Build a truly multi platform docker image #660
Conversation
Dockerfile.deps
Outdated
| RUN opam switch create with_coq $COMPILER_VERSION && \ | ||
| eval `opam env --switch=with_coq` && \ | ||
| opam repo add --yes --this-switch coq-released https://coq.inria.fr/opam/released && \ | ||
| opam pin --yes -n coq-struct-tact https://github.com/uwplse/StructTact.git && \ | ||
| opam repo add --yes --this-switch iris-dev https://gitlab.mpi-sws.org/iris/opam.git && \ | ||
| opam pin --yes -n coq-sail-stdpp https://github.com/rems-project/coq-sail.git#f319aad && \ | ||
| opam pin --yes -n coq-cheri-capabilities https://github.com/rems-project/coq-cheri-capabilities.git |
There was a problem hiding this comment.
This is unnecessary, very slow and should be deleted.
Dockerfile.deps
Outdated
| RUN apt-get update | ||
| RUN apt-get upgrade -y | ||
| RUN apt-get install -y opam libgmp-dev libmpfr-dev | ||
| RUN apt-get install -y build-essential libgmp-dev z3 opam cmake pkg-config python3-distutils |
There was a problem hiding this comment.
I believe pkg-config is required for zarith, and build-essential comes via opam, but the rest I'm not sure about?
Also, there's a known-bug with the default Z3 version in Ubuntu 22.04 so maybe a more recent binary release, or installing via opam, is more sensible (opam has version 4.13.0-3).
Dockerfile.deps
Outdated
| # Install Cerberus | ||
| RUN opam switch $COMPILER_VERSION && \ | ||
| eval `opam env --switch=$COMPILER_VERSION` && \ | ||
| opam pin --yes --no-action add cerberus-lib . && \ | ||
| opam pin --yes --no-action add cerberus . && \ | ||
| opam install --yes cerberus | ||
|
|
||
| # Run Cerberus CI tests | ||
| RUN opam switch $COMPILER_VERSION && \ | ||
| eval `opam env --switch=$COMPILER_VERSION` && \ | ||
| cd tests; USE_OPAM='' ./run-ci.sh |
There was a problem hiding this comment.
These are also unnecessary, you should be able to skip straight to the CN section - it will pick up the dependencies automatically.
Dockerfile.deps
Outdated
| RUN opam switch $COMPILER_VERSION && \ | ||
| eval `opam env --switch=$COMPILER_VERSION` && \ | ||
| opam pin --yes --no-action add cn . && \ | ||
| opam install --yes cn ocamlformat.0.26.2 |
There was a problem hiding this comment.
Is the Dockerfile being used for development or as an application? You won't need ocamlformat as an application, but you will for development (and the later source code formatting).
There was a problem hiding this comment.
opam install -y ./cerberus.opam /cerberus-lib ./cn.opam should also work without pinning first.
Dockerfile.deps
Outdated
| # Check CN code formatting | ||
| RUN opam switch $COMPILER_VERSION && \ | ||
| eval `opam env --switch=$COMPILER_VERSION` && \ | ||
| USE_OPAM='' cd backend/cn && dune build @fmt | ||
|
|
||
| # Run CN CI tests |
To run CN on OpenSUT code in a CI: https://github.com/GaloisInc/VERSE-OpenSUT (an example job is here). And more broadly to enable easy CN distribution, such that you don't need to install opam and build everything from scratch. I think I can make the resulting image much smaller (just the compiled CN binary + basic OS dependencies should be sufficient). |
…ith docker build actions
|
Ok in that case, it's more as an application than as dev environment. Simply doing That by itself should be fairly minimal. I don't think CN is linked statically, and so it will need its library dependencies. |
|
Correct, it is more an application in our use case. Do you think the steps outlined here would work for creating a statically linked binary? I am trying to avoid needing opam/ocaml for various reasons (see GaloisInc/VERSE-Toolchain#48) |
|
It might work, but we have no experience with trying that and will be unable to help in case it doesn't. I don't see an explicit rejection of the OCaml platform on the link you sent, and opam is availabe on RHEL. But obviously you can proceed as you need to; we can only support with build instructions as given. |
podhrmic
force-pushed
the
659-docker-image-manifest
branch
from
3450832 to
3d9a7b6
Compare
|
I tried running I also added a RedHat image to the build. |
|
@dc-mak I believe the MR is now ready. The docker build works, but the image is not being pushed into the registry - I think this will be resolved for |
Dockerfile.redhat
Outdated
| RUN opam install --deps-only ./cerberus-lib.opam ./cn.opam | ||
|
|
||
| RUN eval `opam env` \ | ||
| && make install \ |
Dockerfile.redhat
Outdated
|
|
||
| ENV OPAMCONFIRMLEVEL=unsafe-yes | ||
| RUN opam init --disable-sandboxing | ||
| RUN opam install dune lem |
There was a problem hiding this comment.
This line is unnecessary too.
* Simplify the docker build, and properly build a multiplatform image with docker build actions * Temporarily disable scheduled docker build for faster testing * Clean up the release docker image * Add a separate job for RedHat docker image * Added RedHat dockerfile * Revert "Temporarily disable scheduled docker build for faster testing" This reverts commit 5afd280. * Try to specify github tokens * Add CI badges: * Remove un-needed lines per @dc-mak 's suggestions
Fixes #659
Follows the instructions from https://depot.dev/blog/multi-platform-docker-images-in-github-actions