From 9edfe8903e0675ae51124d58e83d03bde316ad10 Mon Sep 17 00:00:00 2001 From: Avimitin Date: Mon, 27 May 2024 13:25:37 +0800 Subject: [PATCH 1/2] [nix] replace streamLayeredImage to buildImage Proot have too many bugs to be fixed, it is better to use qemu to build the docker image. Signed-off-by: Avimitin --- README.md | 8 +++- nix/t1/release/default.nix | 12 ++++-- .../{docker-layers.nix => docker-image.nix} | 39 +++++++++---------- 3 files changed, 33 insertions(+), 26 deletions(-) rename nix/t1/release/{docker-layers.nix => docker-image.nix} (59%) diff --git a/README.md b/README.md index a5c7f7481..6961be02d 100644 --- a/README.md +++ b/README.md @@ -73,11 +73,15 @@ docker pull ghcr.io/chipsalliance/t1-blastoise:latest ``` Or build the image using nix and load it into docker + ```bash -nix build -L ".#t1.$config.release.docker-layers.final-image" -docker load -i ./result/image.tar +nix build -L ".#t1.$config.release.docker-image" --out-link docker-image.tar.gz +docker load -i ./docker-image.tar.gz ``` +> Using nix to build docker-image required KVM feature, so this derivation might not be available +> for some platform that has no QEMU/KVM support. + ### Nix setup We use Nix Flake as our primary build system. If you have not installed nix, install it following the [guide](https://nixos.org/manual/nix/stable/installation/installing-binary.html), and enable flake following the [wiki](https://nixos.wiki/wiki/Flakes#Enable_flakes). Or you can try the [installer](https://github.com/DeterminateSystems/nix-installer) provided by Determinate Systems, which enables flake by default. diff --git a/nix/t1/release/default.nix b/nix/t1/release/default.nix index b1e20d8df..7f376a77b 100644 --- a/nix/t1/release/default.nix +++ b/nix/t1/release/default.nix @@ -19,17 +19,23 @@ let extension = lib.head elaborateConfig.parameter.extensions; isFp = lib.hasInfix "f" extension; + + # dontFixup is set to true by default for debugging. However it will bring LLVM runtime and clang into the final images. + # For docker release, test ELF is for demo usage only, so I don't want those implicit huge dependencies get into the container. + stripCase = case: case.overrideAttrs { + dontFixup = false; + }; in lib.makeScope newScope (scope: rec { inherit elaborateConfigJson configName; - testCases = with cases; [ + testCases = map stripCase (with cases; [ intrinsic.matmul ] ++ lib.optionals isFp [ intrinsic.softmax intrinsic.linear_normalization - ]; + ]); emulator-wrapped = runCommand "ip-emulator" { @@ -50,7 +56,7 @@ lib.makeScope newScope (scope: rec { --add-flags "--emulator-path ${ip.emu-trace}/bin/emulator" ''; - docker-layers = scope.callPackage ./docker-layers.nix { }; + docker-image = scope.callPackage ./docker-image.nix { }; doc = stdenvNoCC.mkDerivation { name = "${configName}-typst-release-doc"; diff --git a/nix/t1/release/docker-layers.nix b/nix/t1/release/docker-image.nix similarity index 59% rename from nix/t1/release/docker-layers.nix rename to nix/t1/release/docker-image.nix index e8c164f90..32dcde754 100644 --- a/nix/t1/release/docker-layers.nix +++ b/nix/t1/release/docker-image.nix @@ -1,7 +1,9 @@ { lib # build deps , dockerTools +, buildEnv , runCommand +, runtimeShell # Runtime deps , bashInteractive @@ -17,24 +19,27 @@ }: let - # Don't use buildImage which relies on KVM feature - self = dockerTools.streamLayeredImage { + # dockerTools.buildImage relies on KVM feature, don't run it inside VMs + self = dockerTools.buildImage rec { name = "chipsalliance/t1-${configName}"; tag = "latest"; - contents = with dockerTools; [ - usrBinEnv - binSh + copyToRoot = buildEnv { + name = "${name}.imageroot"; + paths = with dockerTools; [ + usrBinEnv + binSh - bashInteractive - which + bashInteractive + which - emulator-wrapped - ] - ++ rv32-stdenv.initialPath; + emulator-wrapped + ] ++ rv32-stdenv.initialPath; + pathsToLink = [ "/bin" ]; + }; - enableFakechroot = true; - fakeRootCommands = '' + runAsRoot = '' + #!${runtimeShell} echo "Start finalizing rootfs" echo "Creating testcase directory" @@ -46,21 +51,13 @@ let done chmod u+w -R /workspace/cases - mkdir /tmp + mkdir -p /tmp ''; config = { # Cmd = [ ]; WorkingDir = "/workspace"; }; - - passthru = { - final-image = runCommand "convert-layer-to-final-image" { } '' - mkdir $out - - ${bashInteractive}/bin/bash ${self} > $out/image.tar - ''; - }; }; in self From 08b983e5cb1a303c5755514e2a8910398f9995cb Mon Sep 17 00:00:00 2001 From: Avimitin Date: Mon, 27 May 2024 13:59:50 +0800 Subject: [PATCH 2/2] [ci] use new attribute to build image Signed-off-by: Avimitin --- .github/workflows/release.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 662b99229..4286166ba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,15 +27,16 @@ jobs: - name: Build docker image file id: build run: | - closure="$(nix build -L '.#t1.${{ matrix.config }}.release.docker-layers.final-image' --no-link --print-out-paths)" + closure="$(nix build -L '.#t1.${{ matrix.config }}.release.docker-image' --no-link --print-out-paths)" echo "path: $closure" - cp "$closure/image.tar" /tmp/t1-${{ matrix.config }}-image.tar - echo "cache-key-${{ matrix.config }}=$(nix hash file --base32 $closure/image.tar)" > $GITHUB_OUTPUT + _dest=/tmp/t1-${{ matrix.config }}-image.tar.gz + cp "$closure" "$_dest" + echo "cache-key-${{ matrix.config }}=$(nix hash file --base32 "$_dest")" > $GITHUB_OUTPUT nix build -L '.#t1.${{ matrix.config }}.release.doc' --out-link docs - name: Upload to cache uses: actions/cache/save@v4 with: - path: /tmp/t1-${{ matrix.config }}-image.tar + path: /tmp/t1-${{ matrix.config }}-image.tar.gz key: ${{ steps.build.outputs[format('cache-key-{0}', matrix.config)] }} - uses: actions/upload-artifact@v4 with: @@ -57,7 +58,7 @@ jobs: uses: actions/cache/restore@v4 id: cache with: - path: /tmp/t1-${{ matrix.config }}-image.tar + path: /tmp/t1-${{ matrix.config }}-image.tar.gz fail-on-cache-miss: true key: ${{ needs.build.outputs[format('cache-key-{0}', matrix.config)] }} - name: Login to GHCR dot IO @@ -68,6 +69,6 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Load and push run: | - docker load < /tmp/t1-${{ matrix.config }}-image.tar + docker load < /tmp/t1-${{ matrix.config }}-image.tar.gz docker tag chipsalliance/t1-${{ matrix.config }}:latest ghcr.io/chipsalliance/t1-${{ matrix.config }}:latest docker push ghcr.io/chipsalliance/t1-${{ matrix.config }}:latest