Build multi-arch images for commits on main #7900
Conversation
✅ Deploy Preview for prefect-orion ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
ddelange
changed the title
ddelange
force-pushed
the
docker-builds-dev-main
branch
from
ea6f99f
to
c64d46a
Compare
ddelange
force-pushed
the
docker-builds-dev-main
branch
from
c64d46a
to
2db6388
Compare
.github/workflows/docker-builds.yaml
Outdated
| images: prefecthq/prefect-dev | ||
| # first tag generated here will be used in CACHE_IMAGE below | ||
| tags: | | ||
| type=raw,enable=${{ github.event_name == 'release' }},value=${{ github.ref_name }},suffix=-python${{ matrix.python-version }} |
There was a problem hiding this comment.
This will be skipped since this is on push/dispatch for now, right?
There was a problem hiding this comment.
thanks for pointing this one out, this is not intended. it should be negated, because ref_name points to a tag on release event and not a branch. The git rev-parse setup from before would return HEAD because a release event is a detached branch so is also unusable. it seems to be hard to get out which branch the release was made from.
| type=raw,enable=${{ github.event_name == 'release' }},value=${{ github.ref_name }},suffix=-python${{ matrix.python-version }} | |
| type=raw,enable=${{ github.event_name != 'release' }},value=${{ github.ref_name }},suffix=-python${{ matrix.python-version }} |
this means there will be no cache hit on a release event, because the CACHE_IMAGE would point to the sha pattern instead of the branch pattern, and we dont have buildcache for the sha pattern. fix would be to hardcode a buildcache tag in the cache-from and cache-to based on github.matrix. so not getting it from metadata-action.
There was a problem hiding this comment.
I don't think we need to know what branch releases are made from, we can just always pull from the cache on main?
There was a problem hiding this comment.
yes fine by me, will hardcode 👍
|
Thanks for splitting this up! It's much easier to review. |
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 |
There was a problem hiding this comment.
This reminds me of the issue with retagging images build from main on release — the image will have the wrong version information. versioneer pulls information from git into a static file on Python package build.
There was a problem hiding this comment.
we solved this problem with a mount directive: https://github.com/pypa/setuptools_scm#usage-from-docker
There was a problem hiding this comment.
although that does void all subsequent layer caches, so we have to do it as late as possible 😅
There was a problem hiding this comment.
Hm we just copy the .git folder in during the build step which works fine. The issue is that we cannot retag these images on release, we'll need to rebuild them.
There was a problem hiding this comment.
ah gotcha. yes copying .git might be unwanted layer size if you have a lot of history. setuptools_scm also needs fetch-depth: 0 btw... ref pypa/setuptools-scm#480
they do however provide a 'pretend' environment variable mechanic you could combine with ${{ github.ref_name}} to 'solve' the problem
|
@jawnsy would you be able to take a look at this and investigate Docker credentials that can only push to |
|
fwiw I can see no real security concerns with using the same token for all image pushes without manual approval. the action only pushes to production on a |
|
I've now added DockerHub credentials scoped to |
| name: Build Docker images | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
I believe you'll need "environment: dev" like we do for the prod environment https://github.com/PrefectHQ/prefect/blob/main/.github/workflows/release.yaml#L186
There was a problem hiding this comment.
good catch! d6defda
|
fix for failing |
…r-builds-release * 'main' of https://github.com/ddelange/prefect: (131 commits) Fix docker-builds.yaml templating syntax (PrefectHQ#8114) Rename Worker pools -> work pools (PrefectHQ#8107) Build multi-arch images for commits on main (PrefectHQ#7900) [Issue PrefectHQ#456] Change example of `infra_override` in docs/concepts/deployment (PrefectHQ#8101) Bump @playwright/test from 1.29.1 to 1.29.2 in /orion-ui (PrefectHQ#8105) Bump @prefecthq/orion-design from 1.1.53 to 1.1.54 in /orion-ui (PrefectHQ#8104) Update deployment docs to include tag and idempotency key (PrefectHQ#7771) Add `BaseWorker` and `ProcessWorker` (PrefectHQ#7996) Add Peyton and Serina as global code owners (PrefectHQ#8098) Add release notes for 2.7.7 (PrefectHQ#8091) Add youtube badge (PrefectHQ#8089) Adds `MAX_RRULE_LENGTH` (PrefectHQ#7762) Limit task run cache key size (PrefectHQ#7275) Add --match flag to work queues documentation (PrefectHQ#7768) Modify disable ssl setting tests to allow any for headers and timeout (PrefectHQ#8086) Add test for allow_failure and quote (PrefectHQ#8055) Adds `experimental_field` decorator (PrefectHQ#8066) add docs on migrating block documents (PrefectHQ#8085) Add Redoc documentation for REST API reference (PrefectHQ#7503) Allow disabling SSL verification (PrefectHQ#7850) ...
…refect into docker-builds-consolidation * 'docker-builds-release' of https://github.com/ddelange/prefect: (131 commits) Fix docker-builds.yaml templating syntax (PrefectHQ#8114) Rename Worker pools -> work pools (PrefectHQ#8107) Build multi-arch images for commits on main (PrefectHQ#7900) [Issue PrefectHQ#456] Change example of `infra_override` in docs/concepts/deployment (PrefectHQ#8101) Bump @playwright/test from 1.29.1 to 1.29.2 in /orion-ui (PrefectHQ#8105) Bump @prefecthq/orion-design from 1.1.53 to 1.1.54 in /orion-ui (PrefectHQ#8104) Update deployment docs to include tag and idempotency key (PrefectHQ#7771) Add `BaseWorker` and `ProcessWorker` (PrefectHQ#7996) Add Peyton and Serina as global code owners (PrefectHQ#8098) Add release notes for 2.7.7 (PrefectHQ#8091) Add youtube badge (PrefectHQ#8089) Adds `MAX_RRULE_LENGTH` (PrefectHQ#7762) Limit task run cache key size (PrefectHQ#7275) Add --match flag to work queues documentation (PrefectHQ#7768) Modify disable ssl setting tests to allow any for headers and timeout (PrefectHQ#8086) Add test for allow_failure and quote (PrefectHQ#8055) Adds `experimental_field` decorator (PrefectHQ#8066) add docs on migrating block documents (PrefectHQ#8085) Add Redoc documentation for REST API reference (PrefectHQ#7503) Allow disabling SSL verification (PrefectHQ#7850) ...
On commits to
main, push:prefecthq/prefect-dev:main-python3.Xprefecthq/prefect-dev:sha-424242-python3.Xprefecthq/prefect-dev:main-python3.X-condaprefecthq/prefect-dev:sha-424242-python3.X-condaExample
Steps 1-3 ref #7740 (comment) for multi arch docker images, towards #5388
Checklist
<link to issue>"fix,feature,enhancement