Merge branch 'nielsdg/use-docker-images-for-ci' into 'master'

ci: Use prebuilt Docker images

See merge request GNOME/libsecret!114

.gitlab-ci.yml

@@ -1,19 +1,15 @@
+image: registry.gitlab.gnome.org/gnome/libsecret/master:v1
+
 stages:
   - build
   - deploy
 
 variables:
-  DEPENDENCIES: dbus-x11 diffutils gcc gjs meson ninja-build python3-dbus python3-gobject redhat-rpm-config
   CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"
 
 fedora:Werror:
-  image: fedora:34
   stage: build
   before_script:
-    - dnf upgrade -y
-    - dnf install -y 'dnf-command(builddep)'
-    - dnf builddep -y libsecret
-    - dnf install -y $DEPENDENCIES
     - dbus-uuidgen --ensure
   script:
     - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false
@@ -26,16 +22,11 @@ fedora:Werror:
       - _build/meson-logs/testlog.txt
 
 fedora:asan:
-  image: fedora:latest
   stage: build
   before_script:
-    - dnf upgrade -y
-    - dnf install -y 'dnf-command(builddep)'
-    - dnf builddep -y libsecret
-    - dnf install -y $DEPENDENCIES libasan
     - dbus-uuidgen --ensure
   script:
-    - meson _build -Db_sanitize=address -Dgtk_doc=false
+    - meson _build -Db_sanitize=address -Dgtk_doc=false -Dintrospection=false
     - meson compile -C _build
     - eval `dbus-launch --sh-syntax`
     - meson test -C _build
@@ -46,13 +37,8 @@ fedora:asan:
       - _build/meson-logs/testlog.txt
 
 fedora:ubsan:
-  image: fedora:34
   stage: build
   before_script:
-    - dnf upgrade -y
-    - dnf install -y 'dnf-command(builddep)'
-    - dnf builddep -y libsecret
-    - dnf install -y $DEPENDENCIES libubsan
     - dbus-uuidgen --ensure
   script:
     - meson _build -Db_sanitize=undefined -Dgtk_doc=false
@@ -65,13 +51,8 @@ fedora:ubsan:
       - _build/meson-logs/testlog.txt
 
 fedora-static-analyzers/test:
-  image: fedora:34
   stage: build
   before_script:
-    - dnf upgrade -y
-    - dnf install -y 'dnf-command(builddep)'
-    - dnf builddep -y libsecret
-    - dnf install -y $DEPENDENCIES clang-analyzer cppcheck
     - dbus-uuidgen --ensure
   script:
     - meson _build -Dgtk_doc=false
@@ -83,14 +64,8 @@ fedora-static-analyzers/test:
       - _build/meson-logs/testlog.txt
 
 fedora:coverage:
-  image: fedora:34
   stage: build
   before_script:
-    - dnf upgrade -y
-    - dnf install -y 'dnf-command(builddep)'
-    - dnf builddep -y libsecret
-    - dnf install -y $DEPENDENCIES swtpm swtpm-tools tpm2-abrmd tpm2-tss-devel
-    - dnf install -y $DEPENDENCIES lcov
     - dbus-uuidgen --ensure
   script:
     - meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false
@@ -116,9 +91,6 @@ fedora:coverage:
 
 reference:
   stage: build
-  image: fedora:35
-  before_script:
-    - dnf install -y $DEPENDENCIES gi-docgen gobject-introspection-devel libgcrypt-devel
   variables:
     MESON_ARGS: >-
       -Dgtk_doc=true

.gitlab-ci/README.md

@@ -0,0 +1,25 @@
+# CI support stuff
+
+## Docker image
+
+GitLab CI jobs run in a Docker image, defined here. To update that image
+(perhaps to install some more packages):
+
+1. Edit `.gitlab-ci/$BRANCH.Dockerfile` with the changes you want
+1. Run `.gitlab-ci/run-docker.sh build --branch=$BRANCH --version=1` to build
+   the new image (bump the version from the latest listed for the main branch)
+   https://gitlab.gnome.org/GNOME/libsecret/container_registry). If `--branch`
+   is not specified, it will use the default branch
+1. Run `.gitlab-ci/run-docker.sh push --branch=$BRANCH --version=1` to upload
+   the new image to the GNOME GitLab Docker registry
+    * If this is the first time you're doing this, you'll need to log into the
+      registry
+    * If you use 2-factor authentication on your GNOME GitLab account, you'll
+      need to [create a personal access token][pat] and use that rather than
+      your normal password — the token should have `read_registry` and
+      `write_registry` permissions
+1. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new
+   image
+
+[pat]: https://gitlab.gnome.org/-/profile/personal_access_tokens
+[cs]: https://scan.coverity.com/

.gitlab-ci/master.Dockerfile

@@ -0,0 +1,38 @@
+FROM fedora:34
+
+RUN dnf update -y \
+    && dnf install -y \
+           clang-analyzer \
+           cppcheck \
+           dbus-x11 \
+           docbook-style-xsl \
+           gettext \
+           gi-docgen \
+           git \
+           glib2-devel \
+           gobject-introspection-devel \
+           lcov \
+           libasan \
+           libubsan \
+           libgcrypt-devel \
+           libxslt \
+           meson \
+           python3-dbus \
+           python3-gobject \
+           redhat-rpm-config \
+           swtpm \
+           swtpm-tools \
+           tpm2-abrmd \
+           tpm2-tss-devel \
+           vala \
+           valgrind-devel \
+    && dnf clean all
+
+ARG HOST_USER_ID=5555
+ENV HOST_USER_ID ${HOST_USER_ID}
+RUN useradd -u $HOST_USER_ID -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8

.gitlab-ci/run-docker.sh

@@ -0,0 +1,135 @@
+#!/bin/bash
+
+read_arg() {
+    # $1 = arg name
+    # $2 = arg value
+    # $3 = arg parameter
+    local rematch='^[^=]*=(.*)$'
+    if [[ $2 =~ $rematch ]]; then
+        read -r "$1" <<< "${BASH_REMATCH[1]}"
+    else
+        read -r "$1" <<< "$3"
+        # There is no way to shift our callers args, so
+        # return 1 to indicate they should do it instead.
+        return 1
+    fi
+}
+
+if type -p podman &>/dev/null; then
+    # Using podman
+    DOCKER_CMD="podman"
+    # Docker is actually implemented by podman, and its OCI output
+    # is incompatible with some of the dockerd instances on GitLab
+    # CI runners.
+    export BUILDAH_FORMAT=docker
+elif getent group docker | grep -q "\b${USER}\b"; then
+    DOCKER_CMD="docker"
+else
+    DOCKER_CMD="sudo docker"
+fi
+
+set -e
+
+branch=""
+version=""
+build=0
+run=0
+push=0
+list=0
+print_help=0
+no_login=0
+
+while (($# > 0)); do
+    case "${1%%=*}" in
+        build) build=1;;
+        run) run=1;;
+        push) push=1;;
+        list) list=1;;
+        help) print_help=1;;
+        --branch|-b) read_arg branch "$@" || shift;;
+        --version|-v) read_arg version "$@" || shift;;
+        --no-login) no_login=1;;
+        *) echo -e "\\e[1;31mERROR\\e[0m: Unknown option '$1'"; exit 1;;
+    esac
+    shift
+done
+
+if [ $print_help == 1 ]; then
+    echo "$0 - Build and run Docker images"
+    echo ""
+    echo "Usage: $0 <command> [options] [basename]"
+    echo ""
+    echo "Available commands"
+    echo ""
+    echo "  build     - Build Docker image"
+    echo "  run       - Run Docker image"
+    echo "  push      - Push Docker image to the registry"
+    echo "  list      - List available images"
+    echo "  help      - This help message"
+    echo ""
+    exit 0
+fi
+
+cd "$(dirname "$0")"
+
+if [ $list == 1 ]; then
+    echo "Available Docker images:"
+    for f in *.Dockerfile; do
+        filename=$( basename -- "$f" )
+        basename="${filename%.*}"
+
+        echo -e "  \\e[1;39m$basename\\e[0m"
+    done
+    exit 0
+fi
+
+# We really need to know the branch name after this point
+if [[ -z "${branch}" ]]; then
+    branch=master
+fi
+
+DOCKERFILE="${branch}.Dockerfile"
+if [ ! -f "$DOCKERFILE" ]; then
+    echo -e "\\e[1;31mERROR\\e[0m: '$DOCKERFILE' not found"
+    exit 1
+fi
+
+if [ -z "${version}" ]; then
+    version="latest"
+else
+    version="v$version"
+fi
+
+TAG="registry.gitlab.gnome.org/gnome/libsecret/${branch}:${version}"
+
+if [ $build == 1 ]; then
+    echo -e "\\e[1;32mBUILDING\\e[0m: ${TAG} for branch '${branch}'"
+    $DOCKER_CMD build \
+        --build-arg HOST_USER_ID="$UID" \
+        --tag "${TAG}" \
+        --file "$DOCKERFILE" .
+    exit $?
+fi
+
+if [ $push == 1 ]; then
+    echo -e "\\e[1;32mPUSHING\\e[0m: ${TAG} for branch '${branch}'"
+
+    if [ $no_login == 0 ]; then
+        $DOCKER_CMD login registry.gitlab.gnome.org
+    fi
+
+    $DOCKER_CMD push "${TAG}"
+    exit $?
+fi
+
+if [ $run == 1 ]; then
+    echo -e "\\e[1;32mRUNNING\\e[0m: ${TAG} for branch '${branch}'"
+    $DOCKER_CMD run \
+        --rm \
+        --volume "$(pwd)/..:/home/user/app" \
+        --workdir "/home/user/app" \
+        --tty \
+        --interactive "${TAG}" \
+        bash
+    exit $?
+fi