[extensions-web/wip/ci/unprivileged] ci: switch to unprivileged build
- From: Yuri Konotopov <ykonotopov src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web/wip/ci/unprivileged] ci: switch to unprivileged build
- Date: Sat, 29 Feb 2020 13:04:00 +0000 (UTC)
commit 07cbdca73ea58af4847a6d181414f01ad6e3e626
Author: Yuri Konotopov <ykonotopov gnome org>
Date: Sat Feb 29 17:03:42 2020 +0400
ci: switch to unprivileged build
.dockerignore | 1 +
.gitlab-ci.yml | 27 +++++++-----
openshift/docker/Dockerfile | 74 +++-----------------------------
openshift/docker/scripts/build_xapian.sh | 58 +++++++++++++++++++++++++
openshift/docker/scripts/prepare_dirs.sh | 8 ++++
openshift/docker/scripts/prepare_ego.sh | 9 ++++
6 files changed, 98 insertions(+), 79 deletions(-)
---
diff --git a/.dockerignore b/.dockerignore
index 3b99005..6c60238 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -33,6 +33,7 @@ local_settings.py
contrib/
openshift/docker/
!openshift/docker/nginx.conf
+!openshift/docker/scripts
!openshift/docker/wsgi.ini
static/
uploaded-files/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3df5d13..3d3f702 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,17 +1,22 @@
-image: docker:stable
-
+---
variables:
- DOCKER_TLS_CERTDIR: ""
-
-services:
- - docker:dind
+ - PYTHONUNBUFFERED: 1
+ - XAPIAN_VERSION: 1.4.11
+ - GPG_KEY: 08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
-before_script:
- - docker info
+stages:
+ - test
test:
+ image: python:3.6-stretch
stage: test
script:
- - docker build -f openshift/docker/Dockerfile -t extensions-web .
- - docker run -e EGO_SECRET_KEY=. -e EGO_DEBUG=1 extensions-web python manage.py test
- - docker run extensions-web bash -c 'pip install safety && safety check -r requirements.txt && safety
check -r requirements.ego.txt'
+ - openshift/docker/build_xapian.sh
+ - openshift/docker/prepare_dirs.sh
+ - cp -r . /extensions-web/app
+ - openshift/docker/prepare_ego.sh
+ - cd /extensions-web/app
+ - EGO_SECRET_KEY=. -e EGO_DEBUG=1 extensions-web python manage.py test
+ - pip install safety
+ - safety check -r requirements.txt
+ - safety check -r requirements.ego.txt
diff --git a/openshift/docker/Dockerfile b/openshift/docker/Dockerfile
index 18648b8..d78ace1 100644
--- a/openshift/docker/Dockerfile
+++ b/openshift/docker/Dockerfile
@@ -6,75 +6,13 @@ ENV PYTHONUNBUFFERED=1 \
XAPIAN_VERSION=1.4.11 \
GPG_KEY=08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
-RUN set -ex \
- && apt-get update \
- && apt-get install --no-install-recommends --no-install-suggests -y \
- gettext \
- && rm -r /var/lib/apt/lists/* \
- && wget -O xapian-core.tar.xz
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz" \
- && wget -O xapian-core.tar.xz.asc
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc" \
- && wget -O xapian-bindings.tar.xz
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz" \
- && wget -O xapian-bindings.tar.xz.asc
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && \
- { \
- found=''; \
- for server in \
- ha.pool.sks-keyservers.net \
- hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu \
- ; do \
- echo "Fetching GPG key $GPG_KEY from $server"; \
- gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
- done; \
- test -z "$found" && { echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; } || true; \
- } \
- && gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
- && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
- && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
- && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
- && mkdir -p /usr/src/xapian-core \
- && mkdir -p /usr/src/xapian-bindings \
- && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
- && rm xapian-core.tar.xz \
- && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
- && rm xapian-bindings.tar.xz \
- && cd /usr/src/xapian-core \
- && ./configure \
- && make -j "$(nproc)" \
- && make install \
- && ldconfig \
- && rm -r /usr/src/xapian-core \
- && cd /usr/src/xapian-bindings \
- && pip install Sphinx\<2.0.0 \
- && ./configure \
- --with-python3 \
- && make -j "$(nproc)" \
- && make install \
- && pip freeze > /tmp/pip.txt \
- && pip uninstall -y -r /tmp/pip.txt \
- && rm /tmp/pip.txt \
- && find /usr/local -depth \
- \( \
- \( -type d -a \( -name test -o -name tests \) \) \
- -o \
- \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
- \) -exec rm -r '{}' + \
- && rm -r /usr/src/xapian-bindings
+COPY openshift/docker/scripts /tmp/ego
+
+RUN /tmp/ego/build_xapian.sh
+RUN /tmp/ego/prepare_dirs.sh
-RUN set -ex \
- && mkdir -p /extensions-web/app \
- && mkdir -p /extensions-web/data \
- && mkdir -p /extensions-web/www \
- && chmod g+rwX -R /extensions-web/data \
- && chmod g+rwX -R /extensions-web/www
WORKDIR /extensions-web/app
COPY . /extensions-web/app
COPY openshift/docker/wsgi.ini /extensions-web
-RUN set -ex \
- && chown www-data:root -R /extensions-web/app \
- && chown www-data:root /extensions-web/wsgi.ini \
- && pip install -r requirements.txt \
- && pip install -r requirements.ego.txt \
- && EGO_SECRET_KEY=- python manage.py compilemessages
+
+RUN /tmp/ego/prepare_ego.sh
diff --git a/openshift/docker/scripts/build_xapian.sh b/openshift/docker/scripts/build_xapian.sh
new file mode 100755
index 0000000..43122c9
--- /dev/null
+++ b/openshift/docker/scripts/build_xapian.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -ex \
+ && apt-get update \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ gettext \
+ && rm -r /var/lib/apt/lists/* \
+ && wget -O xapian-core.tar.xz
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz" \
+ && wget -O xapian-core.tar.xz.asc
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc" \
+ && wget -O xapian-bindings.tar.xz
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz" \
+ && wget -O xapian-bindings.tar.xz.asc
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc" \
+ && export GNUPGHOME="$(mktemp -d)" \
+ && \
+ { \
+ found=''; \
+ for server in \
+ ha.pool.sks-keyservers.net \
+ hkp://keyserver.ubuntu.com:80 \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu \
+ ; do \
+ echo "Fetching GPG key $GPG_KEY from $server"; \
+ gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
+ done; \
+ test -z "$found" && { echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; } || true; \
+ } \
+ && gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
+ && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
+ && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
+ && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
+ && mkdir -p /usr/src/xapian-core \
+ && mkdir -p /usr/src/xapian-bindings \
+ && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
+ && rm xapian-core.tar.xz \
+ && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
+ && rm xapian-bindings.tar.xz \
+ && cd /usr/src/xapian-core \
+ && ./configure \
+ && make -j "$(nproc)" \
+ && make install \
+ && ldconfig \
+ && rm -r /usr/src/xapian-core \
+ && cd /usr/src/xapian-bindings \
+ && pip install Sphinx\<2.0.0 \
+ && ./configure \
+ --with-python3 \
+ && make -j "$(nproc)" \
+ && make install \
+ && pip freeze > /tmp/pip.txt \
+ && pip uninstall -y -r /tmp/pip.txt \
+ && rm /tmp/pip.txt \
+ && find /usr/local -depth \
+ \( \
+ \( -type d -a \( -name test -o -name tests \) \) \
+ -o \
+ \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
+ \) -exec rm -r '{}' + \
+ && rm -r /usr/src/xapian-bindings
diff --git a/openshift/docker/scripts/prepare_dirs.sh b/openshift/docker/scripts/prepare_dirs.sh
new file mode 100755
index 0000000..c127cb1
--- /dev/null
+++ b/openshift/docker/scripts/prepare_dirs.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -ex \
+ && mkdir -p /extensions-web/app \
+ && mkdir -p /extensions-web/data \
+ && mkdir -p /extensions-web/www \
+ && chmod g+rwX -R /extensions-web/data \
+ && chmod g+rwX -R /extensions-web/www
diff --git a/openshift/docker/scripts/prepare_ego.sh b/openshift/docker/scripts/prepare_ego.sh
new file mode 100755
index 0000000..e06678f
--- /dev/null
+++ b/openshift/docker/scripts/prepare_ego.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex \
+ && chown www-data:root -R /extensions-web/app \
+ && chown www-data:root /extensions-web/wsgi.ini \
+ && pip install -r requirements.txt \
+ && pip install -r requirements.ego.txt \
+ && EGO_SECRET_KEY=- python manage.py compilemessages \
+ && rm -rf /tmp/ego
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]