refactor capi stage and targz target#4159
Conversation
| # prebuild dependencies before copying sources | ||
| # hadolint ignore=DL3059 | ||
| RUN bazel build --jobs=$JOBS ${debug_bazel_flags} //:ovms_dependencies @com_google_googletest//:gtest |
There was a problem hiding this comment.
Removing all those steps will mean that all those dependencies are not cached in docker layers up until L321:
https://github.com/openvinotoolkit/model_server/pull/4159/changes#diff-507d73bbefd62da3db1eec3a006d6f4bf47433fec017a5299f63921bd0a605b0L321
So basically that means they are never cached in docker. With bazel remote cache that would not be an issue but in every other case its mean recompiling most of ovms dependencies each time anything in our srcs change (L281).
Unless proven empirically that those dependencies recompile anyway, its a no go for me.
There was a problem hiding this comment.
Yeah, this might be useful to have
There was a problem hiding this comment.
this is the evidence https://ci.iotg.sclab.intel.com/job/ovmsc/job/OVMSCOps_SDL_copy/328/console that all the dependencies are included in //src:ovms target
There was a problem hiding this comment.
Pull request overview
Refactors the Docker image build and tarball packaging flow (primarily for Red Hat/Konflux) by consolidating Bazel compilation into a single build step and decoupling the C-API build from the packaging stage, with the goal of improving reliability and build performance.
Changes:
- Adjusts
targz_packageto copy an uncompressedovms.tar, then build/extractlibovms_shared.sofromcapi-build, append it into the tarball, gzip it, and regenerate the checksum. - Updates
Dockerfile.redhatto remove prebuild Bazel layers and to stop copying/removinglibovms_shared.soin the pkg stage. - Updates
create_package.shto generateovms.tar(uncompressed) instead ofovms.tar.gz+ checksum.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Makefile | Refactors targz_package flow; removes buildx toggles; adds DOCKER_BUILDKIT default. |
| Dockerfile.redhat | Removes prebuild/custom-node/capi-copy steps; relies on consolidated Bazel build. |
| create_package.sh | Switches package artifact from ovms.tar.gz to ovms.tar (no checksum generation). |
Comments suppressed due to low confidence (1)
Dockerfile.redhat:366
- The pkg stage no longer copies
libovms_shared.sofromcapi-buildnor moves it to/as the Ubuntu Dockerfile does. This breaks existing tooling that expects/libovms_shared.soto be present in the*-pkgimage (e.g.,make test_checkseccopies it from the container root in Makefile:483). Either restore theCOPY --from=capi-build ...+ move-to-root behavior for Red Hat, or update the Makefile checksec flow to fetch the library from thecapi-buildimage instead.
WORKDIR /
ARG BASE_OS=redhat
ARG ov_use_binary=0
ARG FUZZER_BUILD=0
ARG debug_bazel_flags="--strip=always --config=mp_on_py_on --//:distro=redhat"
COPY create_package.sh /
RUN ./create_package.sh
# hadolint ignore=DL3059
RUN chown -R ovms:ovms /ovms_release
RUN mkdir /licenses && ln -s /ovms_release/LICENSE /licenses && ln -s /ovms_release/thirdparty-licenses /licenses/thirdparty-licenses
| endif | ||
| FUZZER_BUILD ?= 0 | ||
|
|
||
| DOCKER_BUILDKIT ?= 1 |
| docker rm $$ID | ||
| cd dist/$(OS) && sha256sum --check ovms.tar.gz.sha256 | ||
| cd dist/$(OS) && \ | ||
| tar rf ovms.tar --transform 's,^,ovms/lib/,' libovms_shared.so && \ |
| # OVMS | ||
| ARG OPTIMIZE_BUILDING_TESTS=0 | ||
| RUN rm -f /usr/lib64/cmake/OpenSSL/OpenSSLConfig.cmake |
🛠 Summary
This is productization of #3967
CVS-185012 Image building refactor to address issues for RedHat base OS on Konflux system.
Bazel command is in a single layer to avoid issues with passing bazel cache between layers.
It also speeds up build when release docker image is the only needed artefact, skipping capi stage.
🧪 Checklist
``