unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Simon Josefsson via <help-guix@gnu.org>
To: help-guix@gnu.org
Subject: Re: Building a Docker image for GitLab-CI
Date: Wed, 25 Dec 2024 21:38:14 +0100	[thread overview]
Message-ID: <87cyhfo5vt.fsf@kaka.sjd.se> (raw)
In-Reply-To: <87ldw7pp6d.fsf@kaka.sjd.se> (Simon Josefsson via's message of "Sun, 22 Dec 2024 19:07:06 +0100")

[-- Attachment #1: Type: text/plain, Size: 6304 bytes --]

All,

Here are some updates about Guix container images for GitLab pipelines
or local podman usage.  I'm declaring this v1.0.

tl;dr: https://gitlab.com/debdistutils/guix/container

Final images are built from a pure Guix container now.  Everything is
done on public shared GitLab runners in the pipeline, no container
uploads.  Stage0 creates Debian+Guix that builds a pure Guix stage1
which builds the final Stage2 images.  The content of these images
appears to be reproducible, but alas the docker images itself aren't:
https://issues.guix.gnu.org/75090

No need for --disable-chroot in GitLab CI runs.  Local podman usage
ironically requires 'podman --privileged' if you want to avoid
--disable-chroot.  If someone can figure out which --cap-add are
sufficient, that would be nicer over --privileged.  Ultimately I think
'guix-daemon' should handle this, it is a desirable property to be able
to use chroot building inside a container.

I'm using small/medium GitLab runners.  It seems whatever 'guix' is
consuming resources for, it isn't helped by additional CPU nodes, disk,
or RAM.  Network bandwidth is improved by using guix from GitLab instead
of Savannah.  Maybe the bottleneck are the substitution servers?  Or
perhaps single-core CPU speed?  For stage1 [1], 1m52s is spent on 'guix
install skopeo' and 2m44s on 'guix pack'.  For stage2 [2], 1m35s is
spent on 'guix install nss-certs skopeo tar gzip' and 4m30s on 'guix
pack'.  Creating the stage0 debian+guix image is where the 'guix pull'
happens [3], and it takes around 35 minutes (I recall seeing runtimes
down to 25 minutes when I used larger nodes).

The 'latest' image with gcc, automake etc as a development environment
is around 400MB and the 'slim' image with minimal packages only is
183MB.  Does anyone how to optimize 'guix pack' output sizes?  Even the
'slim' image seems to have a lot of duplicated stuff [4].

There is a bunch of small nits, and if someone has ideas about
improvements that would be great!  See list of issues here:
https://gitlab.com/debdistutils/guix/container#known-quirks

Merry Christmas,
/Simon

[1] https://gitlab.com/debdistutils/guix/container/-/jobs/8723179887
[2] https://gitlab.com/debdistutils/guix/container/-/jobs/8723179903
[3] https://gitlab.com/debdistutils/guix/container/-/jobs/8723242065
[4] 'guix pack guix bash-minimal coreutils-minimal net-base' and
    doing cd /gnu/store; ls|sort -k1.33:

gd3s60nav0qhp8lxjj21ffynivwibfl5-avahi-0.8
3jhfhxdf6v5ms10x5zmnl166dh3yhbr1-bash-minimal-5.1.16
x47i4yafqxdav838aykda9c2hhhn9sa4-bash-minimal-5.1.16
87z5k84hxbqs87plgwsl2v6a4j7m3k7h-bash-static-5.1.16
56aq6sdx35f7rsxq8jq9ypafk0dhd3p3-bzip2-1.0.8
59kd6jyvrq8prl9mbnh3g8d22rc1dbwv-bzip2-1.0.8
qy1769103d15zh8gg09wlywfsyblham4-coreutils-minimal-9.1
vdaspmq10c3zmqhp38lfqy812w6r4xg3-curl-8.6.0
af6rfyb76j51g2m981a4r0747pvg3j7c-dbus-1.15.8
dnjwcdxmwma6fl7fvvn3p4frib7f5chl-disarchive-0.6.0
vb1rs3dk181ariczl0zqcmfjncjkrv0f-emacs-subdirs
faxgciaw9wxz8zyxk70f2pa3c5rr8al7-expat-2.5.0
zzpbp6rr43smwxzvzd4qd317z5j7qblj-gcc-11.4.0-lib
hdb3jmxa67zkh4wj0l6w9ga3gj84k1yc-gdbm-1.23
9ri7c2haj2q3f5p6859z64kjvrjyy5n6-git-minimal-2.46.0
zgsphhmliwgmjjv1czmbyjql3gk7ynsx-glib-2.78.0
zvlp3n8iwa1svxmwv4q22pv1pb1c9pjq-glibc-2.39
pxnrbpc30m5qsr8jqx86a9m42mzn25ni-glibc-utf8-locales-2.39
kka705681m1hq98b9jz98vxk9s5qd4ld-gmp-6.3.0
9mkcil1rl450r84hn1hcbny5pi5js8ig-gnutls-3.8.3
7k8b93779dqpwcg2qjdvnf4nl43jv7hf-grep-3.11
mfkz7fvlfpv3ppwbkv0imb19nrf95akf-guile-3.0.9
003k1369b9b35b7vgfzjqrc1iha555i2-guile-avahi-0.4.1
1myi8hwa0a3lf9qw14dkqckhv9ljpzp1-guile-bytestructures-1.0.10
rf9xg52fa4zpn9ywd9w4kczhib4ggfsq-guile-bzip2-0.1.0
2bmrqh4w9pcgns0pi3wwqasrshpmv8hw-guile-gcrypt-0.4.0
kcvbb34cv4p19sg3rmi2rrld03wyvhpb-guile-git-0.9.0
pgjyl3fn4sflk6xy63qd5anrhqwylpgw-guile-gnutls-4.0.0
711y2zrpg0ygxaghy72v8hzwla7mjaqg-guile-json-4.7.3
p7qx1yhxlz61r1hpcgdvdhqq343cryyp-guile-lib-0.2.8
02i9pa0yj18riq7g90bzx0jaxmlxnax4-guile-lzlib-0.3.0
n2jz9qnxf7ainkzsdjyl3d4x078g15lw-guile-lzma-0.1.1
nj1051ag55p7llr1wc0ml6hg08gk1prs-guile-semver-0.1.1
yhzifwp225x81i9d056xa2r11g5w40kd-guile-sqlite3-0.1.3
vhby2mrlf25flwx571bmnllccigb49ml-guile-ssh-0.18.0
7h0khqsyzz3ic8dwyfmbbr5404qkmm98-guile-zlib-0.2.1
i0fm4jrkgz6rxpcscd1sazx62fwhqd58-guile-zstd-0.1.1
pzghsxxfx5dll69ikhckissq3b38542z-guix-1.4.0-29.3032221
0r2fx1lr1h2i3cl1x5fw4s4ly95qspya-gzip-1.13
w9zl48a95kylc7a91rwrrk27v70my968-gzip-1.13
96lahq0x84fiaj341vzx0fw5h18iyq9q-http-parser-2.9.4-1.ec8b5ee
prf6y8cmysfdf6jys86ixcv1kdw4l2lf-info-dir
9vjs14mzxki1q857wc8jfhbfj06gvkcp-libcap-2.64
62xxxmgmpk6zhzdr1ciya6f572y75xkw-libdaemon-0.14
lqgg509yb3f85ck4k6l0qp7a70bz7daa-libevent-2.1.12
s6iqwc5sqjrk76kzslqc1n1wlcvfyqkw-libffi-3.4.4
pr73chdirm3jc2j7npc6hqzmcwjs7l8m-libgc-8.2.4
gfqifdfnfvnbksbm0w87fvq76138i8da-libgcrypt-1.10.1
ni0kk5ff3z8sdglksb3850c9w44a2zaj-libgit2-1.8.3
881qgylidmmx92jdv1wvkzjs858dw9cd-libgpg-error-1.47
7xizylh3gi6sj23nz19q6xhvx2d50wvr-libidn2-2.3.4
jcjm231n2g8mqs0w2pa85hv7l1nfi2qa-libpsl-0.21.1
085636515w3h03dp2fr7w3clsn3p2wj7-libssh-0.10.6
pr8xfc53m3fc6rx8jrfis1xz8jvbb53h-libssh2-1.10.0
b801mrqqcsnhbr34544mlfyanzg3skfx-libtasn1-4.19.0
zpaw3cp2k9jx36yhkpwra3jilfbb1mc7-libunistring-1.1
4775wjc2972kiwfsq710fv5pfzyc5laq-libx11-1.8.7
wxwv020jwxq9gr070vwy3fh8n028gwqg-libxau-1.0.10
y5a0l9a3z214yar8q7mznqqd4pnw0vvp-libxcb-1.15
q1vqb2hfclghbpl1vn094l1rzj12b6qb-libxcrypt-4.4.36
v712yc2mwkc10m1nzgjz3linnvl5i1dh-libxdmcp-1.1.3
40aa02d5xnxpi2w6dhlr4ldf1kir1wz2-lzlib-1.13
b9kfblvwd0xx5jr8zzvz4ypa0936jh6v-mit-krb5-1.20
7rsdf5kcqh0gl88av6nkgvgxg1ywvc5b-ncurses-6.2.20210619
bfp25w47fxn8z0fdwj45prx2609sx59j-net-base-5.3
al613p11xv5w1xmnqn7ykw0x6d4b0539-nettle-3.9.1
8i2kr43jfbqvhpv67hs8kgncj2kk19b6-nghttp2-1.58.0-lib
xc98v8v485rs704wb26mipb0y5npdl1z-openssl-3.0.8
cmzi8a17f44fvb55s77jd7d4r678w093-p11-kit-0.24.1
gwn3p1r5ghlapv9yjad0mk2n23la7j8z-pcre2-10.42
a3lsdsalcmg5wnk67869af7wljprkbam-pkg-config-0.29.2
bwfrm3dmm33lfr69r1h5jy24hj51ii23-profile
dl3665ynrp41ynyw2ay5kfqix93myj5d-readline-8.1.2
81wqxjgqfinrxxh473c89r1n7arxfv3s-sed-4.8
laj6a3z6gjza9f18kyxw1nz5211ghwfs-sqlite-3.39.3
j5zgzgsmbjgywr67r86h1n6s4qiabv5q-tar-1.34
2p8j6npwa2k59d8lbhlqzvffn0437x8l-util-linux-2.37.4-lib
70s4sq1hx1m5rmsg5bcnjxslwc8ppiag-xz-5.4.5
fbaw0sb21gv02qq7gs9wg5y5wlpdgzih-xz-5.4.5
1prv14v6jfnzzg7szm57690b7fr6sx33-zlib-1.3
m05g4pzw906bg2pydbl74vrnvkmi9rbj-zstd-1.5.2-lib

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 255 bytes --]

  parent reply	other threads:[~2024-12-25 20:38 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-14 12:36 Building a Docker image for GitLab-CI Suhail
2024-12-15 21:05 ` Cayetano Santos
2024-12-15 21:27   ` Cayetano Santos
2024-12-16 10:42     ` Simon Josefsson via
2024-12-16 11:04       ` Andreas Enge
2024-12-18 19:17         ` Simon Josefsson via
2024-12-18 22:31         ` Cayetano Santos via
2024-12-17  7:52       ` Ludovic Courtès
2024-12-17  8:07         ` Simon Josefsson via
2024-12-17 10:24           ` Ludovic Courtès
2024-12-17 23:46             ` Simon Josefsson via
2024-12-21 15:33               ` Ludovic Courtès
2024-12-22 18:07                 ` Simon Josefsson via
2024-12-23 18:08                   ` Container image entrypoints on Gitlab (was: Re: Building a Docker image for GitLab-CI) Simon Josefsson via
2024-12-25 18:13                     ` Container image entrypoints on Gitlab Simon Josefsson via
2024-12-23 18:57                   ` GitLab container /etc symlink problem (was: Re: Building a Docker image for GitLab-CI) Simon Josefsson via
2024-12-25 20:38                   ` Simon Josefsson via [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-02-13 10:31 Building a Docker image for GitLab-CI Ludovic Courtès
2024-02-14 14:49 ` Andreas Enge
2024-02-14 17:55 ` Efraim Flashner
2024-02-15  8:25   ` Ludovic Courtès
2024-05-31  9:26 ` Reza Housseini
2024-06-04 11:29   ` Ludovic Courtès
2024-06-05  8:55     ` Andreas Enge
2024-06-06  9:23       ` Ludovic Courtès
2024-06-07 10:56         ` Andreas Enge
2024-06-06 11:39     ` Reza Housseini
2024-06-06 13:12       ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cyhfo5vt.fsf@kaka.sjd.se \
    --to=help-guix@gnu.org \
    --cc=simon@josefsson.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).