diff --git a/BUILD.bazel b/BUILD.bazel index 16fdf970b..2f835602f 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -1,6 +1,6 @@ load("@gazelle//:def.bzl", "gazelle") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_load", "oci_push") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_load") load("@rules_pkg//:pkg.bzl", "pkg_tar") gazelle( @@ -139,9 +139,9 @@ oci_image( ) oci_load( - name = "bazel-remote-image-tarball", + name = "bazel-remote-image-amd64-tarball", image = ":bazel-remote-image", - repo_tags = ["buchgr/bazel-remote-cache:tmp-amd64"], + repo_tags = ["bazel-remote-cache:tmp-amd64"], ) pkg_tar( @@ -174,30 +174,5 @@ oci_image( oci_load( name = "bazel-remote-image-arm64-tarball", image = ":bazel-remote-image-arm64", - repo_tags = ["buchgr/bazel-remote-cache:tmp-arm64"], -) - -# The following container_push targets push to "tmp-amd64" and "tmp-arm64" -# tags, so they can be combined into a multiarch tag on dockerhub. This -# isn't currently possible with rules_docker, so instead we rely on some -# external commands to be run after the tmp-* tags are pushed. See the -# docker/push_to_dockerhub script. -# -# Background: -# https://github.com/bazelbuild/rules_docker/issues/1599 - -oci_push( - name = "push_to_dockerhub_amd64", - image = ":bazel-remote-image", - remote_tags = ["tmp-amd64"], - repository = "buchgr/bazel-remote-cache", - visibility = ["//visibility:public"], -) - -oci_push( - name = "push_to_dockerhub_arm64", - image = ":bazel-remote-image-arm64", - remote_tags = ["tmp-arm64"], - repository = "buchgr/bazel-remote-cache", - visibility = ["//visibility:public"], + repo_tags = ["bazel-remote-cache:tmp-arm64"], ) diff --git a/README.md b/README.md index c168a8b94..f1d74f9c2 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ commodity hardware and AWS servers. Outgoing bandwidth can exceed 15 Gbit/s on t ## HTTP/1.1 REST API Cache entries are set and retrieved by key, and there are two types of keys that can be used: + 1. Content addressed storage (CAS), where the key is the lowercase SHA256 hash of the entry. The REST API for these entries is: `/cas/` or with an optional but ignored instance name: `//cas/`. @@ -60,6 +61,7 @@ for GET requests and `Content-type: application/json` for PUT requests. **/status** Returns the cache status/info. + ``` $ curl http://localhost:8080/status { @@ -78,6 +80,7 @@ $ curl http://localhost:8080/status The empty CAS blob is always available, even if the cache is empty. This can be used to test that a bazel-remote instance is running and accepting requests. + ``` $ curl --head --fail http://localhost:8080/cas/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1 200 OK @@ -487,7 +490,6 @@ max_size: 100 # use unix:///path/to/socket.sock, where /path/to/socket.sock can be # either an absolute or relative path to a socket path. http_address: 0.0.0.0:8080 - # The server listener address for gRPC (unix sockets are also supported # as described above): #grpc_address: 0.0.0.0:9092 @@ -633,7 +635,7 @@ http_address: 0.0.0.0:8080 # auth_method: environment_credential # # auth_method: default - + # If set to a valid port number, then serve /debug/pprof/* URLs here: #profile_port: 7070 # IP address to use, if profiling is enabled: @@ -689,16 +691,16 @@ See [examples/docker-compose.yml](examples/docker-compose.yml) for an example co ### Kubernetes notes -* See [examples/kubernetes.yml](examples/kubernetes.yml) for an example +- See [examples/kubernetes.yml](examples/kubernetes.yml) for an example configuration. -* Don't name your deployment `bazel-remote`! - +- Don't name your deployment `bazel-remote`! + Kubernetes sets some environment variables based on this name, which conflict with the `BAZEL_REMOTE_*` environment variables that bazel-remote tries to parse. -* bazel-remote supports the `/grpc.health.v1.Health/Check` service, which you can +- bazel-remote supports the `/grpc.health.v1.Health/Check` service, which you can configure like so: ``` alb.ingress.kubernetes.io/backend-protocol: HTTP @@ -715,9 +717,9 @@ See [examples/docker-compose.yml](examples/docker-compose.yml) for an example co The command below will build a docker image from source and install it into your local docker registry. ```bash -$ bazel run :bazel-remote-image-tarball +$ bazel run :bazel-remote-image-amd64-tarball # Ensure /your/path/to/data exists and is writable (e.g. by UID 65532) -$ docker run -v /your/path/to/data:/data buchgr/bazel-remote-cache:tmp-amd64 --max_size 5 --dir /data +$ docker run -v /your/path/to/data:/data bazel-remote-cache:tmp-amd64 --max_size 5 --dir /data ``` ### ARM64 docker image @@ -729,7 +731,7 @@ To build a docker image for ARM64: ```bash $ bazel run :bazel-remote-image-arm64-tarball # Ensure /your/path/to/data exists and is writable (e.g. by UID 65532) -$ docker run -v /your/path/to/data:/data buchgr/bazel-remote-cache:tmp-arm64 --max_size 5 --dir /data +$ docker run -v /your/path/to/data:/data bazel-remote-cache:tmp-arm64 --max_size 5 --dir /data ``` ## Build a standalone Linux binary @@ -852,6 +854,7 @@ To avoid leaking your password in log files, you can place this flag in a To use mutual TLS with bazel, use a `grpcs` URL for the `--remote_cache` argument, and add the following flags: + ```bash --tls_certificate=path/to/ca.cert --tls_client_certificate=path/to/client/cert.cert diff --git a/docker/push_to_dockerhub b/docker/push_to_dockerhub index 243adfc3c..9f8271c8e 100755 --- a/docker/push_to_dockerhub +++ b/docker/push_to_dockerhub @@ -1,59 +1,49 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail -script_dir=$(dirname "${BASH_SOURCE[0]}") -cd "${script_dir}/.." - -tag=latest -if [ $# = 1 ] -then - case "$1" in - v*) - if [ "$(git rev-list -1 $1)" = "$(git rev-list -1 HEAD)" ] - then - tag="$1" - else - echo "Error: can only push \"latest\" or tagged commits" - exit 1 - fi - ;; - *) - echo "Error: can only push \"latest\" or tagged commits" - exit 1 - ;; - esac -fi +# Defaults +REGISTRY="${REGISTRY:-docker.io}" +IMAGE_NAME="${IMAGE_NAME:-buchgr/bazel-remote-cache}" +TAG="${TAG:-latest}" -# push test-amd64 and test-arm64 images. -if [ "$(uname -p)" = aarch64 ] -then - bazel run //:push_to_dockerhub_arm64 +FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}" - # Check that the image works, at least well enough to print help, and with cgo support. - docker pull docker.io/buchgr/bazel-remote-cache:tmp-arm64 - docker run docker.io/buchgr/bazel-remote-cache:tmp-arm64 -h - docker run docker.io/buchgr/bazel-remote-cache:tmp-arm64 -h | grep zstd_implementation | grep '"cgo"' +script_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd) +cd "$script_dir/.." - exit 0 +# Detect arch. +img_arch=amd64 +if [[ "$(uname -m)" == "arm64" || "$(uname -m)" == "aarch64" ]]; then + img_arch=arm64 fi -bazel run //:push_to_dockerhub_amd64 -# Check that the image works, at least well enough to print help, and with cgo support. -docker pull docker.io/buchgr/bazel-remote-cache:tmp-amd64 -docker run docker.io/buchgr/bazel-remote-cache:tmp-amd64 -h -docker run docker.io/buchgr/bazel-remote-cache:tmp-amd64 -h | grep zstd_implementation | grep '"cgo"' +echo "Building and pushing $img_arch image..." + +# Build and load. +bazel run //:bazel-remote-image-${img_arch}-tarball + +# Tag and push. +docker tag bazel-remote-cache:tmp-${img_arch} "$FULL_IMAGE:tmp-${img_arch}" +docker push "$FULL_IMAGE:tmp-${img_arch}" -# Create the multiarch manifest. -docker manifest rm buchgr/bazel-remote-cache:$tag || true -docker manifest create buchgr/bazel-remote-cache:$tag \ - --amend buchgr/bazel-remote-cache:tmp-amd64 \ - --amend buchgr/bazel-remote-cache:tmp-arm64 +# Collect existing arch images. +manifest_args=() + +for arch in amd64 arm64; do + if docker manifest inspect "$FULL_IMAGE:tmp-${arch}" >/dev/null 2>&1; then + manifest_args+=( "$FULL_IMAGE:tmp-${arch}" ) + fi +done + +if [[ ${#manifest_args[@]} -eq 0 ]]; then + echo "ERROR: no images found to create manifest" + exit 1 +fi -# Push the multiarch manifest -docker manifest push buchgr/bazel-remote-cache:$tag +# Recreate manifest atomically +docker manifest rm "$FULL_IMAGE:$TAG" >/dev/null 2>&1 || true -# Mirror to quay.io (using https://github.com/regclient/regclient): -regctl image copy docker.io/buchgr/bazel-remote-cache:$tag \ - quay.io/bazel-remote/bazel-remote:$tag +docker manifest create "$FULL_IMAGE:$TAG" "${manifest_args[@]}" +docker manifest push "$FULL_IMAGE:$TAG" -echo "Go ahead and delete the tmp-amd64 and tmp-arm64 images from the web ui" +echo "Updated multi-arch manifest: $FULL_IMAGE:$TAG" \ No newline at end of file