[extensions-web/vbump/django] ci: drop buildah/docker stuff and run jobs natively

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web/vbump/django] ci: drop buildah/docker stuff and run jobs natively
Date: Sat, 15 Jan 2022 12:37:15 +0000 (UTC)

commit 2eb90318078885c6724ae35df3b52719a0fcc289
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Sat Jan 15 16:29:17 2022 +0400

    ci: drop buildah/docker stuff and run jobs natively

 .dockerignore                              |  1 +
 .gitlab-ci.yml                             | 57 +++++++++++++++-------
 openshift/docker/Dockerfile                | 78 ++++++++----------------------
 openshift/docker/scripts/install-xapian.sh | 74 ++++++++++++++++++++++++++++
 4 files changed, 134 insertions(+), 76 deletions(-)
---
diff --git a/.dockerignore b/.dockerignore
index 3b99005..6c60238 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -33,6 +33,7 @@ local_settings.py
 contrib/
 openshift/docker/
 !openshift/docker/nginx.conf
+!openshift/docker/scripts
 !openshift/docker/wsgi.ini
 static/
 uploaded-files/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5461afe..20b9e4a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,21 +1,44 @@
+variables:
+  PYTHON_VERSION: '3.9'
+  XAPIAN_VERSION: 1.4.19
+
+stages:
+  - test
+
+.pip cache:
+  cache:
+    paths:
+      - $PIP_CACHE_DIR
+  variables:
+    PIP_CACHE_DIR: $CI_PROJECT_DIR/.cache/pip
+
 test:
-  image: 'registry.fedoraproject.org/fedora:34'
+  extends:
+    - .pip cache
   stage: test
-  variables:
-    STORAGE_DRIVER: 'vfs'
-    BUILDAH_FORMAT: 'docker'
-    BUILDAH_ISOLATION: 'chroot'
+  image: python:$PYTHON_VERSION
+  before_script:
+    - 'openshift/docker/scripts/install-xapian.sh'
+    - pip install -r requirements.txt
   script:
-    - dnf install -y buildah podman runc
-    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
-    - |
-      cat >> /etc/containers/libpod.conf << END
-      cgroup_manager = "cgroupfs"
-      events_logger = "file"
-      END
+    - python manage.py test
+  variables:
+    EGO_DEBUG: 1
+    EGO_SECRET_KEY: .
+  parallel:
+    matrix:
+      - PYTHON_VERSION:
+          - '3.9'
+          - '3.10'
 
-    - buildah bud -f openshift/docker/Dockerfile -t extensions-web .
-    - CONTAINER=$(buildah from extensions-web)
-    - buildah config --env EGO_SECRET_KEY=. --env EGO_DEBUG=1 $CONTAINER
-    - buildah run $CONTAINER python manage.py test
-    - buildah run $CONTAINER bash -c 'pip install safety && safety check -r requirements.txt && safety check 
-r requirements.ego.txt'
+security:
+  extends:
+    - .pip cache
+  stage: test
+  image: python:$PYTHON_VERSION
+  before_script:
+    - pip install safety
+  script:
+    - safety check -r requirements.txt
+    - safety check -r requirements.ego.txt
+  allow_failure: true
diff --git a/openshift/docker/Dockerfile b/openshift/docker/Dockerfile
index af2d0e7..d8117b4 100644
--- a/openshift/docker/Dockerfile
+++ b/openshift/docker/Dockerfile
@@ -1,77 +1,37 @@
-FROM python:3.6-bullseye
+ARG PYTHON_VERSION=3.9
 
-MAINTAINER Yuri Konotopov <ykonotopov gnome org>
+FROM python:$PYTHON_VERSION as xapian
 
-ENV PYTHONUNBUFFERED=1 \
-       XAPIAN_VERSION=1.4.11 \
-       GPG_KEY=08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
+ARG XAPIAN_VERSION=1.4.19
+ENV PYTHONUNBUFFERED=1
+
+COPY openshift/docker/scripts/ /tmp/scripts/
+RUN /tmp/scripts/install-xapian.sh
+
+FROM python:$PYTHON_VERSION
+
+LABEL author="Yuri Konotopov <ykonotopov gnome org>"
 
 RUN set -ex \
        && apt-get update \
-       && apt-get install --no-install-recommends --no-install-suggests -y \
+       && apt-get install \
+               --no-install-recommends \
+               --no-install-suggests \
+               -y \
                gettext \
        && rm -r /var/lib/apt/lists/* \
-       && wget -O xapian-core.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz"; \
-       && wget -O xapian-core.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc"; \
-       && wget -O xapian-bindings.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz"; \
-       && wget -O xapian-bindings.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc"; \
-       && export GNUPGHOME="$(mktemp -d)" \
-       && \
-       { \
-       found=''; \
-       for server in \
-               ha.pool.sks-keyservers.net \
-               hkp://keyserver.ubuntu.com:80 \
-               hkp://p80.pool.sks-keyservers.net:80 \
-               pgp.mit.edu \
-       ; do \
-               echo "Fetching GPG key $GPG_KEY from $server"; \
-               gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
-       done; \
-       test -z "$found" && { echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; } || true; \
-       } \
-       && gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
-       && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
-       && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
-       && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
-       && mkdir -p /usr/src/xapian-core \
-       && mkdir -p /usr/src/xapian-bindings \
-       && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
-       && rm xapian-core.tar.xz \
-       && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
-       && rm xapian-bindings.tar.xz \
-       && cd /usr/src/xapian-core \
-       && ./configure \
-       && make -j "$(nproc)" \
-       && make install \
-       && ldconfig \
-       && rm -r /usr/src/xapian-core \
-       && cd /usr/src/xapian-bindings \
-       && pip install Sphinx\<2.0.0 \
-       && ./configure \
-               --with-python3 \
-       && make -j "$(nproc)" \
-       && make install \
-       && pip freeze > /tmp/pip.txt \
-       && pip uninstall -y -r /tmp/pip.txt \
-       && rm /tmp/pip.txt \
-       && find /usr/local -depth \
-               \( \
-                       \( -type d -a \( -name test -o -name tests \) \) \
-                       -o \
-                       \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
-               \) -exec rm -r '{}' + \
-       && rm -r /usr/src/xapian-bindings
-
-RUN set -ex \
        && mkdir -p /extensions-web/app \
        && mkdir -p /extensions-web/data \
        && mkdir -p /extensions-web/www \
        && chmod g+rwX -R /extensions-web/data \
        && chmod g+rwX -R /extensions-web/www
+
 WORKDIR /extensions-web/app
+
+COPY --from=xapian /tmp/xapian-root /
 COPY . /extensions-web/app
 COPY openshift/docker/wsgi.ini /extensions-web
+
 RUN set -ex \
        && chown www-data:root -R /extensions-web/app \
        && chown www-data:root /extensions-web/wsgi.ini \
diff --git a/openshift/docker/scripts/install-xapian.sh b/openshift/docker/scripts/install-xapian.sh
new file mode 100755
index 0000000..faa51f8
--- /dev/null
+++ b/openshift/docker/scripts/install-xapian.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+set -ex
+
+XAPIAN_MODULES=( xapian-core xapian-bindings )
+XAPIAN_BINDINGS_CONFIGURE_ARGS=( --with-python3 )
+XAPIAN_BUILD_DIR="$(mktemp -d)"
+XAPIAN_GPG_KEY=08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
+XAPIAN_ROOT=/tmp/xapian-root
+
+export GNUPGHOME="$(mktemp -d)"
+
+found='';
+for server in \
+       ha.pool.sks-keyservers.net \
+       hkp://keyserver.ubuntu.com:80 \
+       hkp://p80.pool.sks-keyservers.net:80 \
+       pgp.mit.edu \
+; do
+       echo "Fetching GPG key $XAPIAN_GPG_KEY from $server"
+       if gpg --batch --keyserver "$server" --recv-keys "$XAPIAN_GPG_KEY"; then
+               found=yes
+               break
+       fi
+done;
+
+if test -z "$found"; then
+       echo >&2 "error: failed to fetch GPG key $XAPIAN_GPG_KEY"
+       exit 1
+fi
+
+pushd "${XAPIAN_BUILD_DIR}"
+pip install Sphinx
+
+for module in "${XAPIAN_MODULES[@]}"; do
+       wget -O "${module}".tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/${module}-$XAPIAN_VERSION.tar.xz";
+       wget -O "${module}".tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/${module}-$XAPIAN_VERSION.tar.xz.asc";
+
+       gpg --batch --verify "${module}".tar.xz.asc "${module}".tar.xz
+
+       mkdir -p "${XAPIAN_BUILD_DIR}/${module}"
+       tar -xJC "${XAPIAN_BUILD_DIR}/${module}" --strip-components=1 -f "${module}".tar.xz
+
+       pushd "${XAPIAN_BUILD_DIR}/${module}"
+
+       ARGUMENTS_VARIABLE="${module^^}_CONFIGURE_ARGS"
+       ARGUMENTS_VARIABLE="${ARGUMENTS_VARIABLE/-/_}[@]"
+
+       ./configure "${!ARGUMENTS_VARIABLE}"
+       make -j "$(nproc)"
+       make install
+       make DESTDIR="${XAPIAN_ROOT}" install
+
+       ldconfig
+
+       popd
+done
+
+if command -v gpgconf > /dev/null; then
+       gpgconf --kill all
+fi
+
+#pip freeze > "${XAPIAN_BUILD_DIR}"/pip.txt
+#pip uninstall -y -r "${XAPIAN_BUILD_DIR}"/pip.txt
+
+#rm -r "$GNUPGHOME" "${XAPIAN_BUILD_DIR}"
+#unset GNUPGHOME
+
+find "${XAPIAN_ROOT}" -depth \
+       \( \
+               \( -type d -a \( -name test -o -name tests \) \) \
+               -o \
+               \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
+       \) -print -exec rm -r '{}' \;
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]