From 9ae1328a13fac31f0a020b3f23528f0e2fae3515 Mon Sep 17 00:00:00 2001 From: "Sean T. Allen" Date: Sat, 18 Oct 2025 23:05:24 -0400 Subject: [PATCH] Speed up building the LibreSSL 4.2.0 builder We have split it off into doing a build on the native platform and added the arch to the tag that is pushed and then combined them together using another command to merge them. --- .github/workflows/pr.yml | 2 +- .../workflows/rebuild-ponyc-based-images.yml | 76 ++++++++++++++++++- .../build-and-push.bash | 15 +++- .../combine-images.bash | 39 ++++++++++ 4 files changed, 123 insertions(+), 9 deletions(-) create mode 100644 standard-builder-with-libressl-4.2.0/combine-images.bash diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index fc9c9a4..2c3a488 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -119,7 +119,7 @@ jobs: # v3.10.0 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 - name: Test build - run: "docker buildx build --platform linux/arm64,linux/amd64 --pull --file=standard-builder-with-libressl-4.2.0/Dockerfile ." + run: "docker buildx build --pull --file=standard-builder-with-libressl-4.2.0/Dockerfile ." validate-standard-builder-with-openssl-3_6_0-builds: name: Validate standard builder with openssl 3.6.0 image builds diff --git a/.github/workflows/rebuild-ponyc-based-images.yml b/.github/workflows/rebuild-ponyc-based-images.yml index 4e833d4..ab02f8d 100644 --- a/.github/workflows/rebuild-ponyc-based-images.yml +++ b/.github/workflows/rebuild-ponyc-based-images.yml @@ -47,15 +47,15 @@ jobs: topic: ${{ github.repository }} scheduled job failure content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed. - standard-builder-with-libressl_4_2_0: + standard-builder-with-libressl_4_2_0-amd64: needs: - standard-builder - name: Update standard-builder-with-libressl-4.2.0 + name: Update standard-builder-with-libressl-4.2.0 on amd64 runs-on: ubuntu-latest concurrency: - group: standard-builder-with-libressl_4_2_0 + group: standard-builder-with-libressl_4_2_0-amd64 cancel-in-progress: true steps: @@ -81,6 +81,74 @@ jobs: topic: ${{ github.repository }} scheduled job failure content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed. + standard-builder-with-libressl_4_2_0-arm64: + needs: + - standard-builder + + name: Update standard-builder-with-libressl-4.2.0 on arm64 + runs-on: ubuntu-24.04-arm + + concurrency: + group: standard-builder-with-libressl_4_2_0-arm + cancel-in-progress: true + + steps: + - uses: actions/checkout@v4.1.1 + - name: Login to GitHub Container Registry + # v2.2.0 + uses: docker/login-action@5139682d94efc37792e6b54386b5b470a68a4737 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push + run: bash standard-builder-with-libressl-4.2.0/build-and-push.bash + - name: Send alert on failure + if: ${{ failure() }} + uses: zulip/github-actions-zulip/send-message@e4c8f27c732ba9bd98ac6be0583096dea82feea5 + with: + api-key: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_API_KEY }} + email: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_EMAIL }} + organization-url: 'https://ponylang.zulipchat.com/' + to: notifications + type: stream + topic: ${{ github.repository }} scheduled job failure + content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed. + + merge-standard-builder-with-libressl_4_2_0: + needs: + - standard-builder-with-libressl_4_2_0-amd64 + - standard-builder-with-libressl_4_2_0-arm64 + + name: Create merged standard-builder-with-libressl_4_2_0 + runs-on: ubuntu-latest + + concurrency: + group: merge-standard-builder-with-libressl_4_2_0 + cancel-in-progress: true + + steps: + - name: Login to GitHub Container Registry + # v2.2.0 + uses: docker/login-action@5139682d94efc37792e6b54386b5b470a68a4737 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Merge + run: bash standard-builder-with-libressl-4.2.0/combine-images.bash + - name: Send alert on failure + if: ${{ failure() }} + uses: zulip/github-actions-zulip/send-message@e4c8f27c732ba9bd98ac6be0583096dea82feea5 + with: + api-key: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_API_KEY }} + email: ${{ secrets.ZULIP_SCHEDULED_JOB_FAILURE_EMAIL }} + organization-url: 'https://ponylang.zulipchat.com/' + to: notifications + type: stream + topic: ${{ github.repository }} scheduled job failure + content: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} failed. + standard-builder-with-openssl_3_6_0: needs: - standard-builder @@ -288,7 +356,7 @@ jobs: send-builders-updated-event: needs: - standard-builder - - standard-builder-with-libressl_4_2_0 + - merge-standard-builder-with-libressl_4_2_0 - standard-builder-with-openssl_3_6_0 - x86-64-unknown-linux-builder-with-libressl_3_9_2 - x86-64-unknown-linux-builder-with-openssl_1_1_1w diff --git a/standard-builder-with-libressl-4.2.0/build-and-push.bash b/standard-builder-with-libressl-4.2.0/build-and-push.bash index e1db626..7f24f12 100644 --- a/standard-builder-with-libressl-4.2.0/build-and-push.bash +++ b/standard-builder-with-libressl-4.2.0/build-and-push.bash @@ -8,6 +8,13 @@ set -o nounset # this *** # +ARCH=$(uname -m) +case "${ARCH}" in + x86_64) ARCH_TAG="amd64" ;; + aarch64|arm64) ARCH_TAG="arm64" ;; + *) ARCH_TAG="unknown" ;; +esac + DOCKERFILE_DIR="$(dirname "$0")" BUILDER="standard-builder-with-libressl-4.2.0-$(date +%s)" NAME="ghcr.io/ponylang/shared-docker-ci-standard-builder-with-libressl-4.2.0" @@ -15,13 +22,13 @@ NAME="ghcr.io/ponylang/shared-docker-ci-standard-builder-with-libressl-4.2.0" echo "Building nightly image from standard-builder nightly tag" docker buildx create --use --name "${BUILDER}" docker buildx build --provenance false --sbom false \ - --platform linux/arm64,linux/amd64 --pull --push --build-arg \ - FROM_TAG="nightly" -t "${NAME}:nightly" "${DOCKERFILE_DIR}" + --pull --push --build-arg \ + FROM_TAG="nightly" -t "${NAME}:nightly-${ARCH_TAG}" "${DOCKERFILE_DIR}" docker buildx rm "${BUILDER}" echo "Building release image from standard-builder release tag" docker buildx create --use --name "${BUILDER}" docker buildx build --provenance false --sbom false \ - --platform linux/arm64,linux/amd64 --pull --push --build-arg \ - FROM_TAG="release" -t "${NAME}:release" "${DOCKERFILE_DIR}" + --pull --push --build-arg \ + FROM_TAG="release" -t "${NAME}:release-${ARCH_TAG}" "${DOCKERFILE_DIR}" docker buildx rm "${BUILDER}" diff --git a/standard-builder-with-libressl-4.2.0/combine-images.bash b/standard-builder-with-libressl-4.2.0/combine-images.bash new file mode 100644 index 0000000..ce4bc72 --- /dev/null +++ b/standard-builder-with-libressl-4.2.0/combine-images.bash @@ -0,0 +1,39 @@ +#!/bin/bash +set -euo pipefail + +NAME="ghcr.io/ponylang/shared-docker-ci-standard-builder-with-libressl-4.2.0" + +sources=() + +# function to check if an image exists +check_image() { + local image="$1" + if docker manifest inspect "$image" > /dev/null 2>&1; then + echo "Image exists: $image" + sources+=("$image") + else + echo "Image not found: $image" + fi +} + +merge_images() { + local TAG="$1" + echo "Checking available architecture images for ${NAME}:$TAG" + + check_image "${NAME}:${TAG}-amd64" + check_image "${NAME}:${TAG}-arm64" + + if [ ${#sources[@]} -eq 0 ]; then + echo "No images found for merging, skipping." + return 0 + fi + + echo "Combining images into manifest tag: ${NAME}:${TAG}" + docker manifest create "${NAME}:${TAG}" "${sources[@]}" + docker manifest push "${NAME}:${TAG}" + + echo "Manifest created successfully." +} + +merge_images "nightly" +merge_images "release"