Skip to content

feat(build): replace assembly with action-build-push-images #1805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

feat(build): replace assembly with action-build-push-images #1805

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
e3b17ae
replace assembly with single call to composite action
joshuarli Oct 14, 2025
4d190ff
fix paths
joshuarli Oct 14, 2025
584358e
fix
joshuarli Oct 14, 2025
5937a55
debug
joshuarli Oct 14, 2025
1a6ce94
debug
joshuarli Oct 14, 2025
2dc729a
fix
joshuarli Oct 14, 2025
2b9bd81
use getsentry/action-build-and-push-images to only build the tar
joshuarli Oct 14, 2025
d9925bc
cleanup
joshuarli Oct 14, 2025
01cae28
fix self hosted
joshuarli Oct 15, 2025
1f13b83
devenv pin_gha image.yml
joshuarli Oct 15, 2025
d9fdb5b
lets just use symbolicator name
joshuarli Oct 16, 2025
68bf56d
will this work
joshuarli Oct 16, 2025
19ae58e
make sure its executable
joshuarli Oct 16, 2025
06e8bc1
sanity check
joshuarli Oct 16, 2025
990e9c1
bypass the shell
joshuarli Oct 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 49 additions & 80 deletions .github/workflows/image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,12 @@ jobs:
cargo build --release --locked --target="${RUST_TARGET}" --features="${FEATURES}"
mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator

- name: Upload Binary
uses: actions/upload-artifact@v4
with:
name: symbolicator-binary-${{ matrix.arch }}
path: ./symbolicator

- name: Split debug info
run: |
mkdir -p "/tmp/debug-info/"
Expand All @@ -112,113 +118,76 @@ jobs:

- name: Prepare Docker Context
run: |
mkdir docker-ctx
mkdir -p docker-ctx/binaries/linux/${{ matrix.arch }}
cp Dockerfile docker-ctx/
mv symbolicator docker-ctx/
mv symbolicator docker-ctx/binaries/linux/${{ matrix.arch }}
Comment on lines 119 to +123
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this still happening if you upload the binary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you're asking here? Are you suggesting I should shape the path: ./symbolicator in upload to the new paths I need for the docker context so to not mv twice? I just didn't want to touch the paths in split debug info so left it as ./symbolicator.


- name: Build Image
uses: docker/build-push-action@v6
uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01
with:
context: docker-ctx/
image_name: 'symbolicator'
platforms: linux/${{ matrix.arch }}
tags: symbolicator-${{ matrix.arch }}
build_context: 'docker-ctx'
ghcr: false
google_ar: false
outputs: type=docker,dest=/tmp/symbolicator-${{ matrix.arch }}.tar
push: false

- name: Upload Image
uses: actions/upload-artifact@v4
with:
name: symbolicator-image@${{ matrix.arch }}
path: /tmp/symbolicator-${{ matrix.arch }}.tar

assemble-ghcr:
assemble:
needs: [build-setup, build-image]
if: "needs.build-setup.outputs.full_ci == 'true'"

name: Assemble for Github Container Registry
name: Assemble
runs-on: ubuntu-latest

permissions:
packages: write

env:
IMAGE: "ghcr.io/getsentry/symbolicator"
packages: write # required for GHCR
contents: read
id-token: write # required for GAR

steps:
- name: Docker Login
run: docker login --username '${{ github.actor }}' --password-stdin ghcr.io <<< "$GHCR_TOKEN"
env:
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v5

- name: Download Images
- name: Download Binaries
uses: actions/download-artifact@v5
with:
pattern: symbolicator-image@*
path: /tmp
merge-multiple: true
pattern: symbolicator-binary-*
path: /tmp/docker-ctx

- &assemble
name: Assemble and Push Images
- name: Prepare Docker Context
run: |
set -x

IMAGES=()
for image in /tmp/symbolicator-*.tar; do
NAME="$(basename $image .tar)"
ARCH="${NAME#*-}"
TARGET="${IMAGE}:${{ github.sha }}-${ARCH}"

docker load --input "${image}"
docker tag "${NAME}" "${TARGET}"
docker push "${TARGET}"

IMAGES+=("${TARGET}")
done

docker buildx imagetools create -t "${IMAGE}:${{ github.sha }}" "${IMAGES[@]}"

if [[ "${{ github.ref_name }}" == "master" ]]; then
docker buildx imagetools create -t "${IMAGE}:nightly" "${IMAGE}:${{ github.sha }}"
fi

assemble-ar:
needs: [build-setup, build-image]
if: "needs.build-setup.outputs.full_ci == 'true'"

name: Assemble for Google Artifact Registry
runs-on: ubuntu-latest

permissions:
contents: read
id-token: write

env:
IMAGE: "us-central1-docker.pkg.dev/sentryio/symbolicator/image"

steps:
- name: Google Auth
id: auth
uses: google-github-actions/auth@v3
cp Dockerfile /tmp/docker-ctx
mkdir -p /tmp/docker-ctx/binaries/linux/amd64 /tmp/docker-ctx/binaries/linux/arm64
mv /tmp/docker-ctx/symbolicator-binary-amd64/symbolicator /tmp/docker-ctx/binaries/linux/amd64
mv /tmp/docker-ctx/symbolicator-binary-arm64/symbolicator /tmp/docker-ctx/binaries/linux/arm64

# If action-build-and-push-images supports passing in a docker tar,
# then we can reuse the image artifact rather than this workaround
# (thankfully the build amounts to just a cp, wouldn't be doing this
# if the build was more complicated as we're building twice)

- name: Build and push images
if: "needs.build-setup.outputs.full_ci == 'true'"
uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01
with:
workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
service_account: [email protected]

- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v3
with:
version: ">= 390.0.0"

- name: Configure Docker
run: gcloud auth configure-docker us-central1-docker.pkg.dev

- name: Download Images
uses: actions/download-artifact@v5
with:
pattern: symbolicator-image@*
path: /tmp
merge-multiple: true

- *assemble
image_name: 'symbolicator'
platforms: linux/amd64,linux/arm64
build_context: '/tmp/docker-ctx'
publish_on_pr: true # TEMPORARY FOR TESTING
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self reminder to remove this before merging

ghcr: true
google_ar: true
# note: nightly will only be tagged if on default branch
tag_nightly: true
# on GAR we expect latest tags, nightly is canonically only a GHCR thing for us
tag_latest: true
google_ar_image_name: us-central1-docker.pkg.dev/sentryio/symbolicator/image
google_workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
google_service_account: [email protected]

gocd-artifacts:
needs: [build-setup, build-image]
Expand Down
4 changes: 3 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ COPY --from=gcr.io/distroless/cc-debian12:nonroot --chown=nonroot:nonroot /home/
VOLUME ["/etc/symbolicator", "/data"]
EXPOSE 3021

ARG BINARY=./symbolicator
ARG TARGETPLATFORM

ARG BINARY=./binaries/$TARGETPLATFORM/symbolicator
COPY ${BINARY} /bin/symbolicator

ENTRYPOINT ["/bin/symbolicator"]
Loading