diff --git a/.common-ci.yml b/.common-ci.yml index 27eecf3d..9b040bae 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -35,9 +35,9 @@ stages: - sign # Define the distribution targets -.dist-ubi8: +.dist-ubi9: variables: - DIST: ubi8 + DIST: ubi9 # Define the platform targets .platform-amd64: @@ -74,7 +74,7 @@ stages: before_script: - apk add --no-cache make bash jq - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" - - docker pull "${IMAGE_NAME}:${VERSION}-${DIST}" + - docker pull "${IMAGE_NAME}:${VERSION}" script: - make -f deployments/container/Makefile test-${DIST} @@ -143,9 +143,9 @@ stages: OUT_IMAGE_VERSION: "${DEVEL_RELEASE_IMAGE_VERSION}" # Define the release jobs -release:staging-ubi8: +release:staging-ubi9: extends: - .release:staging - - .dist-ubi8 + - .dist-ubi9 needs: - - image-ubi8 + - image-ubi9 diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index d1642821..82533d0c 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - dist: [ubi8] + dist: [ubi9] steps: - uses: actions/checkout@v4 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b2741656..3aa0c5c2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -92,7 +92,7 @@ unit-tests: script: - make -f deployments/container/Makefile build-${DIST} -image-ubi8: +image-ubi9: extends: - .image-build - - .dist-ubi8 + - .dist-ubi9 diff --git a/.nvidia-ci.yml b/.nvidia-ci.yml index 33ae6f64..609b1820 100644 --- a/.nvidia-ci.yml +++ b/.nvidia-ci.yml @@ -60,15 +60,15 @@ variables: - !reference [.regctl-setup, before_script] - apk add --no-cache make bash - > - regctl manifest get ${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST} --list > /dev/null && echo "${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST}" || ( echo "${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST} does not exist" && sleep infinity ) + regctl manifest get ${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}- --list > /dev/null && echo "${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}" || ( echo "${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION} does not exist" && sleep infinity ) script: - regctl registry login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}" - - make -f deployments/container/Makefile IMAGE=${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION}-${DIST} OUT_IMAGE=${OUT_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}-${DIST} push-${DIST} + - make -f deployments/container/Makefile IMAGE=${IN_REGISTRY}/${IN_IMAGE_NAME}:${IN_VERSION} OUT_IMAGE=${OUT_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} push-${DIST} -image-ubi8: +image-ubi9: extends: - .image-pull - - .dist-ubi8 + - .dist-ubi9 # We skip the integration tests for the internal CI: .integration: @@ -84,7 +84,7 @@ image-ubi8: stage: scan image: "${PULSE_IMAGE}" variables: - IMAGE: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}-${DIST}" + IMAGE: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}" IMAGE_ARCHIVE: "vgpu-device-manager.tar" except: variables: @@ -110,18 +110,18 @@ image-ubi8: - vulns.json - policy_evaluation.json -# The .scan-ubi8 steps forms the base for all ubi8 image scans across supported architectures -.scan-ubi8: +# The .scan-ubi9 steps forms the base for all ubi9 image scans across supported architectures +.scan-ubi9: extends: - .scan - - .dist-ubi8 + - .dist-ubi9 needs: - - image-ubi8 + - image-ubi9 # Define the scan targets -scan-ubi8-amd64: +scan-ubi9-amd64: extends: - - .scan-ubi8 + - .scan-ubi9 - .platform-amd64 # Define the external release helpers @@ -135,10 +135,10 @@ scan-ubi8-amd64: # Define the external release targets # Release to NGC -release:ngc-ubi8: +release:ngc-ubi9: extends: - .release:ngc - - .dist-ubi8 + - .dist-ubi9 # Define the external image signing steps for NGC # Download the ngc cli binary for use in the sign steps @@ -167,7 +167,7 @@ release:ngc-ubi8: variables: NGC_CLI_API_KEY: "${NGC_REGISTRY_TOKEN}" IMAGE_NAME: "${NGC_REGISTRY_IMAGE}" - IMAGE_TAG: "${CI_COMMIT_TAG}-${DIST}" + IMAGE_TAG: "${CI_COMMIT_TAG}" retry: max: 2 before_script: @@ -185,11 +185,11 @@ sign:ngc-short-tag: variables: IMAGE_TAG: "${CI_COMMIT_TAG}" needs: - - release:ngc-ubi8 + - release:ngc-ubi9 -sign:ngc-ubi8: +sign:ngc-ubi9: extends: - - .dist-ubi8 + - .dist-ubi9 - .sign:ngc needs: - - release:ngc-ubi8 + - release:ngc-ubi9 diff --git a/deployments/container/Dockerfile.ubi8 b/deployments/container/Dockerfile.ubi9 similarity index 95% rename from deployments/container/Dockerfile.ubi8 rename to deployments/container/Dockerfile.ubi9 index 01a5e3e0..efe0a605 100644 --- a/deployments/container/Dockerfile.ubi8 +++ b/deployments/container/Dockerfile.ubi9 @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM nvcr.io/nvidia/cuda:12.5.1-base-ubi8 as build +FROM nvcr.io/nvidia/cuda:12.6.1-base-ubi9 as build RUN yum install -y wget make git gcc @@ -39,7 +39,7 @@ ARG GIT_COMMIT="unknown" RUN make PREFIX=/artifacts cmds -FROM nvcr.io/nvidia/cuda:12.5.1-base-ubi8 +FROM nvcr.io/nvidia/cuda:12.6.1-base-ubi9 ENV NVIDIA_VISIBLE_DEVICES=void diff --git a/deployments/container/Makefile b/deployments/container/Makefile index 1578d345..71d96f5c 100644 --- a/deployments/container/Makefile +++ b/deployments/container/Makefile @@ -28,18 +28,15 @@ IMAGE_NAME := $(REGISTRY)/vgpu-device-manager endif IMAGE_VERSION := $(VERSION) - -IMAGE_TAG ?= $(IMAGE_VERSION)-$(DIST) -IMAGE = $(IMAGE_NAME):$(IMAGE_TAG) +IMAGE = $(IMAGE_NAME):$(IMAGE_VERSION) OUT_IMAGE_NAME ?= $(IMAGE_NAME) OUT_IMAGE_VERSION ?= $(IMAGE_VERSION) -OUT_IMAGE_TAG = $(OUT_IMAGE_VERSION)-$(DIST) -OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_TAG) +OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION) ##### Public rules ##### -DISTRIBUTIONS := ubi8 -DEFAULT_PUSH_TARGET := ubi8 +DISTRIBUTIONS := ubi9 +DEFAULT_PUSH_TARGET := ubi9 PUSH_TARGETS := $(patsubst %, push-%, $(DISTRIBUTIONS)) BUILD_TARGETS := $(patsubst %, build-%, $(DISTRIBUTIONS)) @@ -53,26 +50,14 @@ else include $(CURDIR)/deployments/container/multi-arch.mk endif -# For the default push target we also push a short tag equal to the version. -# We skip this for the development release -DEVEL_RELEASE_IMAGE_VERSION ?= devel -PUSH_MULTIPLE_TAGS ?= true -ifeq ($(strip $(OUT_IMAGE_VERSION)),$(DEVEL_RELEASE_IMAGE_VERSION)) -PUSH_MULTIPLE_TAGS = false -endif -ifeq ($(PUSH_MULTIPLE_TAGS),true) -push-$(DEFAULT_PUSH_TARGET): push-short -endif - push-%: DIST = $(*) -push-short: DIST = $(DEFAULT_PUSH_TARGET) build-%: DIST = $(*) build-%: DOCKERFILE_SUFFIX = $(*) build-%: DOCKERFILE = $(CURDIR)/deployments/container/Dockerfile.$(DOCKERFILE_SUFFIX) -# Both ubi8 and build-ubi8 trigger a build of the relevant image +# Both ubi9 and build-ubi9 trigger a build of the relevant image $(DISTRIBUTIONS): %: build-% $(BUILD_TARGETS): build-%: DOCKER_BUILDKIT=1 \ diff --git a/deployments/container/multi-arch.mk b/deployments/container/multi-arch.mk index 01e64409..6b1559e2 100644 --- a/deployments/container/multi-arch.mk +++ b/deployments/container/multi-arch.mk @@ -23,11 +23,6 @@ $(PUSH_TARGETS): push-%: image copy \ $(IMAGE) $(OUT_IMAGE) -push-short: - $(REGCTL) \ - image copy \ - $(IMAGE) $(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION) - # We only support x86_64 for now, so disable arm64 for all build targets. # Even though the resulting images are not multi-arch, this allows us to # leverage buildx/regctl in the CI for consistency with other projects. diff --git a/deployments/container/native-only.mk b/deployments/container/native-only.mk index aacde563..f1d04bb6 100644 --- a/deployments/container/native-only.mk +++ b/deployments/container/native-only.mk @@ -17,7 +17,3 @@ DOCKER_BUILD_PLATFORM_OPTIONS = --platform=linux/amd64 $(PUSH_TARGETS): push-%: $(DOCKER) tag "$(IMAGE)" "$(OUT_IMAGE)" $(DOCKER) push "$(OUT_IMAGE)" - -push-short: - $(DOCKER) tag "$(IMAGE_NAME):$(VERSION)-$(DEFAULT_PUSH_TARGET)" "$(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION)" - $(DOCKER) push "$(OUT_IMAGE_NAME):$(OUT_IMAGE_VERSION)"