+26

lib/util.ts

reviewed

··· 1 1 import assert from "assert"; 2 2 + 3 3 + import { $ } from "bun"; 2 4 import ky from "ky"; 5 5 + import z from "zod"; 3 6 4 7 export async function getLatestCommit(url: string) { 5 8 const html = await ky.get(url, { retry: 5 }).text(); 6 9 const commit = html.match(/\/commit\/(\w+)/)?.[1]; 7 10 return commit; 11 11 + } 12 12 + 13 13 + const GithubReleaseSchema = z 14 14 + .array( 15 15 + z.object({ 16 16 + name: z.string(), 17 17 + }), 18 18 + ) 19 19 + .min(1); 20 20 + 21 21 + export async function getLatestTag(repo: string) { 22 22 + const githubApiToken = await $`gh auth token`.text(); 23 23 + const githubApi = ky.create({ 24 24 + headers: { 25 25 + Authorization: `Bearer ${githubApiToken}`, 26 26 + }, 27 27 + retry: 5, 28 28 + }); 29 29 + 30 30 + const url = `https://api.github.com/repos/${repo}/tags`; 31 31 + const json = await githubApi(url, { retry: 5 }).json(GithubReleaseSchema); 32 32 + assert(json[0]); 33 33 + return json[0].name; 8 34 } 9 35 10 36 export function ensure<T>(arg: T): NonNullable<T> {

+1

services/haring/index.ts

reviewed

··· 81 81 // export * from "./remote/redroid"; // TODO: seems to break my entire server's networking setup somehow? 82 82 export * from "./remote/sealskin"; 83 83 84 84 + export * from "./other/sccache"; 84 85 export * from "./other/anki"; 85 86 // export * from "./other/kopia"; 86 87 export * from "./other/librespeed";

+1

services/haring/ips.ts

reviewed

··· 1 1 export const STATIC_IPS = { 2 2 UNBOUND: "172.18.1.1", 3 3 POSTGRES_RELAY: "172.18.1.2", 4 4 + SCCACHE_SERVER: "172.18.1.3", 4 5 } as const;

+62

services/haring/other/sccache.ts

reviewed

··· 1 1 + import path from "path"; 2 2 + 3 3 + import { Image } from "@pulumi/docker-build"; 4 4 + import { interpolate } from "@pulumi/pulumi"; 5 5 + import { getEnv } from "~lib/env"; 6 6 + import { defaultNetwork } from "~lib/service/networks"; 7 7 + import { ContainerService } from "~lib/service/service"; 8 8 + import { getLatestTag } from "~lib/util"; 9 9 + 10 10 + import { STATIC_IPS } from "../ips"; 11 11 + 12 12 + export const sccacheImage = new Image("sccache-scheduler", { 13 13 + tags: ["sccache-scheduler:latest"], 14 14 + context: { 15 15 + location: path.join(import.meta.dirname, "sccache"), 16 16 + }, 17 17 + buildArgs: { 18 18 + VERSION: getLatestTag("mozilla/sccache"), 19 19 + }, 20 20 + exports: [ 21 21 + { 22 22 + docker: { 23 23 + compression: "zstd", 24 24 + forceCompression: true, 25 25 + }, 26 26 + // https://github.com/pulumi/pulumi-docker-build/issues/498 27 27 + // oci: { 28 28 + // compression: "estargz", 29 29 + // forceCompression: true, 30 30 + // }, 31 31 + }, 32 32 + ], 33 33 + push: false, 34 34 + buildOnPreview: false, 35 35 + }); 36 36 + 37 37 + export const sccacheSchedulerService = new ContainerService("sccache-scheduler", { 38 38 + localImage: sccacheImage.digest, 39 39 + servicePort: 10600, 40 40 + envs: { 41 41 + AUTH_TOKEN: getEnv("SCCACHE_AUTH_TOKEN"), 42 42 + SCCACHE_ROLE: "scheduler", 43 43 + SCCACHE_LOG: "info", 44 44 + }, 45 45 + restart: "on-failure", 46 46 + maxRetryCount: 3, 47 47 + }); 48 48 + 49 49 + export const sccacheServerService = new ContainerService("sccache-server", { 50 50 + localImage: sccacheImage.digest, 51 51 + servicePort: 10501, 52 52 + envs: { 53 53 + AUTH_TOKEN: getEnv("SCCACHE_AUTH_TOKEN"), 54 54 + SCHEDULER_ADDR: interpolate`http://${sccacheSchedulerService.ip}:${sccacheSchedulerService.servicePort}`, 55 55 + SCCACHE_ROLE: "server", 56 56 + SCCACHE_LOG: "info", 57 57 + SERVER_ADDR: STATIC_IPS.SCCACHE_SERVER, 58 58 + }, 59 59 + networksAdvanced: [{ name: defaultNetwork.name, ipv4Address: STATIC_IPS.SCCACHE_SERVER }], 60 60 + restart: "on-failure", 61 61 + maxRetryCount: 3, 62 62 + });

+19

services/haring/other/sccache/Dockerfile

reviewed

··· 1 1 + FROM alpine:latest 2 2 + 3 3 + ARG VERSION 4 4 + 5 5 + RUN --mount=type=cache,target=/etc/apk/cache apk add --update-cache curl gettext bubblewrap 6 6 + 7 7 + RUN curl -L https://github.com/mozilla/sccache/releases/download/$VERSION/sccache-dist-$VERSION-x86_64-unknown-linux-musl.tar.gz > sccache-dist.tar.gz \ 8 8 + && tar xf sccache-dist.tar.gz \ 9 9 + && mv sccache-dist-$VERSION-x86_64-unknown-linux-musl/sccache-dist /usr/bin/sccache-dist \ 10 10 + && rm -r sccache-dist.tar.gz sccache-dist-$VERSION-x86_64-unknown-linux-musl 11 11 + 12 12 + RUN apk del curl 13 13 + 14 14 + COPY ./configs/ /etc/sccache/templates/ 15 15 + COPY ./entrypoint.sh /entrypoint.sh 16 16 + 17 17 + ENV SCCACHE_NO_DAEMON=1 18 18 + 19 19 + ENTRYPOINT ["/entrypoint.sh"]

+9

services/haring/other/sccache/configs/scheduler.conf

reviewed

··· 1 1 + public_addr = "0.0.0.0:10600" 2 2 + 3 3 + [client_auth] 4 4 + type = "token" 5 5 + token = "${AUTH_TOKEN}" 6 6 + 7 7 + [server_auth] 8 8 + type = "token" 9 9 + token = "${AUTH_TOKEN}"

+13

services/haring/other/sccache/configs/server.conf

reviewed

··· 1 1 + public_addr = "${SERVER_ADDR}:10501" 2 2 + #bind_address = "0.0.0.0:10501" 3 3 + scheduler_url = "${SCHEDULER_ADDR}" 4 4 + cache_dir = "/tmp/toolchains" 5 5 + 6 6 + [scheduler_auth] 7 7 + type = "token" 8 8 + token = "${AUTH_TOKEN}" 9 9 + 10 10 + [builder] 11 11 + type = "overlay" 12 12 + build_dir = "/tmp/sccache-build" 13 13 + bwrap_path = "/usr/bin/bwrap"

+8

services/haring/other/sccache/entrypoint.sh

reviewed

··· 1 1 + #!/usr/bin/env sh 2 2 + set -e 3 3 + 4 4 + ROLE=${SCCACHE_ROLE:?SCCACHE_ROLE must be 'scheduler' or 'server'} 5 5 + 6 6 + envsubst <"/etc/sccache/templates/${ROLE}.conf" >"/etc/sccache/${ROLE}.conf" 7 7 + 8 8 + exec sccache-dist "${ROLE}" --config "/etc/sccache/${ROLE}.conf"