[FEATURE] Make github actions build docker images and push to ghcr.io #5073
Comments
It is possible to trigger some actions only when certain files/directories are modified, the Zephyr project uses this: https://github.com/trilom/file-changes-action https://github.com/zephyrproject-rtos/test_results/blob/ef9cc5a9387649/.github/workflows/check_results.yml#L33 EDIT: this project looks orphaned. Also, does it have 1000+ dependencies!? |
|
Automated builds are nice, but without testing they're not worth much. That's why Docker images are built manually right now: because images have to be manually tested anyway. So for now I don't see the value of storing in some cloud all these docker images (one for every PR?) if they're not tested at all. By the way how does ghcr.io compare with Docker Hub that we use currently, why do you seem to recommend a switch to it? Is its pricing there: https://github.com/features/packages#pricing ? |
yes that's possible, but I think we should also build periodically since I don't think we can detect xtensa-overlay, crosstool-ng & friends' changes easily now. Also nit about
I once wanted to use new toolchains added in the overlays but the it was not in the docker.io image. Would be nice if there's a grab & go container to use, as building the toolchain takes a long time. For the testing concern, I think we can instead only tag verified images as Or alternatively still use docker as source of truth, and let github just host unstable images as a first step.
Yes, the page says GitHub Packages is free for public repositories One more thing I'd like to mention is last time (~1 yrs) I tried ghcr.io's network bandwidth is not very good, which needs to be re-evaluated. |
A clean pull from
While the docker.io registry download is much faster (I don't have a good way to measure it though), the time is dominated by image extraction so the difference isn't that much. |
Thanks for asking very good questions and starting this discussion. There is one simple way to solve most of these problems: 1. Extract
I'm not familiar with docker image versioning but I'm afraid that's not enough separation. I mean when I type |
There is a good chance the Github registery is very fast when used from Github-hosted Github Actions.
Maybe this if you really really want to test
Right, a large optimization of a small part is actually a small optimization. As long as the performance is comparable I would focus on all the other aspects instead: features and integration, reliability, ease of use, rate limits, price... |
Yeah I imagine that'd make a lot of things easier
maybe git submodule is a good candidate?
The docs isn't very clear about what this command does, but it seems to list what each image layer adds on top of the previous layer, rather than the history of different builds: Given that I think having a lot of builds won't actually pollute its output.
docker images similarly to git can be tagged. It looks like this in docker hub's UI and this in ghcr's UI. Assuming we have a dedicated sof-docker repository and use submodules to track dependencies,
This way, we'll have view of |
Submodules have very few fans, I think we should move to In this particular case though I think a "stable" config file with few revisions would be much simpler and do the job. Either submodules or west would be overkill and unnecessarily require people to learn a new tool (git submodules have been "new" to me for 15 years, I have to refresh my memories every single time)
My bad. I think I finally found why I was ignorant about versioning Docker images: because Docker provides no such feature at all, everyone must roll their own versioning. It's very time consuming to search documentation of a feature that does not exist; fortunately there is stackoverflow :-) Considering Docker's "roll your own" versioning approach, using different image names for official versus PR images seems like a bare minimum to me.
Sounds good. For PR images we could use the PR number + the git sha.
Considering how infrequently our docker image has been moving so far, I don't see the point of rebuilding the same image every night over and over again, sounds like noise. Nightly builds are useful there are a significant number of relatively fast moving parts. In such fast-paced environments you cannot build every combination of every git push or merge in every repo, so nightly builds provide useful checkpoints. However in the very different and slow moving case of our docker image and toolchains we can build every incoming code change. Building for every docker image change will result in much fewer images in total and more images different from each other. Unless there are plans for some new, fast-paced toolchain developments that I'm not aware of? Scary :-)
Right, and not call a tag that moves back |
|
Thanks for the information and verification @afq984. After working with some docker images today, I can see how there'd be a benefit to potentially leveraging some of this. |
|
un-assigning myself as not having cycles to work on this |
|
@greg-intel is this something you can own ? |
|
After using the same Docker image for a long period we had a recent burst of upgrades because of topologies v2 and there will be a couple more coming (see #5323 + links, maybe #5386 some day) but I think this was unusual, I expect the tempo to slow down again. This means the return on investment of automating some testing will be low, more effort than testing manually. tl;dr: I think this is a P3 right now. |
|
Yeah, I agree with Marc. Also, automated means someone's not actively vetting the image, which means we'd maybe want more framework than running the docker build and upload commands. TBH, it's entirely possible, but I haven't given it too much thought. But if someone finds themselves with the bandwidth to work on this, I'd support their effort. |
|
The Docker image with the Zephyr SDK is available on both docker.io and ghcr.io. So I submitted a switch of our Zephyr build to ghcr: It's not faster. I still think it's valuable, see why in #5738 |
|
Reading #5738, I do feel this FR is essentially two independent things combined together:
While there's no great demand on (1), how about hosting the docker image on both docker.io & ghcr.io? The benefits would be the same as #5738, not sure if it's worth the maintenance burden though. |
|
This could be useful https://github.com/marketplace/actions/docker-setup-buildx |
Is your feature request related to a problem? Please describe.
docker.io/thesofproject/sof AFAIK is built manually and can become stale from time to time
Describe the solution you'd like
make GitHub Actions build docker images
on: scheduleand push GitHub Action built docker images to ghcr.io (GitHub container registry)Describe alternatives you've considered
on: push: branches: [main].sof_buildertakes too long to build and most build dependencies are actually not pinned by thesofproject/sof so I think it doesn't make too much sense to tie the action run to thesofproject/sof commits.Additional context
I tried the setup on my account, highlights of steps below:
Allow the repository actions to push to ghcr.io containers
Using
GITHUB_TOKENis the preferred method of accessing ghcr.io in actions (instead of using a personal access token). However the docs are a bit stale. What I did was:Get github personal access token here. This is used just to create the container package.
Create ghcr.io package
Go to the package settings page of the created container package. Add the sof repository to the package to allow it to push to the registry
Repeat the above for
sofqemuMaybe need to tweak https://github.com/thesofproject/sof/settings/actions. The defaults worked for me but YMMV.
Setup github actions
Demos:
The text was updated successfully, but these errors were encountered: