mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2025-01-10 11:41:21 +00:00
Multiarch docker containers (#12428)
* Add bazel-zig-cc for a hermetic cc toolchain * gazelle * Remove llvm * remove wl * Add new URLs for renamed repo * gazelle * Update to v2.0.0-rc1 * bump to rc2 * Proof of concept multi-arch containers for beacon-chain * TODO and gaz * Refactor to starlark macro. Use a version of bash that actually works * progress * gaz * multirun to use multiple repositories, but doesn't work with tag stamping * Revert "multirun to use multiple repositories, but doesn't work with tag stamping" This reverts commit 93afa76f65daeba9426c3d714dabf94410fa3a0c. * Add targets for all supported docker images and temporarily set the repository to prysm-dev for testing * use a temporary fix to see if it works on buildkite * Revert "use a temporary fix to see if it works on buildkite" This reverts commit ddc79283caa6b39c8aff4c62772728832d0dfe64. * testing a cURL fix * try fix with my fix * Revert "try fix with my fix" This reverts commit bb7521bf4712abb6779bbf3132e64911b751db65. * Revert "testing a cURL fix" This reverts commit 8a4782110f8853cb7278baf507621bd6684572b1. * try tip of main branch for rules_oci * update to 1.2.0 * Update rules_oci to v1.3.0 * Update rule_oci to 1.3.4 * Disable experimental_remote_downloader * Remove extra zig bazelrc * Move image deps to its own file * PR feedback --------- Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
This commit is contained in:
parent
c20f188966
commit
02ee6897bb
@ -12,7 +12,8 @@
|
||||
#build:remote-cache --disk_cache=
|
||||
build:remote-cache --remote_download_toplevel
|
||||
build:remote-cache --remote_cache=grpc://bazel-remote-cache:9092
|
||||
build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
|
||||
# Does not work with rules_oci. See https://github.com/bazel-contrib/rules_oci/issues/292
|
||||
#build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
|
||||
build:remote-cache --remote_local_fallback
|
||||
build:remote-cache --experimental_remote_cache_async
|
||||
build:remote-cache --experimental_remote_merkle_tree_cache
|
||||
|
41
WORKSPACE
41
WORKSPACE
@ -50,8 +50,6 @@ load("@prysm//tools/cross-toolchain:prysm_toolchains.bzl", "configure_prysm_tool
|
||||
|
||||
configure_prysm_toolchains()
|
||||
|
||||
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
|
||||
|
||||
http_archive(
|
||||
name = "bazel_skylib",
|
||||
sha256 = "1c531376ac7e5a180e0237938a2536de0c54d93f5c278634818e0efc952dd56c",
|
||||
@ -87,6 +85,24 @@ http_archive(
|
||||
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
|
||||
)
|
||||
|
||||
http_archive(
|
||||
name = "rules_oci",
|
||||
sha256 = "c71c25ed333a4909d2dd77e0b16c39e9912525a98c7fa85144282be8d04ef54c",
|
||||
strip_prefix = "rules_oci-1.3.4",
|
||||
url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.3.4/rules_oci-v1.3.4.tar.gz",
|
||||
)
|
||||
|
||||
load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
|
||||
|
||||
rules_oci_dependencies()
|
||||
|
||||
load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains")
|
||||
|
||||
oci_register_toolchains(
|
||||
name = "oci",
|
||||
crane_version = LATEST_CRANE_VERSION,
|
||||
)
|
||||
|
||||
http_archive(
|
||||
name = "io_bazel_rules_go",
|
||||
patch_args = ["-p1"],
|
||||
@ -167,6 +183,24 @@ container_pull(
|
||||
repository = "pinglamb/alpine-glibc",
|
||||
)
|
||||
|
||||
load("@rules_oci//oci:pull.bzl", "oci_pull")
|
||||
|
||||
# A multi-arch base image
|
||||
oci_pull(
|
||||
name = "linux_debian11_multiarch_base", # Debian bullseye
|
||||
digest = "sha256:9b8e0854865dcaf49470b4ec305df45957020fbcf17b71eeb50ffd3bc5bf885d", # 2023-05-17
|
||||
image = "gcr.io/distroless/cc-debian11",
|
||||
platforms = [
|
||||
"linux/amd64",
|
||||
"linux/arm64",
|
||||
],
|
||||
reproducible = True,
|
||||
)
|
||||
|
||||
load("@prysm//tools:image_deps.bzl", "prysm_image_deps")
|
||||
|
||||
prysm_image_deps()
|
||||
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
|
||||
|
||||
go_rules_dependencies()
|
||||
@ -337,9 +371,6 @@ http_archive(
|
||||
],
|
||||
)
|
||||
|
||||
# Group the sources of the library so that CMake rule have access to it
|
||||
all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
|
||||
|
||||
# External dependencies
|
||||
load("//:deps.bzl", "prysm_deps")
|
||||
|
||||
|
@ -4,6 +4,7 @@ load("@io_bazel_rules_docker//go:image.bzl", "go_image")
|
||||
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image")
|
||||
load("//tools:go_image.bzl", "go_image_debug")
|
||||
load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push")
|
||||
load("//tools:prysm_image.bzl", "prysm_image_upload")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
@ -126,3 +127,14 @@ go_test(
|
||||
"@com_github_urfave_cli_v2//:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
prysm_image_upload(
|
||||
name = "push_oci_image",
|
||||
binary = ":beacon-chain",
|
||||
entrypoint = ["/beacon-chain"],
|
||||
repository = "gcr.io/prylabs-dev/prysm/beacon-chain",
|
||||
symlinks = {
|
||||
# Backwards compatiability for images that depended on the old filepath.
|
||||
"/app/cmd/beacon-chain/beacon-chain": "/beacon-chain",
|
||||
},
|
||||
)
|
||||
|
@ -4,6 +4,7 @@ load("@io_bazel_rules_docker//go:image.bzl", "go_image")
|
||||
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image")
|
||||
load("//tools:go_image.bzl", "go_image_debug")
|
||||
load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push")
|
||||
load("//tools:prysm_image.bzl", "prysm_image_upload")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
@ -88,3 +89,14 @@ go_binary(
|
||||
gotags = ["noMainnetGenesis"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
prysm_image_upload(
|
||||
name = "push_oci_image",
|
||||
binary = ":prysmctl",
|
||||
entrypoint = ["/prysmctl"],
|
||||
repository = "gcr.io/prylabs-dev/prysm/prysmctl",
|
||||
symlinks = {
|
||||
# Backwards compatiability for images that depended on the old filepath.
|
||||
"/app/cmd/prysmctl/prysmctl": "/prysmctl",
|
||||
},
|
||||
)
|
||||
|
@ -4,6 +4,7 @@ load("@io_bazel_rules_docker//go:image.bzl", "go_image")
|
||||
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image")
|
||||
load("//tools:go_image.bzl", "go_image_debug")
|
||||
load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push")
|
||||
load("//tools:prysm_image.bzl", "prysm_image_upload")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
@ -121,3 +122,14 @@ go_test(
|
||||
"@com_github_urfave_cli_v2//:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
prysm_image_upload(
|
||||
name = "push_oci_image",
|
||||
binary = ":validator",
|
||||
entrypoint = ["/validator"],
|
||||
repository = "gcr.io/prylabs-dev/prysm/validator",
|
||||
symlinks = {
|
||||
# Backwards compatiability for images that depended on the old filepath.
|
||||
"/app/cmd/validator/validator": "/validator",
|
||||
},
|
||||
)
|
||||
|
39
hack/build_and_upload_docker.sh
Executable file
39
hack/build_and_upload_docker.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# This script builds and uploads the docker images to the registries.
|
||||
#
|
||||
# This script is intended to be a workaround until the rules_oci project supports
|
||||
# targets with multiple repositories like rules_docker does. See: https://github.com/bazel-contrib/rules_oci/issues/248
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# Validate that the tag argument exists.
|
||||
if [ "$1" = "" ]
|
||||
then
|
||||
echo "Usage: $0 <tag>"
|
||||
exit
|
||||
fi
|
||||
TAG=$1
|
||||
|
||||
# Sanity check that all targets can build before running them.
|
||||
bazel build --config=release \
|
||||
//cmd/beacon-chain:push_oci_image \
|
||||
//cmd/validator:push_oci_image \
|
||||
//cmd/prysmctl:push_oci_image
|
||||
|
||||
# Push the images to the registry.
|
||||
### Beacon chain
|
||||
bazel run --config=release \
|
||||
//cmd/beacon-chain:push_oci_image -- --tag=$TAG
|
||||
|
||||
### Beacon chain (blst portable image)
|
||||
bazel run --config=release --define=blst_modern=false \
|
||||
//cmd/beacon-chain:push_oci_image -- --tag=$TAG-portable
|
||||
|
||||
### Validator
|
||||
bazel run --config=release \
|
||||
//cmd/validator:push_oci_image -- --tag=$TAG
|
||||
|
||||
### Prysmctl
|
||||
bazel run --config=release \
|
||||
//cmd/prysmctl:push_oci_image -- --tag=$TAG
|
@ -40,6 +40,7 @@ pkg_tar(
|
||||
mode = "0o644",
|
||||
package_dir = "etc",
|
||||
tags = ["manual"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
CC_DEFAULT_BASE = select({
|
||||
@ -99,3 +100,28 @@ container_image(
|
||||
user = "root",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
# Create a bash tar layer for docker images. This allows docker images to have access to the "bash"
|
||||
# command and improves debugging abilities on the image.
|
||||
genrule(
|
||||
name = "bash_tar",
|
||||
srcs = select({
|
||||
"@platforms//cpu:x86_64": ["@bash_amd64//file"],
|
||||
"@platforms//cpu:arm64": ["@bash_arm64//file"],
|
||||
}),
|
||||
outs = ["bash.tar"],
|
||||
cmd = "ar x $< && xz -d data.tar.xz -c >> $@",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
# libtinfo6 is required for terminal activity and contains terminfo library.
|
||||
genrule(
|
||||
name = "libtinfo6_tar",
|
||||
srcs = select({
|
||||
"@platforms//cpu:x86_64": ["@libtinfo6_amd64//file"],
|
||||
"@platforms//cpu:arm64": ["@libtinfo6_arm64//file"],
|
||||
}),
|
||||
outs = ["libtinfo6.tar"],
|
||||
cmd = "ar x $< && xz -d data.tar.xz -c >> $@",
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
48
tools/image_deps.bzl
Normal file
48
tools/image_deps.bzl
Normal file
@ -0,0 +1,48 @@
|
||||
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_file")
|
||||
|
||||
def prysm_image_deps():
|
||||
http_file(
|
||||
name = "bash_amd64",
|
||||
sha256 = "f702ef058e762d7208a9c83f6f6bbf02645533bfd615c54e8cdcce842cd57377",
|
||||
urls = [
|
||||
"http://ftp.us.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_amd64.deb",
|
||||
"http://http.us.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_amd64.deb",
|
||||
"http://ftp.uk.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_amd64.deb",
|
||||
"http://ftp.au.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_amd64.deb",
|
||||
],
|
||||
)
|
||||
|
||||
http_file(
|
||||
name = "bash_arm64",
|
||||
sha256 = "d7c7af5d86f43a885069408a89788f67f248e8124c682bb73936f33874e0611b",
|
||||
urls = [
|
||||
"http://ftp.us.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_arm64.deb",
|
||||
"http://http.us.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_arm64.deb",
|
||||
"http://ftp.uk.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_arm64.deb",
|
||||
"http://ftp.au.debian.org/debian/pool/main/b/bash/bash_5.1-2+deb11u1_arm64.deb",
|
||||
],
|
||||
)
|
||||
|
||||
http_file(
|
||||
name = "libtinfo6_amd64",
|
||||
sha256 = "92ac8a8c12f02a6fe08c47f33ea6fb313e1b9480484e26eab34e2058ea59fdb4",
|
||||
urls = [
|
||||
"http://ftp.us.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_amd64.deb",
|
||||
"http://http.us.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_amd64.deb",
|
||||
"http://ftp.uk.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_amd64.deb",
|
||||
"http://ftp.au.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_amd64.deb",
|
||||
],
|
||||
)
|
||||
|
||||
http_file(
|
||||
name = "libtinfo6_arm64",
|
||||
sha256 = "8282a785437b305bca7758aba19252bd81b5d0d2a54b709af97e682516f1cf4e",
|
||||
urls = [
|
||||
"http://ftp.us.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_arm64.deb",
|
||||
"http://http.us.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_arm64.deb",
|
||||
"http://ftp.uk.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_arm64.deb",
|
||||
"http://ftp.au.debian.org/debian/pool/main/n/ncurses/libtinfo6_6.2+20201114-2+deb11u1_arm64.deb",
|
||||
],
|
||||
)
|
||||
|
||||
|
30
tools/multi_arch.bzl
Normal file
30
tools/multi_arch.bzl
Normal file
@ -0,0 +1,30 @@
|
||||
"a rule transitioning an oci_image to multiple platforms"
|
||||
|
||||
def _multiarch_transition(settings, attr):
|
||||
return [
|
||||
{"//command_line_option:platforms": str(platform)}
|
||||
for platform in attr.platforms
|
||||
]
|
||||
|
||||
multiarch_transition = transition(
|
||||
implementation = _multiarch_transition,
|
||||
inputs = [],
|
||||
outputs = ["//command_line_option:platforms"],
|
||||
)
|
||||
|
||||
# multiarch_transition impl returns a DefaultInfo provider with the image deps as declared outputs to
|
||||
# build.
|
||||
def _impl(ctx):
|
||||
return DefaultInfo(files = depset(ctx.files.image))
|
||||
|
||||
# The multi_arch rule builds the image for multiple platforms defined in the platforms attribute.
|
||||
multi_arch = rule(
|
||||
implementation = _impl,
|
||||
attrs = {
|
||||
"image": attr.label(cfg = multiarch_transition),
|
||||
"platforms": attr.label_list(),
|
||||
"_allowlist_function_transition": attr.label(
|
||||
default = "@bazel_tools//tools/allowlists/function_transition_allowlist",
|
||||
),
|
||||
},
|
||||
)
|
50
tools/prysm_image.bzl
Normal file
50
tools/prysm_image.bzl
Normal file
@ -0,0 +1,50 @@
|
||||
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_push")
|
||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||
load("//tools:multi_arch.bzl", "multi_arch")
|
||||
|
||||
def prysm_image_upload(
|
||||
name,
|
||||
binary,
|
||||
entrypoint,
|
||||
symlinks,
|
||||
repository):
|
||||
|
||||
pkg_tar(
|
||||
name = "binary_tar",
|
||||
srcs = [binary],
|
||||
symlinks=symlinks,
|
||||
)
|
||||
|
||||
oci_image(
|
||||
name = "oci_image",
|
||||
base = "@linux_debian11_multiarch_base",
|
||||
entrypoint = entrypoint,
|
||||
tars = [
|
||||
"//tools:passwd_tar",
|
||||
"//tools:libtinfo6_tar",
|
||||
"//tools:bash_tar",
|
||||
":binary_tar",
|
||||
],
|
||||
)
|
||||
|
||||
multi_arch(
|
||||
name = "oci_multiarch",
|
||||
image = ":oci_image",
|
||||
platforms = [
|
||||
"@io_bazel_rules_go//go/toolchain:linux_amd64_cgo",
|
||||
"@io_bazel_rules_go//go/toolchain:linux_arm64_cgo",
|
||||
],
|
||||
)
|
||||
|
||||
oci_image_index(
|
||||
name = "oci_image_index",
|
||||
images = [
|
||||
":oci_multiarch",
|
||||
],
|
||||
)
|
||||
|
||||
oci_push(
|
||||
name = name,
|
||||
image = ":oci_image_index",
|
||||
repository = repository,
|
||||
)
|
Loading…
Reference in New Issue
Block a user