containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9082 from saschagrunert/static-build 

Fix static build cache by using cachix
This commit is contained in:
OpenShift Merge Robot 2021-01-27 15:18:22 -05:00 committed by GitHub
parent 14cc4aaf0a f8bf509d16
commit 9d59daa7cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.cirrus.yml
View File

@ -351,14 +351,13 @@ static_alt_build_task:
ALT_NAME: 'Static build' ALT_NAME: 'Static build'
# Do not use 'latest', fixed-version tag for runtime stability. # Do not use 'latest', fixed-version tag for runtime stability.
CTR_FQIN: "docker.io/nixos/nix:2.3.6" CTR_FQIN: "docker.io/nixos/nix:2.3.6"
# Authentication token for pushing the build cache to cachix.
# This is critical, it helps to avoid a very lengthy process of # This is critical, it helps to avoid a very lengthy process of
# statically building every dependency needed to build podman. # statically building every dependency needed to build podman.
# Assuming the dependency and build description hasn't changed, # Assuming the pinned nix dependencies in nix/nixpkgs.json have not
# this cache ensures only the static podman binary is built. # changed, this cache will ensure that only the static podman binary is
nix_cache: # built.
folder: '/var/cache/nix' CACHIX_AUTH_TOKEN: ENCRYPTED[df0d4d0a67474e8ea49cc503221dcb912b7e2ba45c8ec4bf2e5fd9c49a18ac21c24bacee59b5393355ed9e4358d2baef]
# Cirrus will calculate/use sha of this output as the cache key
fingerprint_script: echo "${IMAGE_SUFFIX}" && cat nix/*
setup_script: *setup setup_script: *setup
main_script: *main main_script: *main
always: *binary_artifacts always: *binary_artifacts

1
contrib/cirrus/required_host_ports.txt
View File

@ -2,3 +2,4 @@ github.com 22
docker.io 443 docker.io 443
quay.io 443 quay.io 443
registry.fedoraproject.org 443 registry.fedoraproject.org 443
podman.cachix.org 443

17
contrib/cirrus/runner.sh
View File

@ -241,15 +241,14 @@ function _run_altbuild() {
req_env_vars CTR_FQIN req_env_vars CTR_FQIN
[[ "$UID" -eq 0 ]] || \ [[ "$UID" -eq 0 ]] || \
die "Static build must execute nixos container as root on host" die "Static build must execute nixos container as root on host"
mkdir -p /var/cache/nix podman run -i --rm \
podman run -i --rm -v /var/cache/nix:/mnt/nix:Z \ -e CACHIX_AUTH_TOKEN \
$CTR_FQIN cp -rfT /nix /mnt/nix -v $PWD:$PWD:Z -w $PWD $CTR_FQIN sh -c \
podman run -i --rm -v /var/cache/nix:/nix:Z \ "nix-env -iA cachix -f https://cachix.org/api/v1/install && \
-v $PWD:$PWD:Z -w $PWD $CTR_FQIN \ cachix use podman && \
nix --print-build-logs --option cores 4 --option max-jobs 4 \ nix-build nix && \
build --file ./nix/ nix-store -qR --include-outputs \$(nix-instantiate nix/default.nix) | grep -v podman | cachix push podman && \
# result symlink is absolute from container perspective :( cp -R result/bin ."
cp /var/cache/$(readlink result)/bin/podman ./ # for cirrus-ci artifact
rm result # makes cirrus puke rm result # makes cirrus puke
;; ;;
*) *)

8
nix/nixpkgs.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/nixos/nixpkgs", "url": "https://github.com/nixos/nixpkgs",
"rev": "4a75203f0270f96cbc87f5dfa5d5185690237d87", "rev": "ce7b327a52d1b82f82ae061754545b1c54b06c66",
"date": "2020-12-29T03:18:48+01:00", "date": "2021-01-25T11:28:05+01:00",
"path": "/nix/store/scswsm6r4jnhp9ki0f6s81kpj5x6jkn7-nixpkgs", "path": "/nix/store/dpsa6a1sy8hwhwjkklc52brs9z1k5fx9-nixpkgs",
"sha256": "0h70fm9aa7s06wkalbadw70z5rscbs3p6nblb47z523nhlzgjxk9", "sha256": "1rc4if8nmy9lrig0ddihdwpzg2s8y36vf20hfywb8hph5hpsg4vj",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false