Merge branch 'improve-ci' into 'master'

Improve CI for container toolkit

See merge request nvidia/container-toolkit/container-toolkit!38
This commit is contained in:
Evan Lezar 2021-07-15 15:40:56 +00:00
commit faf0df66c7
4 changed files with 219 additions and 91 deletions

91
.common-ci.yml Normal file
View File

@ -0,0 +1,91 @@
# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
default:
image: docker:stable
services:
- name: docker:stable-dind
command: ["--experimental"]
variables:
IMAGE: "${CI_REGISTRY_IMAGE}"
IMAGE_TAG: "${CI_COMMIT_REF_SLUG}"
build-dev-image:
stage: image
before_script:
- docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
script:
- apk --no-cache add make bash
- make .build-image
- make .push-build-image
.requires-build-image:
variables:
SKIP_IMAGE_BUILD: "yes"
before_script:
- apk --no-cache add make bash
- docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
- make .pull-build-image
.go-check:
extends:
- .requires-build-image
stage: go-checks
fmt:
extends:
- .go-check
script:
- make docker-assert-fmt
vet:
extends:
- .go-check
script:
- make docker-vet
lint:
extends:
- .go-check
script:
- make docker-lint
allow_failure: true
ineffassign:
extends:
- .go-check
script:
- make docker-ineffassign
allow_failure: true
misspell:
extends:
- .go-check
script:
- make docker-misspell
go-build:
extends:
- .requires-build-image
stage: go-build
script:
- make docker-build
unit-tests:
extends:
- .requires-build-image
stage: unit-tests
script:
- make docker-coverage

View File

@ -12,97 +12,39 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Build packages for all supported OS / ARCH combinations
include:
- .common-ci.yml
stages:
- tests
- image
- go-checks
- go-build
- unit-tests
- test
- scan
- release
- build-one
- build-all
.tests-setup: &tests-setup
image: golang:1.14.4
rules:
- when: always
variables:
GITHUB_ROOT: "github.com/NVIDIA"
PROJECT_GOPATH: "${GITHUB_ROOT}/nvidia-container-toolkit"
before_script:
- mkdir -p ${GOPATH}/src/${GITHUB_ROOT}
- ln -s ${CI_PROJECT_DIR} ${GOPATH}/src/${PROJECT_GOPATH}
.build-setup: &build-setup
image: docker:19.03.8
services:
- name: docker:19.03.8-dind
command: ["--experimental"]
.build-setup:
before_script:
- apk update
- apk upgrade
- apk add coreutils build-base sed git bash make
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes
# Run a series of sanity-check tests over the code
lint:
<<: *tests-setup
stage: tests
script:
- GO111MODULE=off go get -u golang.org/x/lint/golint
- make lint
vet:
<<: *tests-setup
stage: tests
script:
- make vet
unit_test:
<<: *tests-setup
stage: tests
script:
- make test
coverage:
<<: *tests-setup
stage: tests
script:
- make coverage
fmt:
<<: *tests-setup
stage: tests
script:
- make assert-fmt
ineffassign:
<<: *tests-setup
stage: tests
script:
- GO111MODULE=off go get -u github.com/gordonklaus/ineffassign
- make ineffassign
misspell:
<<: *tests-setup
stage: tests
script:
- GO111MODULE=off go get -u github.com/client9/misspell/cmd/misspell
- make misspell
# build-one jobs build packages for a single OS / ARCH combination.
#
# They are run during the first stage of the pipeline as a smoke test to ensure
# that we can successfully build packages on all of our architectures for a
# single OS. They are triggered on any change to an MR. No artifacts are
# produced as part of build-one jobs.
.build-one-setup: &build-one-setup
<<: *build-setup
.build-one-setup:
extends:
- .build-setup
stage: build-one
only:
- merge_requests
rules:
- if: $CI_MERGE_REQUEST_ID
# build-all jobs build packages for every OS / ARCH combination we support.
#
@ -114,8 +56,9 @@ misspell:
# OS / ARCH combinations, so this is optimized to only run once per MR
# (assuming it all passes). A full set of artifacts including the packages
# built for each OS / ARCH are produced as a result of these jobs.
.build-all-setup: &build-all-setup
<<: *build-setup
.build-all-setup:
extends:
- .build-setup
stage: build-all
timeout: 2h 30m
rules:
@ -137,43 +80,53 @@ misspell:
# The full set of build-one jobs organizes to build
# ubuntu18.04 in parallel on each of our supported ARCHs.
build-one-amd64:
<<: *build-one-setup
extends:
- .build-one-setup
script:
- make ubuntu18.04-amd64
rules:
- when: always
build-one-ppc64le:
<<: *build-one-setup
extends:
- .build-one-setup
script:
- make ubuntu18.04-ppc64le
build-one-arm64:
<<: *build-one-setup
extends:
- .build-one-setup
script:
- make ubuntu18.04-arm64
# The full set of build-all jobs organized to
# have builds for each ARCH run in parallel.
build-all-amd64:
<<: *build-all-setup
extends:
- .build-all-setup
script:
- make docker-amd64
build-all-x86_64:
<<: *build-all-setup
extends:
- .build-all-setup
script:
- make docker-x86_64
build-all-ppc64le:
<<: *build-all-setup
extends:
- .build-all-setup
script:
- make docker-ppc64le
build-all-arm64:
<<: *build-all-setup
extends:
- .build-all-setup
script:
- make docker-arm64
build-all-aarch64:
<<: *build-all-setup
extends:
- .build-all-setup
script:
- make docker-aarch64

View File

@ -27,14 +27,40 @@ MODULE := github.com/NVIDIA/nvidia-container-toolkit
docker-native:
include $(CURDIR)/docker/docker.mk
ifeq ($(IMAGE),)
REGISTRY ?= nvidia
IMAGE=$(REGISTRY)/container-toolkit
endif
IMAGE_TAG ?= $(GOLANG_VERSION)
BUILDIMAGE ?= $(IMAGE):$(IMAGE_TAG)-devel
EXAMPLES := $(patsubst ./examples/%/,%,$(sort $(dir $(wildcard ./examples/*/))))
EXAMPLE_TARGETS := $(patsubst %,example-%, $(EXAMPLES))
CHECK_TARGETS := assert-fmt vet lint ineffassign misspell
MAKE_TARGETS := binary build all check fmt lint-internal test examples coverage generate $(CHECK_TARGETS)
TARGETS := $(MAKE_TARGETS) $(EXAMPLE_TARGETS)
DOCKER_TARGETS := $(patsubst %,docker-%, $(TARGETS))
.PHONY: $(TARGETS) $(DOCKER_TARGETS)
GOOS ?= linux
binary:
GOOS=$(GOOS) go build -ldflags "-s -w" -o "$(LIB_NAME)" $(MODULE)/cmd/$(LIB_NAME)
# Define the check targets for the Golang codebase
.PHONY: check fmt assert-fmt ineffassign lint misspell vet
check: assert-fmt lint misspell vet
build:
GOOS=$(GOOS) go build ./...
examples: $(EXAMPLE_TARGETS)
$(EXAMPLE_TARGETS): example-%:
GOOS=$(GOOS) go build ./examples/$(*)
all: check test build binary
check: $(CHECK_TARGETS)
# Apply go fmt to the codebase
fmt:
go list -f '{{.Dir}}' $(MODULE)/... \
| xargs gofmt -s -l -w
@ -55,8 +81,12 @@ ineffassign:
ineffassign $(MODULE)/...
lint:
# We use `go list -f '{{.Dir}}' $(GOLANG_PKG_PATH)/...` to skip the `vendor` folder.
go list -f '{{.Dir}}' $(MODULE)/... | xargs golint -set_exit_status
# We use `go list -f '{{.Dir}}' $(MODULE)/...` to skip the `vendor` folder.
go list -f '{{.Dir}}' $(MODULE)/... | grep -v /internal/ | xargs golint -set_exit_status
lint-internal:
# We use `go list -f '{{.Dir}}' $(MODULE)/...` to skip the `vendor` folder.
go list -f '{{.Dir}}' $(MODULE)/internal/... | xargs golint -set_exit_status
misspell:
misspell $(MODULE)/...
@ -65,8 +95,42 @@ vet:
go vet $(MODULE)/...
COVERAGE_FILE := coverage.out
test:
go test -coverprofile=$(COVERAGE_FILE) $(MODULE)/...
test: build
go test -v -coverprofile=$(COVERAGE_FILE) $(MODULE)/...
coverage: test
go tool cover -func=$(COVERAGE_FILE)
cat $(COVERAGE_FILE) | grep -v "_mock.go" > $(COVERAGE_FILE).no-mocks
go tool cover -func=$(COVERAGE_FILE).no-mocks
generate:
go generate $(MODULE)/...
# Generate an image for containerized builds
# Note: This image is local only
.PHONY: .build-image .pull-build-image .push-build-image
.build-image: docker/Dockerfile.devel
if [ x"$(SKIP_IMAGE_BUILD)" = x"" ]; then \
$(DOCKER) build \
--progress=plain \
--build-arg GOLANG_VERSION="$(GOLANG_VERSION)" \
--tag $(BUILDIMAGE) \
-f $(^) \
docker; \
fi
.pull-build-image:
$(DOCKER) pull $(BUILDIMAGE)
.push-build-image:
$(DOCKER) push $(BUILDIMAGE)
$(DOCKER_TARGETS): docker-%: .build-image
@echo "Running 'make $(*)' in docker container $(BUILDIMAGE)"
$(DOCKER) run \
--rm \
-e GOCACHE=/tmp/.cache \
-v $(PWD):$(PWD) \
-w $(PWD) \
--user $$(id -u):$$(id -g) \
$(BUILDIMAGE) \
make $(*)

20
docker/Dockerfile.devel Normal file
View File

@ -0,0 +1,20 @@
# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ARG GOLANG_VERSION=x.x.x
FROM golang:${GOLANG_VERSION}
RUN go get -u golang.org/x/lint/golint
RUN go get -u github.com/matryer/moq
RUN go get -u github.com/gordonklaus/ineffassign
RUN go get -u github.com/client9/misspell/cmd/misspell