1#!/bin/bash 2# Copyright 2016 gRPC authors. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16# Builds selected testing docker images and pushes them to artifact registry. 17# NOTE: These images are not intended to be used by gRPC end users, 18# they simply provide an easily reproducible environment for running gRPC 19# tests. 20 21set -e 22 23cd $(dirname $0)/../.. 24git_root=$(pwd) 25cd - 26 27# Recognized env variables that can be used as params. 28# LOCAL_ONLY_MODE: if set (e.g. LOCAL_ONLY_MODE=true), script will only operate locally and it won't query artifact registry and won't upload to it. 29# CHECK_MODE: if set, the script will check that all the .current_version files are up-to-date (used by sanity tests). 30# SKIP_UPLOAD: if set, script won't push docker images it built to artifact registry. 31# TRANSFER_FROM_DOCKERHUB: if set, will attempt to grab docker images missing in artifact registry from dockerhub instead of building them from scratch locally. 32 33# How to configure docker before running this script for the first time: 34# Configure docker: 35# $ gcloud auth configure-docker us-docker.pkg.dev 36# Login with gcloud: 37# $ gcloud auth login 38 39# Various check that the environment is setup correctly. 40# The enviroment checks are skipped when running as a sanity check on CI. 41if [ "${CHECK_MODE}" == "" ] 42then 43 # Check that docker is installed and sudoless docker works. 44 docker run --rm -it debian:11 bash -c 'echo "sudoless docker run works!"' || \ 45 (echo "Error: docker not installed or sudoless docker doesn't work?" && exit 1) 46 47 # Some of the images we build are for arm64 architecture and the easiest 48 # way of allowing them to build locally on x64 machine is to use 49 # qemu binfmt-misc hook that automatically runs arm64 binaries under 50 # an emulator. 51 # Perform a check that "qemu-user-static" with binfmt-misc hook 52 # is installed, to give an early warning (otherwise building arm64 images won't work) 53 docker run --rm -it arm64v8/debian:11 bash -c 'echo "able to run arm64 docker images with an emulator!"' || \ 54 (echo "Error: can't run arm64 images under an emulator. Have you run 'sudo apt-get install qemu-user-static'?" && exit 1) 55fi 56 57ARTIFACT_REGISTRY_PREFIX=us-docker.pkg.dev/grpc-testing/testing-images-public 58 59# all dockerfile definitions we use for testing and for which we push an image to the registry 60ALL_DOCKERFILE_DIRS=( 61 tools/dockerfile/test/* 62 tools/dockerfile/grpc_artifact_* 63 tools/dockerfile/interoptest/* 64 tools/dockerfile/distribtest/* 65 third_party/rake-compiler-dock/* 66) 67 68CHECK_FAILED="" 69 70for DOCKERFILE_DIR in "${ALL_DOCKERFILE_DIRS[@]}" 71do 72 # Generate image name based on Dockerfile checksum. That works well as long 73 # as can count on dockerfiles being written in a way that changing the logical 74 # contents of the docker image always changes the SHA (e.g. using "ADD file" 75 # cmd in the dockerfile in not ok as contents of the added file will not be 76 # reflected in the SHA). 77 DOCKER_IMAGE_NAME=$(basename $DOCKERFILE_DIR) 78 79 if [ ! -e "$DOCKERFILE_DIR/Dockerfile" ]; then 80 continue 81 else 82 DOCKER_IMAGE_TAG=$(sha1sum $DOCKERFILE_DIR/Dockerfile | cut -f1 -d\ ) 83 fi 84 85 echo "Visiting ${DOCKERFILE_DIR}" 86 87 if [ "${LOCAL_ONLY_MODE}" == "" ] 88 then 89 DOCKER_IMAGE_DIGEST_REMOTE=$(gcloud artifacts docker images describe "${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}" --format=json | jq -r '.image_summary.digest') 90 91 if [ "${DOCKER_IMAGE_DIGEST_REMOTE}" != "" ] 92 then 93 # skip building the image if it already exists in the destination registry 94 echo "Docker image ${DOCKER_IMAGE_NAME} already exists in artifact registry at the right version (tag ${DOCKER_IMAGE_TAG})." 95 96 VERSION_FILE_OUT_OF_DATE="" 97 grep "^${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}@${DOCKER_IMAGE_DIGEST_REMOTE}$" ${DOCKERFILE_DIR}.current_version >/dev/null || VERSION_FILE_OUT_OF_DATE="true" 98 99 if [ "${VERSION_FILE_OUT_OF_DATE}" == "" ] 100 then 101 echo "Version file for ${DOCKER_IMAGE_NAME} is in sync with info from artifact registry." 102 continue 103 fi 104 105 if [ "${CHECK_MODE}" != "" ] 106 then 107 echo "CHECK FAILED: Version file ${DOCKERFILE_DIR}.current_version is not in sync with info from artifact registry." 108 CHECK_FAILED=true 109 continue 110 fi 111 112 # update info on what we consider to be the current version of the docker image (which will be used to run tests) 113 # we consider the sha256 image digest info from the artifact registry to be the canonical one 114 echo -n "${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}@${DOCKER_IMAGE_DIGEST_REMOTE}" >${DOCKERFILE_DIR}.current_version 115 116 continue 117 fi 118 119 if [ "${CHECK_MODE}" != "" ] 120 then 121 echo "CHECK FAILED: Docker image ${DOCKER_IMAGE_NAME} not found in artifact registry." 122 CHECK_FAILED=true 123 continue 124 fi 125 126 else 127 echo "Skipped querying artifact registry (running in local-only mode)." 128 fi 129 130 # if the .current_version file doesn't exist or it doesn't contain the right SHA checksum, 131 # it is out of date and we will need to rebuild the docker image locally. 132 LOCAL_BUILD_REQUIRED="" 133 grep "^${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}@sha256:.*" ${DOCKERFILE_DIR}.current_version >/dev/null || LOCAL_BUILD_REQUIRED=true 134 135 if [ "${LOCAL_BUILD_REQUIRED}" == "" ] 136 then 137 echo "Dockerfile for ${DOCKER_IMAGE_NAME} hasn't changed. Will skip 'docker build'." 138 continue 139 fi 140 141 if [ "${CHECK_MODE}" != "" ] 142 then 143 echo "CHECK FAILED: Dockerfile for ${DOCKER_IMAGE_NAME} has changed, but the ${DOCKERFILE_DIR}.current_version is not up to date." 144 CHECK_FAILED=true 145 continue 146 fi 147 148 if [ "${TRANSFER_FROM_DOCKERHUB}" == "" ] 149 then 150 echo "Running 'docker build' for ${DOCKER_IMAGE_NAME}" 151 echo "==========" 152 docker build -t ${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} ${DOCKERFILE_DIR} 153 echo "==========" 154 else 155 # TRANSFER_FROM_DOCKERHUB is a temporary feature that pulls the corresponding image from dockerhub instead 156 # of building it from scratch locally. This should simplify the dockerhub -> artifact registry migration. 157 # TODO(jtattermusch): remove this feature in Q1 2023. 158 DOCKERHUB_ORGANIZATION=grpctesting 159 # pull image from dockerhub 160 docker pull ${DOCKERHUB_ORGANIZATION}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} 161 # add the artifact registry tag 162 docker tag ${DOCKERHUB_ORGANIZATION}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} ${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} 163 fi 164 165 DOCKER_IMAGE_DIGEST_LOCAL=$(docker image inspect "${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}" | jq -e -r '.[0].Id') 166 167 # update info on what we consider to be the current version of the docker image (which will be used to run tests) 168 echo -n "${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}@${DOCKER_IMAGE_DIGEST_LOCAL}" >${DOCKERFILE_DIR}.current_version 169 170 if [ "${SKIP_UPLOAD}" == "" ] && [ "${LOCAL_ONLY_MODE}" == "" ] 171 then 172 docker push ${ARTIFACT_REGISTRY_PREFIX}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} 173 fi 174done 175 176if [ "${CHECK_MODE}" != "" ] 177then 178 # TODO(jtattermusch): check there are no extra current_version files (for which there isn't a corresponding Dockerfile) 179 true 180fi 181 182if [ "${CHECK_FAILED}" != "" ] 183then 184 echo "ERROR: Some checks have failed." 185 exit 1 186fi 187 188echo "All done." 189