Skip to content

CI: Implement better caching #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Nino-K merged 2 commits into from
Nov 4, 2025
Merged

CI: Implement better caching #4

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a71b65
CI: Implement better caching
mook-as Nov 3, 2025
8c09d5a
Address review comments
mook-as Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 16 additions & 10 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,41 +5,47 @@ on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
runs-on: ${{ matrix.runs-on }}
strategy:
fail-fast: false
matrix:
Copy link
Member

@Nino-K Nino-K Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be clearer if we rewrote the matrix as follows?

      matrix:
        include:
          - type: tar.xz
            arch: amd64
            runs-on: ubuntu-latest
          - type: qcow2
            arch: amd64
            runs-on: ubuntu-latest
          - type: qcow2
            arch: arm64
            runs-on: ubuntu-24.04-arm

We can also remove the exclude.

Copy link
Contributor Author

@mook-as mook-as Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, that makes it less clear that the runs-on is directly tied to arch, but it avoids the need to understand the confusing include syntax.

type: [tar.xz, qcow2]
arch: [amd64, arm64]
include:
- arch: amd64
runs-on: ubuntu-latest
- arch: arm64
runs-on: ubuntu-24.04-arm
exclude:
- type: tar.xz
arch: arm64
env:
GO: /bin/false
Copy link
Member

@Nino-K Nino-K Nov 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that Set up go was removed which suggests that the build runs inside Docker/buildx and doesn't need Go on the runner. But I'm curious why to explicitly fail go invocation? is it still necessary? if so, maybe a comment would be helpful.

Copy link
Contributor Author

@mook-as mook-as Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's just there because the Makefile wants it to be set to something to auto-detect GOOS and GOARCH (which we also provide).

GOOS: linux
GOARCH: ${{ matrix.arch }}

steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

- name: Set up Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
# TODO: this should not be hardcoded
go-version: "1.24.2"

- name: Set up QEMU for arm64 builds
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
with:
driver-opts: network=host
buildkitd-flags: "--allow-insecure-entitlement security.insecure"
platforms: linux/${{ matrix.arch }}

- name: Set up Docker layer cache
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
path: ${{ runner.temp }}/cache
key: ${{ runner.arch }}-buildx-${{ matrix.type }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
${{ runner.arch }}-buildx-${{ matrix.type }}-
${{ runner.arch }}-buildx-

- name: Install wget
run: sudo apt-get update && sudo apt-get install -y wget
Expand Down
12 changes: 8 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@
FROM registry.opensuse.org/opensuse/bci/golang:stable AS gobuild
RUN git clone https://github.com/rancher-sandbox/rancher-desktop --depth=1 /app
WORKDIR /app
RUN go build -ldflags '-s -w' -o /go/bin/network-setup ./src/go/networking/cmd/network
RUN go build -ldflags '-s -w' -o /go/bin/vm-switch ./src/go/networking/cmd/vm
RUN go build -ldflags '-s -w' -o /go/bin/wsl-proxy ./src/go/networking/cmd/proxy
RUN go build -ldflags '-s -w' -o /go/bin/rancher-desktop-guest-agent ./src/go/guestagent
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
go build -ldflags '-s -w' -o /go/bin/network-setup ./src/go/networking/cmd/network
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
go build -ldflags '-s -w' -o /go/bin/vm-switch ./src/go/networking/cmd/vm
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
go build -ldflags '-s -w' -o /go/bin/wsl-proxy ./src/go/networking/cmd/proxy
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
go build -ldflags '-s -w' -o /go/bin/rancher-desktop-guest-agent ./src/go/guestagent

FROM registry.opensuse.org/opensuse/bci/kiwi:10 AS builder
ARG type=qcow2
Expand Down
7 changes: 7 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,19 @@ IMAGE_FILES := \
root/build/versions.env \
$(filter-out .gitignore Makefile README.md root/build/% distro.%, $(shell find * -type f))

# To avoid $(if ...) from spliting on the commas in the command line, we need to
# provide this using a variable to add a layer of indirection.
BUILDX_CACHE_ARGS := \
--cache-from=type=local,src=${RUNNER_TEMP}/cache \
--cache-to=type=local,dest=${RUNNER_TEMP}/cache,compression=zstd,mode=max

distro.%: $(DOWNLOADS) $(IMAGE_FILES)
if ! docker buildx inspect insecure-builder &>/dev/null; then \
docker buildx create --name insecure-builder \
--buildkitd-flags '--allow-insecure-entitlement security.insecure'; \
fi
docker buildx build --builder insecure-builder --allow security.insecure \
$(if $(RUNNER_TEMP),$(BUILDX_CACHE_ARGS)) \
--platform=linux/$(GOARCH) --output=. --build-arg=type=$* .

clean:
Expand Down