[gjs/test-ci: 3/5] CI: Build everything from a Dockerfile using podman

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs/test-ci: 3/5] CI: Build everything from a Dockerfile using podman
Date: Mon, 27 Apr 2020 01:13:44 +0000 (UTC)
commit 32771ed8c287282d6fb0e9d243d219dbea1369c1
Author: Philip Chimento <philip chimento gmail com>
Date:   Mon Mar 2 21:22:53 2020 -0800

    CI: Build everything from a Dockerfile using podman
    
    Unfortunately, we can no longer use Docker because the runners are
    unprivileged.
    
    FIXME: Apparently we can't use podman either on unprivileged runners, so
    what's the point.

 .gitlab-ci.yml        |  59 ++++++++++++--------------
 test/ci-images.sh     | 112 --------------------------------------------------
 test/extra/Dockerfile |  58 ++++++++++++++++++++++++++
 3 files changed, 84 insertions(+), 145 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 89df2086..2e10ecfc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -281,46 +281,43 @@ zeal_11:
 #          Create CI Docker Images          #
 #############################################
 .Docker image template: &create_docker_image
-  image: docker:19.03.0
+  tags:
+    - privileged
+  image: registry.fedoraproject.org/fedora:32
   stage: deploy
-  services:
-    - docker:19.03.0-dind
   only:
     variables:
       - $CRON_TASK == "BUILD_CI_IMAGES"
 
   script:
-    # Where the real magic happens
-    - docker run --name "$NAME" -v "$(pwd):/on-host" -e OS="$IMAGE" -e BUILD_OPTS="$BUILD_OPTS" -e CC=gcc -e 
MOZJS_BRANCH="$MOZJS_BRANCH" "$IMAGE" bash -e -c "cd /on-host && test/ci-images.sh"
-    - docker commit "$NAME" "$CI_REGISTRY_IMAGE:$NAME"
+    - dnf install -y podman buildah
+    - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+
+    # Newer versions of podman/buildah try to set overlayfs mount options when
+    # using the vfs driver, and this causes errors.
+    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
 
-    # Prepare to publish
-    - docker tag "$CI_REGISTRY_IMAGE:$NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+    - podman build --cgroup-manager=cgroupfs --format=docker --pull -f test/extra/$DOCKERFILE -t 
"$CI_REGISTRY_IMAGE:$NAME" $ARGS
+    - podman tag "$CI_REGISTRY_IMAGE:$NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
+    - podman image list
 
     # Publish (if running on a schedule)
     - |
       if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
+        podman push --creds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD "$CI_REGISTRY_IMAGE:$NAME"
+        podman push --creds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD 
"$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
       fi
 
+  except:
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /$NAME/
+
 alpine.cpplint:
   <<: *create_docker_image
-  script:
-    # Overrides the script from create_docker_image above
-    - docker build -f test/extra/Dockerfile.alpine.cpplint -t "$CI_REGISTRY_IMAGE:alpine.cpplint" .
-    - docker tag "$CI_REGISTRY_IMAGE:alpine.cpplint" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_alpine.cpplint"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
-    - |
-      if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
-      fi
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
+    STORAGE_DRIVER: 'vfs'
+    DOCKERFILE: Dockerfile.alpine.cpplint
+    NAME: alpine.cpplint
   except:
     variables:
       - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /alpine.cpplint/
@@ -328,10 +325,8 @@ alpine.cpplint:
 fedora.mozjs68:
   <<: *create_docker_image
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
+    STORAGE_DRIVER: 'vfs'
+    DOCKERFILE: Dockerfile
     NAME: "fedora.mozjs68"
   except:
     variables:
@@ -340,12 +335,10 @@ fedora.mozjs68:
 fedora.mozjs68-debug:
   <<: *create_docker_image
   variables:
-    BUILD_OPTS: "--enable-debug"
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
+    STORAGE_DRIVER: 'vfs'
+    DOCKERFILE: Dockerfile
     NAME: "fedora.mozjs68-debug"
+    ARGS: "--build-arg BUILD_OPTS=--enable-debug"
   except:
     variables:
       - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /fedora.mozjs68-debug/
diff --git a/test/extra/Dockerfile b/test/extra/Dockerfile
new file mode 100644
index 00000000..94cdcd74
--- /dev/null
+++ b/test/extra/Dockerfile
@@ -0,0 +1,58 @@
+FROM fedora:32
+ARG MOZJS_BRANCH=mozjs68
+ARG BUILD_OPTS=
+
+ENV SHELL=/bin/bash
+
+# List is comprised of base dependencies for CI scripts, mozjs, gjs, and debug
+# packages needed for informative stack traces, e.g. in Valgrind.
+# mozjs and gjs build dependencies adapted from the lists in:
+# https://src.fedoraproject.org/rpms/mozjs68/blob/master/f/mozjs68.spec
+# https://src.fedoraproject.org/rpms/gjs/blob/master/f/gjs.spec
+#
+# Do everything in one RUN command so that the mozjs source and its build
+# dependencies are not cached in the final Docker image.
+RUN dnf -y install \
+    @c-development @development-tools clang compiler-rt gnome-desktop-testing \
+    lcov libasan libubsan libtsan meson ninja-build systemtap-sdt-devel Xvfb \
+    xz \
+    \
+    cargo clang-devel llvm llvm-devel perl-devel 'pkgconfig(libffi)' \
+    'pkgconfig(zlib)' python2-devel readline-devel rust which zip \
+    \
+    cairo-gobject-devel diffutils dbus-daemon dbus-x11 dbus-glib-devel \
+    glib2-devel gobject-introspection-devel gtk3-devel gtk4-devel \
+    sysprof-devel && \
+    \
+    dnf -y debuginfo-install glib2-devel gobject-introspection-devel \
+        gtk3-devel gtk4-devel fontconfig cairo glibc && \
+    \
+    dnf -y upgrade --best --allowerasing && \
+    \
+    git clone --depth 1 https://github.com/ptomato/mozjs.git \
+        -b "${MOZJS_BRANCH}" && \
+    mkdir -p mozjs/_build && \
+    cd mozjs/_build && \
+    ../js/src/configure --prefix=/usr --libdir=/usr/lib64 --disable-jemalloc \
+        --enable-posix-nspr-emulation --enable-unaligned-private-values \
+        --with-system-zlib --with-intl-api AUTOCONF=autoconf ${BUILD_OPTS} && \
+    make -j4 && \
+    make install && \
+    rm -f /usr/lib64/libjs_static.ajs && \
+    cd ../.. && \
+    \
+    rm -rf mozjs && \
+    dnf -y remove cargo clang-devel llvm llvm-devel perl-devel python2-devel \
+        rust which zip && \
+    dnf clean all
+
+# Enable sudo for wheel users
+RUN sed -i -e 's/# %wheel/%wheel/' -e '0,/%wheel/{s/%wheel/# %wheel/}' /etc/sudoers
+
+ENV HOST_USER_ID 5555
+RUN useradd -u $HOST_USER_ID -G wheel -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]