[extensions-web/wip/ci/unprivileged] ci: switch to unprivileged build



commit 07cbdca73ea58af4847a6d181414f01ad6e3e626
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Sat Feb 29 17:03:42 2020 +0400

    ci: switch to unprivileged build

 .dockerignore                            |  1 +
 .gitlab-ci.yml                           | 27 +++++++-----
 openshift/docker/Dockerfile              | 74 +++-----------------------------
 openshift/docker/scripts/build_xapian.sh | 58 +++++++++++++++++++++++++
 openshift/docker/scripts/prepare_dirs.sh |  8 ++++
 openshift/docker/scripts/prepare_ego.sh  |  9 ++++
 6 files changed, 98 insertions(+), 79 deletions(-)
---
diff --git a/.dockerignore b/.dockerignore
index 3b99005..6c60238 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -33,6 +33,7 @@ local_settings.py
 contrib/
 openshift/docker/
 !openshift/docker/nginx.conf
+!openshift/docker/scripts
 !openshift/docker/wsgi.ini
 static/
 uploaded-files/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3df5d13..3d3f702 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,17 +1,22 @@
-image: docker:stable
-
+---
 variables:
-  DOCKER_TLS_CERTDIR: ""
-
-services:
-  - docker:dind
+  - PYTHONUNBUFFERED: 1
+  - XAPIAN_VERSION: 1.4.11
+  - GPG_KEY: 08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
 
-before_script:
-  - docker info
+stages:
+  - test
 
 test:
+  image: python:3.6-stretch
   stage: test
   script:
-    - docker build -f openshift/docker/Dockerfile -t extensions-web .
-    - docker run -e EGO_SECRET_KEY=. -e EGO_DEBUG=1 extensions-web python manage.py test
-    - docker run extensions-web bash -c 'pip install safety && safety check -r requirements.txt && safety 
check -r requirements.ego.txt'
+    - openshift/docker/build_xapian.sh
+    - openshift/docker/prepare_dirs.sh
+    - cp -r . /extensions-web/app
+    - openshift/docker/prepare_ego.sh
+    - cd /extensions-web/app
+    - EGO_SECRET_KEY=. -e EGO_DEBUG=1 extensions-web python manage.py test
+    - pip install safety
+    - safety check -r requirements.txt
+    - safety check -r requirements.ego.txt
diff --git a/openshift/docker/Dockerfile b/openshift/docker/Dockerfile
index 18648b8..d78ace1 100644
--- a/openshift/docker/Dockerfile
+++ b/openshift/docker/Dockerfile
@@ -6,75 +6,13 @@ ENV PYTHONUNBUFFERED=1 \
        XAPIAN_VERSION=1.4.11 \
        GPG_KEY=08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
 
-RUN set -ex \
-       && apt-get update \
-       && apt-get install --no-install-recommends --no-install-suggests -y \
-               gettext \
-       && rm -r /var/lib/apt/lists/* \
-       && wget -O xapian-core.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz"; \
-       && wget -O xapian-core.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc"; \
-       && wget -O xapian-bindings.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz"; \
-       && wget -O xapian-bindings.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc"; \
-       && export GNUPGHOME="$(mktemp -d)" \
-       && \
-       { \
-       found=''; \
-       for server in \
-               ha.pool.sks-keyservers.net \
-               hkp://keyserver.ubuntu.com:80 \
-               hkp://p80.pool.sks-keyservers.net:80 \
-               pgp.mit.edu \
-       ; do \
-               echo "Fetching GPG key $GPG_KEY from $server"; \
-               gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
-       done; \
-       test -z "$found" && { echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; } || true; \
-       } \
-       && gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
-       && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
-       && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
-       && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
-       && mkdir -p /usr/src/xapian-core \
-       && mkdir -p /usr/src/xapian-bindings \
-       && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
-       && rm xapian-core.tar.xz \
-       && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
-       && rm xapian-bindings.tar.xz \
-       && cd /usr/src/xapian-core \
-       && ./configure \
-       && make -j "$(nproc)" \
-       && make install \
-       && ldconfig \
-       && rm -r /usr/src/xapian-core \
-       && cd /usr/src/xapian-bindings \
-       && pip install Sphinx\<2.0.0 \
-       && ./configure \
-               --with-python3 \
-       && make -j "$(nproc)" \
-       && make install \
-       && pip freeze > /tmp/pip.txt \
-       && pip uninstall -y -r /tmp/pip.txt \
-       && rm /tmp/pip.txt \
-       && find /usr/local -depth \
-               \( \
-                       \( -type d -a \( -name test -o -name tests \) \) \
-                       -o \
-                       \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
-               \) -exec rm -r '{}' + \
-       && rm -r /usr/src/xapian-bindings
+COPY openshift/docker/scripts /tmp/ego
+
+RUN /tmp/ego/build_xapian.sh
+RUN /tmp/ego/prepare_dirs.sh
 
-RUN set -ex \
-       && mkdir -p /extensions-web/app \
-       && mkdir -p /extensions-web/data \
-       && mkdir -p /extensions-web/www \
-       && chmod g+rwX -R /extensions-web/data \
-       && chmod g+rwX -R /extensions-web/www
 WORKDIR /extensions-web/app
 COPY . /extensions-web/app
 COPY openshift/docker/wsgi.ini /extensions-web
-RUN set -ex \
-       && chown www-data:root -R /extensions-web/app \
-       && chown www-data:root /extensions-web/wsgi.ini \
-       && pip install -r requirements.txt \
-       && pip install -r requirements.ego.txt \
-       && EGO_SECRET_KEY=- python manage.py compilemessages
+
+RUN /tmp/ego/prepare_ego.sh
diff --git a/openshift/docker/scripts/build_xapian.sh b/openshift/docker/scripts/build_xapian.sh
new file mode 100755
index 0000000..43122c9
--- /dev/null
+++ b/openshift/docker/scripts/build_xapian.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -ex \
+       && apt-get update \
+       && apt-get install --no-install-recommends --no-install-suggests -y \
+               gettext \
+       && rm -r /var/lib/apt/lists/* \
+       && wget -O xapian-core.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz"; \
+       && wget -O xapian-core.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc"; \
+       && wget -O xapian-bindings.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz"; \
+       && wget -O xapian-bindings.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc"; \
+       && export GNUPGHOME="$(mktemp -d)" \
+       && \
+       { \
+       found=''; \
+       for server in \
+               ha.pool.sks-keyservers.net \
+               hkp://keyserver.ubuntu.com:80 \
+               hkp://p80.pool.sks-keyservers.net:80 \
+               pgp.mit.edu \
+       ; do \
+               echo "Fetching GPG key $GPG_KEY from $server"; \
+               gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
+       done; \
+       test -z "$found" && { echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; } || true; \
+       } \
+       && gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
+       && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
+       && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
+       && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
+       && mkdir -p /usr/src/xapian-core \
+       && mkdir -p /usr/src/xapian-bindings \
+       && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
+       && rm xapian-core.tar.xz \
+       && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
+       && rm xapian-bindings.tar.xz \
+       && cd /usr/src/xapian-core \
+       && ./configure \
+       && make -j "$(nproc)" \
+       && make install \
+       && ldconfig \
+       && rm -r /usr/src/xapian-core \
+       && cd /usr/src/xapian-bindings \
+       && pip install Sphinx\<2.0.0 \
+       && ./configure \
+               --with-python3 \
+       && make -j "$(nproc)" \
+       && make install \
+       && pip freeze > /tmp/pip.txt \
+       && pip uninstall -y -r /tmp/pip.txt \
+       && rm /tmp/pip.txt \
+       && find /usr/local -depth \
+               \( \
+                       \( -type d -a \( -name test -o -name tests \) \) \
+                       -o \
+                       \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
+               \) -exec rm -r '{}' + \
+       && rm -r /usr/src/xapian-bindings
diff --git a/openshift/docker/scripts/prepare_dirs.sh b/openshift/docker/scripts/prepare_dirs.sh
new file mode 100755
index 0000000..c127cb1
--- /dev/null
+++ b/openshift/docker/scripts/prepare_dirs.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -ex \
+       && mkdir -p /extensions-web/app \
+       && mkdir -p /extensions-web/data \
+       && mkdir -p /extensions-web/www \
+       && chmod g+rwX -R /extensions-web/data \
+       && chmod g+rwX -R /extensions-web/www
diff --git a/openshift/docker/scripts/prepare_ego.sh b/openshift/docker/scripts/prepare_ego.sh
new file mode 100755
index 0000000..e06678f
--- /dev/null
+++ b/openshift/docker/scripts/prepare_ego.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex \
+       && chown www-data:root -R /extensions-web/app \
+       && chown www-data:root /extensions-web/wsgi.ini \
+       && pip install -r requirements.txt \
+       && pip install -r requirements.ego.txt \
+       && EGO_SECRET_KEY=- python manage.py compilemessages \
+       && rm -rf /tmp/ego


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]