Simplify caching mechanisms for CI and PROD images (regular PR)#45261
Closed
potiuk wants to merge 1 commit into
Closed
Simplify caching mechanisms for CI and PROD images (regular PR)#45261potiuk wants to merge 1 commit into
potiuk wants to merge 1 commit into
Conversation
boring-cyborg
Bot
added
area:dev-tools
area:production-image
potiuk
force-pushed
the
redesign-image-caching
branch
10 times, most recently
from
84da531 to
0068c3f
Compare
potiuk
commented
Dec 28, 2024
Member
|
Nice looking forward for this :) |
potiuk
force-pushed
the
redesign-image-caching
branch
13 times, most recently
from
962899a to
038b2b7
Compare
potiuk
commented
Dec 28, 2024
| - name: "Cleanup docker" | ||
| run: ./scripts/ci/cleanup_docker.sh | ||
| shell: bash | ||
| # TODO: Currently we cannot loop through the list of python versions and have dynamic list of |
Member
Author
There was a problem hiding this comment.
cc: @assignUser -> will need an option to restore several keys in a single action for that. You might see some people from our team contributing to the stash action of yours :)
potiuk
force-pushed
the
redesign-image-caching
branch
2 times, most recently
from
a4395bf to
8d6e1ac
Compare
potiuk
force-pushed
the
redesign-image-caching
branch
6 times, most recently
from
ae98998 to
fdd4957
Compare
Member
Author
|
Also opened a "canary" build from "apache" repo to check how caching will work #45266 I will eventually close that one and will mark "ready for review" the other one, as we cannot get this one to be green due to pull_request_target workflow failing. |
potiuk
changed the title
potiuk
force-pushed
the
redesign-image-caching
branch
2 times, most recently
from
d62e4ec to
374cc5d
Compare
potiuk
force-pushed
the
redesign-image-caching
branch
from
374cc5d to
58f8bcb
Compare
potiuk
force-pushed
the
redesign-image-caching
branch
6 times, most recently
from
0bb6118 to
8ca36e4
Compare
For a long time we had used a sophisticated mechanism to speed up our CI jobs by building the images in "pull_request_target" workflow and pushing them to GitHub registry. That however had several drawbacks: * CI image was complex when it comes to layer setup (we had to pre- cache installed dependencies by installing them from branch tip * The pull_request_target is a very dangerous workflow, we had a number of security problems with it (and it's difficult to debug) * Caching of `pip` and `uv` was not used because it increased size of the image significantly This PR significantly improves the caching mechanisms for the images building of several advacements that were not possible before: * The upload-artifacts@v4 action and improved stash action developed by @assignUser and published in "apache/infrastructure-actions" allows us to store all images (8GB per run) in artifacts rather than in registry - so we can do the image build once and share it with all the jobs. * The uv speed is "enough" to allow occasional installation of Airlfow locally. This allows to utilize cache-mount and locally build uv cache, rather than rely on "remote" cache when we are building local images for breeze. The first time you build local breeze image it will take 2-5 more minutes (depending on your network speed, but because we can utilise cache mounts, every subsequent build should be very fast - even if all dependencies change. Using uv also allows to "always" reinstall airflow when you build the image even if single source file changed, because with cache it takes sub-seconds to reinstall airflow and all dependencies. * the cache mounts are not included in the image size, and since we can export and import images in CI in artifacts and we do not need to rebuild them, the images shared as compressed artifacts are relatively small (2GB) - cache of `uv` is around 4GB on top of that so sharing image built in the "build image" job with other jobs in the same workflow is fast. * we are still using registry cache for the "non-python" parts of the image - both CI and breeze image build speed benefit from using the image cache for system dependencies, database clients etc. this helps with faster rebuilds of the images for local development environment * documentation has been updated to reflect the new CI setup. The diagrams showing the workflows of ours are no longer needed as the workflows are quite straightforward when they are looked at. Fixes: apache#42999 Fixes: apache#43268
potiuk
force-pushed
the
redesign-image-caching
branch
from
8ca36e4 to
c28b728
Compare
Member
Author
|
Merged in #45266 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For a long time we had used a sophisticated mechanism to speed up our CI jobs by building the images in "pull_request_target" workflow and pushing them to GitHub registry. That however had several drawbacks:
CI image was complex when it comes to layer setup (we had to pre- cache installed dependencies by installing them from branch tip
The pull_request_target is a very dangerous workflow, we had a number of security problems with it (and it's difficult to debug)
Caching of
pipanduvwas not used because it increased size of the image significantlyThis PR significantly improves the caching mechanisms for the images building of several advacements that were not possible before:
The upload-artifacts@v4 action and improved stash action developed by @assignUser and published in "apache/infrastructure-actions" allows us to store all images (8GB per run) in artifacts rather than in registry - so we can do the image build once and share it with all the jobs.
The uv speed is "enough" to allow occasional installation of Airlfow locally. This allows to utilize cache-mount and locally build uv cache, rather than rely on "remote" cache when we are building local images for breeze. The first time you build local breeze image it will take 2-5 more minutes (depending on your network speed, but because we can utilise cache mounts, every subsequent build should be very fast - even if all dependencies change. Using uv also allows to "always" reinstall airflow when you build the image even if single source file changed, because with cache it takes sub-seconds to reinstall airflow and all dependencies.
the cache mounts are not included in the image size, and since we can export and import images in CI in artifacts and we do not need to rebuild them, the images shared as compressed artifacts are relatively small (2GB) - cache of
uvis around 4GB on top of that so sharing image built in the "build image" job with other jobs in the same workflow is fast.we are still using registry cache for the "non-python" parts of the image - both CI and breeze image build speed benefit from using the image cache for system dependencies, database clients etc.
documentation has been updated to reflect the new CI setup. The diagrams showing the workflows of ours are no longer needed as the workflows are quite straightforward when they are looked at.
Fixes: #42999
Fixes: #43268
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rstor{issue_number}.significant.rst, in newsfragments.