Migrate our docker workflow to AZP. (#836)

Temporarily forking the `docker_push.sh` and `benchmark_push.sh` scripts to AZP specific versions as a simplification. The CircleCI versions will be cleared when we turn down the CircleCI pipeline. Adding new step `do_docker_azp` to `ci/do_ci.sh` to execute the forked scripts. Modified `ci/run_envoy_docker.sh` to forward variables required by the docker scripts. Since we regularly copy this script from Envoy, the custom lines are marked as `# unique` and the maintenance steps in `MAINTAINERS.md` are updated to indicate the presence of these unique lines. Works on #820. Signed-off-by: Jakub Sobon <[email protected]>
envoyproxy · Apr 19, 2022 · de0d937 · de0d937
1 parent c3daeef
commit de0d937
Show file tree

Hide file tree

Showing 7 changed files with 82 additions and 1 deletion.
diff --git a/.azure-pipelines/bazel.yml b/.azure-pipelines/bazel.yml
@@ -15,6 +15,10 @@ steps:
   displayName: "Run the CI script"
   env:
     BAZEL_REMOTE_CACHE: $(LocalBuildCache)
+    AZP_BRANCH: $(Build.SourceBranch)
+    AZP_SHA1: $(Build.SourceVersion)
+    DOCKERHUB_USERNAME: $(DockerUsername)
+    DOCKERHUB_PASSWORD: $(DockerPassword)
 
 - bash: |
     echo "disk space at end of build:"

diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml
@@ -115,3 +115,24 @@ stages:
     - template: bazel.yml
       parameters:
         ciTarget: $(CI_TARGET)
+
+- stage: release
+  dependsOn:
+  - "clang_tidy"
+  - "test_gcc"
+  - "sanitizers"
+  - "coverage"
+  condition: eq(variables['PostSubmit'], true)
+  pool: "x64-large"
+  jobs:
+  - job: release
+    displayName: "do_ci.sh"
+    strategy:
+      matrix:
+        release:
+          CI_TARGET: "docker_azp"
+    timeoutInMinutes: 120
+    steps:
+    - template: bazel.yml
+      parameters:
+        ciTarget: $(CI_TARGET)
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -69,6 +69,8 @@ important maintenance task. When performing the update, follow this procedure:
    to ensure we are using the same build system version.
 1. Sync (copy) [ci/run_envoy_docker.sh](ci/run_envoy_docker.sh) from
    [Envoy's version](https://github.com/envoyproxy/envoy/blob/main/ci/run_envoy_docker.sh).
+   Be sure to retain our local modifications, all lines that are unique to
+   Nighthawk are marked with comment `# unique`.
 1. Sync (copy) [tools/gen_compilation_database.py](tools/gen_compilation_database.py) from
    [Envoy's version](https://github.com/envoyproxy/envoy/blob/main/tools/gen_compilation_database.py) to
    update our build configurations. Be sure to retain our local modifications,

diff --git a/ci/do_ci.sh b/ci/do_ci.sh
@@ -195,6 +195,22 @@ function do_docker() {
     ./ci/docker/benchmark_push.sh
 }
 
+function do_docker_azp() {
+    echo "docker in AZP..."
+    cd "${SRCDIR}"
+    # Note that we implicitly test the opt build in CI here.
+    echo "do_docker_azp: Running do_opt_build."
+    do_opt_build
+    echo "do_docker_azp: Running ci/docker/docker_build.sh."
+    ./ci/docker/docker_build.sh
+    echo "do_docker_azp: Running ci/docker/docker_azp_push.sh."
+    ./ci/docker/docker_azp_push.sh
+    echo "do_docker_azp: Running ci/docker/benchmark_build.sh."
+    ./ci/docker/benchmark_build.sh
+    echo "do_docker_azp: Running ci/docker/benchmark_azp_push.sh."
+    ./ci/docker/benchmark_azp_push.sh
+}
+
 function do_fix_format() {
     echo "fix_format..."
     cd "${SRCDIR}"
@@ -299,6 +315,11 @@ case "$1" in
         do_docker
         exit 0
     ;;
+    docker_azp)
+        setup_clang_toolchain
+        do_docker_azp
+        exit 0
+    ;;
     check_format)
         setup_clang_toolchain
         do_check_format
@@ -320,7 +341,7 @@ case "$1" in
         exit 0
     ;;
     *)
-        echo "must be one of [opt_build, build,test,clang_tidy,coverage,coverage_integration,asan,tsan,benchmark_with_own_binaries,docker,check_format,fix_format,test_gcc]"
+        echo "must be one of [opt_build, build,test,clang_tidy,coverage,coverage_integration,asan,tsan,benchmark_with_own_binaries,docker,docker_azp,check_format,fix_format,test_gcc]"
         exit 1
     ;;
 esac
diff --git a/ci/docker/benchmark_azp_push.sh b/ci/docker/benchmark_azp_push.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+DOCKER_IMAGE_PREFIX="${DOCKER_IMAGE_PREFIX:-envoyproxy/nighthawk-benchmark}"
+
+source ./ci/docker/docker_azp_push.sh
diff --git a/ci/docker/docker_azp_push.sh b/ci/docker/docker_azp_push.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Do not ever set -x here, it might leak credentials.
+set -e
+set +x
+
+# This is how AZP identifies the branch, see the Build.SourceBranch variable in:
+# https://docs.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#build-variables-devops-services
+MAIN_BRANCH="refs/heads/main"
+
+DOCKER_IMAGE_PREFIX="${DOCKER_IMAGE_PREFIX:-envoyproxy/nighthawk}"
+
+echo "Running docker_azp_push.sh for DOCKER_IMAGE_PREFIX=${DOCKER_IMAGE_PREFIX}, AZP_BRANCH=${AZP_BRANCH} and AZP_SHA1=${AZP_SHA1}."
+
+# Only push images for main builds.
+if [[ "${AZP_BRANCH}" != "${MAIN_BRANCH}" ]]; then
+  echo 'Ignoring non-main branch or tag for docker push.'
+  exit 0
+fi
+
+docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD"
+
+docker push "${DOCKER_IMAGE_PREFIX}-dev:latest"
+docker tag "${DOCKER_IMAGE_PREFIX}-dev:latest" \
+  "${DOCKER_IMAGE_PREFIX}-dev:${AZP_SHA1}"
diff --git a/ci/run_envoy_docker.sh b/ci/run_envoy_docker.sh
@@ -69,6 +69,7 @@ docker run --rm \
        -v "${ENVOY_DOCKER_BUILD_DIR}":"${BUILD_DIR_MOUNT_DEST}" \
        -v "${SOURCE_DIR}":"${SOURCE_DIR_MOUNT_DEST}" \
        -e AZP_BRANCH \
+       -e AZP_SHA1 `# unique` \
        -e HTTP_PROXY \
        -e HTTPS_PROXY \
        -e NO_PROXY \
@@ -98,5 +99,7 @@ docker run --rm \
        -e SYSTEM_STAGEDISPLAYNAME \
        -e SYSTEM_JOBDISPLAYNAME \
        -e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER \
+       -e DOCKERHUB_USERNAME `# unique` \
+       -e DOCKERHUB_PASSWORD `# unique` \
        "${ENVOY_BUILD_IMAGE}" \
        "${START_COMMAND[@]}"