node: node:
nix: 1 nix: 1
# --- ---
# kind: pipeline kind: pipeline
# type: docker type: docker
# name: release-linux-armv6l name: release-linux-armv6l
#
# volumes: volumes:
# - name: nix_store - name: nix_store
# host: host:
# path: /var/lib/drone/nix path: /var/lib/drone/nix
# - name: nix_config - name: nix_config
# temp: {} temp: {}
#
# environment: environment:
# TARGET: armv6l-unknown-linux-musleabihf TARGET: armv6l-unknown-linux-musleabihf
#
# steps: steps:
# - name: setup nix - name: setup nix
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# volumes: volumes:
# - name: nix_store - name: nix_store
# path: /nix path: /nix
# - name: nix_config - name: nix_config
# path: /etc/nix path: /etc/nix
# commands: commands:
# - cp nix/nix.conf /etc/nix/nix.conf - cp nix/nix.conf /etc/nix/nix.conf
# - nix-build --no-build-output --no-out-link --arg rust false --arg integration false -A inputDerivation - nix-build --no-build-output --no-out-link --arg rust false --arg integration false -A inputDerivation
#
# - name: build - name: build
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# volumes: volumes:
# - name: nix_store - name: nix_store
# path: /nix path: /nix
# - name: nix_config - name: nix_config
# path: /etc/nix path: /etc/nix
# commands: commands:
# - nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT - nix-build --no-build-output --argstr target $TARGET --arg release true --argstr git_version $DRONE_COMMIT
#
# - name: update cache - name: push static binary
# image: nixpkgs/nix:nixos-21.05 image: nixpkgs/nix:nixos-21.05
# environment: volumes:
# AWS_ACCESS_KEY_ID: - name: nix_store
# from_secret: cache_aws_access_key_id path: /nix
# AWS_SECRET_ACCESS_KEY: - name: nix_config
# from_secret: cache_aws_secret_access_key path: /etc/nix
# NIX_PRIV_KEY: environment:
# from_secret: nix_priv_key AWS_ACCESS_KEY_ID:
# volumes: from_secret: garagehq_aws_access_key_id
# - name: nix_store AWS_SECRET_ACCESS_KEY:
# path: /nix from_secret: garagehq_aws_secret_access_key
# - name: nix_config commands:
# path: /etc/nix - nix-shell --arg integration false --arg rust false --run "to_s3"
# commands:
# - (umask 377 && echo $NIX_PRIV_KEY > /etc/nix/signing-key.sec) - name: docker build and publish
# - | image: nixpkgs/nix:nixos-21.05
# nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \ volumes:
# $(nix-store -qR --include-outputs \ - name: nix_store
# $(nix-instantiate --argstr target $TARGET --arg release true)) path: /nix
# - name: nix_config
# - name: push static binary path: /etc/nix
# image: nixpkgs/nix:nixos-21.05 environment:
# volumes: DOCKER_AUTH:
# - name: nix_store from_secret: docker_auth
# path: /nix DOCKER_PLATFORM: "linux/arm"
# - name: nix_config CONTAINER_NAME: "dxflrs/arm_garage"
# path: /etc/nix HOME: "/kaniko"
# environment: commands:
# AWS_ACCESS_KEY_ID: - mkdir -p /kaniko/.docker
# from_secret: garagehq_aws_access_key_id - echo $DOCKER_AUTH > /kaniko/.docker/config.json
# AWS_SECRET_ACCESS_KEY: - export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
# from_secret: garagehq_aws_secret_access_key - nix-shell --arg rust false --arg integration false --run "to_docker"
# commands:
# - nix-shell --arg integration false --arg rust false --run "to_s3" trigger:
# event:
# - name: docker build and publish - promote
# image: nixpkgs/nix:nixos-21.05 - cron
# volumes:
# - name: nix_store node:
# path: /nix nix: 1
# - name: nix_config
# path: /etc/nix
# environment:
# DOCKER_AUTH:
# from_secret: docker_auth
# DOCKER_PLATFORM: "linux/arm"
# CONTAINER_NAME: "dxflrs/arm_garage"
# HOME: "/kaniko"
# commands:
# - mkdir -p /kaniko/.docker
# - echo $DOCKER_AUTH > /kaniko/.docker/config.json
# - export CONTAINER_TAG=${DRONE_TAG:-$DRONE_COMMIT}
# - nix-shell --arg rust false --arg integration false --run "to_docker"
#
# trigger:
# event:
# - promote
# - cron
#
# node:
# nix: 1
--- ---
kind: pipeline kind: pipeline
@ -613,9 +497,9 @@ steps:
depends_on: depends_on:
- release-linux-x86_64 - release-linux-x86_64
#- release-linux-i686 - release-linux-i686
- release-linux-aarch64 - release-linux-aarch64
#- release-linux-armv6l - release-linux-armv6l
trigger: trigger:
event: event:

View file

@ -4,4 +4,4 @@ ENV RUST_BACKTRACE=1
ENV RUST_LOG=garage=info ENV RUST_LOG=garage=info
COPY result/bin/garage / COPY result/bin/garage /
CMD [ "/garage", "server", "-c", "config.toml"] CMD [ "/garage", "server"]

View file

@ -92,10 +92,21 @@ caching our development dependencies.
*Currently there is no automatic garbage collection of the cache: we should monitor its growth. *Currently there is no automatic garbage collection of the cache: we should monitor its growth.
Hopefully, we can erase it totally without breaking any build, the next build will only be slower.* Hopefully, we can erase it totally without breaking any build, the next build will only be slower.*
In practise, we concluded that we do not want to cache all the compilation dependencies.
Instead, we want to cache the toolchain we use to build Garage each time we change it.
So we removed from Drone any automatic update of the cache and instead handle them manually with:
```
source ~/.awsrc
nix-shell --run 'refresh_toolchain'
```
Internally, it will run `nix-build` on `nix/toolchain.nix` and send the output plus its depedencies to the cache.
To erase the cache: To erase the cache:
``` ```
mc rm --recursive --force 'garage/nix/*' mc rm --recursive --force 'garage/nix/'
``` ```
### Publishing Garage ### Publishing Garage

View file

@ -2,6 +2,3 @@ substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs= trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
max-jobs = auto max-jobs = auto
cores = 4 cores = 4
# required for containers
sandbox = false

29
nix/toolchain.nix Normal file
View file

@ -0,0 +1,29 @@
{
system ? builtins.currentSystem,
}:
with import ./common.nix;
let
platforms = [
"x86_64-unknown-linux-musl"
"i686-unknown-linux-musl"
"aarch64-unknown-linux-musl"
"armv6l-unknown-linux-musleabihf"
];
pkgsList = builtins.map (target: import pkgsSrc {
inherit system;
crossSystem = { config = target; };
}) platforms;
pkgsHost = import pkgsSrc {};
lib = pkgsHost.lib;
kaniko = (import ./kaniko.nix) pkgsHost;
in
lib.flatten (builtins.map (pkgs: [
pkgs.rustPlatform.rust.rustc
pkgs.rustPlatform.rust.cargo
pkgs.buildPackages.stdenv.cc
]) pkgsList) ++ [
kaniko
]

View file

@ -55,6 +55,13 @@ function refresh_index {
result \ result \
s3://garagehq.deuxfleurs.fr/_releases.html s3://garagehq.deuxfleurs.fr/_releases.html
} }
function refresh_toolchain {
nix copy \
--to 's3://nix?endpoint=garage.deuxfleurs.fr&region=garage&secret-key=/etc/nix/signing-key.sec' \
$(nix-store -qR \
$(nix-build --quiet --no-build-output --no-out-link nix/toolchain.nix))
}
''; '';
nativeBuildInputs = nativeBuildInputs =
@ -66,8 +73,21 @@ function refresh_index {
/*(pkgs.callPackage cargo2nix {}).package*/ /*(pkgs.callPackage cargo2nix {}).package*/
] else []) ] else [])
++ ++
(if integration then [ pkgs.s3cmd pkgs.awscli2 pkgs.minio-client pkgs.rclone pkgs.socat pkgs.psmisc pkgs.which ] else []) (if integration then [
pkgs.s3cmd
pkgs.awscli2
pkgs.minio-client
pkgs.rclone
pkgs.socat
pkgs.psmisc
pkgs.which
pkgs.openssl
pkgs.curl
] else [])
++ ++
(if release then [ pkgs.awscli2 kaniko ] else []) (if release then [
pkgs.awscli2
kaniko
] else [])
; ;
} }