ci: Produce toolbox images
Toolbox is a convenient option for development, but setting up the image with all dependencies is annoying at best, in particular later in the cycle when `dnf builddep` is likely insufficient. To address that, produce toolbox images for main and stable branches that are based on the regular CI image, and update them whenever the image version is updated. This guarantees that all build- and runtime dependencies are included. Unsurprisingly, the script that produces the image draws heavily from freedesktop's ci-templates. The most notable difference (other than being neither distro-agnostic nor generic) is that tag names are fixed (toolbox:main, toolbox:43 etc.) to make them easier to consume. Instead, whether an image needs rebuilding is based on a custom label that records the base image that was used. Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2713>
This commit is contained in:
parent
27617ef0a3
commit
a837285ae3
@ -13,7 +13,7 @@ stages:
|
||||
- deploy
|
||||
|
||||
default:
|
||||
image: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0
|
||||
image: $MUTTER_CI_IMAGE
|
||||
# Cancel jobs if newer commits are pushed to the branch
|
||||
interruptible: true
|
||||
# Auto-retry jobs in case of infra failures
|
||||
@ -26,6 +26,7 @@ default:
|
||||
- 'api_failure'
|
||||
|
||||
variables:
|
||||
MUTTER_CI_IMAGE: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0
|
||||
FDO_UPSTREAM_REPO: GNOME/gnome-shell
|
||||
BUNDLE: "extensions-git.flatpak"
|
||||
LINT_LOG: "eslint-report.xml"
|
||||
@ -290,3 +291,13 @@ dist-tarball:
|
||||
- build/meson-dist/$CI_PROJECT_NAME-$CI_COMMIT_TAG.tar.xz
|
||||
rules:
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
|
||||
build-toolbox:
|
||||
image: quay.io/freedesktop.org/ci-templates:container-build-base-2021-07-29.0
|
||||
stage: deploy
|
||||
needs: []
|
||||
script:
|
||||
- .gitlab-ci/build-toolbox-image.sh $MUTTER_CI_IMAGE
|
||||
rules:
|
||||
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "GNOME"'
|
||||
- if: '$CI_COMMIT_BRANCH =~ /^gnome-[0-9-]+$/ && $CI_PROJECT_NAMESPACE == "GNOME"'
|
||||
|
99
.gitlab-ci/build-toolbox-image.sh
Executable file
99
.gitlab-ci/build-toolbox-image.sh
Executable file
@ -0,0 +1,99 @@
|
||||
#!/bin/bash
|
||||
# vi: sw=2 ts=4
|
||||
|
||||
set -e
|
||||
|
||||
die() {
|
||||
echo "$@" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
check_image_base() {
|
||||
local base=$(
|
||||
skopeo inspect docker://$TOOLBOX_IMAGE 2>/dev/null |
|
||||
jq -r '.Labels["org.opencontainers.image.base.name"]')
|
||||
[[ "$base" == "$MUTTER_CI_IMAGE" ]]
|
||||
}
|
||||
|
||||
build_container() {
|
||||
echo Building $TOOLBOX_IMAGE from $MUTTER_CI_IMAGE
|
||||
|
||||
export BUILDAH_ISOLATION=chroot
|
||||
export BUILDAH_FORMAT=docker
|
||||
|
||||
local build_cntr=$(buildah from $MUTTER_CI_IMAGE)
|
||||
local build_mnt=$(buildah mount $build_cntr)
|
||||
|
||||
[[ -n "$build_mnt" && -n "$build_cntr" ]] || die "Failed to mount the container"
|
||||
|
||||
local extra_packages=(
|
||||
passwd # needed by toolbox
|
||||
gdb
|
||||
gnome-console # can't do without *some* terminal
|
||||
flatpak-spawn # run host commands
|
||||
flatpak # for host apps
|
||||
abattis-cantarell-fonts # system font
|
||||
gnome-backgrounds # no blank background!
|
||||
)
|
||||
buildah run $build_cntr dnf config-manager --set-disabled '*-modular,*-openh264'
|
||||
buildah run $build_cntr dnf install -y "${extra_packages[@]}"
|
||||
buildah run $build_cntr dnf clean all
|
||||
buildah run $build_cntr rm -rf /var/lib/cache/dnf
|
||||
|
||||
# work around non-working pkexec
|
||||
local fake_pkexec=$(mktemp)
|
||||
cat > $fake_pkexec <<-'EOF'
|
||||
#!/bin/sh
|
||||
exec su -c "$*"
|
||||
EOF
|
||||
buildah copy --chmod 755 $build_cntr $fake_pkexec /usr/bin/pkexec
|
||||
|
||||
# disable gnome-keyring activation:
|
||||
# it either asks for unlocking the login keyring on startup, or it detects
|
||||
# the running host daemon and doesn't export the object on the bus, which
|
||||
# blocks the activating service until it hits the timeout
|
||||
buildah run $build_cntr rm /usr/share/dbus-1/services/org.freedesktop.secrets.service
|
||||
|
||||
local srcdir=$(realpath $(dirname $0))
|
||||
buildah copy --chmod 755 $build_cntr $srcdir/install-meson-project.sh /usr/libexec
|
||||
|
||||
# include convenience script for updating mutter dependency
|
||||
local update_mutter=$(mktemp)
|
||||
cat > $update_mutter <<-EOF
|
||||
#!/bin/sh
|
||||
/usr/libexec/install-meson-project.sh https://gitlab.gnome.org/GNOME/mutter.git $MUTTER_BRANCH
|
||||
EOF
|
||||
buildah copy --chmod 755 $build_cntr $update_mutter /usr/bin/update-mutter
|
||||
|
||||
buildah config --env HOME- \
|
||||
--label com.github.containers.toolbox=true \
|
||||
--label org.opencontainers.image.base.name=$MUTTER_CI_IMAGE \
|
||||
$build_cntr
|
||||
|
||||
buildah commit $build_cntr $TOOLBOX_IMAGE
|
||||
}
|
||||
|
||||
|
||||
MUTTER_CI_IMAGE=$1
|
||||
MUTTER_BRANCH=${2:-$CI_COMMIT_BRANCH}
|
||||
|
||||
TOOLBOX_IMAGE=$CI_REGISTRY_IMAGE/toolbox:${MUTTER_BRANCH#gnome-}
|
||||
|
||||
[[ -n "$MUTTER_CI_IMAGE" && -n "$MUTTER_BRANCH" ]] ||
|
||||
die "Usage: $(basename $0) MUTTER_CI_IMAGE [MUTTER_BRANCH]"
|
||||
|
||||
if [[ -z "$FORCE_REBUILD" ]]; then
|
||||
if check_image_base; then
|
||||
echo Image $TOOLBOX_IMAGE exists and is up to date.
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ -n "$CI_REGISTRY" && -n "$CI_REGISTRY_USER" && -n "$CI_REGISTRY_PASSWORD" ]] ||
|
||||
die "Insufficient information to log in."
|
||||
|
||||
podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
|
||||
build_container
|
||||
|
||||
podman push $TOOLBOX_IMAGE
|
Loading…
Reference in New Issue
Block a user