[gjs/test-ci: 19/21] CI: Build everything from a Dockerfile using buildah

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs/test-ci: 19/21] CI: Build everything from a Dockerfile using buildah
Date: Fri, 1 May 2020 20:40:17 +0000 (UTC)
commit 100090b2529ff40b875753d3d49a93e65d5f4f16
Author: Philip Chimento <philip chimento gmail com>
Date:   Mon Mar 2 21:22:53 2020 -0800

    CI: Build everything from a Dockerfile using buildah
    
    Unfortunately, we can no longer use Docker because the runners are
    unprivileged.

 .gitlab-ci.yml        |  58 ++++++++++++--------------
 test/ci-images.sh     | 112 --------------------------------------------------
 test/extra/Dockerfile |  60 +++++++++++++++++++++++++++
 test/test-ci.sh       |   2 +-
 4 files changed, 88 insertions(+), 144 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6099b335..7507687b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -281,46 +281,44 @@ zeal_11:
 #          Create CI Docker Images          #
 #############################################
 .Docker image template: &create_docker_image
-  image: docker:19.03.0
+  image: registry.fedoraproject.org/fedora:32
   stage: deploy
-  services:
-    - docker:19.03.0-dind
   only:
     variables:
       - $CRON_TASK == "BUILD_CI_IMAGES"
 
   script:
+    - dnf install -y buildah runc
+
+    # Newer versions of podman/buildah try to set overlayfs mount options when
+    # using the vfs driver, and this causes errors.
+    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
+
     # Where the real magic happens
-    - docker run --name "$NAME" -v "$(pwd):/on-host" -e OS="$IMAGE" -e BUILD_OPTS="$BUILD_OPTS" -e CC=gcc -e 
MOZJS_BRANCH="$MOZJS_BRANCH" "$IMAGE" bash -e -c "cd /on-host && test/ci-images.sh"
-    - docker commit "$NAME" "$CI_REGISTRY_IMAGE:$NAME"
+    - buildah bud -f test/extra/$DOCKERFILE -t "$CI_REGISTRY_IMAGE:$NAME" $ARGS
 
     # Prepare to publish
-    - docker tag "$CI_REGISTRY_IMAGE:$NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+    - buildah tag "$CI_REGISTRY_IMAGE:$NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
+    - buildah images
+    - buildah login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
 
     # Publish (if running on a schedule)
     - |
       if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
+        buildah push "$CI_REGISTRY_IMAGE"
       fi
 
+  except:
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /$NAME/
+
 alpine.cpplint:
   <<: *create_docker_image
-  script:
-    # Overrides the script from create_docker_image above
-    - docker build -f test/extra/Dockerfile.alpine.cpplint -t "$CI_REGISTRY_IMAGE:alpine.cpplint" .
-    - docker tag "$CI_REGISTRY_IMAGE:alpine.cpplint" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_alpine.cpplint"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
-    - |
-      if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
-      fi
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
+    STORAGE_DRIVER: vfs
+    BUILDAH_FORMAT: docker
+    DOCKERFILE: Dockerfile.alpine.cpplint
+    NAME: alpine.cpplint
   except:
     variables:
       - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /alpine.cpplint/
@@ -328,10 +326,9 @@ alpine.cpplint:
 fedora.mozjs68:
   <<: *create_docker_image
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
+    STORAGE_DRIVER: vfs
+    BUILDAH_FORMAT: docker
+    DOCKERFILE: Dockerfile
     NAME: "fedora.mozjs68"
   except:
     variables:
@@ -340,12 +337,11 @@ fedora.mozjs68:
 fedora.mozjs68-debug:
   <<: *create_docker_image
   variables:
-    BUILD_OPTS: "--enable-debug"
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
+    STORAGE_DRIVER: vfs
+    BUILDAH_FORMAT: docker
+    DOCKERFILE: Dockerfile
     NAME: "fedora.mozjs68-debug"
+    ARGS: "--build-arg BUILD_OPTS=--enable-debug"
   except:
     variables:
       - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /fedora.mozjs68-debug/
diff --git a/test/extra/Dockerfile b/test/extra/Dockerfile
new file mode 100644
index 00000000..d2698d8a
--- /dev/null
+++ b/test/extra/Dockerfile
@@ -0,0 +1,60 @@
+FROM fedora:32
+ARG MOZJS_BRANCH=mozjs68
+ARG BUILD_OPTS=
+
+ENV SHELL=/bin/bash
+
+# List is comprised of base dependencies for CI scripts, mozjs, gjs, and debug
+# packages needed for informative stack traces, e.g. in Valgrind.
+# mozjs and gjs build dependencies adapted from the lists in:
+# https://src.fedoraproject.org/rpms/mozjs68/blob/master/f/mozjs68.spec
+# https://src.fedoraproject.org/rpms/gjs/blob/master/f/gjs.spec
+#
+# Do everything in one RUN command so that the mozjs source and its build
+# dependencies are not cached in the final Docker image.
+RUN dnf -y install \
+    @c-development @development-tools clang compiler-rt gnome-desktop-testing \
+    lcov libasan libubsan libtsan meson ninja-build systemtap-sdt-devel Xvfb \
+    xz \
+    \
+    cargo clang-devel llvm llvm-devel perl-devel 'pkgconfig(libffi)' \
+    'pkgconfig(zlib)' python2-devel readline-devel rust which zip \
+    \
+    cairo-gobject-devel diffutils dbus-daemon dbus-x11 dbus-glib-devel \
+    glib2-devel gobject-introspection-devel gtk3-devel gtk4-devel \
+    sysprof-devel && \
+    \
+    dnf -y debuginfo-install glib2-devel gobject-introspection-devel \
+        gtk3-devel gtk4-devel fontconfig cairo glibc && \
+    \
+    dnf -y upgrade --best --allowerasing && \
+    \
+    git clone --depth 1 https://github.com/ptomato/mozjs.git \
+        -b "${MOZJS_BRANCH}" && \
+    mkdir -p mozjs/_build && \
+    cd mozjs/_build && \
+    ../js/src/configure --prefix=/usr --libdir=/usr/lib64 --disable-jemalloc \
+        --enable-posix-nspr-emulation --enable-unaligned-private-values \
+        --with-system-zlib --with-intl-api AUTOCONF=autoconf ${BUILD_OPTS} && \
+    make -j4 && \
+    make install && \
+    rm -f /usr/lib64/libjs_static.ajs && \
+    cd ../.. && \
+    \
+    rm -rf mozjs && \
+    dnf -y remove cargo clang-devel llvm llvm-devel perl-devel python2-devel \
+        rust zip && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Enable sudo for wheel users
+RUN sed -i -e 's/# %wheel/%wheel/' -e '0,/%wheel/{s/%wheel/# %wheel/}' \
+    /etc/sudoers
+
+ENV HOST_USER_ID 5555
+RUN useradd -u $HOST_USER_ID -G wheel -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8
diff --git a/test/test-ci.sh b/test/test-ci.sh
index ef36a609..9b1d9d06 100755
--- a/test/test-ci.sh
+++ b/test/test-ci.sh
@@ -125,7 +125,7 @@ elif test "$1" = "SH_CHECKS"; then
     export LANGUAGE=C.UTF-8
     export NO_AT_BRIDGE=1
 
-    ninja -C _build install
+    sudo ninja -C _build install
     installed-tests/scripts/testExamples.sh > scripts.log
     do_Check_Script_Errors
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]