feat: Faster Fargate startups with SOCI (#499)

Build and push SOCI indexes so Fargate can start our runners faster. Technically only Fargate supports it now. But it's easier to just always build it. Plus ECS and Lambda may support it in the future. That's why we build it for all providers. This commit also updates CodeBuild image builder to Amazon Linux 2023. Prior to this we were on Ubuntu for x64 and Amazon Linux 2 for arm64. Previous iterations of this PR required this for containerd, but the current one doesn't require it. Still I kept it here to keep the image build environment consistent between platforms. Resolves #389 Relates #438
CloudSnorkel · Feb 19, 2024 · 753b6a4 · 753b6a4
1 parent b4ce693
commit 753b6a4
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 30 deletions.
diff --git a/API.md b/API.md
diff --git a/src/image-builders/codebuild.ts b/src/image-builders/codebuild.ts
@@ -39,7 +39,7 @@ export interface CodeBuildRunnerImageBuilderProps {
    *
    * The only action taken in CodeBuild is running `docker build`. You would therefore not need to change this setting often.
    *
-   * @default Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
+   * @default Amazon Linux 2023
    */
   readonly buildImage?: codebuild.IBuildImage;
 
@@ -111,6 +111,12 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase {
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteImages: true,
       lifecycleRules: [
+        {
+          description: 'Remove soci indexes for replaced images',
+          tagStatus: TagStatus.TAGGED,
+          tagPrefixList: ['sha256-'],
+          maxImageCount: 1,
+        },
         {
           description: 'Remove untagged images that have been replaced by CodeBuild',
           tagStatus: TagStatus.UNTAGGED,
@@ -189,9 +195,9 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase {
     if (this.os.is(Os.LINUX_UBUNTU) || this.os.is(Os.LINUX_AMAZON_2) || this.os.is(Os.LINUX_AMAZON_2023) || this.os.is(Os.LINUX)) {
       // CodeBuild just runs `docker build` so its OS doesn't really matter
       if (this.architecture.is(Architecture.X86_64)) {
-        return codebuild.LinuxBuildImage.STANDARD_6_0;
+        return codebuild.LinuxBuildImage.AMAZON_LINUX_2_5;
       } else if (this.architecture.is(Architecture.ARM64)) {
-        return codebuild.LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0;
+        return codebuild.LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_3_0;
       }
     }
     if (this.os.is(Os.WINDOWS)) {
@@ -250,6 +256,15 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase {
   private getBuildSpec(repository: ecr.Repository): codebuild.BuildSpec {
     const thisStack = cdk.Stack.of(this);
 
+    let archUrl;
+    if (this.architecture.is(Architecture.X86_64)) {
+      archUrl = 'x86_64';
+    } else if (this.architecture.is(Architecture.ARM64)) {
+      archUrl = 'arm64';
+    } else {
+      throw new Error(`Unsupported architecture for required CodeBuild: ${this.architecture.name}`);
+    }
+
     return codebuild.BuildSpec.fromObject({
       version: '0.2',
       env: {
@@ -296,6 +311,12 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase {
               '}\n' +
               'EOF',
             'if [ "$RESPONSE_URL" != "unspecified" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H "Content-Type:" -d "@/tmp/payload.json" "$RESPONSE_URL"; fi',
+            // generate and push soci index
+            // we do this after finishing the build, so we don't have to wait. it's also not required, so it's ok if it fails
+            'docker rmi "$REPO_URI"', // it downloads the image again to /tmp, so save on space
+            'LATEST_SOCI_VERSION=`curl -w "%{redirect_url}" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE "[^/]+$"`',
+            `curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/$\{LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_${archUrl}.tar.gz | tar xz`,
+            './standalone-soci-indexer "$REPO_URI"',
           ],
         },
       },

diff --git a/test/default.integ.snapshot/github-runners-test.assets.json b/test/default.integ.snapshot/github-runners-test.assets.json
@@ -235,15 +235,15 @@
         }
       }
     },
-    "69a02763bb60b5f7e6b1e4ec776b10f3d89a63dded64e7e82a3304f6d7aef6f2": {
+    "5f2631639a35b077e04ba77c64a9a1b3c08ea098e9d67ac8d48eec6f4a55cca9": {
       "source": {
         "path": "github-runners-test.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "69a02763bb60b5f7e6b1e4ec776b10f3d89a63dded64e7e82a3304f6d7aef6f2.json",
+          "objectKey": "5f2631639a35b077e04ba77c64a9a1b3c08ea098e9d67ac8d48eec6f4a55cca9.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }