Persist builder caches outside container
This commit is contained in:
Mikhail Chusavitin
@@ -7,18 +7,29 @@ REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
|
||||
BUILDER_DIR="${REPO_ROOT}/iso/builder"
|
||||
CONTAINER_TOOL="${CONTAINER_TOOL:-docker}"
|
||||
IMAGE_TAG="${BEE_BUILDER_IMAGE:-bee-iso-builder}"
|
||||
CACHE_DIR="${BEE_BUILDER_CACHE_DIR:-${REPO_ROOT}/dist/container-cache}"
|
||||
AUTH_KEYS=""
|
||||
REBUILD_IMAGE=0
|
||||
|
||||
. "${BUILDER_DIR}/VERSIONS"
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
--cache-dir)
|
||||
CACHE_DIR="$2"
|
||||
shift 2
|
||||
;;
|
||||
--rebuild-image)
|
||||
REBUILD_IMAGE=1
|
||||
shift
|
||||
;;
|
||||
--authorized-keys)
|
||||
AUTH_KEYS="$2"
|
||||
shift 2
|
||||
;;
|
||||
*)
|
||||
echo "unknown arg: $1" >&2
|
||||
echo "usage: $0 [--cache-dir /path] [--rebuild-image] [--authorized-keys /path/to/authorized_keys]" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
@@ -36,25 +47,48 @@ if [ -n "$AUTH_KEYS" ]; then
|
||||
AUTH_KEYS_BASE="$(basename "$AUTH_KEYS_ABS")"
|
||||
fi
|
||||
|
||||
"$CONTAINER_TOOL" build \
|
||||
--build-arg GO_VERSION="${GO_VERSION}" \
|
||||
--build-arg DEBIAN_KERNEL_ABI="${DEBIAN_KERNEL_ABI}" \
|
||||
-t "${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
|
||||
"${BUILDER_DIR}"
|
||||
mkdir -p \
|
||||
"${CACHE_DIR}" \
|
||||
"${CACHE_DIR}/go-build" \
|
||||
"${CACHE_DIR}/go-mod" \
|
||||
"${CACHE_DIR}/tmp" \
|
||||
"${CACHE_DIR}/bee"
|
||||
|
||||
IMAGE_REF="${IMAGE_TAG}:debian${DEBIAN_VERSION}"
|
||||
|
||||
if [ "$REBUILD_IMAGE" = "1" ] || ! "$CONTAINER_TOOL" image inspect "${IMAGE_REF}" >/dev/null 2>&1; then
|
||||
"$CONTAINER_TOOL" build \
|
||||
--build-arg GO_VERSION="${GO_VERSION}" \
|
||||
--build-arg DEBIAN_KERNEL_ABI="${DEBIAN_KERNEL_ABI}" \
|
||||
-t "${IMAGE_REF}" \
|
||||
"${BUILDER_DIR}"
|
||||
else
|
||||
echo "=== using existing builder image ${IMAGE_REF} ==="
|
||||
fi
|
||||
|
||||
set -- \
|
||||
run --rm --privileged \
|
||||
-v "${REPO_ROOT}:/work" \
|
||||
-v "${CACHE_DIR}:/cache" \
|
||||
-e GOCACHE=/cache/go-build \
|
||||
-e GOMODCACHE=/cache/go-mod \
|
||||
-e TMPDIR=/cache/tmp \
|
||||
-e BEE_CACHE_DIR=/cache/bee \
|
||||
-w /work \
|
||||
"${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
|
||||
"${IMAGE_REF}" \
|
||||
sh /work/iso/builder/build.sh
|
||||
|
||||
if [ -n "$AUTH_KEYS" ]; then
|
||||
set -- run --rm --privileged \
|
||||
-v "${REPO_ROOT}:/work" \
|
||||
-v "${CACHE_DIR}:/cache" \
|
||||
-v "${AUTH_KEYS_DIR}:/tmp/bee-authkeys:ro" \
|
||||
-e GOCACHE=/cache/go-build \
|
||||
-e GOMODCACHE=/cache/go-mod \
|
||||
-e TMPDIR=/cache/tmp \
|
||||
-e BEE_CACHE_DIR=/cache/bee \
|
||||
-w /work \
|
||||
"${IMAGE_TAG}:debian${DEBIAN_VERSION}" \
|
||||
"${IMAGE_REF}" \
|
||||
sh /work/iso/builder/build.sh --authorized-keys "/tmp/bee-authkeys/${AUTH_KEYS_BASE}"
|
||||
fi
|
||||
|
||||
|
||||
@@ -43,6 +43,9 @@ echo "kernel headers (arch): $KDIR_ARCH"
|
||||
echo "kernel headers (common): $KDIR_COMMON"
|
||||
|
||||
CACHE_DIR="${DIST_DIR}/nvidia-${NVIDIA_VERSION}-${KVER}"
|
||||
CACHE_ROOT="${BEE_CACHE_DIR:-${DIST_DIR}/cache}"
|
||||
DOWNLOAD_CACHE_DIR="${CACHE_ROOT}/nvidia-downloads"
|
||||
EXTRACT_CACHE_DIR="${CACHE_ROOT}/nvidia-extract"
|
||||
if [ -d "$CACHE_DIR/modules" ] && [ -f "$CACHE_DIR/bin/nvidia-smi" ]; then
|
||||
echo "=== NVIDIA cached, skipping build ==="
|
||||
echo "cache: $CACHE_DIR"
|
||||
@@ -52,13 +55,14 @@ fi
|
||||
|
||||
# Download official NVIDIA .run installer with sha256 verification
|
||||
BASE_URL="https://download.nvidia.com/XFree86/Linux-x86_64/${NVIDIA_VERSION}"
|
||||
RUN_FILE="/var/tmp/NVIDIA-Linux-x86_64-${NVIDIA_VERSION}.run"
|
||||
SHA_FILE="/var/tmp/NVIDIA-Linux-x86_64-${NVIDIA_VERSION}.run.sha256sum"
|
||||
mkdir -p "$DOWNLOAD_CACHE_DIR" "$EXTRACT_CACHE_DIR"
|
||||
RUN_FILE="${DOWNLOAD_CACHE_DIR}/NVIDIA-Linux-x86_64-${NVIDIA_VERSION}.run"
|
||||
SHA_FILE="${DOWNLOAD_CACHE_DIR}/NVIDIA-Linux-x86_64-${NVIDIA_VERSION}.run.sha256sum"
|
||||
|
||||
verify_run() {
|
||||
[ -s "$SHA_FILE" ] || return 1
|
||||
[ -s "$RUN_FILE" ] || return 1
|
||||
cd /var/tmp
|
||||
cd "$DOWNLOAD_CACHE_DIR"
|
||||
sha256sum -c "$SHA_FILE" --status 2>/dev/null
|
||||
}
|
||||
|
||||
@@ -69,7 +73,7 @@ if ! verify_run; then
|
||||
echo "sha256: $(cat "$SHA_FILE")"
|
||||
wget --show-progress -O "$RUN_FILE" "${BASE_URL}/NVIDIA-Linux-x86_64-${NVIDIA_VERSION}.run"
|
||||
echo "=== verifying sha256 ==="
|
||||
cd /var/tmp && sha256sum -c "$SHA_FILE" || { echo "ERROR: sha256 mismatch"; rm -f "$RUN_FILE"; exit 1; }
|
||||
cd "$DOWNLOAD_CACHE_DIR" && sha256sum -c "$SHA_FILE" || { echo "ERROR: sha256 mismatch"; rm -f "$RUN_FILE"; exit 1; }
|
||||
echo "sha256 OK"
|
||||
else
|
||||
echo "=== NVIDIA installer verified from cache ==="
|
||||
@@ -78,7 +82,7 @@ fi
|
||||
# Extract installer contents
|
||||
echo "=== extracting installer ==="
|
||||
chmod +x "$RUN_FILE"
|
||||
EXTRACT_DIR="/var/tmp/nvidia-extract-${NVIDIA_VERSION}"
|
||||
EXTRACT_DIR="${EXTRACT_CACHE_DIR}/nvidia-extract-${NVIDIA_VERSION}"
|
||||
rm -rf "$EXTRACT_DIR"
|
||||
"$RUN_FILE" --extract-only --target "$EXTRACT_DIR"
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ DIST_DIR="${REPO_ROOT}/dist"
|
||||
VENDOR_DIR="${REPO_ROOT}/iso/vendor"
|
||||
BUILD_WORK_DIR="${DIST_DIR}/live-build-work"
|
||||
OVERLAY_STAGE_DIR="${DIST_DIR}/overlay-stage"
|
||||
CACHE_ROOT="${BEE_CACHE_DIR:-${DIST_DIR}/cache}"
|
||||
AUTH_KEYS=""
|
||||
|
||||
# parse args
|
||||
@@ -29,6 +30,10 @@ done
|
||||
. "${BUILDER_DIR}/VERSIONS"
|
||||
export PATH="$PATH:/usr/local/go/bin"
|
||||
mkdir -p "${DIST_DIR}"
|
||||
mkdir -p "${CACHE_ROOT}"
|
||||
: "${GOCACHE:=${CACHE_ROOT}/go-build}"
|
||||
: "${GOMODCACHE:=${CACHE_ROOT}/go-mod}"
|
||||
export GOCACHE GOMODCACHE
|
||||
|
||||
echo "=== bee ISO build ==="
|
||||
echo "Debian: ${DEBIAN_VERSION}, Kernel ABI: ${DEBIAN_KERNEL_ABI}, Go: ${GO_VERSION}"
|
||||
@@ -51,7 +56,16 @@ if [ "$NEED_BUILD" = "1" ]; then
|
||||
-o "$BEE_BIN" \
|
||||
./cmd/bee
|
||||
echo "binary: $BEE_BIN"
|
||||
echo "size: $(du -sh "$BEE_BIN" | cut -f1)"
|
||||
if command -v stat >/dev/null 2>&1; then
|
||||
BEE_SIZE_BYTES="$(stat -c '%s' "$BEE_BIN" 2>/dev/null || stat -f '%z' "$BEE_BIN")"
|
||||
else
|
||||
BEE_SIZE_BYTES="$(wc -c < "$BEE_BIN" | tr -d ' ')"
|
||||
fi
|
||||
if command -v numfmt >/dev/null 2>&1; then
|
||||
echo "size: $(numfmt --to=iec --suffix=B "$BEE_SIZE_BYTES")"
|
||||
else
|
||||
echo "size: ${BEE_SIZE_BYTES} bytes"
|
||||
fi
|
||||
else
|
||||
echo "=== bee binary up to date, skipping build ==="
|
||||
fi
|
||||
@@ -201,7 +215,16 @@ if [ -f "$ISO_RAW" ]; then
|
||||
echo ""
|
||||
echo "=== done ==="
|
||||
echo "ISO: $ISO_OUT"
|
||||
echo "Size: $(du -sh "$ISO_OUT" | cut -f1)"
|
||||
if command -v stat >/dev/null 2>&1; then
|
||||
ISO_SIZE_BYTES="$(stat -c '%s' "$ISO_OUT" 2>/dev/null || stat -f '%z' "$ISO_OUT")"
|
||||
else
|
||||
ISO_SIZE_BYTES="$(wc -c < "$ISO_OUT" | tr -d ' ')"
|
||||
fi
|
||||
if command -v numfmt >/dev/null 2>&1; then
|
||||
echo "Size: $(numfmt --to=iec --suffix=B "$ISO_SIZE_BYTES")"
|
||||
else
|
||||
echo "Size: ${ISO_SIZE_BYTES} bytes"
|
||||
fi
|
||||
else
|
||||
echo "ERROR: ISO not found at $ISO_RAW"
|
||||
exit 1
|
||||
|
||||
Reference in New Issue
Block a user