From 3a8d575515b108ae25a36f7f74ca90c7ff0d2a52 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 15 Feb 2024 09:36:40 -0800 Subject: [PATCH] Update release tooling and configuration (#8325) Cherry-pick of: * Move build to semaphore VM (#8337) * Use larger Sem VM (#8339) * Try using /mnt to build calico (#8340) * Add manual GCR login for now (#8341) --- .semaphore/release/release.yml | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/.semaphore/release/release.yml b/.semaphore/release/release.yml index 93231b10d30..c2631acb46e 100644 --- a/.semaphore/release/release.yml +++ b/.semaphore/release/release.yml @@ -2,7 +2,7 @@ version: v1.0 name: Publish official release agent: machine: - type: e1-standard-4 + type: e1-standard-8 os_image: ubuntu2004 execution_time_limit: @@ -25,9 +25,20 @@ blocks: # Load the github access secrets. First fix the permissions. - chmod 0600 /home/semaphore/.keys/git_ssh_rsa - ssh-add /home/semaphore/.keys/git_ssh_rsa + # For some reason, /mnt is 100 GB and has a qemu-nbd image file. + # Let's delete it and use it for our own purposes (building calico + # without running out of space) + - sudo killall qemu-nbd || true + - sudo rm -f /mnt/docker.qcow2 + - sudo chown $(id -u):$(id -g) /mnt/ + - mkdir calico + - sudo mount --bind /mnt calico # Checkout the code and unshallow it. + # (this is going to throw an error because it can't remove + # the `calico` directory, which is a mount, but it will + # continue anyway) - checkout - - retry git fetch --unshallow + - retry git fetch --quiet --unshallow # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given # how much we churn docker containers during the build. Disable it. @@ -39,19 +50,24 @@ blocks: # Log in to container registries needed for release. - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io - # Credentials for accessing gcloud, needed to create a GCP VM. - - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/secret.google-service-account-key.json + # Credentials for accessing gcloud, needed to push images to gcr + - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json - gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS} + # Manually log in to GCR until we can test the gcr credentials helper + - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io + - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io + - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io + - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io jobs: - - name: "Release on GCP VM" + - name: "Release on Semaphore VM" execution_time_limit: minutes: 360 env_vars: - name: VAR_FILE value: /home/semaphore/secrets/release.tfvars commands: - - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} -C hack/release release; fi - - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} -C hack/release release-publish; fi + - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi + - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi - name: "Build Openstack Packages" execution_time_limit: minutes: 60 @@ -66,7 +82,3 @@ blocks: - sudo apt update - sudo apt install -y moreutils patchelf - make publish-openstack - epilogue: - always: - commands: - - make VAR_FILE=/home/semaphore/secrets/release.tfvars -C hack/release destroy