diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 55fff2e1e3f96bb88650613d75ee2230ace175a8..dfed0212829d67afa359449b944d36569d9cdcd1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -294,6 +294,8 @@ jug_dev:default:
echo "FORCE_NOCACHE set"
export CACHE_FLAG="--no-cache"
fi
+ ## Setup mirrors.yaml with rw mirror secrets
+ - cat mirrors.yaml.in | envsubst > mirrors.yaml
## Build targets
- for target in ${TARGETS} ; do
if [ ! ${target} = export ] ; then
@@ -319,11 +321,10 @@ jug_dev:default:
--build-arg EICSPACK_CHERRYPICKS="${EICSPACK_CHERRYPICKS}"
--build-arg S3_ACCESS_KEY="${S3_ACCESS_KEY}"
--build-arg S3_SECRET_KEY="${S3_SECRET_KEY}"
- --build-arg S3RW_ACCESS_KEY="${S3RW_ACCESS_KEY}"
- --build-arg S3RW_SECRET_KEY="${S3RW_SECRET_KEY}"
--build-arg INTERNAL_TAG=${INTERNAL_TAG}
--build-arg JUG_VERSION=${INTERNAL_TAG}-$(git rev-parse HEAD)
--build-context spack=.
+ --secret id=mirrors,src=mirrors.yaml
containers/jug
; done
diff --git a/containers/jug/dev.Dockerfile b/containers/jug/dev.Dockerfile
index 1cf66eea12099add086fb39fe07174e95c6ba425..dadd86b9abe8e7ea0bc0253982c674c3735b7c7f 100644
--- a/containers/jug/dev.Dockerfile
+++ b/containers/jug/dev.Dockerfile
@@ -54,7 +54,7 @@ RUN declare -A arch=( \
&& spack config blame packages \
&& spack config --scope site add "config:suppress_gpg_warnings:true" \
&& spack config --scope site add "config:build_jobs:${jobs}" \
- && spack config --scope site add "config:db_lock_timeout:120" \
+ && spack config --scope site add "config:db_lock_timeout:${jobs}0" \
&& spack config --scope site add "config:install_tree:root:/opt/software" \
&& spack config blame config \
&& spack compiler find --scope site \
@@ -69,7 +69,9 @@ RUN --mount=type=cache,target=/var/cache/spack-mirror \
&& spack buildcache update-index -d /var/cache/spack-mirror \
&& spack mirror list
-## Setup eic-spack buildcache mirrors (FIXME: leaks credentials into layer)
+## Setup eic-spack buildcache mirrors
+## - this always adds the read-only mirror to the container
+## - the write-enabled mirror is provided later as a secret mount
ARG S3_ACCESS_KEY=""
ARG S3_SECRET_KEY=""
RUN --mount=type=cache,target=/var/cache/spack-mirror \
@@ -101,19 +103,18 @@ RUN git clone https://github.com/${EICSPACK_ORGREPO}.git ${EICSPACK_ROOT} \
fi \
&& spack repo add --scope site "${EICSPACK_ROOT}"
-## Setup our custom environment
+## Setup our custom environment (secret mount for write-enabled mirror)
COPY --from=spack spack-environment/ /opt/spack-environment/
ARG ENV=dev
RUN --mount=type=cache,target=/var/cache/spack-mirror,sharing=locked \
+ --mount=type=secret,id=mirrors,target=/opt/spack/etc/spack/mirrors.yaml \
cd /opt/spack-environment \
&& source $SPACK_ROOT/share/spack/setup-env.sh \
&& spack env activate --dir /opt/spack-environment/${ENV} \
&& make --jobs ${jobs} --keep-going --directory /opt/spack-environment \
SPACK_ENV=${ENV} \
- BUILDCACHE_DIR=/var/cache/spack-mirror
-# FIXME disabled S3 buildcache until multipart upload fixed
-# \
-# BUILDCACHE_MIRROR=eic-spack
+ BUILDCACHE_DIR=/var/cache/spack-mirror \
+ BUILDCACHE_MIRROR=eic-spack
## Create view at /usr/local
RUN --mount=type=cache,target=/var/cache/spack-mirror,sharing=locked \
diff --git a/mirrors.yaml.in b/mirrors.yaml.in
new file mode 100644
index 0000000000000000000000000000000000000000..b276a8a34421ad97098c4d1ad582179792a39a69
--- /dev/null
+++ b/mirrors.yaml.in
@@ -0,0 +1,18 @@
+mirrors:
+ eic-spack:
+ fetch:
+ url: s3://eictest/EPIC/spack
+ access_pair:
+ - ${S3RW_ACCESS_KEY}
+ - ${S3RW_SECRET_KEY}
+ access_token: null
+ profile: null
+ endpoint_url: https://eics3.sdcc.bnl.gov:9000
+ push:
+ url: s3://eictest/EPIC/spack
+ access_pair:
+ - ${S3RW_ACCESS_KEY}
+ - ${S3RW_SECRET_KEY}
+ access_token: null
+ profile: null
+ endpoint_url: https://eics3.sdcc.bnl.gov:9000