Cluster Secrets and Buildkit builds #142
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can we clean the commits in this PR. There is a lot of back and forth with the docker-compose version and no explanation why. Otherwise the code looks good |
zzak
force-pushed
the
buildkit-cluster-secrets
branch
3 times, most recently
from
251ffc4 to
b5365d2
Compare
An experiment in changing the rails CI pipeline from "self-hosted" agents to "hosted" agents, a recently release Buildkite feature [1]. The hosted agents linux environment is superficially quite similar to the Elastic Stack for AWS, so the required changes are fairly minimal. Roughly half the changes are to take advantage of some performance optimisations available on hosted agents (like cache volumes, and remote buildkit builders with cache that last across builds). The essential changes: * Read the OCI registry from the environment rather than hard code an ECR registry. The current self-hosted agents run in AWS and can access ECR, but the hosted agent environment has access to its own registry specifically for use cases like this - building an image at the start of the build and then reusing it in later jobs * Changing the queue from `default` or `builder`, to `hosted` Optimisations: * There's no need to use the docker-compose plugins cache_from and image_name shenanigans. The images built at the start of each build use a remote buildkit builder with cache that is s hared between builds. The cache is typically warm, and when it is the image build time drops from ~2 mins to ~18sec * Use plain buildkit to build the images, without the docker compose plugin. This avoids the image being exported from buildkit to docker, and when the buildkit cache is warm the jobs complete in as little as 18s. This bypasses the docker-compse built in support for separating building and running, but the docker-compose.yml already kinda bypasses that by hard coding the image used in the run jobs (using the IMAGE_NAME env var) * ~Create a cache volume for ruby gems that are installed in docker during the initial step. This shaves ~30s off the build time~ [1] https://buildkite.com/docs/pipelines/hosted-agents/overview
This should allow to see, for example, the expected image tag being
built to carry over.
```diff
- - docker-compose#v4.16.0:
+ - docker-compose#v5.0.0:
build: base
config: ".buildkite/docker-compose.yml"
env:
- PRE_STEPS
- RACK
- image-name: ruby-3-4-build_id
cache-from:
- base:973266071021.dkr.ecr.us-east-1.amazonaws.com/builds:ruby-3-4-br-main
push:
- base:973266071021.dkr.ecr.us-east-1.amazonaws.com/builds:ruby-3-4-br-
- image-repository: 973266071021.dkr.ecr.us-east-1.amazonaws.com/builds
```
Notice how the tag is only `ruby-3-4-br-` because the build id was
missing from the environment when generating the pipeline.
zzak
force-pushed
the
buildkit-cluster-secrets
branch
from
b5365d2 to
89ddf20
Compare
|
Thanks for the review. 🙇 Cleaned up git and rebased. This version still uses self-hosted but with placeholders to use the Buildkite hosted infra. Tested using:
I'm not sure the hosted finished, it was queued and I went to bed 😂 Will check back on this later. |
|
I merged this but just realized that the hosted did not work at all. See |
|
Yeah sorry, I'm making time today to work on this. 🙏 |
|
This seems to break CI for rails/rails. Could it be reverted until a fix is made? |
This was referenced Oct 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This extracts #141 save for switching the queue to use Buildkite hosted agents.