chore: bake protoc into the hermetic build docker image #2707
Conversation
product-auto-label
bot
added
size: l
| @@ -0,0 +1,197 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
Since this is a test resource, could you remove all unused part?
There was a problem hiding this comment.
My bad, it slipped into my commits!
| @@ -157,7 +161,22 @@ download_generator_artifact() { | |||
| download_protoc() { | |||
| local protoc_version=$1 | |||
| local os_architecture=$2 | |||
| if [ ! -d "protoc-${protoc_version}" ]; then | |||
|
|
|||
| protoc_dirname="protoc-${protoc_version}" | |||
There was a problem hiding this comment.
Could you add a comment specifying the the protoc version priority?
| { | ||
| "customType": "regex", | ||
| "fileMatch": [ | ||
| "^\\.cloudbuild/library_generation/library_generation\\.Dockerfile$" |
There was a problem hiding this comment.
Actually we probably don't want to let renovate bot to automatically update protoc. Not before we can update the whole repo(java-comon-protos, java-iam, test files in gapic-generator-java) along side the protoc update. Because the new protoc version may not work with the current protos or the newly generated code may not work with the generator.
|
|
||
| # install protobuf | ||
| WORKDIR /protoc | ||
| RUN ls /src |
There was a problem hiding this comment.
Is this just for troubleshooting purposes?
There was a problem hiding this comment.
Indeed. I removed it
| # if the specified protoc_version matches the one baked in the docker | ||
| # container, we just copy it into the output folder | ||
| mkdir -p "${output_folder}/${protoc_dirname}" | ||
| cp -r "${DOCKER_PROTOC_LOCATION}/${protoc_dirname}" \ |
There was a problem hiding this comment.
Can we use the protoc location specified in Dockerfile?
There was a problem hiding this comment.
Yes. We now explicitly export the protoc_path variable to simply point to this location instead of copying it.
| @@ -157,7 +161,22 @@ download_generator_artifact() { | |||
| download_protoc() { | |||
There was a problem hiding this comment.
In general, I feel like we may not need any changes in download_protoc. Ideally this function can stay as it is and we can add logics before calling it, for example
if [[ "${protoc_version}" != "${DOCKER_PROTOC_VERSION}" ]]; then
download_protoc "${protoc_version}" "${os_architecture}"
fi
But I think this requires us to reuse the proto location specified in Dockerfile.
There was a problem hiding this comment.
I left download_protoc almost untouched and left the DOCKER_PROTOC_VERSION handling in download_tools (one level up in the call hierarchy).
| if [[ -n "${DOCKER_PROTOC_VERSION}" ]]; then | ||
| >&2 echo "Using protoc version baked into the container: ${DOCKER_PROTOC_VERSION}" | ||
| echo "${DOCKER_PROTOC_VERSION}" | ||
| fi |
There was a problem hiding this comment.
I guess we can return this function early?
There was a problem hiding this comment.
This became obsolete as we moved this if statement outside of download_protoc
Removed.
Co-authored-by: Joe Wang <106995533+JoeWang1127@users.noreply.github.com>
product-auto-label
bot
added
size: m
| @@ -308,6 +304,3 @@ def __recursive_diff_files( | |||
| sub_dcmp, diff_files, left_only, right_only, dirname + sub_dirname + "/" | |||
| ) | |||
|
|
|||
| @classmethod | |||
| def __remove_docker_image(cls): | |||
There was a problem hiding this comment.
Since the GitHub runner cleans itself up after running the ITs and we usually want to troubleshoot locally via this integration test, it may be more convenient to not have to build the image from scratch every time when debugging.
| @@ -15,24 +15,35 @@ | |||
| # build from the root of this repo: | |||
| FROM gcr.io/cloud-devrel-public-resources/python | |||
|
|
|||
| ARG SYNTHTOOL_COMMITTISH=a2c9b4a5da2d7f583c8a1869fd2843c206145834 | |||
| SHELL [ "/bin/bash", "-c" ] | |||
There was a problem hiding this comment.
Anything requires us to change the default shell to bash?
There was a problem hiding this comment.
The nvm installation script assumes the environment is bash based. Using sh makes the following line to have no effects.
|
Please retry analysis of this Pull-Request directly on SonarCloud |
|
### Does the config work with renovate bot?
Yes. After a local run using `LOG_LEVEL=debug npx --yes --package
renovate -- renovate --platform=local &> renovate.out`, we obtained a
dependency update in the logs:
```
{
"deps": [
{
"depName": "protocolbuffers/protobuf",
"currentValue": "25.2",
"datasource": "github-releases",
"extractVersion": "^v(?<version>.*)$",
"replaceString": "ARG PROTOC_VERSION=25.2\n",
"updates": [
{
"bucket": "non-major",
"newVersion": "25.3",
"newValue": "25.3",
"releaseTimestamp": "2024-02-15T23:20:43.000Z",
"newMajor": 25,
"newMinor": 3,
"updateType": "minor",
"branchName": "renovate/protocolbuffers-protobuf-25.x"
},
{
"bucket": "major",
"newVersion": "26.1",
"newValue": "26.1",
"releaseTimestamp": "2024-03-27T20:28:47.000Z",
"newMajor": 26,
"newMinor": 1,
"updateType": "major",
"branchName": "renovate/protocolbuffers-protobuf-26.x"
}
],
"packageName": "protocolbuffers/protobuf",
"versioning": "semver-coerced",
"warnings": [],
"sourceUrl": "https://github.com/protocolbuffers/protobuf",
"registryUrl": "https://github.com",
"currentVersion": "25.2",
"currentVersionTimestamp": "2024-01-09T23:52:55.000Z",
"isSingleVersion": true,
"fixedVersion": "25.2"
}
],
```
However, we disabled the setting for now. This log entry confirms it.
`DEBUG: Dependency: protocolbuffers/protobuf, is disabled
(repository=local)`
---------
Co-authored-by: Joe Wang <106995533+JoeWang1127@users.noreply.github.com>
Does the config work with renovate bot?
Yes. After a local run using
LOG_LEVEL=debug npx --yes --package renovate -- renovate --platform=local &> renovate.out, we obtained a dependency update in the logs:However, we disabled the setting for now. This log entry confirms it.
DEBUG: Dependency: protocolbuffers/protobuf, is disabled (repository=local)