From 8c75086976c525d300d1d322854b2f4bfe0cada5 Mon Sep 17 00:00:00 2001 From: David Herberth Date: Mon, 29 Apr 2024 14:03:13 +0200 Subject: [PATCH] ci(arm): Adds support for cross compilation and publishes Relay ARM docker images (#3272) Updates the build/ci to support building multi arch docker images. - Removes the now-unused docker images and build scripts, they are no longer used and we don't want to maintain them, they will eventually break. - Uses `regctl` to transfer multi arch images directly between registries - Fixes `relay-debug.zip` and `relay.src.zip` inconsistency Future improvements: - Add `aarch64-apple-darwin` to the matrix build - Release aarch64 binaries on release builds - Sign images (?) --- .dockerignore | 3 + .github/workflows/build_binary.yml | 14 +- .github/workflows/ci.yml | 280 +++++++++++++++++++---------- CHANGELOG.md | 1 + Cross.toml | 12 ++ Dockerfile | 91 ---------- Dockerfile.builder | 38 ---- Dockerfile.release | 8 +- Makefile | 4 +- relay-aws-extension/README.md | 4 - scripts/build-docker-image.sh | 66 ------- scripts/create-sentry-release | 4 +- scripts/docker-build-linux.sh | 40 ----- 13 files changed, 214 insertions(+), 351 deletions(-) create mode 100644 Cross.toml delete mode 100644 Dockerfile delete mode 100644 Dockerfile.builder delete mode 100755 scripts/build-docker-image.sh delete mode 100755 scripts/docker-build-linux.sh diff --git a/.dockerignore b/.dockerignore index bfca45506f..de3feda36b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -13,3 +13,6 @@ !docker-entrypoint.sh !Makefile + +# CI files necessary for building the docker file +!linux/ diff --git a/.github/workflows/build_binary.yml b/.github/workflows/build_binary.yml index f42b095a62..745ca046db 100644 --- a/.github/workflows/build_binary.yml +++ b/.github/workflows/build_binary.yml @@ -18,25 +18,25 @@ jobs: with: submodules: recursive - - name: Build in Docker + - name: Install Rust Toolchain + run: rustup toolchain install stable --profile minimal --no-self-update + + - name: Build binary run: | - # Get the latest stable rust toolchain version available - TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/') - scripts/docker-build-linux.sh "$TOOLCHAIN" + make build-linux-release env: - BUILD_ARCH: x86_64 RELAY_FEATURES: - name: Bundle Debug File run: | - cd target/x86_64-unknown-linux-gnu/release/ + cd target/release/ zip relay-Linux-x86_64-debug.zip relay.debug mv relay relay-Linux-x86_64 - uses: actions/upload-artifact@v3 with: name: ${{ github.sha }} - path: target/x86_64-unknown-linux-gnu/release/relay-Linux-x86_64* + path: target/release/relay-Linux-x86_64* macos: name: macOS diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e4b1e74cab..23541c291a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -183,100 +183,181 @@ jobs: timeout-minutes: 30 strategy: matrix: - # the arm64 build takes too long, so disable for now - arch: [amd64] image_name: [relay, relay-pop] + target: [x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu] - name: Build Docker Image + name: Build Relay Binary runs-on: ubuntu-latest - # Skip redundant checks for library releases if: "!startsWith(github.ref, 'refs/heads/release-library/')" env: - IMG_BASE: ghcr.io/getsentry/${{ matrix.image_name }} - IMG_DEPS: ghcr.io/getsentry/${{ matrix.image_name }}-deps:${{ matrix.arch }} - # GITHUB_SHA in pull requests points to the merge commit - IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} - ARCH: ${{ matrix.arch }} + RELAY_BIN: "target/${{ matrix.target }}/release/relay" + FEATURES: |- + ${{fromJson('{ + "relay": "processing,crash-handler", + "relay-pop": "crash-handler" + }')[matrix.image_name] }} + DOCKER_PLATFORM: |- + ${{fromJson('{ + "x86_64-unknown-linux-gnu": "linux/amd64", + "aarch64-unknown-linux-gnu": "linux/arm64" + }')[matrix.target] }} + # Fix editor: ' steps: + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y llvm + - uses: actions/checkout@v4 with: submodules: recursive + - uses: dtolnay/rust-toolchain@stable - uses: swatinem/rust-cache@v2 with: - key: ${{ github.job }}-${{ matrix.arch }} + key: "${{ github.job }}-${{ matrix.target }}-${{ matrix.image_name }}" + + - name: Install Cross + # We need a nightly version of cross for `cross-util`. + run: cargo install cross --git https://github.com/cross-rs/cross --rev 085092c + + - name: Compile + run: | + export PATH="/home/runner/.cargo/bin/:$PATH" - - run: docker run --rm --privileged tonistiigi/binfmt --install arm64 - if: matrix.arch == 'arm64' + cross build --release --locked --features "${FEATURES}" --target "${{ matrix.target }}" - - name: Build + - name: Split debug info run: | - # Get the latest stable rust toolchain version available - TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/') - ./scripts/build-docker-image.sh "$ARCH" "$TOOLCHAIN" ${{ matrix.image_name }} + llvm-objcopy --only-keep-debug "${RELAY_BIN}"{,.debug} + llvm-objcopy --strip-debug --strip-unneeded "${RELAY_BIN}" + llvm-objcopy --add-gnu-debuglink "${RELAY_BIN}"{.debug,} + + cross-util run --target "${{ matrix.target }}" -- "sentry-cli difutil bundle-sources ${RELAY_BIN}.debug" + zip "${RELAY_BIN}.debug.zip" "${RELAY_BIN}.debug" - - name: Export Docker Image - run: docker save -o ${{ matrix.image_name }}-docker-image.tgz $IMG_VERSIONED + - name: Prepare Artifacts + run: | + mkdir -p "artifacts/${DOCKER_PLATFORM}" + cp "${RELAY_BIN}"{,.debug.zip,.src.zip} "artifacts/${DOCKER_PLATFORM}" - - name: Upload Docker Image to Artifact - uses: actions/upload-artifact@v3 + - name: Upload Artifacts + uses: actions/upload-artifact@v4 with: retention-days: 1 - name: ${{ matrix.image_name }}-docker-image - path: ${{ matrix.image_name }}-docker-image.tgz + name: ${{ matrix.image_name }}@${{ matrix.target }} + path: "./artifacts/*" + + build-docker: + timeout-minutes: 5 + needs: build + + name: Build Docker Image + runs-on: ubuntu-latest + + strategy: + matrix: + image_name: [relay, relay-pop] + + env: + PLATFORMS: "linux/amd64,linux/arm64" + DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" + REVISION: "${{ github.event.pull_request.head.sha || github.sha }}" + + steps: + - uses: actions/checkout@v4 + + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + + - uses: actions/download-artifact@v4 + with: + pattern: "${{ matrix.image_name }}@*" + merge-multiple: true - - name: Push to ghcr.io - # Do not run this on forks as they do not have access to secrets + - name: Build and push to ghcr.io if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" run: | - set -euxo pipefail docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io - docker push $IMG_DEPS - docker push $IMG_VERSIONED - - name: Push nightly to ghcr.io - if: github.ref == 'refs/heads/master' + docker buildx build \ + --platform "${PLATFORMS}" \ + --tag "${DOCKER_IMAGE}:${REVISION}" \ + $( [[ "${GITHUB_REF}" == "refs/heads/master" ]] && printf %s "--tag ${DOCKER_IMAGE}:nightly" ) \ + --file Dockerfile.release \ + --push . + + publish-to-dockerhub: + needs: build-docker + + runs-on: ubuntu-20.04 + name: Publish Relay to DockerHub + + strategy: + matrix: + image_name: [relay] # Don't publish relay-pop (for now) + + if: ${{ (github.ref_name == 'master') }} + + env: + GHCR_DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" + DH_DOCKER_IMAGE: "getsentry/${{ matrix.image_name }}" + REVISION: "${{ github.event.pull_request.head.sha || github.sha }}" + + steps: + - name: Install cosign + uses: sigstore/cosign-installer@v3.5.0 + + - name: Install regctl + uses: regclient/actions/regctl-installer@2dac4eff5925ed07edbfe12d2d11af6304df29a6 + + - name: Login to DockerHub + run: docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }} + + - name: Copy Image from GHCR to DockerHub run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "$IMG_BASE:nightly" - docker push "$IMG_BASE:nightly" + # We push 3 tags to Dockerhub: + # 1) the full sha of the commit + regctl image copy "${GHCR_DOCKER_IMAGE}:${REVISION}" "${DH_DOCKER_IMAGE}:${REVISION}" - push-prod-image: + # 2) the short sha + SHORT_SHA=$(echo ${GITHUB_SHA} | cut -c1-8) + regctl image copy "${GHCR_DOCKER_IMAGE}:${REVISION}" "${DH_DOCKER_IMAGE}:${SHORT_SHA}" + + # 3) nightly + regctl image copy "${GHCR_DOCKER_IMAGE}:nightly" "${DH_DOCKER_IMAGE}:nightly" + + publish-to-gcr: timeout-minutes: 5 - needs: build + needs: build-docker + + name: Publish Relay to GCR + runs-on: ubuntu-latest strategy: matrix: image_name: [relay, relay-pop] - name: Push GCR Docker Image - runs-on: ubuntu-latest - # required for google auth permissions: contents: "read" id-token: "write" + env: + GHCR_DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" + GCR_DOCKER_IMAGE: "us.gcr.io/sentryio/${{ matrix.image_name }}" + REVISION: "${{ github.event.pull_request.head.sha || github.sha }}" + # Skip redundant checks for library releases # Skip for dependabot and if run on a fork if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - env: - # GITHUB_SHA in pull requests points to the merge commit - REVISION: ${{ github.event.pull_request.head.sha || github.sha }} - IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} - steps: - - name: Download Docker Image - uses: actions/download-artifact@v3 - with: - name: ${{ matrix.image_name }}-docker-image - - - name: Import Docker Image - run: docker load -i ${{ matrix.image_name }}-docker-image.tgz + - name: Install cosign + uses: sigstore/cosign-installer@v3.5.0 - name: Google Auth id: auth @@ -296,28 +377,62 @@ jobs: run: | gcloud auth configure-docker us.gcr.io - - name: Push to us.gcr.io - run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" - docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" + - name: Install regctl + uses: regclient/actions/regctl-installer@2dac4eff5925ed07edbfe12d2d11af6304df29a6 + + - name: Copy Image from GHCR to GCR + run: regctl image copy "${GHCR_DOCKER_IMAGE}:${REVISION}" "${GCR_DOCKER_IMAGE}:${REVISION}" - - name: Push nightly to us.gcr.io + - name: Copy Nightly from GHCR to GCR if: github.ref == 'refs/heads/master' - run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" - docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" + run: regctl image copy "${GHCR_DOCKER_IMAGE}:nightly" "${GCR_DOCKER_IMAGE}:nightly" + + gocd-artifacts: + timeout-minutes: 5 + needs: build-docker + + name: Upload build artifacts to gocd + runs-on: ubuntu-latest + + strategy: + matrix: + image_name: [relay, relay-pop] + + # required for google auth + permissions: + contents: "read" + id-token: "write" + + env: + GHCR_DOCKER_IMAGE: "ghcr.io/getsentry/${{ matrix.image_name }}" + REVISION: "${{ github.event.pull_request.head.sha || github.sha }}" + + if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" + + steps: + - name: Google Auth + id: auth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool + service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com + + - name: "Set up Cloud SDK" + uses: "google-github-actions/setup-gcloud@v2" + with: + # https://github.com/google-github-actions/auth#authenticating-via-workload-identity-federation + # You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools. + version: ">= 390.0.0" - name: Upload gocd deployment assets run: | set -euxo pipefail - VERSION="$(docker run --rm "$IMG_VERSIONED" --version | cut -d" " -f2)" - echo "relay@$VERSION+$REVISION" > release-name + VERSION="$(docker run --rm "${GHCR_DOCKER_IMAGE}:${REVISION}" --version | cut -d" " -f2)" + echo "${{ matrix.image_name }}@${VERSION}+${REVISION}" > release-name - docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay-debug.zip > relay-debug.zip - docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay.src.zip > relay.src.zip - docker run --rm --entrypoint tar "$IMG_VERSIONED" -cf - /lib/x86_64-linux-gnu > libs.tar + docker run --rm --entrypoint cat "${GHCR_DOCKER_IMAGE}:${REVISION}" /opt/relay.debug.zip > relay.debug.zip + docker run --rm --entrypoint cat "${GHCR_DOCKER_IMAGE}:${REVISION}" /opt/relay.src.zip > relay.src.zip + docker run --rm --entrypoint tar "${GHCR_DOCKER_IMAGE}:${REVISION}" -cf - /lib/x86_64-linux-gnu > libs.tar # debugging for mysterious "Couldn't write tracker file" issue: (env | grep runner) || true @@ -329,7 +444,7 @@ jobs: /home/runner/.gsutil/tracker-files/upload_TRACKER_*.rc.zip__JSON.url \ || true gsutil -m cp -L gsutil.log ./libs.tar ./relay-debug.zip ./relay.src.zip ./release-name \ - "gs://dicd-team-devinfra-cd--relay/deployment-assets/$REVISION/${{ matrix.image_name }}/" || status=$? && status=$? + "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${{ matrix.image_name }}/" || status=$? && status=$? cat gsutil.log exit "$status" @@ -397,7 +512,7 @@ jobs: name: Sentry-Relay Integration Tests runs-on: ubuntu-latest timeout-minutes: 30 - needs: build + needs: build-docker # Skip redundant checks for library releases if: "!startsWith(github.ref, 'refs/heads/release-library/')" @@ -429,14 +544,6 @@ jobs: kafka: true symbolicator: true - - name: Download Docker Image - uses: actions/download-artifact@v3 - with: - name: relay-docker-image - - - name: Import Docker Image - run: docker load -i relay-docker-image.tgz - - name: Run Sentry integration tests working-directory: sentry env: @@ -445,28 +552,3 @@ jobs: echo "Testing against ${RELAY_TEST_IMAGE}" make test-relay-integration - publish-to-dockerhub: - name: Publish Relay to DockerHub - needs: build - runs-on: ubuntu-20.04 - if: ${{ (github.ref_name == 'master') }} - steps: - - uses: actions/checkout@v4 - - timeout-minutes: 20 - run: until docker pull "ghcr.io/getsentry/relay:${{ github.sha }}" 2>/dev/null; do sleep 10; done - - name: Push built docker image - shell: bash - run: | - IMAGE_URL="ghcr.io/getsentry/relay:${{ github.sha }}" - docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }} - # We push 3 tags to Dockerhub: - # first, the full sha of the commit - docker tag "$IMAGE_URL" getsentry/relay:${GITHUB_SHA} - docker push getsentry/relay:${GITHUB_SHA} - # second, the short sha of the commit - SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA") - docker tag "$IMAGE_URL" getsentry/relay:${SHORT_SHA} - docker push getsentry/relay:${SHORT_SHA} - # finally, nightly - docker tag "$IMAGE_URL" getsentry/relay:nightly - docker push getsentry/relay:nightly diff --git a/CHANGELOG.md b/CHANGELOG.md index 3639dc1430..ac7202d6de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ - Emit gauges for total and self times for spans. ([#3448](https://github.com/getsentry/relay/pull/3448)) - Collect exclusive_time_light metrics for `cache.*` spans. ([#3466](https://github.com/getsentry/relay/pull/3466)) +- Build and publish ARM docker images for Relay. ([#3272](https://github.com/getsentry/relay/pull/3272)). ## 24.4.1 diff --git a/Cross.toml b/Cross.toml new file mode 100644 index 0000000000..fe1e7f88ea --- /dev/null +++ b/Cross.toml @@ -0,0 +1,12 @@ +[build] +pre-build = [ + # Use azure mirrors for faster downloads. + "sed -i -e 's/archive.archive.ubuntu.com/azure.archive.ubuntu.com/' /etc/apt/sources.list", + "sed -i -e 's/security.archive.ubuntu.com/azure.archive.ubuntu.com/' /etc/apt/sources.list", + "apt-get update && apt-get --assume-yes install libclang-8-dev clang-8", + "curl -sL https://sentry.io/get-cli/ | sh", +] + +[target.aarch64-unknown-linux-gnu] +# We're using a nightly `cross`, let's still use a stable image. +image = "ghcr.io/cross-rs/aarch64-unknown-linux-gnu:0.2.5" diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 9b7466118f..0000000000 --- a/Dockerfile +++ /dev/null @@ -1,91 +0,0 @@ -################## -### Deps stage ### -################## - -FROM getsentry/sentry-cli:2 AS sentry-cli -FROM centos:7 AS relay-deps - -# Rust version must be provided by the caller. -ARG RUST_TOOLCHAIN_VERSION -ENV RUST_TOOLCHAIN_VERSION=${RUST_TOOLCHAIN_VERSION} - -RUN yum -y update \ - && yum -y install centos-release-scl epel-release \ - # install a modern compiler toolchain - && yum -y install cmake3 devtoolset-10 git perl-core openssl openssl-devel pkgconfig libatomic \ - # below required for sentry-native - llvm-toolset-7.0-clang-devel \ - && yum clean all \ - && rm -rf /var/cache/yum \ - && ln -s /usr/bin/cmake3 /usr/bin/cmake - -ENV RUSTUP_HOME=/usr/local/rustup \ - CARGO_HOME=/usr/local/cargo \ - PATH=/usr/local/cargo/bin:$PATH - -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \ - | sh -s -- -y --profile minimal --default-toolchain=${RUST_TOOLCHAIN_VERSION} \ - && echo -e '[registries.crates-io]\nprotocol = "sparse"\n[net]\ngit-fetch-with-cli = true' > $CARGO_HOME/config - -COPY --from=sentry-cli /bin/sentry-cli /bin/sentry-cli - -WORKDIR /work - -##################### -### Builder stage ### -##################### - -FROM relay-deps AS relay-builder - -ARG RELAY_FEATURES=processing,crash-handler -ENV RELAY_FEATURES=${RELAY_FEATURES} - -COPY . . - -# Build with the modern compiler toolchain enabled -RUN : \ - && export BUILD_TARGET="$(arch)-unknown-linux-gnu" \ - && scl enable devtoolset-10 llvm-toolset-7.0 -- \ - make build-linux-release \ - TARGET=${BUILD_TARGET} \ - RELAY_FEATURES=${RELAY_FEATURES} - -# Collect source bundle -# Produces `relay-bin`, `relay-debug.zip` and `relay.src.zip` in current directory -RUN : \ - && export BUILD_TARGET="$(arch)-unknown-linux-gnu" \ - && make collect-source-bundle \ - TARGET=${BUILD_TARGET} - -################### -### Final stage ### -################### - -FROM debian:bookworm-slim - -RUN apt-get update \ - && apt-get install -y ca-certificates gosu curl --no-install-recommends \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -ENV \ - RELAY_UID=10001 \ - RELAY_GID=10001 - -# Create a new user and group with fixed uid/gid -RUN groupadd --system relay --gid $RELAY_GID \ - && useradd --system --gid relay --uid $RELAY_UID relay - -RUN mkdir /work /etc/relay \ - && chown relay:relay /work /etc/relay -VOLUME ["/work", "/etc/relay"] -WORKDIR /work - -EXPOSE 3000 - -COPY --from=relay-builder /work/relay-bin /bin/relay -COPY --from=relay-builder /work/relay-debug.zip /work/relay.src.zip /opt/ - -COPY ./docker-entrypoint.sh / -ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"] -CMD ["run"] diff --git a/Dockerfile.builder b/Dockerfile.builder deleted file mode 100644 index 8855ce3699..0000000000 --- a/Dockerfile.builder +++ /dev/null @@ -1,38 +0,0 @@ -FROM getsentry/sentry-cli:2 AS sentry-cli -FROM centos:7 AS relay-deps - -# Rust version must be provided by the caller. -ARG RUST_TOOLCHAIN_VERSION -ENV RUST_TOOLCHAIN_VERSION=${RUST_TOOLCHAIN_VERSION} - -RUN yum -y update \ - && yum -y install centos-release-scl epel-release \ - # install a modern compiler toolchain - && yum -y install cmake3 devtoolset-10 git \ - perl-core openssl openssl-devel pkgconfig libatomic \ - # below required for sentry-native - llvm-toolset-7.0-clang-devel \ - && yum clean all \ - && rm -rf /var/cache/yum \ - && ln -s /usr/bin/cmake3 /usr/bin/cmake - -ENV RUSTUP_HOME=/usr/local/rustup \ - CARGO_HOME=/usr/local/cargo \ - PATH=/usr/local/cargo/bin:$PATH - -ARG UID=10000 -ARG GID=10000 - -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \ - | sh -s -- -y --profile minimal --default-toolchain=${RUST_TOOLCHAIN_VERSION} \ - && echo -e '[registries.crates-io]\nprotocol = "sparse"\n[net]\ngit-fetch-with-cli = true' > $CARGO_HOME/config \ - # Adding user and group is the workaround for the old git version, - # which cannot checkout the repos failing with error: - # fatal: unable to look up current user in the passwd file: no such user - && groupadd -f -g ${GID} builder \ - && useradd -o -ms /bin/bash -g ${GID} -u ${UID} builder \ - && chown -R ${UID}:${GID} $CARGO_HOME - -COPY --from=sentry-cli /bin/sentry-cli /bin/sentry-cli - -WORKDIR /work diff --git a/Dockerfile.release b/Dockerfile.release index 42aadfaec0..7dd08ccd7b 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -1,5 +1,7 @@ FROM debian:bookworm-slim +ARG TARGETPLATFORM + RUN apt-get update \ && apt-get install -y ca-certificates gosu curl --no-install-recommends \ && apt-get clean \ @@ -20,8 +22,10 @@ WORKDIR /work EXPOSE 3000 -COPY ./relay-bin /bin/relay -COPY relay-debug.zip relay.src.zip /opt/ +COPY $TARGETPLATFORM/relay /bin/relay +RUN chmod +x /bin/relay +COPY $TARGETPLATFORM/relay.debug.zip /opt/relay.debug.zip +COPY $TARGETPLATFORM/relay.src.zip /opt/relay.src.zip COPY ./docker-entrypoint.sh / ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"] diff --git a/Makefile b/Makefile index 135241c5a7..4b683039dc 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ release: setup-git ## build production binary of the relay with debug info .PHONY: release build-linux-release: setup-git ## build linux release of the relay - cd relay && cargo build --release --locked $(if ${RELAY_FEATURES}, --features ${RELAY_FEATURES}) --target=${TARGET} + cd relay && cargo build --release --locked $(if ${RELAY_FEATURES}, --features ${RELAY_FEATURES}) objcopy --only-keep-debug target/${TARGET}/release/relay{,.debug} objcopy --strip-debug --strip-unneeded target/${TARGET}/release/relay objcopy --add-gnu-debuglink target/${TARGET}/release/relay{.debug,} @@ -32,7 +32,7 @@ build-linux-release: setup-git ## build linux release of the relay collect-source-bundle: setup-git ## copy the built relay binary to current folder and collects debug bundles mv target/${TARGET}/release/relay ./relay-bin - zip relay-debug.zip target/${TARGET}/release/relay.debug + zip relay.debug.zip target/${TARGET}/release/relay.debug sentry-cli --version sentry-cli difutil bundle-sources target/${TARGET}/release/relay.debug mv target/${TARGET}/release/relay.src.zip ./relay.src.zip diff --git a/relay-aws-extension/README.md b/relay-aws-extension/README.md index 6f64441674..4b66e10aff 100644 --- a/relay-aws-extension/README.md +++ b/relay-aws-extension/README.md @@ -4,10 +4,6 @@ **NOTE:** This applies only if you have an **ARM based Apple M1**! -If you have another type of machine, please use -[scripts/docker-build-linux.sh](scripts/docker-build-linux.sh) to compile -`relay` for using it as an AWS Lambda extension. - Follow these steps below on your Apple M1 machine to compile relay to be run in the AWS Lambda execution environment. diff --git a/scripts/build-docker-image.sh b/scripts/build-docker-image.sh deleted file mode 100755 index aef8c2ce38..0000000000 --- a/scripts/build-docker-image.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/env bash - - -set -euxo pipefail - -ARCH=${1:-$(uname -m)} -TOOLCHAIN=$2 -IMAGE_NAME=${3:-relay} - -# Set the correct build target and update the arch if required. -case "$ARCH" in - "amd64") - BUILD_TARGET="x86_64-unknown-linux-gnu" - ;; - "arm64" | "aarch64" ) - BUILD_TARGET="aarch64-unknown-linux-gnu" - ARCH="arm64" - ;; - *) - echo "ERROR unsupported architecture" - exit 1 -esac - -# Images to use and build. -IMG_DEPS=${IMG_DEPS:-"ghcr.io/getsentry/${IMAGE_NAME}-deps:$ARCH"} -IMG_VERSIONED=${IMG_VERSIONED:-"$IMAGE_NAME:latest"} - -# Relay features to enable. -RELAY_FEATURES="processing,crash-handler" -if [[ "$IMAGE_NAME" == "relay-pop" ]]; then - RELAY_FEATURES="crash-handler" -fi - -# Build a builder image with all the depdendencies. -args=(--progress auto) -if docker pull -q "$IMG_DEPS"; then - args+=(--cache-from "$IMG_DEPS") -fi - -docker buildx build \ - "${args[@]}" \ - --build-arg RUST_TOOLCHAIN_VERSION="$TOOLCHAIN" \ - --build-arg UID="$(id -u)" \ - --build-arg GID="$(id -g)" \ - --cache-to type=inline \ - --platform "linux/$ARCH" \ - --tag "$IMG_DEPS" \ - --target relay-deps \ - --file Dockerfile.builder \ - . - -# Build the binary inside of the builder image. -docker run \ - --volume "$PWD:/work:rw" \ - --platform "linux/$ARCH" \ - --user "$(id -u):$(id -g)" \ - -e TARGET="$BUILD_TARGET" \ - "$IMG_DEPS" \ - scl enable devtoolset-10 llvm-toolset-7.0 -- make build-release-with-bundles RELAY_FEATURES="$RELAY_FEATURES" - -# Create a release image. -docker buildx build \ - --platform "linux/$ARCH" \ - --tag "$IMG_VERSIONED" \ - --file Dockerfile.release \ - . diff --git a/scripts/create-sentry-release b/scripts/create-sentry-release index 1b4c6b2f53..c99ebd4662 100755 --- a/scripts/create-sentry-release +++ b/scripts/create-sentry-release @@ -31,13 +31,13 @@ fi echo 'Downloading debug info, source bundle, system symbols...' gsutil cp \ "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${NAME}/release-name" \ - "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${NAME}/relay-debug.zip" \ + "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${NAME}/relay.debug.zip" \ "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${NAME}/relay.src.zip" \ "gs://dicd-team-devinfra-cd--relay/deployment-assets/${REVISION}/${NAME}/libs.tar" \ . echo 'Uploading debug information and source bundle...' -sentry-cli upload-dif ./relay-debug.zip ./relay.src.zip +sentry-cli upload-dif ./relay.debug.zip ./relay.src.zip echo 'Uploading system symbols...' tar xf libs.tar diff --git a/scripts/docker-build-linux.sh b/scripts/docker-build-linux.sh deleted file mode 100755 index 86caa12f78..0000000000 --- a/scripts/docker-build-linux.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -set -eux - -TOOLCHAIN=$1 - -if [ "${BUILD_ARCH}" = "x86_64" ]; then - DOCKER_ARCH="amd64" -elif [ "${BUILD_ARCH}" = "i686" ]; then - DOCKER_ARCH="i386" -else - echo "Invalid architecture: ${BUILD_ARCH}" - exit 1 -fi - -TARGET=${BUILD_ARCH}-unknown-linux-gnu -BUILD_IMAGE="us.gcr.io/sentryio/relay:deps" - -# Prepare build environment first -docker pull $BUILD_IMAGE || true -docker buildx build \ - --build-arg RUST_TOOLCHAIN_VERSION="$TOOLCHAIN" \ - --platform "linux/${DOCKER_ARCH}" \ - --cache-from=${BUILD_IMAGE} \ - --target relay-deps \ - -t "${BUILD_IMAGE}" . - -DOCKER_RUN_OPTS=" - -v $(pwd):/work - -e TARGET=${TARGET} - $BUILD_IMAGE -" - -# And now build the project -docker run $DOCKER_RUN_OPTS \ - make build-linux-release RELAY_FEATURES="${RELAY_FEATURES}" - -# Fix permissions for shared directories -USER_ID=$(id -u) -GROUP_ID=$(id -g) -sudo chown -R ${USER_ID}:${GROUP_ID} target/