From a837285ae3d2fbede734c8c7119dc73f65c361ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Thu, 16 Mar 2023 19:01:45 +0100 Subject: [PATCH] ci: Produce toolbox images Toolbox is a convenient option for development, but setting up the image with all dependencies is annoying at best, in particular later in the cycle when `dnf builddep` is likely insufficient. To address that, produce toolbox images for main and stable branches that are based on the regular CI image, and update them whenever the image version is updated. This guarantees that all build- and runtime dependencies are included. Unsurprisingly, the script that produces the image draws heavily from freedesktop's ci-templates. The most notable difference (other than being neither distro-agnostic nor generic) is that tag names are fixed (toolbox:main, toolbox:43 etc.) to make them easier to consume. Instead, whether an image needs rebuilding is based on a custom label that records the base image that was used. Part-of: --- .gitlab-ci.yml | 13 +++- .gitlab-ci/build-toolbox-image.sh | 99 +++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+), 1 deletion(-) create mode 100755 .gitlab-ci/build-toolbox-image.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index db4a4a8b2..eb0d8f0e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,7 +13,7 @@ stages: - deploy default: - image: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0 + image: $MUTTER_CI_IMAGE # Cancel jobs if newer commits are pushed to the branch interruptible: true # Auto-retry jobs in case of infra failures @@ -26,6 +26,7 @@ default: - 'api_failure' variables: + MUTTER_CI_IMAGE: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0 FDO_UPSTREAM_REPO: GNOME/gnome-shell BUNDLE: "extensions-git.flatpak" LINT_LOG: "eslint-report.xml" @@ -290,3 +291,13 @@ dist-tarball: - build/meson-dist/$CI_PROJECT_NAME-$CI_COMMIT_TAG.tar.xz rules: - if: '$CI_COMMIT_TAG' + +build-toolbox: + image: quay.io/freedesktop.org/ci-templates:container-build-base-2021-07-29.0 + stage: deploy + needs: [] + script: + - .gitlab-ci/build-toolbox-image.sh $MUTTER_CI_IMAGE + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "GNOME"' + - if: '$CI_COMMIT_BRANCH =~ /^gnome-[0-9-]+$/ && $CI_PROJECT_NAMESPACE == "GNOME"' diff --git a/.gitlab-ci/build-toolbox-image.sh b/.gitlab-ci/build-toolbox-image.sh new file mode 100755 index 000000000..2e07cb131 --- /dev/null +++ b/.gitlab-ci/build-toolbox-image.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# vi: sw=2 ts=4 + +set -e + +die() { + echo "$@" >&2 + exit 1 +} + +check_image_base() { + local base=$( + skopeo inspect docker://$TOOLBOX_IMAGE 2>/dev/null | + jq -r '.Labels["org.opencontainers.image.base.name"]') + [[ "$base" == "$MUTTER_CI_IMAGE" ]] +} + +build_container() { + echo Building $TOOLBOX_IMAGE from $MUTTER_CI_IMAGE + + export BUILDAH_ISOLATION=chroot + export BUILDAH_FORMAT=docker + + local build_cntr=$(buildah from $MUTTER_CI_IMAGE) + local build_mnt=$(buildah mount $build_cntr) + + [[ -n "$build_mnt" && -n "$build_cntr" ]] || die "Failed to mount the container" + + local extra_packages=( + passwd # needed by toolbox + gdb + gnome-console # can't do without *some* terminal + flatpak-spawn # run host commands + flatpak # for host apps + abattis-cantarell-fonts # system font + gnome-backgrounds # no blank background! + ) + buildah run $build_cntr dnf config-manager --set-disabled '*-modular,*-openh264' + buildah run $build_cntr dnf install -y "${extra_packages[@]}" + buildah run $build_cntr dnf clean all + buildah run $build_cntr rm -rf /var/lib/cache/dnf + + # work around non-working pkexec + local fake_pkexec=$(mktemp) + cat > $fake_pkexec <<-'EOF' + #!/bin/sh + exec su -c "$*" + EOF + buildah copy --chmod 755 $build_cntr $fake_pkexec /usr/bin/pkexec + + # disable gnome-keyring activation: + # it either asks for unlocking the login keyring on startup, or it detects + # the running host daemon and doesn't export the object on the bus, which + # blocks the activating service until it hits the timeout + buildah run $build_cntr rm /usr/share/dbus-1/services/org.freedesktop.secrets.service + + local srcdir=$(realpath $(dirname $0)) + buildah copy --chmod 755 $build_cntr $srcdir/install-meson-project.sh /usr/libexec + + # include convenience script for updating mutter dependency + local update_mutter=$(mktemp) + cat > $update_mutter <<-EOF + #!/bin/sh + /usr/libexec/install-meson-project.sh https://gitlab.gnome.org/GNOME/mutter.git $MUTTER_BRANCH + EOF + buildah copy --chmod 755 $build_cntr $update_mutter /usr/bin/update-mutter + + buildah config --env HOME- \ + --label com.github.containers.toolbox=true \ + --label org.opencontainers.image.base.name=$MUTTER_CI_IMAGE \ + $build_cntr + + buildah commit $build_cntr $TOOLBOX_IMAGE +} + + +MUTTER_CI_IMAGE=$1 +MUTTER_BRANCH=${2:-$CI_COMMIT_BRANCH} + +TOOLBOX_IMAGE=$CI_REGISTRY_IMAGE/toolbox:${MUTTER_BRANCH#gnome-} + +[[ -n "$MUTTER_CI_IMAGE" && -n "$MUTTER_BRANCH" ]] || + die "Usage: $(basename $0) MUTTER_CI_IMAGE [MUTTER_BRANCH]" + +if [[ -z "$FORCE_REBUILD" ]]; then + if check_image_base; then + echo Image $TOOLBOX_IMAGE exists and is up to date. + exit 0 + fi +fi + +[[ -n "$CI_REGISTRY" && -n "$CI_REGISTRY_USER" && -n "$CI_REGISTRY_PASSWORD" ]] || + die "Insufficient information to log in." + +podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + +build_container + +podman push $TOOLBOX_IMAGE