shahmishal
commented
2 weeks ago cc: @compnerd
Closed plemarquand closed 1 week ago
shahmishal
commented
2 weeks ago cc: @compnerd
compnerd
commented
2 weeks ago I do like the idea that we are pinned for the docker image creation. However, this also means that we need someone to continually update the compiler. Right now, the docker image creation process would inform us that the toolchain has been updated, after this change, we would need to have some sort of process to ensure that we do get periodic updates for the toolchain.
plemarquand
commented
2 weeks ago Is it important that we stay on the latest build tools? I had assumed we'd only really need to update once we need a new version of a build dependency.
One big issue with the way things stand right now is that no one can build on top of these images to make their own. At any given time someone doing a docker build with a FROM swift-docker:whatever-windows-image may or may not have a working base image to use, and its out of their control until we fix the SHA.
compnerd
commented
2 weeks ago For the CI images, I think that it is quite important that we stay on the latest build tools. The build tools includes the C/C++ runtime headers and we need/want those to be up-to-date.
For user images, I think that updating at the time of release is not too terrible (I wouldn't call it ideal, but that is something that we could be a bit flexible on).
compnerd
commented
2 weeks ago Also, perhaps this is a good time to update the images to 17.12.0 😆.
plemarquand
commented
2 weeks ago You're certainly right, I've updated to the latest version 17.12.0.
compnerd
commented
2 weeks ago For the fixed version docker images, I think that the pinned version makes sense. For the nightly and swift-ci images, I'm less convinced.
plemarquand
commented
2 weeks ago Is the guidance to just update the SHA for the nightly and swift-ci images? How will we know the SHA needs to be updated when the build tools change?
compnerd
commented
2 weeks ago Well, the nightly image creation should hopefully be running nightly and tell us that the build has failed. Likewise, for the swift-ci images, we should be updating that semi-regularly and should be able to tell when the deployment fails.
plemarquand
commented
2 weeks ago @compnerd I've reverted the nightly and ci images to use the evergreen link, updating the SHA to match the latest version of the file.
I'm still a little confused as to how/why this SHA is out of date if things are supposed to be failing in nightly builds whenever they update the build tools.
plemarquand
commented
1 week ago @shahmishal Is this ready to merge?
compnerd
commented
1 week ago Yeap, this is ready to go!
The current link to the VS build tools points to an evergreen bootstrapper. This means that when a new v17 buildtools.exe is available the link is updated with the new version.
Since we're verifying that the downloaded buildtools.exe file hash matches a known value the windows Docker setup breaks each time a new buildtools is released.
Instead, use a fixed version permalink that will not change. The specific version used is version
17.12.0, build17.12.35506.116.See: https://learn.microsoft.com/en-gb/visualstudio/releases/2022/release-history#fixed-version-bootstrappers