From 0ef4776a786d57705ac7cbfc8413b44a12b6a9be Mon Sep 17 00:00:00 2001 From: Niels De Graef Date: Sat, 14 Jan 2023 22:35:41 +0100 Subject: [PATCH] ci: Use prebuilt Docker images Don't waste precious CI time reinstalling/upgrading packages. Most of the scripts here were taken from GLib's CI scripts, but adjusted to deal with dependencies that might change between branches rather than different distros. --- .gitlab-ci.yml | 32 +-------- .gitlab-ci/README.md | 25 +++++++ .gitlab-ci/master.Dockerfile | 38 ++++++++++ .gitlab-ci/run-docker.sh | 135 +++++++++++++++++++++++++++++++++++ 4 files changed, 200 insertions(+), 30 deletions(-) create mode 100644 .gitlab-ci/README.md create mode 100644 .gitlab-ci/master.Dockerfile create mode 100755 .gitlab-ci/run-docker.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e32b0c3..300ddf3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,19 +1,15 @@ +image: registry.gitlab.gnome.org/gnome/libsecret/master:v1 + stages: - build - deploy variables: - DEPENDENCIES: dbus-x11 diffutils gcc gjs meson ninja-build python3-dbus python3-gobject redhat-rpm-config CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'" fedora:Werror: - image: fedora:34 stage: build before_script: - - dnf upgrade -y - - dnf install -y 'dnf-command(builddep)' - - dnf builddep -y libsecret - - dnf install -y $DEPENDENCIES - dbus-uuidgen --ensure script: - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false @@ -26,13 +22,8 @@ fedora:Werror: - _build/meson-logs/testlog.txt fedora:asan: - image: fedora:latest stage: build before_script: - - dnf upgrade -y - - dnf install -y 'dnf-command(builddep)' - - dnf builddep -y libsecret - - dnf install -y $DEPENDENCIES libasan - dbus-uuidgen --ensure script: - meson _build -Db_sanitize=address -Dgtk_doc=false @@ -46,13 +37,8 @@ fedora:asan: - _build/meson-logs/testlog.txt fedora:ubsan: - image: fedora:34 stage: build before_script: - - dnf upgrade -y - - dnf install -y 'dnf-command(builddep)' - - dnf builddep -y libsecret - - dnf install -y $DEPENDENCIES libubsan - dbus-uuidgen --ensure script: - meson _build -Db_sanitize=undefined -Dgtk_doc=false @@ -65,13 +51,8 @@ fedora:ubsan: - _build/meson-logs/testlog.txt fedora-static-analyzers/test: - image: fedora:34 stage: build before_script: - - dnf upgrade -y - - dnf install -y 'dnf-command(builddep)' - - dnf builddep -y libsecret - - dnf install -y $DEPENDENCIES clang-analyzer cppcheck - dbus-uuidgen --ensure script: - meson _build -Dgtk_doc=false @@ -83,14 +64,8 @@ fedora-static-analyzers/test: - _build/meson-logs/testlog.txt fedora:coverage: - image: fedora:34 stage: build before_script: - - dnf upgrade -y - - dnf install -y 'dnf-command(builddep)' - - dnf builddep -y libsecret - - dnf install -y $DEPENDENCIES swtpm swtpm-tools tpm2-abrmd tpm2-tss-devel - - dnf install -y $DEPENDENCIES lcov - dbus-uuidgen --ensure script: - meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false @@ -116,9 +91,6 @@ fedora:coverage: reference: stage: build - image: fedora:35 - before_script: - - dnf install -y $DEPENDENCIES gi-docgen gobject-introspection-devel libgcrypt-devel variables: MESON_ARGS: >- -Dgtk_doc=true diff --git a/.gitlab-ci/README.md b/.gitlab-ci/README.md new file mode 100644 index 0000000..c5ca98c --- /dev/null +++ b/.gitlab-ci/README.md @@ -0,0 +1,25 @@ +# CI support stuff + +## Docker image + +GitLab CI jobs run in a Docker image, defined here. To update that image +(perhaps to install some more packages): + +1. Edit `.gitlab-ci/$BRANCH.Dockerfile` with the changes you want +1. Run `.gitlab-ci/run-docker.sh build --branch=$BRANCH --version=1` to build + the new image (bump the version from the latest listed for the main branch) + https://gitlab.gnome.org/GNOME/libsecret/container_registry). If `--branch` + is not specified, it will use the default branch +1. Run `.gitlab-ci/run-docker.sh push --branch=$BRANCH --version=1` to upload + the new image to the GNOME GitLab Docker registry + * If this is the first time you're doing this, you'll need to log into the + registry + * If you use 2-factor authentication on your GNOME GitLab account, you'll + need to [create a personal access token][pat] and use that rather than + your normal password — the token should have `read_registry` and + `write_registry` permissions +1. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new + image + +[pat]: https://gitlab.gnome.org/-/profile/personal_access_tokens +[cs]: https://scan.coverity.com/ diff --git a/.gitlab-ci/master.Dockerfile b/.gitlab-ci/master.Dockerfile new file mode 100644 index 0000000..ee0c344 --- /dev/null +++ b/.gitlab-ci/master.Dockerfile @@ -0,0 +1,38 @@ +FROM fedora:34 + +RUN dnf update -y \ + && dnf install -y \ + clang-analyzer \ + cppcheck \ + dbus-x11 \ + docbook-style-xsl \ + gettext \ + gi-docgen \ + git \ + glib2-devel \ + gobject-introspection-devel \ + lcov \ + libasan \ + libubsan \ + libgcrypt-devel \ + libxslt \ + meson \ + python3-dbus \ + python3-gobject \ + redhat-rpm-config \ + swtpm \ + swtpm-tools \ + tpm2-abrmd \ + tpm2-tss-devel \ + vala \ + valgrind-devel \ + && dnf clean all + +ARG HOST_USER_ID=5555 +ENV HOST_USER_ID ${HOST_USER_ID} +RUN useradd -u $HOST_USER_ID -ms /bin/bash user + +USER user +WORKDIR /home/user + +ENV LANG C.UTF-8 diff --git a/.gitlab-ci/run-docker.sh b/.gitlab-ci/run-docker.sh new file mode 100755 index 0000000..63cbacf --- /dev/null +++ b/.gitlab-ci/run-docker.sh @@ -0,0 +1,135 @@ +#!/bin/bash + +read_arg() { + # $1 = arg name + # $2 = arg value + # $3 = arg parameter + local rematch='^[^=]*=(.*)$' + if [[ $2 =~ $rematch ]]; then + read -r "$1" <<< "${BASH_REMATCH[1]}" + else + read -r "$1" <<< "$3" + # There is no way to shift our callers args, so + # return 1 to indicate they should do it instead. + return 1 + fi +} + +if type -p podman &>/dev/null; then + # Using podman + DOCKER_CMD="podman" + # Docker is actually implemented by podman, and its OCI output + # is incompatible with some of the dockerd instances on GitLab + # CI runners. + export BUILDAH_FORMAT=docker +elif getent group docker | grep -q "\b${USER}\b"; then + DOCKER_CMD="docker" +else + DOCKER_CMD="sudo docker" +fi + +set -e + +branch="" +version="" +build=0 +run=0 +push=0 +list=0 +print_help=0 +no_login=0 + +while (($# > 0)); do + case "${1%%=*}" in + build) build=1;; + run) run=1;; + push) push=1;; + list) list=1;; + help) print_help=1;; + --branch|-b) read_arg branch "$@" || shift;; + --version|-v) read_arg version "$@" || shift;; + --no-login) no_login=1;; + *) echo -e "\\e[1;31mERROR\\e[0m: Unknown option '$1'"; exit 1;; + esac + shift +done + +if [ $print_help == 1 ]; then + echo "$0 - Build and run Docker images" + echo "" + echo "Usage: $0 [options] [basename]" + echo "" + echo "Available commands" + echo "" + echo " build - Build Docker image" + echo " run - Run Docker image" + echo " push - Push Docker image to the registry" + echo " list - List available images" + echo " help - This help message" + echo "" + exit 0 +fi + +cd "$(dirname "$0")" + +if [ $list == 1 ]; then + echo "Available Docker images:" + for f in *.Dockerfile; do + filename=$( basename -- "$f" ) + basename="${filename%.*}" + + echo -e " \\e[1;39m$basename\\e[0m" + done + exit 0 +fi + +# We really need to know the branch name after this point +if [[ -z "${branch}" ]]; then + branch=master +fi + +DOCKERFILE="${branch}.Dockerfile" +if [ ! -f "$DOCKERFILE" ]; then + echo -e "\\e[1;31mERROR\\e[0m: '$DOCKERFILE' not found" + exit 1 +fi + +if [ -z "${version}" ]; then + version="latest" +else + version="v$version" +fi + +TAG="registry.gitlab.gnome.org/gnome/libsecret/${branch}:${version}" + +if [ $build == 1 ]; then + echo -e "\\e[1;32mBUILDING\\e[0m: ${TAG} for branch '${branch}'" + $DOCKER_CMD build \ + --build-arg HOST_USER_ID="$UID" \ + --tag "${TAG}" \ + --file "$DOCKERFILE" . + exit $? +fi + +if [ $push == 1 ]; then + echo -e "\\e[1;32mPUSHING\\e[0m: ${TAG} for branch '${branch}'" + + if [ $no_login == 0 ]; then + $DOCKER_CMD login registry.gitlab.gnome.org + fi + + $DOCKER_CMD push "${TAG}" + exit $? +fi + +if [ $run == 1 ]; then + echo -e "\\e[1;32mRUNNING\\e[0m: ${TAG} for branch '${branch}'" + $DOCKER_CMD run \ + --rm \ + --volume "$(pwd)/..:/home/user/app" \ + --workdir "/home/user/app" \ + --tty \ + --interactive "${TAG}" \ + bash + exit $? +fi