[gjs/test-ci] CI: Build everything from a Dockerfile using buildah

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs/test-ci] CI: Build everything from a Dockerfile using buildah
Date: Tue, 12 May 2020 05:02:05 +0000 (UTC)
commit d21d42f6f24cb517ed165077140b089c50901ce5
Author: Philip Chimento <philip chimento gmail com>
Date:   Mon Mar 2 21:22:53 2020 -0800

    CI: Build everything from a Dockerfile using buildah
    
    Unfortunately, we can no longer use Docker because the runners are
    unprivileged.

 .gitlab-ci.yml        |  70 ++++++++++++-------------------
 test/ci-images.sh     | 112 --------------------------------------------------
 test/extra/Dockerfile |  61 +++++++++++++++++++++++++++
 test/test-ci.sh       |   2 +-
 4 files changed, 88 insertions(+), 157 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 89df2086..58d8e382 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -221,14 +221,13 @@ installed_tests:
     TASK_ID: "fedora-x86_64-gcc-default-default-installed_tests"
     CONFIG_OPTS: -Dinstalled_tests=true -Dprefix=/usr
     TEST: skip
-    LD_LIBRARY_PATH: $LD_LIBRARY_PATH:/usr/local/lib  # for mozjs60
   when: manual
   except:
     - schedules
   script:
     - test/test-ci.sh SETUP
     - test/test-ci.sh BUILD
-    - ninja -C _build install
+    - sudo ninja -C _build install
     - xvfb-run -a dbus-run-session -- gnome-desktop-testing-runner gjs
 
 valgrind:
@@ -281,71 +280,54 @@ zeal_11:
 #          Create CI Docker Images          #
 #############################################
 .Docker image template: &create_docker_image
-  image: docker:19.03.0
+  image: registry.fedoraproject.org/fedora:32
   stage: deploy
-  services:
-    - docker:19.03.0-dind
   only:
     variables:
       - $CRON_TASK == "BUILD_CI_IMAGES"
 
   script:
+    - dnf install -y buildah runc
+
+    # Newer versions of podman/buildah try to set overlayfs mount options when
+    # using the vfs driver, and this causes errors.
+    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
+
     # Where the real magic happens
-    - docker run --name "$NAME" -v "$(pwd):/on-host" -e OS="$IMAGE" -e BUILD_OPTS="$BUILD_OPTS" -e CC=gcc -e 
MOZJS_BRANCH="$MOZJS_BRANCH" "$IMAGE" bash -e -c "cd /on-host && test/ci-images.sh"
-    - docker commit "$NAME" "$CI_REGISTRY_IMAGE:$NAME"
+    - buildah bud -f $DOCKERFILE -t "$CI_REGISTRY_IMAGE:$CI_JOB_NAME" $ARGS
 
     # Prepare to publish
-    - docker tag "$CI_REGISTRY_IMAGE:$NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$NAME"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+    - buildah tag "$CI_REGISTRY_IMAGE:$CI_JOB_NAME" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$CI_JOB_NAME"
+    - buildah images
+    - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 
     # Publish (if running on a schedule)
     - |
       if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
+        buildah push "$CI_REGISTRY_IMAGE:$CI_JOB_NAME"
+        buildah push "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_$CI_JOB_NAME"
       fi
 
+.Docker variables: &docker_variables
+  STORAGE_DRIVER: vfs
+  BUILDAH_FORMAT: docker
+  BUILDAH_ISOLATION: chroot
+
 alpine.cpplint:
   <<: *create_docker_image
-  script:
-    # Overrides the script from create_docker_image above
-    - docker build -f test/extra/Dockerfile.alpine.cpplint -t "$CI_REGISTRY_IMAGE:alpine.cpplint" .
-    - docker tag "$CI_REGISTRY_IMAGE:alpine.cpplint" "$CI_REGISTRY_IMAGE:job-${CI_JOB_ID}_alpine.cpplint"
-    - docker images
-    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
-    - |
-      if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
-        docker push "$CI_REGISTRY_IMAGE"
-      fi
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-  except:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /alpine.cpplint/
+    <<: *docker_variables
+    DOCKERFILE: test/extra/Dockerfile.alpine.cpplint
 
 fedora.mozjs68:
   <<: *create_docker_image
   variables:
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
-    NAME: "fedora.mozjs68"
-  except:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /fedora.mozjs68/
+    <<: *docker_variables
+    DOCKERFILE: test/extra/Dockerfile
 
 fedora.mozjs68-debug:
   <<: *create_docker_image
   variables:
-    BUILD_OPTS: "--enable-debug"
-    DOCKER_DRIVER: overlay
-    # https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03
-    DOCKER_TLS_CERTDIR: ""
-    IMAGE: "fedora:rawhide"
-    NAME: "fedora.mozjs68-debug"
-  except:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /\[skip images\]/ && $CI_COMMIT_MESSAGE =~ /fedora.mozjs68-debug/
+    <<: *docker_variables
+    DOCKERFILE: test/extra/Dockerfile
+    ARGS: "--build-arg BUILD_OPTS=--enable-debug"
diff --git a/test/extra/Dockerfile b/test/extra/Dockerfile
new file mode 100644
index 00000000..ae5590c9
--- /dev/null
+++ b/test/extra/Dockerfile
@@ -0,0 +1,61 @@
+# === Build Spidermonkey stage ===
+
+FROM fedora:32 AS mozjs-build
+ARG MOZJS_BRANCH=mozjs68
+ARG BUILD_OPTS=
+
+ENV SHELL=/bin/bash
+
+RUN dnf -y install 'dnf-command(builddep)' git make which
+RUN dnf -y builddep mozjs68
+
+WORKDIR /root
+
+RUN git clone --depth 1 https://github.com/ptomato/mozjs.git -b ${MOZJS_BRANCH}
+RUN mkdir -p mozjs/_build
+
+WORKDIR /root/mozjs/_build
+
+RUN ../js/src/configure --prefix=/usr --libdir=/usr/lib64 --disable-jemalloc \
+    --enable-posix-nspr-emulation --enable-unaligned-private-values \
+    --with-system-zlib --with-intl-api AUTOCONF=autoconf ${BUILD_OPTS}
+RUN make -j$(nproc)
+RUN DESTDIR=/root/mozjs-install make install
+RUN rm -f /root/mozjs-install/usr/lib64/libjs_static.ajs
+
+# === Actual Docker image ===
+
+FROM fedora:32
+
+ENV SHELL=/bin/bash
+
+# List is comprised of base dependencies for CI scripts, gjs, and debug packages
+# needed for informative stack traces, e.g. in Valgrind.
+#
+# Do everything in one RUN command so that the dnf cache is not cached in the
+# final Docker image.
+RUN dnf -y install --enablerepo=fedora-debuginfo,updates-debuginfo \
+    binutils cairo-debuginfo cairo-debugsource cairo-gobject-devel clang \
+    compiler-rt dbus-daemon diffutils fontconfig-debuginfo \
+    fontconfig-debugsource gcc-c++ git glib2-debuginfo glib2-debugsource \
+    glib2-devel glibc-debuginfo glibc-debuginfo-common gnome-desktop-testing \
+    gobject-introspection-debuginfo gobject-introspection-debugsource \
+    gobject-introspection-devel gtk3-debuginfo gtk3-debugsource gtk3-devel \
+    gtk4-debuginfo gtk4-debugsource gtk4-devel lcov libasan libubsan libtsan \
+    meson ninja-build pkgconf readline-devel sysprof-devel systemtap-sdt-devel \
+    valgrind which Xvfb xz && \
+    dnf clean all && rm -rf /var/cache/dnf
+
+COPY --from=mozjs-build /root/mozjs-install/usr /usr
+
+# Enable sudo for wheel users
+RUN sed -i -e 's/# %wheel/%wheel/' -e '0,/%wheel/{s/%wheel/# %wheel/}' \
+    /etc/sudoers
+
+ENV HOST_USER_ID 5555
+RUN useradd -u $HOST_USER_ID -G wheel -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8
diff --git a/test/test-ci.sh b/test/test-ci.sh
index ef36a609..9b1d9d06 100755
--- a/test/test-ci.sh
+++ b/test/test-ci.sh
@@ -125,7 +125,7 @@ elif test "$1" = "SH_CHECKS"; then
     export LANGUAGE=C.UTF-8
     export NO_AT_BRIDGE=1
 
-    ninja -C _build install
+    sudo ninja -C _build install
     installed-tests/scripts/testExamples.sh > scripts.log
     do_Check_Script_Errors
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]