gitpod-io · roboquat · Aug 4, 2021 · Jul 23, 2021 · Jul 23, 2021 · Jul 27, 2021
@@ -20,7 +20,6 @@ packages:
   - ide-startup.sh
   deps:
   - :app
-  - components/image-builder-mk3/workspace-image-layer:pack
   config:
     argdeps:
         - imageRepoBase

@@ -14,13 +14,6 @@ RUN apk --no-cache add sudo bash \
 COPY components-image-builder-bob--app/bob /app/
 RUN chmod 4755 /app/bob
 
-COPY components-image-builder-mk3-workspace-image-layer--pack/pack.tar /app/workspace-image-layer.tar.gz
-RUN mkdir /app/gplayer \
-    && cd /app/gplayer \
-    && tar xzf /app/workspace-image-layer.tar.gz \
-    && rm -r /app/workspace-image-layer.tar.gz \
-    && mv gitpod-layer/* .
-
 RUN mkdir /ide
 COPY ide-startup.sh /ide/startup.sh
 COPY supervisor-ide-config.json /ide/

@@ -19,6 +19,7 @@ import (
 
 	"github.com/containerd/console"
 	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/util/progress/progressui"
 	"golang.org/x/sync/errgroup"
@@ -28,7 +29,6 @@ const (
 	buildkitdSocketPath      = "unix:///run/buildkit/buildkitd.sock"
 	maxConnectionAttempts    = 10
 	initialConnectionTimeout = 2 * time.Second
-	gplayerDir               = "/app/gplayer"
 )
 
 // Builder builds images using buildkit
@@ -66,7 +66,7 @@ func (b *Builder) Build() error {
 	if err != nil {
 		return err
 	}
-	err = b.buildGPLayer(ctx, cl)
+	err = b.buildWorkspaceImage(ctx, cl)
 	if err != nil {
 		return err
 	}
@@ -152,7 +152,7 @@ func (b *Builder) buildBaseLayer(ctx context.Context, cl *client.Client) error {
 			},
 		},
 	}
-	if lauth := b.Config.GPLayerAuth; lauth != "" {
+	if lauth := b.Config.WorkspaceLayerAuth; lauth != "" {
 		auth, err := newAuthProviderFromEnvvar(lauth)
 		if err != nil {
 			return fmt.Errorf("invalid gp layer authentication: %w", err)
@@ -187,25 +187,22 @@ func (b *Builder) buildBaseLayer(ctx context.Context, cl *client.Client) error {
 	return err
 }
 
-func (b *Builder) buildGPLayer(ctx context.Context, cl *client.Client) (err error) {
+func (b *Builder) buildWorkspaceImage(ctx context.Context, cl *client.Client) (err error) {
 	var sess []session.Attachable
-	if gplayerAuth := b.Config.GPLayerAuth; gplayerAuth != "" {
+	if gplayerAuth := b.Config.WorkspaceLayerAuth; gplayerAuth != "" {
 		auth, err := newAuthProviderFromEnvvar(gplayerAuth)
 		if err != nil {
 			return err
 		}
 		sess = append(sess, auth)
 	}
 
+	def, err := llb.Image(b.Config.BaseRef).Marshal(context.Background())
+	if err != nil {
+		return err
+	}
+
 	solveOpt := client.SolveOpt{
-		Frontend: "dockerfile.v0",
-		LocalDirs: map[string]string{
-			"context":    gplayerDir,
-			"dockerfile": gplayerDir,
-		},
-		FrontendAttrs: map[string]string{
-			"build-arg:baseref": b.Config.BaseRef,
-		},
 		Exports: []client.ExportEntry{
 			{
 				Type: "image",
@@ -222,7 +219,7 @@ func (b *Builder) buildGPLayer(ctx context.Context, cl *client.Client) (err erro
 	eg, ctx := errgroup.WithContext(ctx)
 	ch := make(chan *client.SolveStatus)
 	eg.Go(func() error {
-		_, err := cl.Solve(ctx, nil, solveOpt, ch)
+		_, err := cl.Solve(ctx, def, solveOpt, ch)
 		if err != nil {
 			return fmt.Errorf("cannot build Gitpod layer: %w", err)
 		}

@@ -18,31 +18,31 @@ import (
 
 // Config configures a builder
 type Config struct {
-	TargetRef         string
-	BaseRef           string
-	BaseContext       string
-	BuildBase         bool
-	BaseLayerAuth     string
-	GPLayerAuth       string
-	Dockerfile        string
-	ContextDir        string
-	ExternalBuildkitd string
-	localCacheImport  string
+	TargetRef          string
+	BaseRef            string
+	BaseContext        string
+	BuildBase          bool
+	BaseLayerAuth      string
+	WorkspaceLayerAuth string
+	Dockerfile         string
+	ContextDir         string
+	ExternalBuildkitd  string
+	localCacheImport   string
 }
 
 // GetConfigFromEnv extracts configuration from environment variables
 func GetConfigFromEnv() (*Config, error) {
 	cfg := &Config{
-		TargetRef:         os.Getenv("BOB_TARGET_REF"),
-		BaseRef:           os.Getenv("BOB_BASE_REF"),
-		BaseContext:       os.Getenv("THEIA_WORKSPACE_ROOT"),
-		BuildBase:         os.Getenv("BOB_BUILD_BASE") == "true",
-		BaseLayerAuth:     os.Getenv("BOB_BASELAYER_AUTH"),
-		GPLayerAuth:       os.Getenv("BOB_GPLAYER_AUTH"),
-		Dockerfile:        os.Getenv("BOB_DOCKERFILE_PATH"),
-		ContextDir:        os.Getenv("BOB_CONTEXT_DIR"),
-		ExternalBuildkitd: os.Getenv("BOB_EXTERNAL_BUILDKITD"),
-		localCacheImport:  os.Getenv("BOB_LOCAL_CACHE_IMPORT"),
+		TargetRef:          os.Getenv("BOB_TARGET_REF"),
+		BaseRef:            os.Getenv("BOB_BASE_REF"),
+		BaseContext:        os.Getenv("THEIA_WORKSPACE_ROOT"),
+		BuildBase:          os.Getenv("BOB_BUILD_BASE") == "true",
+		BaseLayerAuth:      os.Getenv("BOB_BASELAYER_AUTH"),
+		WorkspaceLayerAuth: os.Getenv("BOB_WSLAYER_AUTH"),
+		Dockerfile:         os.Getenv("BOB_DOCKERFILE_PATH"),
+		ContextDir:         os.Getenv("BOB_CONTEXT_DIR"),
+		ExternalBuildkitd:  os.Getenv("BOB_EXTERNAL_BUILDKITD"),
+		localCacheImport:   os.Getenv("BOB_LOCAL_CACHE_IMPORT"),
 	}
 
 	if cfg.BaseRef == "" {
@@ -86,15 +86,15 @@ func GetConfigFromEnv() (*Config, error) {
 				return nil, fmt.Errorf("cannot decrypt BOB_BASELAYER_AUTH: %w", err)
 			}
 		}
-		if cfg.GPLayerAuth != "" {
-			dec := make([]byte, base64.RawStdEncoding.DecodedLen(len(cfg.GPLayerAuth)))
-			_, err := base64.RawStdEncoding.Decode(dec, []byte(cfg.GPLayerAuth))
+		if cfg.WorkspaceLayerAuth != "" {
+			dec := make([]byte, base64.RawStdEncoding.DecodedLen(len(cfg.WorkspaceLayerAuth)))
+			_, err := base64.RawStdEncoding.Decode(dec, []byte(cfg.WorkspaceLayerAuth))
 			if err != nil {
-				return nil, fmt.Errorf("BOB_GPLAYER_AUTH is not base64 encoded but BOB_AUTH_KEY is present")
+				return nil, fmt.Errorf("BOB_WSLAYER_AUTH is not base64 encoded but BOB_AUTH_KEY is present")
 			}
-			cfg.GPLayerAuth, err = decrypt(dec, authKey)
+			cfg.WorkspaceLayerAuth, err = decrypt(dec, authKey)
 			if err != nil {
-				return nil, fmt.Errorf("cannot decrypt BOB_GPLAYER_AUTH: %w", err)
+				return nil, fmt.Errorf("cannot decrypt BOB_WSLAYER_AUTH: %w", err)
 			}
 		}
 	}

@@ -22,7 +22,6 @@ packages:
   type: docker
   deps:
   - :app
-  - components/image-builder-mk3/workspace-image-layer:pack
   argdeps:
       - imageRepoBase
   config:

@@ -11,7 +11,5 @@ RUN  apk upgrade --no-cache \
 COPY components-image-builder-mk3--app/image-builder /app/
 RUN chmod +x /app/image-builder
 
-COPY components-image-builder-mk3-workspace-image-layer--pack/pack.tar /app/workspace-image-layer.tar.gz
-
 ENTRYPOINT [ "/app/image-builder" ]
 CMD [ "-v", "help" ]
@@ -49,6 +49,10 @@ const (
 
 	// maxBuildRuntime is the maximum time a build is allowed to take
 	maxBuildRuntime = 60 * time.Minute
+
+	// workspaceBuildProcessVersion controls how we build workspace images.
+	// Incrementing this value will trigger a rebuild of all workspace images.
+	workspaceBuildProcessVersion = 1
 )
 
 // Configuration configures the orchestrator
@@ -72,9 +76,6 @@ type Configuration struct {
 	// Note that the workspace nodes/kubelets need access to this repository.
 	WorkspaceImageRepository string `json:"workspaceImageRepository"`
 
-	// GitpodLayerLoc is the path to the Gitpod layer tar file
-	GitpodLayerLoc string `json:"gitpodLayerLoc"`
-
 	// BuilderImage is an image ref to the workspace builder image
 	BuilderImage string `json:"builderImage"`
 
@@ -98,11 +99,6 @@ func NewOrchestratingBuilder(cfg Configuration) (res *Orchestrator, err error) {
 		}
 	}
 
-	gplayerHash, err := computeGitpodLayerHash(cfg.GitpodLayerLoc)
-	if err != nil {
-		return
-	}
-
 	var builderAuthKey [32]byte
 	if cfg.BuilderAuthKeyFile != "" {
 		fn := cfg.BuilderAuthKeyFile
@@ -178,7 +174,6 @@ func NewOrchestratingBuilder(cfg Configuration) (res *Orchestrator, err error) {
 		RefResolver: &resolve.StandaloneRefResolver{},
 
 		wsman:          wsmanapi.NewWorkspaceManagerClient(conn),
-		gplayerHash:    gplayerHash,
 		buildListener:  make(map[string]map[buildListener]struct{}),
 		logListener:    make(map[string]map[logListener]struct{}),
 		censorship:     make(map[string][]string),
@@ -189,37 +184,14 @@ func NewOrchestratingBuilder(cfg Configuration) (res *Orchestrator, err error) {
 	return o, nil
 }
 
-func computeGitpodLayerHash(gitpodLayerLoc string) (string, error) {
-	if tproot := os.Getenv("TELEPRESENCE_ROOT"); tproot != "" {
-		gitpodLayerLoc = filepath.Join(tproot, gitpodLayerLoc)
-	}
-	if fn := os.Getenv("GITPOD_LAYER_LOC"); fn != "" {
-		gitpodLayerLoc = fn
-	}
-
-	inpt, err := os.OpenFile(gitpodLayerLoc, os.O_RDONLY, 0600)
-	if err != nil {
-		return "", xerrors.Errorf("cannot compute gitpod layer hash: %w", err)
-	}
-	defer inpt.Close()
-
-	hash := sha256.New()
-	_, err = io.Copy(hash, inpt)
-	if err != nil {
-		return "", xerrors.Errorf("cannot compute gitpod layer hash: %w", err)
-	}
-	return fmt.Sprintf("%x", hash.Sum([]byte{})), nil
-}
-
 // Orchestrator runs image builds by orchestrating headless build workspaces
 type Orchestrator struct {
 	Config       Configuration
 	Auth         auth.RegistryAuthenticator
 	AuthResolver auth.Resolver
 	RefResolver  resolve.DockerRefResolver
 
-	gplayerHash string
-	wsman       wsmanapi.WorkspaceManagerClient
+	wsman wsmanapi.WorkspaceManagerClient
 
 	builderAuthKey [32]byte
 	buildListener  map[string]map[buildListener]struct{}
@@ -432,7 +404,7 @@ func (o *Orchestrator) Build(req *protocol.BuildRequest, resp protocol.ImageBuil
 					{Name: "BOB_BASE_REF", Value: baseref},
 					{Name: "BOB_BUILD_BASE", Value: buildBase},
 					{Name: "BOB_BASELAYER_AUTH", Value: baseLayerAuth},
-					{Name: "BOB_GPLAYER_AUTH", Value: gplayerAuth},
+					{Name: "BOB_WSLAYER_AUTH", Value: gplayerAuth},
 					{Name: "BOB_DOCKERFILE_PATH", Value: dockerfilePath},
 					{Name: "BOB_CONTEXT_DIR", Value: contextPath},
 					{Name: "BOB_AUTH_KEY", Value: string(o.builderAuthKey[:])},
@@ -655,11 +627,7 @@ func (o *Orchestrator) getBaseImageRef(ctx context.Context, bs *protocol.BuildSo
 }
 
 func (o *Orchestrator) getWorkspaceImageRef(ctx context.Context, baseref string, allowedAuth auth.AllowedAuthFor) (ref string, err error) {
-	//nolint:staticcheck,ineffassign
-	span, ctx := opentracing.StartSpanFromContext(ctx, "getWorkspaceImageRef")
-	defer tracing.FinishSpan(span, &err)
-
-	cnt := []byte(fmt.Sprintf("%s\n%s\n", baseref, o.gplayerHash))
+	cnt := []byte(fmt.Sprintf("%s\n%d\n", baseref, workspaceBuildProcessVersion))
 	hash := sha256.New()
 	n, err := hash.Write(cnt)
 	if err != nil {