Skip to content

Commit

Permalink
remove Debian snapshots as default
Browse files Browse the repository at this point in the history 
- make not using snapshots the default
- remove snapshots from CI build

While the snapshots in theory make the build more reproducible, the
snapshot repos is notoriously unreliable in CI making the build fail
more often than it succeeds.

Since we publish and tag the CI builds, if somebody wants to use the
exact same base containers, they can use the tagged image -- reproducing
the image build from scratch is not necessary for that scenario.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
  • Loading branch information
@lsf37
lsf37 committed Jul 22, 2024
1 parent 7972500 commit c27d1f9
Show file tree
Hide file tree
Showing 10 changed files with 14 additions and 20 deletions.
16 changes: 5 additions & 11 deletions .github/workflows/docker-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,10 @@ jobs:
name: Create tag
outputs:
tag: ${{ steps.date.outputs.tag }}
snapshot_date: ${{ steps.date.outputs.snapshot_date }}
steps:
- name: Get date
id: date
run: |
export SNAPSHOT_DATE=$(basename $(curl -ILs -o /dev/null -w %{url_effective} http://snapshot.debian.org/archive/debian/$(date -u +%Y%m%dT%H%M00Z)/) )
echo "snapshot_date=${SNAPSHOT_DATE}" >> $GITHUB_OUTPUT
echo "tag=$(date '+%Y_%m_%d')" >> $GITHUB_OUTPUT
# There is unfortunately no point in parallelising the build of the different
Expand All @@ -40,17 +37,16 @@ jobs:
needs: tag
env:
TAG: ${{ needs.tag.outputs.tag }}
SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }}
steps:
- uses: actions/checkout@v4
- name: "Build trustworthysystems/sel4"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b sel4
./build.sh -v -b sel4
docker tag trustworthysystems/sel4:latest trustworthysystems/sel4:${TAG}-amd64
# the following will also build the plain camkes image:
- name: "Build trustworthysystems/camkes-cakeml-rust"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b camkes -s cakeml -s rust
./build.sh -v -b camkes -s cakeml -s rust
docker tag trustworthysystems/camkes:latest trustworthysystems/camkes:${TAG}-amd64
docker tag trustworthysystems/camkes-cakeml-rust:latest \
trustworthysystems/camkes-cakeml-rust:${TAG}-amd64
Expand Down Expand Up @@ -88,7 +84,6 @@ jobs:
needs: tag
env:
TAG: ${{ needs.tag.outputs.tag }}
SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }}
steps:
- name: Authenticate
if: ${{ github.repository_owner == 'seL4' }}
Expand All @@ -103,12 +98,12 @@ jobs:
- uses: actions/checkout@v4
- name: "Build trustworthysystems/sel4"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -vr -b sel4
./build.sh -vr -b sel4
docker tag trustworthysystems/sel4:latest trustworthysystems/sel4:${TAG}-arm64
# the following will also build the plain camkes image:
- name: "Build trustworthysystems/camkes-cakeml-rust"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -vr -b camkes -s cakeml -s rust
./build.sh -vr -b camkes -s cakeml -s rust
docker tag trustworthysystems/camkes:latest trustworthysystems/camkes:${TAG}-arm64
docker tag trustworthysystems/camkes-cakeml-rust:latest \
trustworthysystems/camkes-cakeml-rust:${TAG}-arm64
Expand Down Expand Up @@ -139,15 +134,14 @@ jobs:
needs: [tag, build-amd64]
env:
TAG: ${{ needs.tag.outputs.tag }}
SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }}
steps:
- uses: actions/checkout@v4

- name: "Build trustworthysystems/l4v"
run: |
docker pull trustworthysystems/camkes:${TAG}-amd64
docker tag trustworthysystems/camkes:${TAG}-amd64 trustworthysystems/camkes:latest
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b l4v
./build.sh -v -b l4v
docker tag trustworthysystems/l4v:latest trustworthysystems/l4v:${TAG}
- name: Authenticate
Expand Down
2 changes: 1 addition & 1 deletion build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ set -ef
: "${DOCKERHUB:=trustworthysystems/}"

# Base images
: "${DEBIAN_IMG:=debian:bullseye-20210816-slim}"
: "${DEBIAN_IMG:=debian:bullseye-slim}"
: "${BASETOOLS_IMG:=base_tools}"

# Core images
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/apply-binary_decomp.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ LABEL MAINTAINER="Luke Mondy (luke.mondy@data61.csiro.au)"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG MAKE_CACHES=yes
ARG SMTSOLVERS_DIR="/smtsolvers"

Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/apply-camkes_vis.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ LABEL MAINTAINER="Luke Mondy (luke.mondy@data61.csiro.au)"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG MAKE_CACHES=yes

ARG SCRIPT=apply-camkes_vis.sh
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/apply-tex.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ LABEL MAINTAINER="Gerwin Klein <gerwin.klein@proofcraft.systems>"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG MAKE_CACHES=yes

ARG SCRIPT=apply-tex.sh
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/base_tools.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ LABEL MAINTAINER="Luke Mondy (luke.mondy@data61.csiro.au)"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG SNAPSHOT_DATE
ARG MAKE_CACHES=yes

Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/camkes.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ LABEL MAINTAINER="Luke Mondy (luke.mondy@data61.csiro.au)"
# ARGS are env vars that are *only available* during the docker build
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG DESKTOP_MACHINE=no
ARG MAKE_CACHES=yes
ARG STACK_ROOT=/etc/stack
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/l4v.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ENV NEW_ISABELLE_SETTINGS "/tmp/isabelle_settings"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG MAKE_CACHES=yes

COPY scripts /tmp/
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/sel4.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ LABEL MAINTAINER="Luke Mondy (luke.mondy@data61.csiro.au)"
# They can be modified at docker build time via '--build-arg VAR="something"'
ARG SCM
ARG DESKTOP_MACHINE=no
ARG USE_DEBIAN_SNAPSHOT=yes
ARG USE_DEBIAN_SNAPSHOT
ARG MAKE_CACHES=yes

ARG SCRIPT=sel4.sh
Expand Down
2 changes: 1 addition & 1 deletion scripts/utils/common.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ set -exuo pipefail
: "${DEBIAN_FRONTEND:=noninteractive}"
export DEBIAN_FRONTEND

: "${USE_DEBIAN_SNAPSHOT:=yes}"
: "${USE_DEBIAN_SNAPSHOT:=no}"
export USE_DEBIAN_SNAPSHOT

# Common vars
Expand Down

0 comments on commit c27d1f9

Please sign in to comment.