@@ -74,25 +74,6 @@ if [ -f "$docker_dir/$image/Dockerfile" ]; then
7474
7575 cksum=$( sha512sum $hash_key | \
7676 awk ' {print $1}' )
77-
78- url=" https://$CACHE_DOMAIN /docker/$cksum "
79-
80- echo " Attempting to download $url "
81- rm -f /tmp/rustci_docker_cache
82- set +e
83- retry curl --max-time 600 -y 30 -Y 10 --connect-timeout 30 -f -L -C - \
84- -o /tmp/rustci_docker_cache " $url "
85-
86- docker_archive_hash=$( sha512sum /tmp/rustci_docker_cache | awk ' {print $1}' )
87- echo " Downloaded archive hash: ${docker_archive_hash} "
88-
89- echo " Loading images into docker"
90- # docker load sometimes hangs in the CI, so time out after 10 minutes with TERM,
91- # KILL after 12 minutes
92- loaded_images=$( /usr/bin/timeout -k 720 600 docker load -i /tmp/rustci_docker_cache \
93- | sed ' s/.* sha/sha/' )
94- set -e
95- printf " Downloaded containers:\n$loaded_images \n"
9677 fi
9778
9879 dockerfile=" $docker_dir /$image /Dockerfile"
@@ -103,46 +84,50 @@ if [ -f "$docker_dir/$image/Dockerfile" ]; then
10384 context=" $script_dir "
10485 fi
10586 echo " ::group::Building docker image for $image "
87+ echo " Image input checksum ${cksum} "
10688
107- # As of August 2023, Github Actions have updated Docker to 23.X,
108- # which uses the BuildKit by default. It currently throws aways all
109- # intermediate layers, which breaks our usage of S3 layer caching.
110- # Therefore we opt-in to the old build backend for now.
111- export DOCKER_BUILDKIT=0
112- retry docker \
113- build \
114- --rm \
115- -t rust-ci \
116- -f " $dockerfile "
117- " $context "
118- echo " ::endgroup::"
119-
120- if [ " $CI " != " " ; then
121- s3url=" s3://$SCCACHE_BUCKET /docker/$cksum "
122- upload=" aws s3 cp - $s3url "
123- digest=$( docker inspect rust-ci --format ' {{.Id}}' )
124- echo " Built container $digest "
125- if ! grep -q " $digest " <( echo " $loaded_images " ) ; then
126- echo " Uploading finished image $digest to $url "
127- set +e
128- # Print image history for easier debugging of layer SHAs
129- docker history rust-ci
130- docker history -q rust-ci | \
131- grep -v missing | \
132- xargs docker save | \
133- gzip | \
134- $upload
135- set -e
136- else
137- echo " Looks like docker image is the same as before, not uploading"
138- fi
139- # Record the container image for reuse, e.g. by rustup.rs builds
140- info=" $dist /image-$image .txt"
141- mkdir -p " $dist "
142- echo " $url " > " $info "
143- echo " $digest " >> " $info "
144- cat " $info "
89+ # On PR jobs, we don't have permissions to write to the registry cache, so we should
90+ # not use `docker login` nor caching.
91+ if [ " $PR_CI_JOB " -eq 1 ]
92+ then
93+ retry docker build --rm -t rust-ci -f " $dockerfile " " $context "
94+ else
95+ REGISTRY_USERNAME=rust-lang-ci
96+ IMAGE_TAG=ghcr.io/${REGISTRY_USERNAME} /rust-ci:${cksum}
97+
98+ echo ${DOCKER_TOKEN} | docker login ghcr.io --username ${REGISTRY_USERNAME} --password-stdin
99+
100+ # Enable a new Docker driver so that --cache-from/to works with a registry backend
101+ docker buildx create --use --driver docker-container
102+
103+ # Build the image using registry caching backend
104+ retry docker \
105+ buildx \
106+ build \
107+ --rm \
108+ -t rust-ci \
109+ -f " $dockerfile "
110+ --cache-from type=registry,ref=${IMAGE_TAG} \
111+ --cache-to type=registry,ref=${IMAGE_TAG} ,compression=zstd \
112+ --output=type=docker \
113+ " $context "
114+
115+ # Print images for debugging purposes
116+ docker images
117+
118+ # Tag the built image and push it to the registry
119+ docker tag rust-ci " ${IMAGE_TAG} "
120+ docker push " ${IMAGE_TAG} "
121+
122+ if [ " $CI " != " " ; then
123+ # Record the container registry tag/url for reuse, e.g. by rustup.rs builds
124+ info=" $dist /image-$image .txt"
125+ mkdir -p " $dist "
126+ echo " ${IMAGE_TAG} " > " $info "
127+ cat " $info "
128+ fi
145129 fi
130+ echo " ::endgroup::"
146131elif [ -f " $docker_dir /disabled/$image /Dockerfile" ; then
147132 if isCI; then
148133 echo Cannot run disabled images on CI!
0 commit comments