Overview
At a high level, this repository illustrates a custom workflow designed to assist in iteratively building a set of spack packages, pushing package binaries to a mirror, and then automatically building a Docker image containing the resulting binary packages. The workflow proceeds as follows:
- Developer makes changes to the spack stack (environment) in this repository, and pushes a branch against which a PR is created.
- Gitlab CI/CD notices the change and triggers a pipeline which builds the entire stack of packages, and reports a status check back to Github
- Develop can make more changes and push to the PR branch as many times as necessary, triggering new pipelines each time.
- When the developer is satisfied with the stack/environment and all the packages are successfully built, the developer merges the PR into the master branch of this repo.
- The merge to master triggers an automated DockerHub build which copies the binary packages (along with ancillary resources) into the container and publishes the resulting container.
Moving parts
This document describes the pieces involved in this workflow and how those pieces fit together, including how the new spack automated pipeline workflow is used in the process.
This custom workflow involves this Github repository, a Gitlab CI/CD repository (premium license needed for "CI/CD only" repository) with runners configured, an external spack mirror to hold the binaries (in our case hosted as an AWS S3 bucket), and a DockerHub repository for building the final container.
Github repo (this repository)
This repository contains a spack environment with a set of packages to be built into a Docker container. It also contains a .gitlab-ci.yml
file to be used by a Gitlab CI/CD repository (for automated pipeline testing), as well as Docker resources needed to build both the pipeline package building container, as well as a final output container with all the binaries from spack environment.
The simple .gitlab-ci.yml
file in this repo describes a single job which is used to generate the full workload of jobs for the pipeline. Because the runner we have targeted with the spack-kube
tag does not have the version of spack we need, we first clone and activate the version we do need. Note that, as described below, the presence of the SPACK_REPO
and SPACK_REF
environment variables at the time the jobs are generated (spack ci generate
) will cause the generated jobs to be run with the same custom version of spack.
Gitlab CI/CD repo
Create a CI/CD only repository in Gitlab and link it to the Github repository. Some things that may need to be configured include conditions under which pipelines should be run (PRs, push to PR branch, etc...) and other pipeline settings (clone strategy, job timeouts, and job variables).
When creating the CI/CD only repository, you can choose what kinds of events on the Github repository should run pipelines.
See the spack pipeline documentation for more details on the job environment variables that may need to be set, but a brief summary of some common environment variables follows.
SPACK_REPO
(optional) Needed if a custom spack should be cloned to generate and run the pipeline jobsSPACK_REF
(optional) Needed if a custom spack should be cloned to generate and run the pipeline jobsSPACK_SIGNING_KEY
Required to sign buildcache entries (package binaries) after they are builtAWS_ACCESS_KEY_ID
(optional) Needed to authenticate to S3 mirrorAWS_SECRET_ACCESS_KEY
(optional) Needed to authenticat to S3 mirrorS3_ENDPOIT_URL
(optional) Needed if targeting an S3 mirror which is NOT hosted on AWSCDASH_AUTH_TOKEN
(optional) Needed if reporting build results to a CDash instanceDOWNSTREAM_CI_REPO
Needed until Gitlab child pipelines are implemented. This is the repo url where the generated workload should be pushed, and for many cases, pushing to the same repo is a workable approach.
Because we want to use a custom spack (one other than the runners may already have available), we need to add the environment variables listed above. The presence of those variables at job generation time (spack ci generate
) results in custom that custom spack getting cloned as a part of the before_script
of each generated pipeline job.
Spack mirror
This workflow makes use of a public mirror hosted on AWS S3. The automated pipeline pushes binaries to the mirror as packages are successfully built, and then the auto-build on DockerHub pulls those and copies them into the image for publishing. To authenticate with the S3 bucket, authentication
DockerHub repository
The DockerHub repository is configured to automatically build a container from the Dockerfile
and build context in the docker/tutorial-image/
directory of this repository. The build context also contains a custom build hook used by DockerHub to create the container in such a way that a few environment variables are made available as --build-args
when the container is built.
The variables are REMOTE_BUILDCACHE_URL
(publicly accessible mirror url where the binares were pushed by the Gitlab CI/CD pipeline), as well as AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
(needed to authenticate to the binary mirror, which is an S3 bucket).