Switch to GHA and GHCR for image building and hosting #31
Conversation
urschrei
force-pushed
the
switch_to_actions
branch
from
a93ac36 to
8e67a75
Compare
urschrei
force-pushed
the
switch_to_actions
branch
from
8e67a75 to
8d39a3d
Compare
|
@michaelkirk This isn't going terribly, but I have two questions:
|
|
The current setup works as follows: For each Rust version in the matrix
We have some images for inspection / testing: https://github.com/orgs/georust/packages?repo_name=docker-images We need to figure out what testing looks like for these images, though. Things like tagging something 'latest' can be done on push of a tag. |
It seems like you've since figured this out - but just to be clear: The build process was not pulling the earlier stages from Docker Hub. They were building and tagging them locally. Once built, the images are available from the local registry. Only after successfully running the tests against the built containers would I push anything to Docker Hub.
With the current system, I can run tests against the new containers before pushing them to be reasonably confident that the work. To maintain that kind of testing, my assumption is we'd clone down the necessary repos (georust/geo, georust/proj) as part of this new CI job, and then run the tests similarly to how they're run now before the containers are pushed to ghcr.io I know this is still WIP, but it'd be helpful to update the README to clarify what the new process for getting up-to-date containers in, e.g., georust/geo CI looks like. And relatedly, is the tagging scheme going to change from what's in the current container build scripts? |
Oh that's a good idea. No clue how I'm gonna make that work in the test step, but I'll see how I fare.
Yeah, I just haven't gotten around to it yet – no point in doing it til we know that this works the way we want. Adding new Rust versions involves updating two matrices in the workflow with the version you want, and updating the |
|
Tests are passing in the built images, and README is updated. Two things:
|
|
(I haven't added the Rust versions 1.70 - 1.75 yet because it will quintuple the test-build cycle) |
It seems like all the container builds are running the same set of tests. e.g. the geo-ci container is running the proj tests, not the georust/geo tests. Probably you can fix this in the workflow file. Another approach would be, rather than having 3 separate "set up RUN_CMD" steps, to instead have a Either would be fine. Also, it seems like we're not longer running the |
urschrei
force-pushed
the
switch_to_actions
branch
from
fe4e78f to
df0ff8e
Compare
|
I coupled the tests to the image name by using a map in the build matrix. Seems to work OK – I couldn't make the external test file work via Regarding the
|
| @@ -30,59 +30,30 @@ number tag as well, e.g. `rust:1.45.1`. Similarly we could publish a new tag | |||
| for each minor patch (`geo-ci:rust-1.50.0`, `geo-ci:rust-1.50.1`, etc.), but | |||
| running CI against each patch seems like overkill at this point. | |||
|
|
|||
| ## How to Update Rust | |||
| **New images are built by Github Actions and published to the Github Container Registry if tests pass** | |||
There was a problem hiding this comment.
The containers are published regardless of if the PR is merged, right? Ideally it'd be nice to not publish until merged into main but it seems non-trivial - building the three downstream containers across different jobs is nice for parallelism, but it means we can't rely on the local registry.
I can live with things as you have them now - but if you can think of an easy way to hold off on publishing until a merge into main, that'd be cool. Otherwise we can leave it for future work.
There was a problem hiding this comment.
GHA now has the ability to trigger a job if a PR is merged.
In order to take advantage of that, we'd have to add a few new moving parts:
- Upload built
libproj-builderx rust versions (for now) images as artifacts - Upload each sub-image x rust version artifact
- On successful merge, download all the above again, then push to the registry.
It can be done, but it'll be easier if we can implement your no-Rust-for-main-image idea first. It will also mean duplicating the rust version and image name matrices because matrices can't be shared between jobs. That strikes me as error-prone, so we might have to explore building matrices from JSON files at job run time.
There was a problem hiding this comment.
My first though was to keep the publish step in the existing workflow, but gate it on a if branch == main check.
I'm happy to follow up with that later though.
There was a problem hiding this comment.
Oh, that might be a lot easier…
.github/workflows/imagebuild.yml
Outdated
|
|
||
| strategy: | ||
| matrix: | ||
| rust_version: [1.77] |
There was a problem hiding this comment.
I wonder if we actually need to specify rust_version for the libprojbuilder - it's not even using rust, right? It's fine to leave it this way for now, since that's how it's always been, but worth considering for future simplification. It'd speed up the build a bit and avoid having to track supported versions in two places.
There was a problem hiding this comment.
Oooh. That's a good point.
There was a problem hiding this comment.
The libproj-builder Docker image does expect a Rust version:
ARG RUST_VERSION
Unless I'm misunderstanding something about how the multi-stage builds work?
|
indeed it does - but I don’t think it’s used for anything. We’d also have to update the dependent stages to reference the new tag for libprojbuilder who can wouldn’t include the rust portion of the tag id
|
Happy to leave this as a follow-up action. |
|
Images for 1.70 (MSRV), 1.76, and 1.77 are now in the registry. |
| @@ -12,6 +12,7 @@ RUN test -n "$PROJ_VERSION" || (echo "PROJ_VERSION ARG not set" && false) | |||
| RUN apt-get update \ | |||
| && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \ | |||
| clang \ | |||
| cmake \ | |||
| @@ -14,6 +14,7 @@ RUN test -n "$PROJ_VERSION" || (echo "PROJ_VERSION ARG not set" && false) | |||
| RUN apt-get update \ | |||
| && DEBIAN_FRONTEND="noninteractive" apt-get install -y \ | |||
| clang \ | |||
| git \ | |||
| @@ -21,6 +21,7 @@ RUN apt-get update \ | |||
| && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \ | |||
| ca-certificates \ | |||
| clang \ | |||
| cmake \ | |||
| @@ -30,59 +30,30 @@ number tag as well, e.g. `rust:1.45.1`. Similarly we could publish a new tag | |||
| for each minor patch (`geo-ci:rust-1.50.0`, `geo-ci:rust-1.50.1`, etc.), but | |||
| running CI against each patch seems like overkill at this point. | |||
|
|
|||
| ## How to Update Rust | |||
| **New images are built by Github Actions and published to the Github Container Registry if tests pass** | |||
There was a problem hiding this comment.
My first though was to keep the publish step in the existing workflow, but gate it on a if branch == main check.
I'm happy to follow up with that later though.
Closes #30