From 2d07385e81011dbe0d24463035f602e3fc9329cc Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 26 Nov 2021 15:49:30 +0100 Subject: [PATCH] Pull public staging images to scan and release This change pulls images from public staging repositories to scan and release. This ensures that the bits built and tested in public CI (off the master branch, for example) match those scanned and released. This also serves to reduce the load on our internal CI runners as these don't have to store artifacts and build images. Two CI variables: STAGING_REGISTRY and STAGING_VERSION are used to control which image is pulled for release, with the latter defaulting to the CI_COMMIT_SHORT_SHA. Signed-off-by: Evan Lezar --- .common-ci.yml | 319 ------------------------------------------------- .gitlab-ci.yml | 319 +++++++++++++++++++++++++++++++++++++++++++++++++ .nvidia-ci.yml | 52 ++++++++ 3 files changed, 371 insertions(+), 319 deletions(-) diff --git a/.common-ci.yml b/.common-ci.yml index 3343bcc2..bfd50503 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -34,69 +34,6 @@ stages: - release - build-all -build-dev-image: - stage: image - script: - - apk --no-cache add make bash - - make .build-image - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" - - make .push-build-image - -.requires-build-image: - image: "${BUILDIMAGE}" - -.go-check: - extends: - - .requires-build-image - stage: go-checks - -fmt: - extends: - - .go-check - script: - - make assert-fmt - -vet: - extends: - - .go-check - script: - - make vet - -lint: - extends: - - .go-check - script: - - make lint - allow_failure: true - -ineffassign: - extends: - - .go-check - script: - - make ineffassign - allow_failure: true - -misspell: - extends: - - .go-check - script: - - make misspell - -go-build: - extends: - - .requires-build-image - stage: go-build - script: - - make build - -unit-tests: - extends: - - .requires-build-image - stage: unit-tests - script: - - make coverage - - # Define the distribution targets .dist-amazonlinux1: variables: @@ -163,206 +100,6 @@ unit-tests: variables: ARCH: x86_64 -# Define the package build helpers -.multi-arch-build: - before_script: - - apk add --no-cache coreutils build-base sed git bash make - - '[[ -n "${SKIP_QEMU_SETUP}" ]] || docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes' - -.package-artifacts: - variables: - ARTIFACTS_NAME: "toolkit-container-${CI_PIPELINE_ID}" - ARTIFACTS_ROOT: "toolkit-container-${CI_PIPELINE_ID}" - DIST_DIR: ${CI_PROJECT_DIR}/${ARTIFACTS_ROOT} - -.package-build: - extends: - - .multi-arch-build - - .package-artifacts - stage: package-build - script: - - ./scripts/release.sh ${DIST}-${ARCH} - - artifacts: - name: ${ARTIFACTS_NAME} - paths: - - ${ARTIFACTS_ROOT} - -# Define the package build targets -package-amazonlinux1-x86_64: - extends: - - .package-build - - .dist-amazonlinux1 - - .arch-x86_64 - -package-amazonlinux2-aarch64: - extends: - - .package-build - - .dist-amazonlinux2 - - .arch-aarch64 - -package-amazonlinux2-x86_64: - extends: - - .package-build - - .dist-amazonlinux2 - - .arch-x86_64 - -package-centos7-ppc64le: - extends: - - .package-build - - .dist-centos7 - - .arch-ppc64le - -package-centos7-x86_64: - extends: - - .package-build - - .dist-centos7 - - .arch-x86_64 - -package-centos8-aarch64: - extends: - - .package-build - - .dist-centos8 - - .arch-aarch64 - -package-centos8-ppc64le: - extends: - - .package-build - - .dist-centos8 - - .arch-ppc64le - -package-centos8-x86_64: - extends: - - .package-build - - .dist-centos8 - - .arch-x86_64 - -package-debian10-amd64: - extends: - - .package-build - - .dist-debian10 - - .arch-amd64 - -package-debian9-amd64: - extends: - - .package-build - - .dist-debian9 - - .arch-amd64 - -package-opensuse-leap15.1-x86_64: - extends: - - .package-build - - .dist-opensuse-leap15.1 - - .arch-x86_64 - -package-ubuntu16.04-amd64: - extends: - - .package-build - - .dist-ubuntu16.04 - - .arch-amd64 - -package-ubuntu16.04-ppc64le: - extends: - - .package-build - - .dist-ubuntu16.04 - - .arch-ppc64le - -package-ubuntu18.04-amd64: - extends: - - .package-build - - .dist-ubuntu18.04 - - .arch-amd64 - -package-ubuntu18.04-arm64: - extends: - - .package-build - - .dist-ubuntu18.04 - - .arch-arm64 - -package-ubuntu18.04-ppc64le: - extends: - - .package-build - - .dist-ubuntu18.04 - - .arch-ppc64le - -# Define the image build targets -.image-build: - stage: image-build - variables: - IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit" - VERSION: "${CI_COMMIT_SHORT_SHA}" - before_script: - - apk add --no-cache bash make - - 'echo "Logging in to CI registry ${CI_REGISTRY}"' - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" - script: - - make -f build/container/Makefile build-${DIST} - - make -f build/container/Makefile push-${DIST} - -image-centos7: - extends: - - .image-build - - .package-artifacts - - .dist-centos7 - needs: - - package-centos7-ppc64le - - package-centos7-x86_64 - -image-centos8: - extends: - - .image-build - - .package-artifacts - - .dist-centos8 - needs: - - package-centos8-aarch64 - - package-centos8-x86_64 - - package-centos8-ppc64le - -image-ubi8: - extends: - - .image-build - - .package-artifacts - - .dist-ubi8 - needs: - # Note: The ubi8 image currently uses the centos7 packages - - package-centos7-ppc64le - - package-centos7-x86_64 - -image-ubuntu18.04: - extends: - - .image-build - - .package-artifacts - - .dist-ubuntu18.04 - needs: - - package-ubuntu18.04-amd64 - - package-ubuntu18.04-arm64 - - package-ubuntu18.04-ppc64le - -# The DIST=packaging target creates an image containing all built packages -image-packaging: - extends: - - .image-build - - .package-artifacts - - .dist-packaging - needs: - - package-amazonlinux1-x86_64 - - package-amazonlinux2-aarch64 - - package-amazonlinux2-x86_64 - - package-centos7-ppc64le - - package-centos7-x86_64 - - package-centos8-aarch64 - - package-centos8-ppc64le - - package-centos8-x86_64 - - package-debian10-amd64 - - package-debian9-amd64 - - package-opensuse-leap15.1-x86_64 - - package-ubuntu16.04-amd64 - - package-ubuntu16.04-ppc64le - - package-ubuntu18.04-amd64 - - package-ubuntu18.04-arm64 - - package-ubuntu18.04-ppc64le - - # Define test helpers .integration: stage: test @@ -376,63 +113,7 @@ image-packaging: script: - make -f build/container/Makefile test-${DIST} -.test:toolkit: - extends: - - .integration - variables: - TEST_CASES: "toolkit" - -.test:docker: - extends: - - .integration - variables: - TEST_CASES: "docker" - -.test:containerd: - # TODO: The containerd tests fail due to issues with SIGHUP. - # Until this is resolved with retry up to twice and allow failure here. - retry: 2 - allow_failure: true - extends: - - .integration - variables: - TEST_CASES: "containerd" - -.test:crio: - extends: - - .integration - variables: - TEST_CASES: "crio" - # Define the test targets -test-toolkit-ubuntu18.04: - extends: - - .test:toolkit - - .dist-ubuntu18.04 - needs: - - image-ubuntu18.04 - -test-containerd-ubuntu18.04: - extends: - - .test:containerd - - .dist-ubuntu18.04 - needs: - - image-ubuntu18.04 - -test-crio-ubuntu18.04: - extends: - - .test:crio - - .dist-ubuntu18.04 - needs: - - image-ubuntu18.04 - -test-docker-ubuntu18.04: - extends: - - .test:docker - - .dist-ubuntu18.04 - needs: - - image-ubuntu18.04 - test-packaging: extends: - .integration diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 81d2abfb..f716cae0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,6 +15,325 @@ include: - .common-ci.yml +build-dev-image: + stage: image + script: + - apk --no-cache add make bash + - make .build-image + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" + - make .push-build-image + +.requires-build-image: + image: "${BUILDIMAGE}" + +.go-check: + extends: + - .requires-build-image + stage: go-checks + +fmt: + extends: + - .go-check + script: + - make assert-fmt + +vet: + extends: + - .go-check + script: + - make vet + +lint: + extends: + - .go-check + script: + - make lint + allow_failure: true + +ineffassign: + extends: + - .go-check + script: + - make ineffassign + allow_failure: true + +misspell: + extends: + - .go-check + script: + - make misspell + +go-build: + extends: + - .requires-build-image + stage: go-build + script: + - make build + +unit-tests: + extends: + - .requires-build-image + stage: unit-tests + script: + - make coverage + +# Define the package build helpers +.multi-arch-build: + before_script: + - apk add --no-cache coreutils build-base sed git bash make + - '[[ -n "${SKIP_QEMU_SETUP}" ]] || docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes' + +.package-artifacts: + variables: + ARTIFACTS_NAME: "toolkit-container-${CI_PIPELINE_ID}" + ARTIFACTS_ROOT: "toolkit-container-${CI_PIPELINE_ID}" + DIST_DIR: ${CI_PROJECT_DIR}/${ARTIFACTS_ROOT} + +.package-build: + extends: + - .multi-arch-build + - .package-artifacts + stage: package-build + script: + - ./scripts/release.sh ${DIST}-${ARCH} + + artifacts: + name: ${ARTIFACTS_NAME} + paths: + - ${ARTIFACTS_ROOT} + +# Define the package build targets +package-amazonlinux1-x86_64: + extends: + - .package-build + - .dist-amazonlinux1 + - .arch-x86_64 + +package-amazonlinux2-aarch64: + extends: + - .package-build + - .dist-amazonlinux2 + - .arch-aarch64 + +package-amazonlinux2-x86_64: + extends: + - .package-build + - .dist-amazonlinux2 + - .arch-x86_64 + +package-centos7-ppc64le: + extends: + - .package-build + - .dist-centos7 + - .arch-ppc64le + +package-centos7-x86_64: + extends: + - .package-build + - .dist-centos7 + - .arch-x86_64 + +package-centos8-aarch64: + extends: + - .package-build + - .dist-centos8 + - .arch-aarch64 + +package-centos8-ppc64le: + extends: + - .package-build + - .dist-centos8 + - .arch-ppc64le + +package-centos8-x86_64: + extends: + - .package-build + - .dist-centos8 + - .arch-x86_64 + +package-debian10-amd64: + extends: + - .package-build + - .dist-debian10 + - .arch-amd64 + +package-debian9-amd64: + extends: + - .package-build + - .dist-debian9 + - .arch-amd64 + +package-opensuse-leap15.1-x86_64: + extends: + - .package-build + - .dist-opensuse-leap15.1 + - .arch-x86_64 + +package-ubuntu16.04-amd64: + extends: + - .package-build + - .dist-ubuntu16.04 + - .arch-amd64 + +package-ubuntu16.04-ppc64le: + extends: + - .package-build + - .dist-ubuntu16.04 + - .arch-ppc64le + +package-ubuntu18.04-amd64: + extends: + - .package-build + - .dist-ubuntu18.04 + - .arch-amd64 + +package-ubuntu18.04-arm64: + extends: + - .package-build + - .dist-ubuntu18.04 + - .arch-arm64 + +package-ubuntu18.04-ppc64le: + extends: + - .package-build + - .dist-ubuntu18.04 + - .arch-ppc64le + +# Define the image build targets +.image-build: + stage: image-build + variables: + IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit" + VERSION: "${CI_COMMIT_SHORT_SHA}" + before_script: + - apk add --no-cache bash make + - 'echo "Logging in to CI registry ${CI_REGISTRY}"' + - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" + script: + - make -f build/container/Makefile build-${DIST} + - make -f build/container/Makefile push-${DIST} + +image-centos7: + extends: + - .image-build + - .package-artifacts + - .dist-centos7 + needs: + - package-centos7-ppc64le + - package-centos7-x86_64 + +image-centos8: + extends: + - .image-build + - .package-artifacts + - .dist-centos8 + needs: + - package-centos8-aarch64 + - package-centos8-x86_64 + - package-centos8-ppc64le + +image-ubi8: + extends: + - .image-build + - .package-artifacts + - .dist-ubi8 + needs: + # Note: The ubi8 image currently uses the centos7 packages + - package-centos7-ppc64le + - package-centos7-x86_64 + +image-ubuntu18.04: + extends: + - .image-build + - .package-artifacts + - .dist-ubuntu18.04 + needs: + - package-ubuntu18.04-amd64 + - package-ubuntu18.04-arm64 + - package-ubuntu18.04-ppc64le + +# The DIST=packaging target creates an image containing all built packages +image-packaging: + extends: + - .image-build + - .package-artifacts + - .dist-packaging + needs: + - package-amazonlinux1-x86_64 + - package-amazonlinux2-aarch64 + - package-amazonlinux2-x86_64 + - package-centos7-ppc64le + - package-centos7-x86_64 + - package-centos8-aarch64 + - package-centos8-ppc64le + - package-centos8-x86_64 + - package-debian10-amd64 + - package-debian9-amd64 + - package-opensuse-leap15.1-x86_64 + - package-ubuntu16.04-amd64 + - package-ubuntu16.04-ppc64le + - package-ubuntu18.04-amd64 + - package-ubuntu18.04-arm64 + - package-ubuntu18.04-ppc64le + +# Define publish test helpers +.test:toolkit: + extends: + - .integration + variables: + TEST_CASES: "toolkit" + +.test:docker: + extends: + - .integration + variables: + TEST_CASES: "docker" + +.test:containerd: + # TODO: The containerd tests fail due to issues with SIGHUP. + # Until this is resolved with retry up to twice and allow failure here. + retry: 2 + allow_failure: true + extends: + - .integration + variables: + TEST_CASES: "containerd" + +.test:crio: + extends: + - .integration + variables: + TEST_CASES: "crio" + +# Define the test targets +test-toolkit-ubuntu18.04: + extends: + - .test:toolkit + - .dist-ubuntu18.04 + needs: + - image-ubuntu18.04 + +test-containerd-ubuntu18.04: + extends: + - .test:containerd + - .dist-ubuntu18.04 + needs: + - image-ubuntu18.04 + +test-crio-ubuntu18.04: + extends: + - .test:crio + - .dist-ubuntu18.04 + needs: + - image-ubuntu18.04 + +test-docker-ubuntu18.04: + extends: + - .test:docker + - .dist-ubuntu18.04 + needs: + - image-ubuntu18.04 + # build-all jobs build packages for every OS / ARCH combination we support. # # They are run under two conditions: diff --git a/.nvidia-ci.yml b/.nvidia-ci.yml index 83ed0037..9f34aa7d 100644 --- a/.nvidia-ci.yml +++ b/.nvidia-ci.yml @@ -32,6 +32,51 @@ variables: DEVEL_RELEASE_IMAGE_VERSION: "devel" # On the multi-arch builder we don't need the qemu setup. SKIP_QEMU_SETUP: "1" + # Define the public staging registry + STAGING_REGISTRY: registry.gitlab.com/nvidia/container-toolkit/container-toolkit/staging + STAGING_VERSION: ${CI_COMMIT_SHORT_SHA} + +.image-pull: + stage: image-build + variables: + IN_REGISTRY: "${STAGING_REGISTRY}" + IN_IMAGE_NAME: container-toolkit + IN_VERSION: "${STAGING_VERSION}" + OUT_REGISTRY_USER: "${CI_REGISTRY_USER}" + OUT_REGISTRY_TOKEN: "${CI_REGISTRY_PASSWORD}" + OUT_REGISTRY: "${CI_REGISTRY}" + OUT_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit" + script: + - docker pull ${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST} + - docker tag ${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST} ${OUT_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}-${DIST} + - docker login -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}" "${OUT_REGISTRY}" + - docker push ${OUT_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}-${DIST} + +image-centos7: + extends: + - .image-pull + - .dist-centos7 + +image-centos8: + extends: + - .image-pull + - .dist-centos8 + +image-ubi8: + extends: + - .image-pull + - .dist-ubi8 + +image-ubuntu18.04: + extends: + - .image-pull + - .dist-ubuntu18.04 + +# The DIST=packaging target creates an image containing all built packages +image-packaging: + extends: + - .image-pull + - .dist-packaging # We skip the integration tests for the internal CI: .integration: @@ -130,6 +175,13 @@ scan-ubi8: # TODO: For now we disable external releases DOCKER: echo +release:staging-ubuntu18.04: + extends: + - .release:staging + - .dist-ubuntu18.04 + needs: + - image-ubuntu18.04 + # Define the external release targets # Release to NGC release:ngc-centos7: