Skip to content

Commit

Permalink
feat: Buildkite pipeline for building dev docker images [ES-9318] (#1873
Browse files Browse the repository at this point in the history 
)

* feat: Change Dockerfile base images to Wolfi

Running the docker image with a mounted `/rally/.rally` directory that
already contains the configuration file didn't work. So I had to change
how we parse the logging config and rally.ini files.

Now we delay the parsing of the environment variables to read time, to
make running from docker and outside of docker compatible with each
other.

Added buildkite jobs to build both release and development docker images
  • Loading branch information
@favilo
favilo authored Oct 29, 2024
1 parent 604cd67 commit b126fd8
Show file tree
Hide file tree
Showing 14 changed files with 564 additions and 76 deletions.
54 changes: 52 additions & 2 deletions .buildkite/dev-docker/pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,53 @@
steps:
- label: ":wave: Greetings" # Label (with rich emojis https://ela.st/bk-emoji).
command: "echo 'My first pipeline!'" # Command to run (evaluated by Bash).
- input: "Build parameters"
if: build.source != "schedule"
fields:
- text: "BUILD_FROM_BRANCH"
key: "BUILD_FROM_BRANCH"
default: ""
hint: "The branch to build from e.g. 'master'. Leave blank to build from the current branch: $BUILDKITE_BRANCH."
required: false
- select: "PUBLIC_DOCKER_REPO"
key: "PUBLIC_DOCKER_REPO"
hint: "Push the Docker image to the public Docker registry (default: No)."
default: "false"
options:
- label: "Yes"
value: "true"
- label: "No"
value: "false"
- select: "PUSH_LATEST"
key: "PUSH_LATEST"
hint: "Push the <branch>-latest tag to the registry."
default: "true"
options:
- label: "Yes"
value: "true"
- label: "No"
value: "false"
- wait
- label: ":docker: Build Docker Artifacts for Rally amd64"
command: bash .buildkite/dev-docker/run.sh build amd64
key: "amd64"
agents:
machineType: "n2-standard-8"
image: family/core-ubuntu-2204
zone: "us-central1-a"
provider: "gcp"
- label: ":docker: Build Docker Artifacts for Rally arm64"
command: bash .buildkite/dev-docker/run.sh build arm64
key: "arm64"
agents:
machineType: "t2a-standard-8"
image: family/core-ubuntu-2204-aarch64
zone: "us-central1-a"
provider: "gcp"
- label: ":docker: build docker manifest"
command: bash .buildkite/dev-docker/run.sh manifest both
key: "manifest"
depends_on:
- "amd64"
- "arm64"
agents:
zone: "us-central1-a"
provider: "gcp"
86 changes: 70 additions & 16 deletions .buildkite/dev-docker/run.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,79 @@ set -eo pipefail
source .buildkite/retry.sh

set +x
RELEASE_VERSION=$(buildkite-agent meta-data get RELEASE_VERSION)

BUILD_FROM_BRANCH=$(buildkite-agent meta-data get BUILD_FROM_BRANCH --default "${BUILDKITE_BRANCH}")
PUSH_LATEST=$(buildkite-agent meta-data get PUSH_LATEST)
PUBLIC_DOCKER_REPO=$(buildkite-agent meta-data get PUBLIC_DOCKER_REPO)

if [[ $# -lt 1 ]]; then
echo "Usage: $0 (build|manifest) ..."
exit 1
fi

ACTION="$1"

# login to docker registry
DOCKER_PASSWORD=$(vault read -field token /secret/ci/elastic-rally/release/docker-hub-rally)
retry 5 docker login -u elasticmachine -p $DOCKER_PASSWORD
if [[ $PUBLIC_DOCKER_REPO == "true" ]]; then
VAULT_PATH="secret/ci/elastic-rally/release/docker-hub-rally"
DOCKER_REGISTRY="docker.io"
PASSWORD_FIELD="token"
else
VAULT_PATH="kv/ci-shared/elasticsearch-benchmarks/cloud/docker-registry-api-credentials"
DOCKER_REGISTRY="docker.elastic.co"
PASSWORD_FIELD="password"
fi

DOCKER_USERNAME=$(retry 5 vault kv get -field username "${VAULT_PATH}")
DOCKER_PASSWORD=$(retry 5 vault kv get -field "${PASSWORD_FIELD}" "${VAULT_PATH}")
retry 5 docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}" ${DOCKER_REGISTRY}
unset DOCKER_PASSWORD
unset DOCKER_USERNAME

build_docker_image() {
tmp_dir=$(mktemp --directory)
pushd "$tmp_dir"
git clone https://github.com/elastic/rally
pushd rally
# checkout the version from the buildkite branch, but build it from the branch we specified
if [[ ! -z "${BUILDKITE_BRANCH}" ]]; then
git checkout "${BUILDKITE_BRANCH}"
else
git checkout "${BUILD_FROM_BRANCH}"
fi
echo "Docker commit: $(git --no-pager log --oneline -n1)"

tmp_dir=$(mktemp --directory)
pushd "$tmp_dir"
git clone https://github.com/elastic/rally
pushd rally
git checkout "${RELEASE_VERSION}"
git --no-pager show
set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./build-dev-docker.sh "$BUILD_FROM_BRANCH" "$ARCH" "$PUSH_LATEST" "$PUBLIC_DOCKER_REPO"

set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./release-docker.sh "$RELEASE_VERSION"
popd
popd
rm -rf "$tmp_dir"
}

popd
popd
rm -rf "$tmp_dir"
build_docker_manifest() {
set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./build-dev-docker-manifest.sh "$BUILD_FROM_BRANCH" "$PUSH_LATEST" "$PUBLIC_DOCKER_REPO"
}

case "$ACTION" in
"build")
if [[ $# -lt 2 ]]; then
echo "Usage: $0 build [amd64|arm64]"
exit 1
fi
ARCH="$2"
build_docker_image
;;
"manifest")
build_docker_manifest
;;
*)
echo "Unknown action: $ACTION"
exit 1
;;
esac
33 changes: 31 additions & 2 deletions .buildkite/release-docker/pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,43 @@
agents:
provider: "gcp"
zone: "us-central1-a"

steps:
- input: "Build parameters"
fields:
- text: "RELEASE_VERSION"
key: "RELEASE_VERSION"
default: ""
hint: "The version to release e.g. '2.8.0'."
- select: "PUSH_LATEST"
key: "PUSH_LATEST"
hint: "Update the latest tag in the registry."
# True, because we want the scheduled pipeline to update the latest tag, eventually
default: "true"
options:
- label: "Yes"
value: "true"
- label: "No"
value: "false"

- wait
- label: "Release Docker Artifacts for Rally"
command: bash .buildkite/release-docker/run.sh
command: bash .buildkite/release-docker/run.sh build amd64
# Run on GCP to use `docker`
key: "amd64"
agents:
machineType: "n2-standard-8"
image: family/core-ubuntu-2204
- label: "Release Docker Artifacts for Rally"
command: bash .buildkite/release-docker/run.sh build arm64
# Run on GCP to use `docker`
key: "arm64"
agents:
provider: gcp
machineType: "t2a-standard-8"
image: family/core-ubuntu-2204-aarch64
- label: ":docker: build docker manifest"
command: bash .buildkite/release-docker/run.sh manifest
key: "manifest"
depends_on:
- "amd64"
- "arm64"
76 changes: 60 additions & 16 deletions .buildkite/release-docker/run.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,67 @@ source .buildkite/retry.sh

set +x
RELEASE_VERSION=$(buildkite-agent meta-data get RELEASE_VERSION)
PUSH_LATEST=$(buildkite-agent meta-data get PUSH_LATEST)

if [[ $# -lt 1 ]]; then
echo "Usage: $0 (build|manifest)"
exit 1
fi

ACTION="$1"

# login to docker registry
DOCKER_PASSWORD=$(vault read -field token /secret/ci/elastic-rally/release/docker-hub-rally)
DOCKER_PASSWORD=$(retry 5 vault kv get -field token /secret/ci/elastic-rally/release/docker-hub-rally)
retry 5 docker login -u elasticmachine -p $DOCKER_PASSWORD
unset DOCKER_PASSWORD

tmp_dir=$(mktemp --directory)
pushd "$tmp_dir"
git clone https://github.com/elastic/rally
pushd rally
git checkout "${RELEASE_VERSION}"
git --no-pager show

set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./release-docker.sh "$RELEASE_VERSION"

popd
popd
rm -rf "$tmp_dir"
build_docker_image() {
tmp_dir=$(mktemp --directory)
pushd "$tmp_dir"
git clone https://github.com/elastic/rally
pushd rally

# checkout the latest version, to make sure we get the latest docker security fixes
if [[ ! -z "${BUILDKITE_BRANCH}" ]]; then
git checkout "${BUILDKITE_BRANCH}"
else
git checkout "${RELEASE_VERSION}"
fi

git "Docker commit: $(git --no-pager log --oneline -n1)"

set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./release-docker.sh "$RELEASE_VERSION" "$ARCH" "$PUSH_LATEST"

popd
popd
rm -rf "$tmp_dir"
}

build_docker_manifest() {
set -x
export TERM=dumb
export LC_ALL=en_US.UTF-8
./release-docker-manifest.sh "$RELEASE_VERSION" "$PUSH_LATEST"
}


case "$ACTION" in
"build")
if [[ $# -lt 2 ]]; then
echo "Usage: $0 build [amd64|arm64]"
exit 1
fi
ARCH="$2"
build_docker_image
;;
"manifest")
build_docker_manifest
;;
*)
echo "Unknown action: $ACTION"
exit 1
;;
esac
98 changes: 98 additions & 0 deletions build-dev-docker-manifest.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
#!/usr/bin/env bash

# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

# Prerequisites for releasing:

# Logged in on Docker Hub (docker login)

# fail this script immediately if any command fails with a non-zero exit code
set -eu

function push_failed {
echo "Error while pushing Docker image. Did you \`docker login\`?"
}

if [[ $# -eq 0 ]] ; then
echo "ERROR: $0 requires the Rally branch to build from as a command line argument and you didn't supply it."
echo "For example: $0 master true"
exit 1
fi
export RALLY_BRANCH=$1
export PUSH_LATEST=$2
export PUBLIC_DOCKER_REPO=$3
if [[ $PUBLIC_DOCKER_REPO == "true" ]]; then
export RALLY_DOCKER_IMAGE="elastic/rally"
else
export RALLY_DOCKER_IMAGE="docker.elastic.co/es-perf/rally"
fi

export RALLY_LICENSE=$(awk 'FNR>=2 && FNR<=2' LICENSE | sed 's/^[ \t]*//')

export GIT_SHA=$(git rev-parse --short HEAD)
export DATE=$(date +%Y%m%d)

export RALLY_VERSION="${RALLY_BRANCH}-${GIT_SHA}-${DATE}"
export MAIN_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')

if [[ $RALLY_BRANCH == $MAIN_BRANCH ]]; then
export DOCKER_TAG_LATEST="dev-latest"
else
export DOCKER_TAG_LATEST="${RALLY_BRANCH}-latest"
fi

echo "========================================================"
echo "Pulling Docker images for Rally $RALLY_VERSION "
echo "========================================================"

docker pull ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION}-amd64
docker pull ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION}-arm64

echo "======================================================="
echo "Creating Docker manifest image for Rally $RALLY_VERSION"
echo "======================================================="

docker manifest create ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION} \
--amend ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION}-amd64 \
--amend ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION}-arm64

trap push_failed ERR
echo "======================================================="
echo "Publishing Docker image ${RALLY_DOCKER_IMAGE}:$RALLY_VERSION "
echo "======================================================="
docker manifest push ${RALLY_DOCKER_IMAGE}:${RALLY_VERSION}

trap - ERR

if [[ $PUSH_LATEST == "true" ]]; then
echo "======================================================="
echo "Creating Docker manifest image for Rally $DOCKER_TAG_LATEST"
echo "======================================================="

docker manifest create ${RALLY_DOCKER_IMAGE}:${DOCKER_TAG_LATEST} \
--amend ${RALLY_DOCKER_IMAGE}:${DOCKER_TAG_LATEST}-amd64 \
--amend ${RALLY_DOCKER_IMAGE}:${DOCKER_TAG_LATEST}-arm64

trap push_failed ERR
echo "======================================================="
echo "Publishing Docker image ${RALLY_DOCKER_IMAGE}:${DOCKER_TAG_LATEST}"
echo "======================================================="
docker manifest push ${RALLY_DOCKER_IMAGE}:${DOCKER_TAG_LATEST}
fi

trap - ERR
Loading

0 comments on commit b126fd8

Please sign in to comment.