mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 06:41:51 +00:00
9a41983447
This patch-set aims to make several improvements to our CI caching: 1. Use of registry as build cache: Pushes a separate image to our docker registry at GCP that contains the cache layers. This happens for every PR & main. As a result, we can restore from **both** which should make repeated runs of CI on an individual PR faster and give us a good baseline cache for new PRs from `main`. See https://docs.docker.com/build/ci/github-actions/cache/#registry-cache for details. As a nice side-effect, this allows us to use the 10 GB we have on GitHub actions for other jobs. 2. We make better use of `restore-keys` by also attempting to restore the cache if the fingerprint of our lockfiles doesn't match. This is useful for CI runs that upgrade dependencies. Those will restore a cache that is still useful although doesn't quite match. That is better[^1] than not hitting the cache at all. 3. There were two tiny bugs in our Swift and Android builds: a. We used `rustup show` in the wrong directory and thus did not actually install the toolchain properly. b. We used `shared-key` instead of `key` for the https://github.com/Swatinem/rust-cache action and thus did not differentiate between jobs properly. 5. Our Dockerfile for Rust had a bug where it did not copy in the `rust-toolchain.toml` file in the `chef` layer and thus also did not use the correctly toolchain. 6. We remove the dedicated gradle cache because the build action already comes with a cache configuration: https://github.com/firezone/firezone/actions/runs/6416847209/job/17421412150#step:10:25 [^1]: Over time, this may mean that our caches grow a bit. In an ideal world, we automatically remove files from the caches that haven't been used in a while. The cache action we use for Rust does that automatically: https://github.com/Swatinem/rust-cache?tab=readme-ov-file#cache-details. As a workaround, we can just purge all caches every now and then. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
43 lines
1009 B
Docker
43 lines
1009 B
Docker
FROM lukemathwalker/cargo-chef:latest-rust-1.72-slim-bookworm as chef
|
|
|
|
# See https://github.com/LukeMathWalker/cargo-chef/issues/231.
|
|
COPY rust-toolchain.toml rust-toolchain.toml
|
|
|
|
WORKDIR /build
|
|
|
|
FROM chef as planner
|
|
COPY . .
|
|
RUN cargo chef prepare --recipe-path recipe.json
|
|
|
|
FROM chef as builder
|
|
COPY --from=planner /build/recipe.json .
|
|
RUN cargo chef cook --release --recipe-path recipe.json
|
|
COPY . .
|
|
ARG PACKAGE
|
|
RUN cargo build -p $PACKAGE --release
|
|
|
|
FROM debian:bookworm-slim AS runtime
|
|
WORKDIR /app
|
|
ARG PACKAGE
|
|
COPY --from=builder /build/target/release/$PACKAGE .
|
|
RUN ln -s ./${PACKAGE} ./app
|
|
COPY ./docker-init.sh .
|
|
ENV RUST_BACKTRACE=1
|
|
ENV PATH "/app:$PATH"
|
|
ENV PACKAGE_NAME ${PACKAGE}
|
|
RUN apt-get -qq update \
|
|
&& DEBIAN_FRONTEND=noninteractive \
|
|
apt-get -qq install \
|
|
iputils-ping \
|
|
iptables \
|
|
lsof \
|
|
iproute2 \
|
|
curl \
|
|
iperf3 \
|
|
ca-certificates \
|
|
&& apt-get -qq clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
ENTRYPOINT ["docker-init.sh"]
|
|
CMD ["app"]
|