diff options
author | 2020-11-18 23:43:57 +0100 | |
---|---|---|
committer | 2020-11-18 23:43:57 +0100 | |
commit | 4f11ec428a5c4862598f11b8a92a65b7d13987ce (patch) | |
tree | 75db4880cd8e42dcaeb278bcbef2656103e0f93f | |
parent | Rectify production branch and clean up formatting (diff) |
Use repository caching for master build
One problem that our master builds may have is that they retain more and
more layers of old builds, as there is no easy way of purging them from
the cache. As such master cache would not have benefits over using
repository-based caching, I've removed persistent local caching for
non-PR builds.
-rw-r--r-- | .github/workflows/lint-test-build-push.yaml | 67 | ||||
-rw-r--r-- | Dockerfile (renamed from docker/Dockerfile) | 2 | ||||
-rw-r--r-- | docker-compose.yml | 2 |
3 files changed, 32 insertions, 39 deletions
diff --git a/.github/workflows/lint-test-build-push.yaml b/.github/workflows/lint-test-build-push.yaml index 8dd9b34..62691ab 100644 --- a/.github/workflows/lint-test-build-push.yaml +++ b/.github/workflows/lint-test-build-push.yaml @@ -23,9 +23,16 @@ jobs: run: | tag=$(cut -c 1-7 <<< $GITHUB_SHA) echo "::set-output name=tag::$tag" + - name: Checkout code uses: actions/checkout@v2 + # The current version (v2) of Docker's build-push action uses + # buildx, which comes with BuildKit features that help us speed + # up our builds using additional cache features. Buildx also + # has a lot of other features that are not as relevant to us. + # + # See https://github.com/docker/build-push-action - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -36,38 +43,33 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GHCR_TOKEN }} - # Set up a caching directory for image layers. According to the docker - # documentation, it's recommended to use a SHA-based key to get the - # greatest change of finding the most relevant cached layer. We fall - # down to more generic containers by then matching by GitHub branch, - # to use cache generated earlier in the same branch, and finally to - # the latest cache in general. The `v0` is purely a cache version - # indicator that can be incremented manually if we want to invalidate - # old caches completely. + # Create a local cache directory for PR builds, as the image + # we build for PRs may start to deviate from the "latest" image + # currently registered in the GHCR. For master, the best we can + # do is use the previous master build, which can be cached from + # the GHCR. - name: Cache Image Layers + if: github.event_name == 'pull_request' uses: actions/cache@v2 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-v0-buildx-${{ github.ref }}-${{ github.sha }} restore-keys: | ${{ runner.os }}-v0-buildx-${{ github.ref }}- - ${{ runner.os }}-v0-buildx- - # Build the image we need for testing/linting the current codebase, - # without pushing the image to the GHCR. Instead, we load it into - # the runner's docker environment so we can run it later. The - # target of this build is the `venv` stage of the Dockerfile, as we - # don't want to include the final production entry point stage. + # Build the image we need for linting and testing using the + # `venv` target stage within our Dockerfile. We load the image + # into the runner's Docker image collection so we can run it + # later. # - # This build caches to our GitHub Actions cache and uses that cache - # during the build process as well. If no GitHub Actions cache was - # available, it will use the latest intermediate images pushed to - # the GHCR as a cache source. + # The image includes an inline cache manifest to support caching + # from the GHCR, which means that a build can pull the layers it + # can reuse instead of building them from scratch. - name: Build image for linting and testing uses: docker/build-push-action@v2 with: context: . - file: ./docker/Dockerfile + file: ./Dockerfile push: false load: true target: venv @@ -147,61 +149,52 @@ jobs: coveralls # Final build stage. This is run in the same job with conditions - # to prevent us from having to reload the caching directory. We - # already built a huge chunk of the image before this point in - # the run, so it does not make sense to drop down to a completely - # fresh build environment in a new worker/runner. + # in order to use the local build cache generated by buildx while + # building the `venv` image in the lint/test phase. # Build the final production image and push it to GHCR, tagging it # both with the short commit SHA and 'latest'. This step should use - # the cache that was just generated when we built the test container. + # the local build cache of the current run. - name: Build final image if: env.production_build == 'true' uses: docker/build-push-action@v2 with: context: . - file: ./docker/Dockerfile + file: ./Dockerfile push: true cache-from: | - type=local,src=/tmp/.buildx-cache ghcr.io/python-discord/snekbox-base:latest ghcr.io/python-discord/snekbox-venv:latest ghcr.io/python-discord/snekbox:latest - cache-to: type=local,dest=/tmp/.buildx-cache + cache-to: type=inline tags: | ghcr.io/python-discord/snekbox:latest ghcr.io/python-discord/snekbox:${{ steps.sha_tag.outputs.tag }} - # Push the base image to GHCR, *with* an inline cache manifest to - # ensure we can use this image as a cache source if our GitHub Actions - # "local" cache failed to be restored. GHCR does not support pushing a - # separate cache manifest, meaning we have to use an "inline" manifest. + # Push the base image to GHCR, with an inline cache manifest - name: Push base image if: env.production_build == 'true' uses: docker/build-push-action@v2 with: context: . - file: ./docker/Dockerfile + file: ./Dockerfile target: base push: true cache-from: | - type=local,src=/tmp/.buildx-cache ghcr.io/python-discord/snekbox-base:latest cache-to: type=inline tags: ghcr.io/python-discord/snekbox-base:latest - # Push the venv image to GHCR *with* an inline cache manifest. See - # the comment attached to the previous step for more information. + # Push the venv image to GHCR, with an inline cache manifest - name: Push venv image if: env.production_build == 'true' uses: docker/build-push-action@v2 with: context: . - file: ./docker/Dockerfile + file: ./Dockerfile target: venv push: true cache-from: | - type=local,src=/tmp/.buildx-cache ghcr.io/python-discord/snekbox-base:latest ghcr.io/python-discord/snekbox-venv:latest cache-to: type=inline diff --git a/docker/Dockerfile b/Dockerfile index ea05c5c..ed199a0 100644 --- a/docker/Dockerfile +++ b/Dockerfile @@ -59,5 +59,5 @@ FROM venv ENTRYPOINT ["gunicorn"] CMD ["-c", "config/gunicorn.conf.py", "snekbox.api.app"] -COPY . /snekbox +COPY docker /snekbox WORKDIR /snekbox diff --git a/docker-compose.yml b/docker-compose.yml index 066f38b..3062af3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,4 +10,4 @@ services: ipc: none build: context: . - dockerfile: docker/Dockerfile + dockerfile: Dockerfile |