From d35d7f4b13c079f962be2c866339b0ab3ad8c452 Mon Sep 17 00:00:00 2001 From: Aiden Grossman Date: Mon, 20 Jan 2025 11:53:25 -0800 Subject: [PATCH] [Github] Add Agent Container Image (#123486) This patch adds an agent container image on top of the normal CI container image. They are the exact same except that the agent container image also contains Github Runner binaries. I've split it into a separate container as only one user of these images (the new premerge) needs this binary installed, and it bloats the container image size significantly (900MB->1.3GB or so). --- .github/workflows/build-ci-container.yml | 11 +++++++++-- .../containers/github-action-ci/Dockerfile | 13 ++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-ci-container.yml b/.github/workflows/build-ci-container.yml index 4fa0713b381ceb..50e7a0bcc679af 100644 --- a/.github/workflows/build-ci-container.yml +++ b/.github/workflows/build-ci-container.yml @@ -36,19 +36,22 @@ jobs: tag=`date +%s` container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/ci-ubuntu-22.04" echo "container-name=$container_name" >> $GITHUB_OUTPUT + echo "container-name-agent=$container_name-agent" >> $GITHUB_OUTPUT echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT + echo "container-name-agent-tag=$container_name-agent:$tag" >> $GITHUB_OUTPUT echo "container-filename=$(echo $container_name:$tag | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT - name: Build container working-directory: ./.github/workflows/containers/github-action-ci/ run: | - podman build -t ${{ steps.vars.outputs.container-name-tag }} . + podman build --target ci-container -t ${{ steps.vars.outputs.container-name-tag }} . + podman build --target ci-container-agent -t ${{ steps.vars.outputs.container-name-agent-tag }} . # Save the container so we have it in case the push fails. This also # allows us to separate the push step into a different job so we can # maintain minimal permissions while building the container. - name: Save container image run: | - podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }} + podman save ${{ steps.vars.outputs.container-name-tag }} ${{ steps.vars.outputs.container-name-agent-tag }} > ${{ steps.vars.outputs.container-filename }} - name: Upload container image uses: actions/upload-artifact@v4 @@ -86,3 +89,7 @@ jobs: podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io podman push ${{ needs.build-ci-container.outputs.container-name-tag }} podman push ${{ needs.build-ci-container.outputs.container-name }}:latest + + podman tag ${{ needs.build-ci-container.outpus.container-name-agent-tag }} ${{ needs.build-ci-container.outputs.container-name-agent }}:latest + podman push ${{ needs.build-ci-container.outputs.container-name-agent-tag }} + podman push ${{ needs.build-ci-container.outputs.container-name-agent }}:latest diff --git a/.github/workflows/containers/github-action-ci/Dockerfile b/.github/workflows/containers/github-action-ci/Dockerfile index b600d3b72d9547..35a0f1f6020dcd 100644 --- a/.github/workflows/containers/github-action-ci/Dockerfile +++ b/.github/workflows/containers/github-action-ci/Dockerfile @@ -39,7 +39,7 @@ RUN cmake -B ./build -G Ninja ./llvm \ RUN ninja -C ./build stage2-clang-bolt stage2-install-distribution && ninja -C ./build install-distribution -FROM base +FROM base as ci-container COPY --from=stage1-toolchain $LLVM_SYSROOT $LLVM_SYSROOT @@ -92,4 +92,15 @@ RUN adduser gha sudo RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER gha +WORKDIR /home/gha + +FROM ci-container as ci-container-agent + +ENV GITHUB_RUNNER_VERSION=2.321.0 + +RUN mkdir actions-runner && \ + cd actions-runner && \ + curl -O -L https://github.com/actions/runner/releases/download/v$GITHUB_RUNNER_VERSION/actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \ + tar xzf ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \ + rm ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz