-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
virtio-accel: Add Dockerfile and workflow to build and push image
Signed-off-by: Kostis Papazafeiropoulos <[email protected]>
- Loading branch information
Showing
6 changed files
with
452 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
name: Build QEMU+vAccel docker image | ||
|
||
on: | ||
push: | ||
branches: [ '*\+vaccel' ] | ||
|
||
workflow_dispatch: | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
cancel-in-progress: true | ||
|
||
env: | ||
REGISTRY: harbor.nbfc.io/nubificus | ||
IMAGE_NAME: qemu-vaccel | ||
APP: qemu-vaccel | ||
|
||
jobs: | ||
build: | ||
name: Build Docker Image | ||
runs-on: ${{ format('{0}-{1}', 'gcc-dind-2204', matrix.arch) }} | ||
strategy: | ||
matrix: | ||
arch: [amd64, arm64] | ||
outputs: | ||
digest-x86_64: ${{ steps.set-outputs.outputs.digest-x86_64 }} | ||
digest-aarch64: ${{ steps.set-outputs.outputs.digest-aarch64 }} | ||
env: | ||
ARCH: ${{ fromJson('[{"amd64":"x86_64", "arm64":"aarch64", "arm":"armv7l"}]')[0][matrix.arch] }} | ||
steps: | ||
- name: Cleanup previous jobs | ||
run: | | ||
echo "Cleaning up previous runs" | ||
sudo rm -rf ${{ github.workspace }}/* | ||
sudo rm -rf ${{ github.workspace }}/.??* | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Log into registry ${{ env.REGISTRY }} | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ secrets.HARBOR_USER }} | ||
password: ${{ secrets.HARBOR_PASSWD }} | ||
|
||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=raw,value=${{ env.ARCH }} | ||
type=sha,prefix=${{ env.ARCH }}- | ||
type=sha,format=long,prefix=${{ env.ARCH }}- | ||
type=ref,event=branch,prefix=${{ env.ARCH }}- | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build and push Docker image | ||
id: build-and-push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: ./subprojects/vaccel/docker | ||
no-cache: true | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
build-args: | | ||
ARCHTAG=${{ env.ARCH }} | ||
BRANCH=${{ github.event.ref_name || github.ref_name }} | ||
- name: Set per-arch outputs | ||
id: set-outputs | ||
run: | | ||
# Workaround for https://github.com/actions/runner/issues/2499 | ||
echo "digest-${{ env.ARCH }}=${{ steps.build-and-push.outputs.digest }}" \ | ||
>> "$GITHUB_OUTPUT" | ||
sign: | ||
name: Sign Docker Image | ||
runs-on: [self-hosted] | ||
needs: [build] | ||
strategy: | ||
matrix: | ||
arch: [x86_64, aarch64] | ||
permissions: | ||
contents: read | ||
id-token: write | ||
|
||
steps: | ||
- name: Install Cosign | ||
uses: sigstore/[email protected] | ||
|
||
- name: Check install | ||
run: cosign version | ||
|
||
- name: Log into registry ${{ env.REGISTRY }} | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ secrets.HARBOR_USER }} | ||
password: ${{ secrets.HARBOR_PASSWD }} | ||
|
||
- name: Sign published Docker image | ||
env: | ||
DIGEST: ${{ needs.build.outputs[format('digest-{0}', matrix.arch)] }} | ||
run: | | ||
cosign sign --yes ${{ env.REGISTRY }}/${{ env.APP }}@${{ env.DIGEST }} \ | ||
-a "repo=${{ github.repository }}" \ | ||
-a "workflow=${{ github.workflow }}" \ | ||
-a "ref=${{ github.sha }}" \ | ||
-a "author=Nubificus LTD" | ||
- name: Cleanup previous runs | ||
if: ${{ always() }} | ||
run: | | ||
sudo rm -rf ${{ github.workspace }}/* | ||
sudo rm -rf ${{ github.workspace }}/.??* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
!*.patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
FROM ubuntu:24.04 | ||
|
||
WORKDIR / | ||
|
||
# Install common build utilities | ||
RUN apt-get update && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -yy eatmydata && \ | ||
DEBIAN_FRONTEND=noninteractive eatmydata \ | ||
apt-get install -y --no-install-recommends \ | ||
gcc \ | ||
g++ \ | ||
build-essential \ | ||
libglib2.0-dev \ | ||
libfdt-dev \ | ||
libpixman-1-dev \ | ||
libslirp-dev \ | ||
zlib1g-dev \ | ||
libcap-ng-dev \ | ||
libattr1-dev \ | ||
ninja-build \ | ||
git \ | ||
python3-pip \ | ||
libclang-dev \ | ||
pkg-config \ | ||
iproute2 \ | ||
openssh-client \ | ||
iputils-ping \ | ||
socat \ | ||
vim \ | ||
less \ | ||
ca-certificates \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
&& pip install --break-system-packages meson | ||
|
||
# Build & install vAccel | ||
RUN git clone https://github.com/nubificus/vaccel && \ | ||
cd vaccel && \ | ||
meson setup -Dplugins=enabled -Dexamples=enabled build && \ | ||
meson compile -C build && \ | ||
meson install -C build && \ | ||
ldconfig && \ | ||
cd .. && rm -rf vaccel | ||
|
||
ARG BRANCH=master+vaccel | ||
ARG ARCHTAG=x86_64 | ||
ARG DOCKER_DIR=. | ||
COPY ${DOCKER_DIR}/vq-size.patch /vq-size.patch | ||
# Build & install QEMU w/ vAccel backend | ||
RUN git clone -b ${BRANCH} --depth 1 \ | ||
https://github.com/cloudkernels/qemu-vaccel && \ | ||
cd qemu-vaccel && \ | ||
mv /vq-size.patch . && \ | ||
git apply vq-size.patch && \ | ||
mkdir build && cd build && \ | ||
../configure --target-list=${ARCHTAG}-softmmu --enable-virtfs && \ | ||
make -j$(nproc) && make install && \ | ||
cd ../.. && rm -rf qemu-vaccel | ||
|
||
COPY ${DOCKER_DIR}/qemu-ifup /usr/local/etc/qemu-ifup | ||
COPY ${DOCKER_DIR}/qemu-script.sh /run.sh | ||
|
||
VOLUME /data | ||
WORKDIR /data | ||
ENTRYPOINT ["/run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#! /bin/sh | ||
# Script to bring a network (tap) device for qemu up. | ||
# The idea is to add the tap device to the same bridge | ||
# as we have default routing to. | ||
|
||
# in order to be able to find brctl | ||
PATH=$PATH:/sbin:/usr/sbin | ||
ip=$(which ip) | ||
|
||
if [ -n "$ip" ]; then | ||
ip link set "$1" up | ||
else | ||
brctl=$(which brctl) | ||
if [ ! "$ip" -o ! "$brctl" ]; then | ||
echo "W: $0: not doing any bridge processing: neither ip nor brctl utility not found" >&2 | ||
exit 0 | ||
fi | ||
ifconfig "$1" 0.0.0.0 up | ||
fi | ||
|
||
switch=virbr0 | ||
|
||
# only add the interface to default-route bridge if we | ||
# have such interface (with default route) and if that | ||
# interface is actually a bridge. | ||
# It is possible to have several default routes too | ||
for br in $switch; do | ||
if [ -d /sys/class/net/$br/bridge/. ]; then | ||
if [ -n "$ip" ]; then | ||
ip link set "$1" master "$br" | ||
else | ||
brctl addif $br "$1" | ||
fi | ||
exit # exit with status of the previous command | ||
fi | ||
done | ||
|
||
echo "W: $0: no bridge for guest interface found" >&2 |
Oops, something went wrong.