concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
 
 
 
Go to file
Akihiro Suda 0e42bcebe6
Merge pull request #357 from tonistiigi/unlock-bug
cache: fix refs unlocking bug
2018-05-01 13:00:10 +09:00
api/services/control Regenerate protobuf go file with gogoproto v0.5 2018-04-03 13:45:50 +01:00
cache cache: fix refs unlocking bug 2018-04-30 15:42:03 -07:00
client session: separate authprovider to package 2018-04-17 20:36:23 -07:00
cmd remove net/context references 2018-04-30 18:10:54 -07:00
control remove net/context references 2018-04-30 18:10:54 -07:00
examples update containerd (binary: v1.0.3, library: Apr 3, 2018) 2018-04-04 17:22:20 +09:00
executor runc: set command name from config 2018-04-18 17:01:20 -07:00
exporter exporter/oci: split reusable dockerexporter 2018-02-26 18:02:58 +09:00
frontend remove net/context references 2018-04-30 18:10:54 -07:00
hack Merge pull request #329 from AkihiroSuda/containerd-20180403 2018-04-04 10:05:42 -07:00
identity identity: add pkg for random id generation 2017-06-19 14:32:50 -07:00
session remove net/context references 2018-04-30 18:10:54 -07:00
snapshot snapshot: clean up snapshot interface 2018-01-04 23:09:05 -08:00
solver Merge pull request #324 from ijc/readonly-rootfs-execop 2018-04-04 11:43:44 +09:00
solver-next solver: add support for multiple cache keys 2018-04-24 16:12:25 -07:00
source git: fix cancellation on blocking remotes 2018-04-10 17:55:18 -07:00
util util: make push depend on provider 2018-04-13 14:35:55 -07:00
vendor vendor: update net to go1.10 2018-04-30 18:05:55 -07:00
worker remove net/context references 2018-04-30 18:10:54 -07:00
.dockerignore .gitignore and .dockerignore: add .buildstate 2017-06-30 06:24:19 +00:00
.gitignore .gitignore and .dockerignore: add .buildstate 2017-06-30 06:24:19 +00:00
.travis.yml travis: use the default version of Docker Engine (17.09) 2017-12-20 16:39:55 +09:00
LICENSE Add license 2017-06-01 09:58:33 -07:00
Makefile Validation and (controlled) generation for go generate'd files. 2018-03-28 10:52:16 +01:00
README.md update containerd (binary: v1.0.3, library: Apr 3, 2018) 2018-04-04 17:22:20 +09:00
doc.go Add a go file on buildkit root folder 2017-10-26 11:36:09 +02:00
gometalinter.json Add deadcode to the linter 2018-02-01 17:59:04 -08:00
vendor.conf vendor: update net to go1.10 2018-04-30 18:05:55 -07:00

README.md

Important: This repository is in an early development phase

asciicinema example

BuildKit

GoDoc Build Status Go Report Card

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

Key features:

  • Automatic garbage collection
  • Extendable frontend formats
  • Concurrent dependency resolution
  • Efficient instruction caching
  • Build cache import/export
  • Nested build job invocations
  • Distributable workers
  • Multiple output formats
  • Pluggable architecture

Read the proposal from https://github.com/moby/moby/issues/32925

Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056cc5317

Quick start

Dependencies:

The following command installs buildkitd and buildctl to /usr/local/bin:

$ make && sudo make install

You can also use make binaries-all to prepare buildkitd.containerd_only and buildkitd.oci_only.

Starting the buildkitd daemon:

buildkitd --debug --root /var/lib/buildkit

The buildkitd daemon suppports two worker backends: OCI (runc) and containerd.

By default, the OCI (runc) worker is used. You can set --oci-worker=false --containerd-worker=true to use the containerd worker.

We are open to adding more backends.

Exploring LLB

BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C.

  • Marshaled as Protobuf messages
  • Concurrently executable
  • Efficiently cacheable
  • Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented)

See solver/pb/ops.proto for the format definition.

Currently, following high-level languages has been implemented for LLB:

For understanding the basics of LLB, examples/buildkit* directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the client package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build.

You can use buildctl debug dump-llb to see what data is in this definition. Add --dot to generate dot layout.

go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq .

To start building use buildctl build command. The example script accepts --with-containerd flag to choose if containerd binaries and support should be included in the end result as well.

go run examples/buildkit0/buildkit.go | buildctl build

buildctl build will show interactive progress bar by default while the build job is running. It will also show you the path to the trace file that contains all information about the timing of the individual steps and logs.

Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available.

  • ./examples/buildkit0 - uses only exec operations, defines a full stage per component.
  • ./examples/buildkit1 - cloning git repositories has been separated for extra concurrency.
  • ./examples/buildkit2 - uses git sources directly instead of running git clone, allowing better performance and much safer caching.
  • ./examples/buildkit3 - allows using local source files for separate components eg. ./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path
  • ./examples/dockerfile2llb - can be used to convert a Dockerfile to LLB for debugging purposes
  • ./examples/gobuild - shows how to use nested invocation to generate LLB for Go package internal dependencies

Exploring Dockerfiles

Frontends are components that run inside BuildKit and convert any build definition to LLB. There is a special frontend called gateway (gateway.v0) that allows using any image as a frontend.

During development, Dockerfile frontend (dockerfile.v0) is also part of the BuildKit repo. In the future, this will be moved out, and Dockerfiles can be built using an external image.

Building a Dockerfile with buildctl
buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=.
buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --frontend-opt target=foo --frontend-opt build-arg:foo=bar

--local exposes local source files from client to the builder. context and dockerfile are the names Dockerfile frontend looks for build context and Dockerfile location.

build-using-dockerfile utility

For people familiar with docker build command, there is an example wrapper utility in ./examples/build-using-dockerfile that allows building Dockerfiles with BuildKit using a syntax similar to docker build.

go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin

build-using-dockerfile -t myimage .
build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile .

# build-using-dockerfile will automatically load the resulting image to Docker
docker inspect myimage
Building a Dockerfile using external frontend:

During development, an external version of the Dockerfile frontend is pushed to https://hub.docker.com/r/tonistiigi/dockerfile that can be used with the gateway frontend. The source for the external frontend is currently located in ./frontend/dockerfile/cmd/dockerfile-frontend but will move out of this repository in the future (#163).

buildctl build --frontend=gateway.v0 --frontend-opt=source=tonistiigi/dockerfile:v0 --local context=. --local dockerfile=.
buildctl build --frontend gateway.v0 --frontend-opt=source=tonistiigi/dockerfile:v0 --frontend-opt=context=git://github.com/moby/moby --frontend-opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org

Exporters

By default, the build result and intermediate cache will only remain internally in BuildKit. Exporter needs to be specified to retrieve the result.

Exporting resulting image to containerd

The containerd worker needs to be used

buildctl build ... --exporter=image --exporter-opt name=docker.io/username/image
ctr --namespace=buildkit images ls
Push resulting image to registry
buildctl build ... --exporter=image --exporter-opt name=docker.io/username/image --exporter-opt push=true

If credentials are required, buildctl will attempt to read Docker configuration file.

Exporting build result back to client

The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images.

buildctl build ... --exporter=local --exporter-opt output=path/to/output-dir
Exporting built image to Docker
# exported tarball is also compatible with OCI spec
buildctl build ... --exporter=docker --exporter-opt name=myimage | docker load
Exporting OCI Image Format tarball to client
buildctl build ... --exporter=oci --exporter-opt output=path/to/output.tar
buildctl build ... --exporter=oci > output.tar

Other

View build cache

buildctl du -v

Show enabled workers

buildctl debug workers -v

Running containerized buildkit

BuildKit can also be used by running the buildkitd daemon inside a Docker container and accessing it remotely. The client tool buildctl is also available for Mac and Windows.

To run daemon in a container:

docker run -d --privileged -p 1234:1234 tonistiigi/buildkit --addr tcp://0.0.0.0:1234
export BUILDKIT_HOST=tcp://0.0.0.0:1234
buildctl build --help

The tonistiigi/buildkit image can be built locally using the Dockerfile in ./hack/dockerfiles/test.Dockerfile.

Opentracing support

BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to Jaeger, set JAEGER_TRACE environment variable to the collection address.

docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest
export JAEGER_TRACE=0.0.0.0:6831
# restart buildkitd and buildctl so they know JAEGER_TRACE
# any buildctl command should be traced to http://127.0.0.1:16686/

Supported runc version

During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to runc.md for more information.

Contributing

Running tests:

make test

This runs all unit and integration tests in a containerized environment. Locally, every package can be tested separately with standard Go tools, but integration tests are skipped if local user doesn't have enough permissions or worker binaries are not installed.

# test a specific package only
make test TESTPKGS=./client

# run a specific test with all worker combinations
make test TESTPKGS=./client TESTFLAGS="--run /TestCallDiskUsage -v" 

# run all integration tests with a specific worker
# supported workers are oci and containerd
make test TESTPKGS=./client TESTFLAGS="--run //worker=containerd -v" 

Updating vendored dependencies:

# update vendor.conf
make vendor

Validating your updates before submission:

make validate-all