Building runner helper images with Windows nanoserver
What does this MR do?
This builds on previous work, such as supporting pwsh (PowerShell v7), to experiment with using a helper image built with Windows NanoServer.
It builds both the Server Core (unchanged from before) and Nano Server Helper Images, with the latter not being built for official releases just yet (for some hands-on trials).
Why was this MR needed?
The benefits of basing the helper image off Nano Server are reducing the image size and potentially improving job runtimes
Image Size
The helper image built from Nano Server is almost 10x smaller than Server Core
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab-runner-helper x86_64-76c0cffb-nanoserver20H2 05fdc7e2f5cf 7 weeks ago 633MB
gitlab-runner-helper x86_64-76c0cffb-servercore20H2 ba555b9a56d0 3 months ago 6.2GBThe smaller size also is a benefit when downloading the helper image for the first time. It can take 10-15 minutes to pull and decompress the Server Core image layers from Microsoft, whereas Nano Server is a few minutes.
What's the best way to test this MR?
Demonstration
https://gitlab.com/82phil/nano_runner_helper_demo
Nano Server: https://gitlab.com/82phil/nano_runner_helper_demo/-/jobs/3960482644
Server Core: https://gitlab.com/82phil/nano_runner_helper_demo/-/jobs/3491388095
Building the Image
I tested this on Windows 10 Pro on 21H1 (19043) with the following
- Docker Desktop 4.8.2
- Git for Windows
Pull down the gitlab-runner repo, change to this branch.
Add the gitlab-runner-helper executable under "..\out\binaries\gitlab-runner-helper\gitlab-runner-helper.x86_64-windows.exe" I pulled it from the 15.0 release artifacts CI - https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/2481477621/artifacts/file/out/binaries/gitlab-runner-helper/gitlab-runner-helper.x86_64-windows.exe
Open a PowerShell terminal and cd to the gitlab-runner directory, execute the following:
$env:WINDOWS_VERSION = "nanoserver20H2"
$env:GIT_VERSION = "2.39.2"
$env:GIT_VERSION_BUILD = "1"
$env:GIT_WINDOWS_AMD64_CHECKSUM = "a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d"
$env:GIT_LFS_VERSION = "3.2.0"
$env:GIT_LFS_WINDOWS_AMD64_CHECKSUM = "c2ee1f7b22d98f614cab94e1033052143f4dbf1207c09ce57e9390acc4bbf86e"
$env:PWSH_WINDOWS_AMD64_CHECKSUM = "D234CFD6E9DD4A2CA68BFBC64C416DE42F31760E954812E8ADE02B6D57FE243F"
$env:PWSH_VERSION = "7.1.1"
$env:SKIP_CLEANUP = "true"
$env:PUSH_TO_ECR_PUBLIC = "false"
$env:PUBLISH_IMAGES = "false"
$env:CI_REGISTRY_IMAGE = "test"I ended up using 20H2 as 21H1 will change to ltsc2022 in the build script and fail to build the image. 20H2 will work with Docker Desktop as it runs in Hyper-V isolation by default, supporting images <= 21H1. If anyone else has issues this may help: https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-11-21H2
Run the CI script
.\ci\build_release_windows_images.ps1 Note the image that was built.
Test the runner helper
Create a new GitLab project
Setup and register a gitlab-runner, configuring it with the docker-windows executor. Under config.toml add the following options
[runners.docker]
image = "mcr.microsoft.com/powershell:windowsservercore-20h2"
pull_policy = "never"
helper_image = "test/gitlab-runner-helper:x86_64-54745ef6-nanoserver20H2"Note the helper image will match the one previously built.
Since the pull policy was disabled to demonstrate the helper image, issue the following in a console to pull down the Server Core PowerShell image so it's available when running the demonstration.
docker pull mcr.microsoft.com/powershell:windowsservercore-20h2Add a .gitlab-ci.yml to the project with the following
stages:
- test runner helper
test:
stage: test runner helper
tags:
- <your_runner_tag>
script:
- pwsh --versionAfter committing the file the CI job should execute.