search

genuinetools / img

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.
https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
MIT License
3.89k stars 230 forks source link

Add --import-cache and --export-cache from buildkit #263

Open yangm97 opened 4 years ago

yangm97 commented 4 years ago

https://github.com/moby/buildkit/blob/master/README.md#exportingimporting-build-cache-not-image-itself

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label enhancement to this issue, with a confidence of 0.93. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

yangm97 commented 4 years ago

Kaniko-style caching could be used too, I guess: https://github.com/GoogleContainerTools/kaniko#caching

swrap commented 4 years ago

Mimicked buildkit's import/export in the PR #300, please test it out and let me know if you run into any problems.

yangm97 commented 3 years ago

It seems to have worked... or at least it didn't explode! However there's one warning in the logs:

time="2020-10-02T00:22:22Z" level=warning msg="reference for unknown type: application/vnd.buildkit.cacheconfig.v0"

Also, when the cache tag gets created for the first time, some out of place message about "importing cache" is displayed after the cache has been pushed:

#18 exporting cache
#18 preparing build cache for export
#18 preparing build cache for export 22.5s done
#18 writing layer sha256:151221ecd5dceade966928cdd680563310db98a56d2f202b45663c1beb56e569
#18 writing layer sha256:151221ecd5dceade966928cdd680563310db98a56d2f202b45663c1beb56e569 1.3s done
...
#18 writing layer sha256:bea34a0162305aa21a36bd633a7de9820e08eb30ed5866270349675276719f70 0.2s done
#18 writing layer sha256:dce6599d541b54a164286af88d40ca6d50b5c0905e6e464169e9a26750c825d4
time="2020-10-02T00:17:04Z" level=warning msg="reference for unknown type: application/vnd.buildkit.cacheconfig.v0"
#18 writing layer sha256:dce6599d541b54a164286af88d40ca6d50b5c0905e6e464169e9a26750c825d4 0.1s done
#18 writing config sha256:5ccbdf017be0f0297669f803d4037df7012b34e21fa545a9cd65b07542efbdec
#18 writing config sha256:5ccbdf017be0f0297669f803d4037df7012b34e21fa545a9cd65b07542efbdec 0.4s done
#18 writing manifest sha256:3e0b0e01d58ee30c775c3c0d879db56d936027dcef7cbd3ca8933d9c4a84784c
#18 writing manifest sha256:3e0b0e01d58ee30c775c3c0d879db56d936027dcef7cbd3ca8933d9c4a84784c 0.4s done
#18 DONE 26.5s
------
 > importing cache manifest from registry.bla.com/api:cache:
------
Successfully built registry.bla.com/api:dev

img was invoked like this:

    docker run \
        --rm \
        -v $(pwd):/src \
        -v ${HOME}/.img:/home/user/.docker \
        --security-opt seccomp=unconfined \
        --security-opt apparmor=unconfined \
        r.j3ss.co/img build \
            --platform="linux/arm/v7" \
            --cache-from type=registry,ref="${IMAGE}/${service}:master" \
            --cache-from type=registry,ref="${IMAGE}/${service}:${TAG}" \
            --cache-from type=registry,ref="${IMAGE}/${service}:cache" \
            --cache-to type=registry,mode=max,ref="${IMAGE}/${service}:cache" \
            --output type=image,name="${IMAGE}/${service}:${TAG}",push=true \
            "/src/services/${service}"