ci: add buildkit instead of kaniko. Related to...

ci: add buildkit instead of kaniko. Related to eclipse-wg/oniro-wg/products-services-oniro-wg/it-services-oniro-wg/pipelines-architecture-oniro-wg#10 Signed-off-by: sebastien.heurtematte <sebastien.heurtematte@eclipse-foundation.org>

ci: add buildkit instead of kaniko. Related to...
ci: add buildkit instead of kaniko. Related to eclipse-wg/oniro-wg/products-services-oniro-wg/it-services-oniro-wg/pipelines-architecture-oniro-wg#10 Signed-off-by: sebastien.heurtematte <sebastien.heurtematte@eclipse-foundation.org>
cb30e2d7 · Sébastien Heurtematte · e73576fc · cb30e2d7
Commit cb30e2d7 authored 2 years ago by Sébastien Heurtematte
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -750,72 +750,68 @@ lava-badge:
  needs: [lava-report]
  extends: .lava-badge

-.build-with-kaniko:
+.build-with-buildkit:
  stage: build
  tags:
    - origin:eclipse
    - ctx:oniro-group 
  image:
-    name: gcr.io/kaniko-project/executor:debug
+    name: eclipsefdn/containertools
    entrypoint: [""]
+  variables:
+    SERVICE_ADDRESS: "tcp://buildkitd.foundation-internal-infra-buildkitd:1234"
  script:
-    - test -n "$CI_ONIRO_REGISTRY" || (
-          echo "CI_ONIRO_REGISTRY not provided. Docker registry deployment can not continue."
+    - test -n "$CI_REGISTRY" || (
+          echo "CI_REGISTRY not provided. Docker registry deployment can not continue."
          && exit 1 )
-    - test -n "$CI_ONIRO_REGISTRY_IMAGE" || (
-          echo "CI_ONIRO_REGISTRY_IMAGE not provided. Docker registry deployment can not continue."
+    - test -n "$CI_REGISTRY_IMAGE" || (
+          echo "CI_REGISTRY_IMAGE not provided. Docker registry deployment can not continue."
          && exit 1 )
-    - test -n "$CI_ONIRO_REGISTRY_USER" || (
-          echo "CI_ONIRO_REGISTRY_USER not provided. Docker registry deployment can not continue."
+    - test -n "$CI_REGISTRY_USER" || (
+          echo "CI_REGISTRY_USER not provided. Docker registry deployment can not continue."
          && exit 1 )
-    - test -n "$CI_ONIRO_REGISTRY_TOKEN" || (
-          echo "CI_ONIRO_REGISTRY_TOKEN not provided. Docker registry deployment can not continue."
+    - test -n "$CI_REGISTRY_PASSWORD" || (
+          echo "CI_REGISTRY_PASSWORD not provided. Docker registry deployment can not continue."
          && exit 1 )
    - |
      set -xe
-      mkdir -p /kaniko/.docker
-      printf '{"auths":{"%s":{"auth":"%s"}}}\n' "$CI_ONIRO_REGISTRY" "$(printf '%s:%s' "$CI_ONIRO_REGISTRY_USER" "$CI_ONIRO_REGISTRY_TOKEN" | base64)" > /kaniko/.docker/config.json
+      export HOME=$CI_PROJECT_DIR
+      crane auth login "$CI_REGISTRY" --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD"
      BUILD_DATE="$(date '+%FT%T%z' | sed -E -n 's/(\+[0-9]{2})([0-9]{2})$/\1:\2/p')" #rfc 3339 date
      BUILD_TITLE=$(echo "$CI_PROJECT_TITLE" | tr " " "_")
-      IMAGE_LABELS="$(cat <<EOM
-          --label build-date=$BUILD_DATE
-          --label com.gitlab.ci.cijoburl=$CI_JOB_URL
-          --label com.gitlab.ci.commiturl=$CI_PROJECT_URL/commit/$CI_COMMIT_SHA
-          --label com.gitlab.ci.email=$GITLAB_USER_EMAIL
-          --label com.gitlab.ci.mrurl=$CI_PROJECT_URL/-/merge_requests/$CI_MERGE_REQUEST_ID
-          --label com.gitlab.ci.pipelineurl=$CI_PIPELINE_URL
-          --label com.gitlab.ci.tagorbranch=$CI_COMMIT_REF_NAME
-          --label com.gitlab.ci.user=$CI_SERVER_URL/$GITLAB_USER_LOGIN
-          --label org.opencontainers.image.authors=$CI_SERVER_URL/$GITLAB_USER_LOGIN
-          --label org.opencontainers.image.created=$BUILD_DATE
-          --label org.opencontainers.image.description=$BUILD_TITLE
-          --label org.opencontainers.image.documentation=$CI_PROJECT_URL
-          --label org.opencontainers.image.licenses=$CI_PROJECT_URL
-          --label org.opencontainers.image.ref.name=$CI_ONIRO_REGISTRY:$CI_COMMIT_REF_NAME
-          --label org.opencontainers.image.revision=$CI_COMMIT_SHA
-          --label org.opencontainers.image.source=$CI_PROJECT_URL
-          --label org.opencontainers.image.title=$BUILD_TITLE
-          --label org.opencontainers.image.url=$CI_PROJECT_URL
-          --label org.opencontainers.image.vendor=$CI_SERVER_URL/$GITLAB_USER_LOGIN
-          --label org.opencontainers.image.version=$CI_COMMIT_TAG
-          --label vcs-url=$CI_PROJECT_URL
-      EOM
-      )"
-
-      ADDITIONAL_TAG_LIST="$CI_COMMIT_REF_NAME $CI_COMMIT_SHORT_SHA"
-      if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
-          ADDITIONAL_TAG_LIST="$ADDITIONAL_TAG_LIST latest";
-      fi
-
-      if [ -n "$ADDITIONAL_TAG_LIST" ]; then
-          for TAG in $ADDITIONAL_TAG_LIST; do
-              FORMATTED_TAG_LIST="$FORMATTED_TAG_LIST --tag $CI_REGISTRY_IMAGE:$TAG "
-          done
-      fi
-      FORMATTED_TAG_LIST="$(echo "$FORMATTED_TAG_LIST" | sed -e 's/--tag/--destination/g')"
-
-      echo "Building and shipping image to $CI_ONIRO_REGISTRY"
-      exec /kaniko/executor --context "$CI_PROJECT_DIR/.oniro-ci/containers/$CONTAINER_PATH" --dockerfile "$CI_PROJECT_DIR/.oniro-ci/containers/$CONTAINER_PATH/Dockerfile" --destination $CI_ONIRO_REGISTRY_IMAGE/$CONTAINER_PATH $IMAGE_LABELS
+      IMAGE_ANNOTATIONS="annotation.build-date=$BUILD_DATE,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.cijoburl=$CI_JOB_URL,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.commiturl=$CI_PROJECT_URL/commit/$CI_COMMIT_SHA,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.email=$GITLAB_USER_EMAIL,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.mrurl=$CI_PROJECT_URL/-/merge_requests/$CI_MERGE_REQUEST_ID,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.pipelineurl=$CI_PIPELINE_URL,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.tagorbranch=$CI_COMMIT_REF_NAME,"
+      IMAGE_ANNOTATIONS+="annotation.com.gitlab.ci.user=$CI_SERVER_URL/$GITLAB_USER_LOGIN,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.authors=$CI_SERVER_URL/$GITLAB_USER_LOGIN,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.created=$BUILD_DATE,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.description=$BUILD_TITLE,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.documentation=$CI_PROJECT_URL,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.licenses=$CI_PROJECT_URL,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.ref.name=$CI_REGISTRY:$CI_COMMIT_REF_NAME,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.revision=$CI_COMMIT_SHA,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.source=$CI_PROJECT_URL,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.title=$BUILD_TITLE,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.url=$CI_PROJECT_URL,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.vendor=$CI_SERVER_URL/$GITLAB_USER_LOGIN,"
+      IMAGE_ANNOTATIONS+="annotation.org.opencontainers.image.version=$CI_COMMIT_TAG,"
+      IMAGE_ANNOTATIONS+="annotation.vcs-url=$CI_PROJECT_URL"
+
+      echo "Building and shipping image to $CI_REGISTRY"
+      OUTPUT="$CONTAINER_PATH.tar"
+      buildctl --addr="$SERVICE_ADDRESS" \
+        build \
+          --progress=plain \
+          --frontend=dockerfile.v0 \
+          --local context="$CI_PROJECT_DIR/.oniro-ci/containers/$CONTAINER_PATH" \
+          --local dockerfile="$CI_PROJECT_DIR/.oniro-ci/containers/$CONTAINER_PATH" \
+          --output "type=oci,$IMAGE_ANNOTATIONS,dest=$OUTPUT"
+      crane push "$OUTPUT" "$CI_REGISTRY_IMAGE/$CONTAINER_PATH"
+      crane tag "$CI_REGISTRY_IMAGE/$CONTAINER_PATH" "latest"    
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: never
@@ -827,12 +823,12 @@ lava-badge:
        - .oniro-ci/containers/$CONTAINER_PATH/*

 build-bitbake-builder:
-  extends: .build-with-kaniko
+  extends: .build-with-buildkit
  variables:
    CONTAINER_PATH: bitbake-builder

 build-docs-builder:
-  extends: .build-with-kaniko
+  extends: .build-with-buildkit
  variables:
    CONTAINER_PATH: docs-builder

@@ -843,12 +839,12 @@ build-dco-check:
    CONTAINER_PATH: dco-check

 build-reuse:
-  extends: .build-with-kaniko
+  extends: .build-with-buildkit
  variables:
    CONTAINER_PATH: reuse

 build-npm-cspell:
-  extends: .build-with-kaniko
+  extends: .build-with-buildkit
  variables:
    CONTAINER_PATH: npm-cspell