From: Simon Josefsson via <help-guix@gnu.org>
To: Andreas Enge <andreas@enge.fr>
Cc: help-guix@gnu.org, ludovic.courtes@inria.fr,
suhail@bayesians.ca, Cayetano Santos <csantosb@inventati.org>
Subject: Re: Building a Docker image for GitLab-CI
Date: Wed, 18 Dec 2024 20:17:46 +0100 [thread overview]
Message-ID: <87bjx8kdgl.fsf@kaka.sjd.se> (raw)
In-Reply-To: <Z2AJRccAAH9bIflo@jurong> (Andreas Enge's message of "Mon, 16 Dec 2024 12:04:37 +0100")
[-- Attachment #1: Type: text/plain, Size: 4359 bytes --]
Andreas Enge <andreas@enge.fr> writes:
> Hello Simon,
>
> Am Mon, Dec 16, 2024 at 11:42:34AM +0100 schrieb Simon Josefsson via:
>> I am trying to get a Guix container usable in GitLab, and thought I'd
>> share my status. I have established working networking in the resulting
>> Guix container, which seems like progress (whoohoo!). tl;dr:
>
> at work we are using gitlab CI to build guix docker containers and run a
> node on openshift for the bordeaux build farm:
> https://gitlab.inria.fr/enge/plm-guix
> The README.md is completely outdated and serves mainly as a reminder to
> myself on how this docker thing works; every time I look at it after a
> break of a few months I have forgotten how to use a docker container...
>
> And of course I have already forgotten the details; probably we should
> write a little blog post. I will talk about it with my colleague when I
> meet him next year ;-)
>
> We also start with a Debian image and use a Dockerfile to install Guix
> in it, as described in the Guix manual. Then for CI, we use this fixed
> docker image to create a new one every time our repository (with a
> channels.scm file and the plmshift.scm OS configuration file) changes.
> In our case, this second docker image is the artefact that we then deploy.
> We use "docker in docker" to create the images, and if I understood
> correctly, this requires some privileges; these may not be given on
> gitlab.com, but are available in our self-hosted instance.
Hi Andreas! This all sounds quite similar to what I'm doing, although
using a different software stack. I'm reading through your work now,
after actually finishing my work which I've announced here:
https://blog.josefsson.org/2024/12/18/guix-container-images-for-gitlab-ci-cd/
https://gitlab.com/debdistutils/guix/container
Looking into details, it seems you run this command to create the image:
https://gitlab.inria.fr/enge/plm-guix/-/blob/bf87f970c316f20cea2cf80f2511a280b5a71ed8/.gitlab-ci.yml#L44
docker run --privileged -v ./config:/config $CI_REGISTRY_IMAGE/builder:latest sh -c 'cd /config && /guix-daemon.sh guix time-machine -C channels.scm -- system image -t docker plmshift.scm >/dev/null 2>&1 && cat /gnu/store/*docker-image.tar.gz' > image/docker-image.tar.gz
docker load -i image/docker-image.tar.gz
Your docker file is here:
https://gitlab.inria.fr/enge/plm-guix/-/blob/master/docker/Dockerfile?ref_type=heads
The guix-daemon.sh script is here:
https://gitlab.inria.fr/enge/plm-guix/-/blob/master/docker/guix-daemon.sh?ref_type=heads
Your plmshift.scm file is here:
https://gitlab.inria.fr/enge/plm-guix/-/blob/master/config/plmshift.scm?ref_type=heads
For comparison, I'm creating the image like this:
https://gitlab.com/debdistutils/guix/container/-/blob/main/.gitlab-ci.yml?ref_type=heads#L61
GUIX_PACKS_SLIM: guix bash-minimal coreutils-minimal net-base lndir
GUIX_PACKS_LATEST: $GUIX_PACKS_SLIM git-minimal findutils diffutils gcc-toolchain make automake autoconf tar grep sed gawk m4 gzip xz bzip2 iproute2 inetutils libcap shadow wget nss-certs
...
pack=$(guix pack $GUIX_PACKS --save-provenance -S /bin=bin -S /share=share -f docker --image-tag=guix --max-layers=8 --verbosity=0)
podman load -i $pack
My containerfile is here:
https://gitlab.com/debdistutils/guix/container/-/blob/main/debian-with-guix/Containerfile?ref_type=heads
Some of the stuff you resolve by using guix-daemon.sh and guix system
image on the plmshift.scm I instead push onto the consumer of my work,
as in these instructions:
https://gitlab.com/debdistutils/guix/container#how-to-use
One difference is that you are using your previous image as a basis for
the next one, which means you are using native Guix to build the image,
whereas I'm using Debian+Guix to build the image. There is no
fundamental reason for this in my approach, so I opened an issue about
it:
https://gitlab.com/debdistutils/guix/container/-/issues/1
One more fundamental issue is that you are using 'guix system image' and
I was inspired by Ludo's e-mail and used 'guix pack'. My experiments
with system images were that they ended up being larger, but maybe that
can be resolved by removing stuff. Are there any general thoughts on
which is better to use? Guix system vs Guix pack? I kind of like the
idea of adding on top off guix-pack rather than removing from
guix-system.
/Simon
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 255 bytes --]
next prev parent reply other threads:[~2024-12-18 19:18 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 12:36 Building a Docker image for GitLab-CI Suhail
2024-12-15 21:05 ` Cayetano Santos
2024-12-15 21:27 ` Cayetano Santos
2024-12-16 10:42 ` Simon Josefsson via
2024-12-16 11:04 ` Andreas Enge
2024-12-18 19:17 ` Simon Josefsson via [this message]
2024-12-18 22:31 ` Cayetano Santos via
2024-12-17 7:52 ` Ludovic Courtès
2024-12-17 8:07 ` Simon Josefsson via
2024-12-17 10:24 ` Ludovic Courtès
2024-12-17 23:46 ` Simon Josefsson via
2024-12-21 15:33 ` Ludovic Courtès
2024-12-22 18:07 ` Simon Josefsson via
-- strict thread matches above, loose matches on Subject: below --
2024-02-13 10:31 Ludovic Courtès
2024-02-14 14:49 ` Andreas Enge
2024-02-14 17:55 ` Efraim Flashner
2024-02-15 8:25 ` Ludovic Courtès
2024-05-31 9:26 ` Reza Housseini
2024-06-04 11:29 ` Ludovic Courtès
2024-06-05 8:55 ` Andreas Enge
2024-06-06 9:23 ` Ludovic Courtès
2024-06-07 10:56 ` Andreas Enge
2024-06-06 11:39 ` Reza Housseini
2024-06-06 13:12 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bjx8kdgl.fsf@kaka.sjd.se \
--to=help-guix@gnu.org \
--cc=andreas@enge.fr \
--cc=csantosb@inventati.org \
--cc=ludovic.courtes@inria.fr \
--cc=simon@josefsson.org \
--cc=suhail@bayesians.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).