Test/containerci dev #14
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This frees us from GitHub actions brownouts and early deprecation by no longer using Microsoft-maintained images in favor of bare images from Docker Hub. The latter keeps images available for a longer time, regardless of whether or not Canonical directly supports them. Benefits: - Decouples our release cycle from what Microsoft is willing to spend support effort on. - Reduces bloat in base images Because the bare ubuntu images contain a lot less pre-installed tooling, some changes in orchestration need to be made for this to be successful, as well as some workarounds can be removed: - All GitHub Actions base operating systems are set to ubuntu-24.04, as all we use from this now is containerd. - All docker images remain ubuntu:20.04 for now, as this is needed for symbol compatibility (and for now, we use the same version in Gitian builds) - Until the base image used for GitHub Actions and the provided containerd is providing sandboxed mounting on /proc, every process that needs custom binfmts needs to be ran privileged. Currently this means all windows builds need this. see: https://lore.kernel.org/all/[email protected]/ - Staying on custom binfmts, the Microsoft-maintained image contained mono runtimes and reduced compatibility with wine, for which we had workarounds in place. These are no longer needed and have been removed. - For future troubleshooting, the currently installed binfmts and the kernel version are verbosely displayed inside jobs - Because GitHub Actions does not allow us to pass zero arguments to container options, whenever there are none a dummy environment value 1DOGE is set to 1DOGE. - For macOS, the libbz2-dev library was missing from our system dependencies, this was masked by it being installed by default in the Microsoft-maintained image. - Bare containers do not come configured with a timezone, so this needed to be added to container initialization before any apt calls are made. - Because Microsoft runs the container under uid 1001, which does not exist in the bare ubuntu:20.04 image, a special cleanup step for the qa/cache needed to be made, or else the build caches would fail to upload at the end of the CI run.
- do not containerize the linter (for now) as all it does is a python3 check on translations. - do not containerize codeql but anyway run it on ubuntu:24.04, as static analysis should not care about the underlying OS and for analysis newer is better. - fixes the branches codeql is called on
patricklodder
force-pushed
the
test/containerci-dev
branch
from
9606baf to
677352f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.