[release] fix docker image builder

Signed-off-by: Avimitin <[email protected]>

.github/workflows/release.yml

@@ -1,5 +1,10 @@
 name: Build Docker Image
 
+# Cancel the current workflow when new commit pushed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
 # Release on any git tag
 on:
   push:
@@ -9,66 +14,30 @@ jobs:
   build:
     runs-on: [self-hosted, linux, nixos]
     strategy:
+      fail-fast: false
       matrix:
         config:
           - blastoise
-          - machamp
-          - sandslash
-    outputs:
-      # I hate copy-paste too, but this is GitHub Action, blame them.
-      cache-key-blastoise: ${{ steps.build.outputs.cache-key-blastoise }}
-      cache-key-machamp: ${{ steps.build.outputs.cache-key-machamp }}
-      cache-key-sandslash: ${{ steps.build.outputs.cache-key-sandslash }}
     steps:
       - uses: actions/checkout@v4
         with:
           # Checkout the triggered tag name
           ref: ${{ github.ref_name }}
       - name: Build docker image file
-        id: build
-        run: |
-          closure="$(nix build -L '.#t1.${{ matrix.config }}.release.docker-image' --no-link --print-out-paths)"
-          echo "path: $closure"
-          _dest=/tmp/t1-${{ matrix.config }}-image.tar.gz
-          cp "$closure" "$_dest"
-          echo "cache-key-${{ matrix.config }}=$(nix hash file --base32 "$_dest")" > $GITHUB_OUTPUT
-          nix build -L '.#t1.${{ matrix.config }}.release.doc' --out-link docs
-      - name: Upload to cache
-        uses: actions/cache/save@v4
-        with:
-          path: /tmp/t1-${{ matrix.config }}-image.tar.gz
-          key: ${{ steps.build.outputs[format('cache-key-{0}', matrix.config)] }}
-      - uses: actions/upload-artifact@v4
-        with:
-          name: docs-${{ matrix.config }}.pdf
-          path: |
-            docs/*.pdf
-
-  upload:
-    runs-on: ubuntu-latest
-    needs: [build]
-    strategy:
-      matrix:
-        config:
-          - blastoise
-          - machamp
-          - sandslash
-    steps:
-      - name: Restore ${{ matrix.config }} from cache
-        uses: actions/cache/restore@v4
-        id: cache
-        with:
-          path: /tmp/t1-${{ matrix.config }}-image.tar.gz
-          fail-on-cache-miss: true
-          key: ${{ needs.build.outputs[format('cache-key-{0}', matrix.config)] }}
-      - name: Login to GHCR dot IO
-        uses: docker/login-action@v2
-        with:
+        env:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Load and push
         run: |
-          docker load < /tmp/t1-${{ matrix.config }}-image.tar.gz
-          docker tag chipsalliance/t1-${{ matrix.config }}:latest ghcr.io/chipsalliance/t1-${{ matrix.config }}:latest
-          docker push ghcr.io/chipsalliance/t1-${{ matrix.config }}:latest
+          set -o pipefail
+          set -o errexit
+          export PATH="$(nix build '.#skopeo.out' --print-out-paths --no-link)/bin:$PATH"
+          export PATH="$(nix build '.#gzip.out' --print-out-paths --no-link)/bin:$PATH"
+          # skopeo need /run/containers to write auth.json file, lets workaround this behavior.
+          export REGISTRY_AUTH_FILE=$(mktemp -d)/auth.json
+          closure="$(nix build -L '.#t1.${{ matrix.config }}.t1emu.docker-image' --no-link --print-out-paths --impure)"
+          skopeo --insecure-policy login --username "$username" --password "$password" "$registry"
+          "$closure" \
+            | gzip --fast \
+            | skopeo --insecure-policy copy docker-archive:/dev/stdin \
+                docker://"$registry"/chipsalliance/t1-${{ matrix.config }}:latest

nix/t1/release/docker-image.nix

@@ -10,52 +10,69 @@
 , which
 , stdenv
 , jq
+, coreutils
+, findutils
+, diffutils
+, gnused
+, gnugrep
+, gnutar
+, gawk
+, gzip
+, bzip2
+, gnumake
+, patch
+, xz
+, file
 
   # T1 Stuff
 , rv32-stdenv
-, emulator-wrapped
-, testCases
+, verilator-emu
+, cases
 , configName
 }:
 
 let
-  # dockerTools.buildImage relies on KVM feature, don't run it inside VMs
-  self = dockerTools.buildImage rec {
+  self = dockerTools.streamLayeredImage {
     name = "chipsalliance/t1-${configName}";
     tag = "latest";
 
-    copyToRoot = buildEnv {
-      name = "${name}.imageroot";
-      paths = with dockerTools; [
-        usrBinEnv
-        binSh
+    contents = with dockerTools; [
+      usrBinEnv
+      binSh
+      bashInteractive
+      which
+      rv32-stdenv.cc
+      coreutils
+      findutils
+      diffutils
+      gnused
+      gnugrep
+      gawk
+      gnutar
+      gzip
+      bzip2
+      gnumake
+      patch
+      xz
+      file
+      verilator-emu
+    ];
 
-        bashInteractive
-        which
-
-        emulator-wrapped
-      ] ++ rv32-stdenv.initialPath;
-      pathsToLink = [ "/bin" ];
-    };
-
-    runAsRoot = ''
-      #!${runtimeShell}
+    enableFakechroot = true;
+    fakeRootCommands = ''
       echo "Start finalizing rootfs"
+      mkdir -p /tmp
 
       echo "Creating testcase directory"
-      mkdir -p /workspace/cases/
-      caseArray=( ${lib.escapeShellArgs testCases} )
-      for caseDir in "''${caseArray[@]}"; do
-        dirName=$(${jq}/bin/jq -r '.name|split(".")|join("-")' "$caseDir"/*.json)
-        cp -r "$caseDir" /workspace/cases/"$dirName"
-      done
-      chmod u+w -R /workspace/cases
-
-      mkdir -p /tmp
+      mkdir -p /workspace/examples
+      pushd /workspace/examples
+      cp -r ${cases.intrinsic.matmul.src} .
+      cp -r ${cases.intrinsic.linear_normalization.src} .
+      cp -r ${cases.asm.strlen.src} .
+      popd
     '';
 
     config = {
-      # Cmd = [ ];
       WorkingDir = "/workspace";
     };
   };

nix/t1/t1.nix

@@ -164,5 +164,7 @@ forEachTop (topName: generator: self: {
   };
 
   run = self.callPackage ./run { };
+
+  docker-image = self.callPackage ./release/docker-image.nix { };
 }) # end of forEachTop
 )