From 07fff004cbf4cdb43910daa5e9b93da293dbf690 Mon Sep 17 00:00:00 2001 From: Dom Delnano Date: Tue, 10 Sep 2024 08:40:12 -0700 Subject: [PATCH] Add fpm to dev container image to avoid podman in docker in GitHub actions (#2012) Summary: Add fpm to dev container image to avoid podman in docker in GitHub actions The production cli release build fails on these steps. The container running the job is unable to create new namespaces and runs into the following error: ``` + podman run -i --rm -v /tmp/tmp.oCPtyljlYd:/src/ -v /__w/pixie/pixie:/image docker.io/cdrx/fpm-fedora:24 fpm -f -p /image/pixie-px-0.8.3.x86_64.rpm -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin px time="2024-09-06T18:10:15Z" level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers" cannot clone: Operation not permitted Error: cannot re-exec process ``` Rather than fix the namespace creation problem, which has been difficult to debug, this installs the necessary tools within the container. This will allow us to avoid using podman to run `fpm`. This change also reverts the previous attempt at fixing this and removes genny from the container image. See [this comment](https://github.com/pixie-io/pixie/pull/2012#discussion_r1751309786) for more details on the genny removal. Relevant Issues: #1993 Type of change: /kind bugfix Test Plan: Verified that building the deb and rpm packages works from the ubuntu based dev container image and that installing the packages is successful in their respective distros ``` $ docker run --entrypoint bash -it docker.io/ddelnano/dev_image:202409082304 root@f65d4d86e9be:/src# fpm -f -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin -p pixie-px-0.8.3.x86_64.rpm px Created package {:path=>"pixie-px-0.8.3.x86_64.rpm"} root@f65d4d86e9be:/src# fpm -f -s dir -t deb -n pixie-px -v 0.8.3 --prefix /usr/local/bin -p pixie-px-0.8.3.deb px Created package {:path=>"pixie-px-0.8.3.deb"} # Install the rpm package and test px in a fedora container $ docker run --entrypoint bash -it -v $(pwd):/src/ -w /src fedora [root@90a53608bae0 src]# rpm -i pixie-px-0.8.3.x86_64.rpm [root@90a53608bae0 src]# px --version Pixie CLI ``` - Verified chef works against a Ubuntu noble VM - [ ] Ran `#ci:ignore-deps` and `#ci:bpf-build-all-kernels` build due to genny removal --------- Signed-off-by: Dom Del Nano --- .github/workflows/cli_release.yaml | 3 --- docker.properties | 8 +++--- tools/chef/base_image_version.txt | 2 +- tools/chef/cookbooks/px_dev/recipes/golang.rb | 1 - .../px_dev_extras/recipes/default.rb | 1 + .../px_dev_extras/recipes/packaging.rb | 27 +++++++++++++++++++ tools/chef/packer_docker_base.json | 2 +- tools/chef/packer_docker_dev.json | 2 +- tools/chef/packer_docker_dev_extras.json | 2 +- tools/chef/packer_docker_linters.json | 2 +- 10 files changed, 37 insertions(+), 13 deletions(-) create mode 100644 tools/chef/cookbooks/px_dev_extras/recipes/packaging.rb diff --git a/.github/workflows/cli_release.yaml b/.github/workflows/cli_release.yaml index d8d784a7b8d..aaa3bc935f6 100644 --- a/.github/workflows/cli_release.yaml +++ b/.github/workflows/cli_release.yaml @@ -19,9 +19,6 @@ jobs: needs: get-dev-image container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} - # --privileged is needed in order for podman to work. Otherwise it fails - # to create a new namespace when the clone syscall happens. - options: --privileged env: ARTIFACT_UPLOAD_LOG: "artifact_uploads.json" steps: diff --git a/docker.properties b/docker.properties index 1b22a2a63bb..3ff98ed65d8 100644 --- a/docker.properties +++ b/docker.properties @@ -1,4 +1,4 @@ -DOCKER_IMAGE_TAG=202405102250 -LINTER_IMAGE_DIGEST=e9987c1c23d0d9c8443b3973f7f3482e5737b10053ce56f58fa59e4cb4f32291 -DEV_IMAGE_DIGEST=7e38004cc30aa4f26b800ecad67c8e38fdffdfed8b3be0d3084e1706a60a4f21 -DEV_IMAGE_WITH_EXTRAS_DIGEST=c405c9b28a8ed91785ad1115df146b80f275e88f93e4c5a516ad4bb7d4508112 +DOCKER_IMAGE_TAG=202409092344 +LINTER_IMAGE_DIGEST=18436897f607dd6b1926c12de13be7e9ed668a17cff133e4da90aad0112a406f +DEV_IMAGE_DIGEST=83eba02bf4ced64161276dee88dcd6f02de5951bb3ce5346a1182c70498156aa +DEV_IMAGE_WITH_EXTRAS_DIGEST=27ff4d9111b77516fdf73715ba6ea23d02de3b790d88f6f70a48c5e1ec53570c diff --git a/tools/chef/base_image_version.txt b/tools/chef/base_image_version.txt index a4eccd1cd5d..25f55ac2588 100644 --- a/tools/chef/base_image_version.txt +++ b/tools/chef/base_image_version.txt @@ -1 +1 @@ -202405102217 +202409092308 diff --git a/tools/chef/cookbooks/px_dev/recipes/golang.rb b/tools/chef/cookbooks/px_dev/recipes/golang.rb index 1b60ab66b7e..0d2ea5d9a53 100644 --- a/tools/chef/cookbooks/px_dev/recipes/golang.rb +++ b/tools/chef/cookbooks/px_dev/recipes/golang.rb @@ -42,7 +42,6 @@ execute 'install go binaries' do ENV['GOPATH'] = "/opt/px_dev/gopath" command %(go install github.com/golang/mock/mockgen@v1.5.0 && \ - go install github.com/cheekybits/genny@v1.0.0 && \ go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1 && \ go install k8s.io/code-generator/cmd/client-gen@v0.20.6 && \ go install github.com/go-bindata/go-bindata/go-bindata@v3.1.2+incompatible && \ diff --git a/tools/chef/cookbooks/px_dev_extras/recipes/default.rb b/tools/chef/cookbooks/px_dev_extras/recipes/default.rb index a8eb063e922..d74de0e7f5f 100644 --- a/tools/chef/cookbooks/px_dev_extras/recipes/default.rb +++ b/tools/chef/cookbooks/px_dev_extras/recipes/default.rb @@ -20,6 +20,7 @@ include_recipe 'px_dev_extras::mac_os_x' include_recipe 'px_dev_extras::gperftools' +include_recipe 'px_dev_extras::packaging' pkg_list = [ 'cmake', diff --git a/tools/chef/cookbooks/px_dev_extras/recipes/packaging.rb b/tools/chef/cookbooks/px_dev_extras/recipes/packaging.rb new file mode 100644 index 00000000000..7d91779352a --- /dev/null +++ b/tools/chef/cookbooks/px_dev_extras/recipes/packaging.rb @@ -0,0 +1,27 @@ +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +# Packaging utilities only need to run on Linux +if node.platform_family?('debian') + apt_package ['ruby-dev', 'rpm'] do + action :upgrade + end + + execute 'install_fpm' do + command '/usr/bin/gem install fpm' + action :run + end +end diff --git a/tools/chef/packer_docker_base.json b/tools/chef/packer_docker_base.json index 77c56529d57..f7beac0c104 100644 --- a/tools/chef/packer_docker_base.json +++ b/tools/chef/packer_docker_base.json @@ -35,7 +35,7 @@ "recipe[px_dev::linux]" ], "type": "chef-solo", - "version": "18.4.12" + "version": "18.5.0" }, { "inline": [ diff --git a/tools/chef/packer_docker_dev.json b/tools/chef/packer_docker_dev.json index 01b9c7f1887..b9502634e60 100644 --- a/tools/chef/packer_docker_dev.json +++ b/tools/chef/packer_docker_dev.json @@ -44,7 +44,7 @@ "recipe[px_dev::cleanup]" ], "type": "chef-solo", - "version": "18.4.12" + "version": "18.5.0" }, { "inline": [ diff --git a/tools/chef/packer_docker_dev_extras.json b/tools/chef/packer_docker_dev_extras.json index 2a06f71dafc..168e9e3c07b 100644 --- a/tools/chef/packer_docker_dev_extras.json +++ b/tools/chef/packer_docker_dev_extras.json @@ -41,7 +41,7 @@ "recipe[px_dev_extras]" ], "type": "chef-solo", - "version": "18.4.12" + "version": "18.5.0" }, { "inline": [ diff --git a/tools/chef/packer_docker_linters.json b/tools/chef/packer_docker_linters.json index c7e3af4dfd2..33b18a70c29 100644 --- a/tools/chef/packer_docker_linters.json +++ b/tools/chef/packer_docker_linters.json @@ -45,7 +45,7 @@ "recipe[px_dev::cleanup]" ], "type": "chef-solo", - "version": "18.4.12" + "version": "18.5.0" }, { "inline": [