ci: Run docker builds on linkerd-docker host (#376)

olix0r · web-flow · commit 4866eb2aebb5 · 2019-10-16T15:41:45.000-07:00
Replicate our integration test configuration to also run docker builds
on our remote host.

Furthermore, run these builds in unoptimized mode (since we don't
consume the results).
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,3 +1,6 @@
+# Ensures that the local development dockerfile builds properly.
+#
+# The resulting Docker image is discarded.
 name: Docker
 
 on:
@@ -12,9 +15,50 @@ on:
     - 'Cargo.lock'
     - 'Dockerfile'
 
+env:
+  DOCKER_UNOPTIMIZED: "1"
+
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
-    - run: make docker
+
+    # Create a build image on a Linkerd build host.
+    - name: Setup (Origin)
+      if: '!github.event.pull_request.head.repo.fork'
+      run: |
+        mkdir -p ~/.ssh
+        # Create an identity file and protect before writing contents to it.
+        touch ~/.ssh/id && chmod 600 ~/.ssh/id
+        echo "${{ secrets.DOCKER_PRIVATE_KEY }}" >~/.ssh/id
+        # Use well-known public keys for the host to prevent middlemen.
+        echo "${{ secrets.DOCKER_KNOWN_HOSTS }}" >~/.ssh/known_hosts
+        # Configure host with ServerAliveInterval to ensure that the client
+        # stays alive even when the server is busy emitting nothing.
+        # ServerAliveCountMax ensures that server responds to these pings
+        # within ~5 minutes.
+        (
+          echo "Host linkerd-docker"
+          echo "    User github"
+          echo "    Hostname ${{ secrets.DOCKER_ADDRESS }}"
+          echo "    IdentityFile ~/.ssh/id"
+          echo "    BatchMode yes"
+          echo "    ServerAliveInterval 60"
+          echo "    ServerAliveCountMax 5"
+        ) >~/.ssh/config
+        # Confirm that the SSH configuration works.
+        ssh linkerd-docker docker version
+
+    - name: Docker (Origin)
+      if: '!github.event.pull_request.head.repo.fork'
+      env:
+        DOCKER_HOST: "ssh://linkerd-docker"
+      run: |
+        export DOCKER_TAG="proxy-ci:$(dd bs=64 count=1 if=/dev/urandom status=none | tr -dc 'a-zA-Z0-9')"
+        make docker
+        docker image rm -f "$DOCKER_TAG"
+
+    - name: Docker (Fork)
+      if: github.event.pull_request.head.repo.fork
+      run: make docker
diff --git a/Dockerfile b/Dockerfile
@@ -9,7 +9,8 @@
 
 # rather than updating this manually, run update-rust-version.sh
 ARG RUST_IMAGE=rust:1.37.0-buster
-ARG RUNTIME_IMAGE=gcr.io/linkerd-io/proxy:edge-19.8.7
+ARG RUNTIME_IMAGE=gcr.io/linkerd-io/proxy:edge-19.10.2
+ARG PROXY_UNOPTIMIZED
 
 ## Builds the proxy as incrementally as possible.
 FROM $RUST_IMAGE as build
diff --git a/Makefile b/Makefile
@@ -26,6 +26,9 @@ DOCKER_BUILD = docker build
 ifdef DOCKER_TAG
 	DOCKER_BUILD = docker build -t $(DOCKER_TAG)
 endif
+ifdef DOCKER_UNOPTIMIZED
+	DOCKER_BUILD += --build-arg="PROXY_UNOPTIMIZED=$(DOCKER_UNOPTIMIZED)"
+endif
 
 RUSTCFLAGS ?=
 ifdef CARGO_DEBUG
