From 8781e951d37d4a401e003d138ad7c91a544353db Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 12 Nov 2024 16:33:42 -0500 Subject: [PATCH] Cache module dependencies between container builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tiger Kaovilai break up velero-builder stage to allow more concurrent layer builds. Signed-off-by: Tiger Kaovilai Add restic caching if fix_restic_cve.txt changes, only the dep added during patch will require redownload. ``` ❯ make container [+] Building 64.5s (20/20) FINISHED docker-container:colima-multiplat => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 3.24kB 0.0s => [internal] load metadata for docker.io/paketobuildpacks/run-jammy-tiny:latest 0.1s => [internal] load metadata for docker.io/library/golang:1.22-bookworm 0.1s => [internal] load .dockerignore 0.0s => => transferring context: 60B 0.0s => [stage-2 1/3] FROM docker.io/paketobuildpacks/run-jammy-tiny:latest@sha256:6a3b9424b0616c4c37309b3f3e410f305ad75c484ab74b0a624d22c8a33ae5ae 0.0s => => resolve docker.io/paketobuildpacks/run-jammy-tiny:latest@sha256:6a3b9424b0616c4c37309b3f3e410f305ad75c484ab74b0a624d22c8a33ae5ae 0.0s => [restic-builder 1/5] FROM docker.io/library/golang:1.22-bookworm@sha256:475ff60e52faaf037be2e7a1bc2ea5ea4aaa3396274af3def6545124a18b99b4 0.0s => => resolve docker.io/library/golang:1.22-bookworm@sha256:475ff60e52faaf037be2e7a1bc2ea5ea4aaa3396274af3def6545124a18b99b4 0.0s => [internal] load build context 0.3s => => transferring context: 546.21kB 0.3s => CACHED [restic-builder 2/5] RUN if [ "velero" = "velero" ]; then mkdir -p /build/restic && cd /build/restic && git clone --single-branch -b v0.15.0 https://github.com/restic/restic.git . && go mod download; fi 0.0s => [restic-builder 3/5] COPY hack/fix_restic_cve.txt /go/src/github.com/vmware-tanzu/velero/hack/ 0.0s => CACHED [velero-builder 2/6] WORKDIR /go/src/github.com/vmware-tanzu/velero 0.0s => CACHED [velero-builder 3/6] COPY go.mod go.sum /go/src/github.com/vmware-tanzu/velero/ 0.0s => CACHED [velero-builder 4/6] RUN go mod download 0.0s => [velero-builder 5/6] COPY . /go/src/github.com/vmware-tanzu/velero 6.5s => [restic-builder 4/5] RUN if [ "velero" = "velero" ]; then mkdir -p /output/usr/bin && cd /build/restic && git apply /go/src/github.com/vmware-tanzu/velero/hack/fix_restic_cve.txt && go mod download; fi 7.2s => [velero-builder 6/6] RUN mkdir -p /output/usr/bin && export GOARM=$( echo "" | cut -c2-) && go build -o /output/velero -ldflags "-X github.com/vmware-tanzu/velero/pkg/buildinfo.Version=main -X github.com/vmware-tanzu/velero/pkg/buildinfo.GitSHA=590f6df48d3fdc 55.5s => [restic-builder 5/5] RUN if [ "velero" = "velero" ]; then cd /build/restic && GOARM=$(echo "" | cut -c2-) go run build.go --goos "linux" --goarch "amd64" --goarm "" -o /output/usr/bin/restic && chmod +x /output/usr/bin/restic; fi && go cle 30.0s => CACHED [stage-2 2/3] COPY --from=velero-builder /output / 0.0s => CACHED [stage-2 3/3] COPY --from=restic-builder /output / 0.0s => exporting to docker image format 0.7s => => exporting layers 0.0s => => exporting manifest sha256:d275186bbf7b7fb08da8fe957037d8600c7b96693fe59bdfb119d977058daaa0 0.0s => => exporting config sha256:5cb88b0eac0b14df3efd549e0ca4df1980501a5f5cea677f0de1f5dd97050141 0.0s => => sending tarball 0.7s => importing to docker 0.0s container: velero/velero:main ``` Signed-off-by: Tiger Kaovilai --- Dockerfile | 56 +++++++++++++++++++++++++++++++++----------- hack/build-restic.sh | 56 -------------------------------------------- 2 files changed, 42 insertions(+), 70 deletions(-) delete mode 100755 hack/build-restic.sh diff --git a/Dockerfile b/Dockerfile index 25b314a111..7a041e8349 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # Velero binary build section -FROM --platform=$BUILDPLATFORM golang:1.22-bookworm AS velero-builder +FROM --platform=$BUILDPLATFORM golang:1.22-bookworm AS velero-builder-base ARG GOPROXY ARG BIN @@ -36,15 +36,20 @@ ENV CGO_ENABLED=0 \ WORKDIR /go/src/github.com/vmware-tanzu/velero +COPY go.mod go.sum /go/src/github.com/vmware-tanzu/velero/ +RUN go mod download + COPY . /go/src/github.com/vmware-tanzu/velero -RUN mkdir -p /output/usr/bin && \ - export GOARM=$( echo "${GOARM}" | cut -c2-) && \ - go build -o /output/${BIN} \ - -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN} && \ - go build -o /output/velero-helper \ - -ldflags "${LDFLAGS}" ${PKG}/cmd/velero-helper && \ - go clean -modcache -cache +RUN mkdir -p /output/usr/bin + +FROM velero-builder-base AS velero-builder-helper +RUN GOARM=$( echo "${GOARM}" | cut -c2-) go build -o /output/velero-helper \ +-ldflags "${LDFLAGS}" ${PKG}/cmd/velero-helper + +FROM velero-builder-base AS velero-builder +RUN GOARM=$( echo "${GOARM}" | cut -c2-) go build -o /output/${BIN} \ + -ldflags "${LDFLAGS}" ${PKG}/cmd/${BIN} # Restic binary build section FROM --platform=$BUILDPLATFORM golang:1.22-bookworm AS restic-builder @@ -63,12 +68,33 @@ ENV CGO_ENABLED=0 \ GOARCH=${TARGETARCH} \ GOARM=${TARGETVARIANT} -COPY . /go/src/github.com/vmware-tanzu/velero - -RUN mkdir -p /output/usr/bin && \ - export GOARM=$(echo "${GOARM}" | cut -c2-) && \ - /go/src/github.com/vmware-tanzu/velero/hack/build-restic.sh && \ - go clean -modcache -cache +# /output dir needed by last stage to copy even when BIN is not velero +RUN mkdir -p /output/usr/bin + +# cache go mod download before applying patches +RUN --mount=type=cache,target=/go/pkg/mod if [ "${BIN}" = "velero" ]; then \ + mkdir -p /build/restic && \ + cd /build/restic && \ + git clone --single-branch -b v${RESTIC_VERSION} https://github.com/restic/restic.git . && \ + go mod download; \ + fi + +# invalidate cache if patch changes +COPY hack/fix_restic_cve.txt /go/src/github.com/vmware-tanzu/velero/hack/ + +# cache go mod download after applying patches +RUN --mount=type=cache,target=/go/pkg/mod if [ "${BIN}" = "velero" ]; then \ + cd /build/restic && \ + git apply /go/src/github.com/vmware-tanzu/velero/hack/fix_restic_cve.txt && \ + go mod download; \ + fi + +# arch specific build layer +RUN --mount=type=cache,target=/go/pkg/mod if [ "${BIN}" = "velero" ]; then \ + cd /build/restic && \ + GOARM=$(echo "${GOARM}" | cut -c2-) go run build.go --goos "${GOOS}" --goarch "${GOARCH}" --goarm "${GOARM}" -o /output/usr/bin/restic && \ + chmod +x /output/usr/bin/restic; \ + fi # Velero image packing section FROM paketobuildpacks/run-jammy-tiny:latest @@ -77,6 +103,8 @@ LABEL maintainer="Xun Jiang " COPY --from=velero-builder /output / +COPY --from=velero-builder-helper /output / + COPY --from=restic-builder /output / USER cnb:cnb diff --git a/hack/build-restic.sh b/hack/build-restic.sh deleted file mode 100755 index d6a233f4a5..0000000000 --- a/hack/build-restic.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Copyright 2020 the Velero contributors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -# Use /output/usr/bin/ as the default output directory as this -# is the path expected by the Velero Dockerfile. -output_dir=${OUTPUT_DIR:-/output/usr/bin} -restic_bin=${output_dir}/restic -build_path=$(dirname "$PWD") - -if [[ -z "${BIN}" ]]; then - echo "BIN must be set" - exit 1 -fi - -if [[ "${BIN}" != "velero" ]]; then - echo "${BIN} does not need the restic binary" - exit 0 -fi - -if [[ -z "${GOOS}" ]]; then - echo "GOOS must be set" - exit 1 -fi -if [[ -z "${GOARCH}" ]]; then - echo "GOARCH must be set" - exit 1 -fi -if [[ -z "${RESTIC_VERSION}" ]]; then - echo "RESTIC_VERSION must be set" - exit 1 -fi - -mkdir ${build_path}/restic -git clone -b v${RESTIC_VERSION} https://github.com/restic/restic.git ${build_path}/restic -pushd ${build_path}/restic -git apply /go/src/github.com/vmware-tanzu/velero/hack/fix_restic_cve.txt -go run build.go --goos "${GOOS}" --goarch "${GOARCH}" --goarm "${GOARM}" -o ${restic_bin} -chmod +x ${restic_bin} -popd