1RBE configurations 2================== 3 4Some subdirectories of this folder are generated. For example, `gce_linux` was generated by running 5`make generate_linux_config`. Those generated files describe the C++ and Java toolchain that are 6in the RBE Docker image; these toolchains are required to run Bazel, but are **not** the toolchains 7that we use to compile our code. 8 9We build our own, bare-bones, Docker image to use on RBE. We intend to use a hermetic toolchain 10(see //toolchain) that specifies everything necessary to compile and link Skia. Use of the 11hermetic toolchain on and off RBE makes the build reproducible and consistent across machines, 12and not require internet access (assuming the toolchain has been cached at least once). This setup 13has the desirable property of not needing to change and upload RBE Docker images if we need to 14change a small detail of our toolchain. 15 16The only requirement we have of our Docker image (beyond the minimum requirements to run Bazel) 17are that it have sufficient runtime libraries to run our toolchain. For example, this means that 18the Linux RBE image has at least glibc 2.32, which is the current minimum requirement of the 19Linux binaries in our toolchain. This is the same requirement of any developer who tries to 20build Skia using Bazel locally. 21 22Getting rbe_configs_gen 23----------------------- 24It is suggested to download a prebuilt binary from 25[GitHub](https://github.com/bazelbuild/bazel-toolchains/releases/tag/v5.1.1) and put that onto 26your PATH. 27 28Creating/Updating the RBE image 29------------------------------- 30In accordance with SLSA level 1, we want to be able to have a scripted way of building our image 31and specify exactly what artifacts are in it. To accommodate this, we specify the exact sha256 32hash of the base Docker image we use and the exact versions of the packages we install on top of 33that. If we need to add a package or update things, it is best build the image without these 34qualifiers to see what was actually used, and then respecify them so if someone were to build 35the docker image again, they are likely to get the same image. 36 37This process is: 38 1) Modify the appropriate Dockerfile (e.g. gce_linux_container/Dockerfile) to not have the 39 version or hash qualifiers. Also increment the appropriate VERSION variable in `Makefile`. 40 2) Add any new packages or make any changes. 41 3) Run `make build_linux_container` to build the image locally. One may verify it works by running 42 something like `docker run -it gcr.io/skia-public/rbe_linux:v2 /bin/bash`. 43 4) Note the versions and base image hash that were used. Modify the Dockerfile to use these. 44 1) `docker pull debian:bookworm-slim` is the easiest way to see the sha256 and get the latest. 45 2) Versions can be found looking for logs like: 46 `Get:89 http://deb.debian.org/debian bookworm/main amd64 clang amd64 1:14.0-55.2+b1 [9976 B]` 47 5) Run `make push_linux_container` to rebuild the container and push it to GCS where it can 48 be used by our RBE workers. Note the sha256 hash of this created container 49 6) Modify the appropriate generate step in `Makefile` (e.g. `generate_linux_config`) to refer 50 to the correct toolchain_container. Then, run that step. 51 7) Modify the RBE platform in `//platform/BUILD.bazel` to refer to the new `container_image`. 52 53We chose not to use Bazel rules for this container step, as that could be difficult to bootstrap 54without Bazel already setup. Additionally, Make is a simple and sufficient way to script the steps 55for SLSA purposes. 56 57Defining our own Bazel RBE platforms 58------------------------------------ 59While the generated files *do* have a platform we can use (e.g. 60`//bazel/rbe/gce_linux/config:platform`), we do not use it because we cannot easily customize it 61without a risk that the changes will be lost when we update the image. Thankfully, we can specify 62our own platforms, which we do in `//bazel/platform`, which is where we put the exec_properties 63needed to use our RBE instances. 64 65More details 66------------ 67https://docs.google.com/document/d/14xMZCKews69SSTfULhE8HDUzT5XvPwZ4CvRufEvcZ74/edit 68 69RBE Metrics 70----------- 71http://go/skia-rbe-metrics