diff options
| author | Florian Müllner <fmuellner@gnome.org> | 2023-03-16 19:01:45 +0100 |
|---|---|---|
| committer | Marge Bot <marge-bot@gnome.org> | 2023-05-16 18:20:42 +0000 |
| commit | a837285ae3d2fbede734c8c7119dc73f65c361ea (patch) | |
| tree | 892a816b52afc18d6e3006be3d483ce956c4e816 | |
| parent | 27617ef0a3187dc47669a889eea20f9396c7f3c5 (diff) | |
| download | gnome-shell-a837285ae3d2fbede734c8c7119dc73f65c361ea.tar.gz | |
ci: Produce toolbox images
Toolbox is a convenient option for development, but setting up
the image with all dependencies is annoying at best, in particular
later in the cycle when `dnf builddep` is likely insufficient.
To address that, produce toolbox images for main and stable branches
that are based on the regular CI image, and update them whenever
the image version is updated. This guarantees that all build- and
runtime dependencies are included.
Unsurprisingly, the script that produces the image draws heavily
from freedesktop's ci-templates. The most notable difference
(other than being neither distro-agnostic nor generic) is that
tag names are fixed (toolbox:main, toolbox:43 etc.) to make them
easier to consume.
Instead, whether an image needs rebuilding is based on a custom
label that records the base image that was used.
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2713>
| -rw-r--r-- | .gitlab-ci.yml | 13 | ||||
| -rwxr-xr-x | .gitlab-ci/build-toolbox-image.sh | 99 |
2 files changed, 111 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index db4a4a8b2..eb0d8f0e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,7 +13,7 @@ stages: - deploy default: - image: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0 + image: $MUTTER_CI_IMAGE # Cancel jobs if newer commits are pushed to the branch interruptible: true # Auto-retry jobs in case of infra failures @@ -26,6 +26,7 @@ default: - 'api_failure' variables: + MUTTER_CI_IMAGE: registry.gitlab.gnome.org/gnome/mutter/fedora/37:x86_64-2023-02-22.0 FDO_UPSTREAM_REPO: GNOME/gnome-shell BUNDLE: "extensions-git.flatpak" LINT_LOG: "eslint-report.xml" @@ -290,3 +291,13 @@ dist-tarball: - build/meson-dist/$CI_PROJECT_NAME-$CI_COMMIT_TAG.tar.xz rules: - if: '$CI_COMMIT_TAG' + +build-toolbox: + image: quay.io/freedesktop.org/ci-templates:container-build-base-2021-07-29.0 + stage: deploy + needs: [] + script: + - .gitlab-ci/build-toolbox-image.sh $MUTTER_CI_IMAGE + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == "GNOME"' + - if: '$CI_COMMIT_BRANCH =~ /^gnome-[0-9-]+$/ && $CI_PROJECT_NAMESPACE == "GNOME"' diff --git a/.gitlab-ci/build-toolbox-image.sh b/.gitlab-ci/build-toolbox-image.sh new file mode 100755 index 000000000..2e07cb131 --- /dev/null +++ b/.gitlab-ci/build-toolbox-image.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# vi: sw=2 ts=4 + +set -e + +die() { + echo "$@" >&2 + exit 1 +} + +check_image_base() { + local base=$( + skopeo inspect docker://$TOOLBOX_IMAGE 2>/dev/null | + jq -r '.Labels["org.opencontainers.image.base.name"]') + [[ "$base" == "$MUTTER_CI_IMAGE" ]] +} + +build_container() { + echo Building $TOOLBOX_IMAGE from $MUTTER_CI_IMAGE + + export BUILDAH_ISOLATION=chroot + export BUILDAH_FORMAT=docker + + local build_cntr=$(buildah from $MUTTER_CI_IMAGE) + local build_mnt=$(buildah mount $build_cntr) + + [[ -n "$build_mnt" && -n "$build_cntr" ]] || die "Failed to mount the container" + + local extra_packages=( + passwd # needed by toolbox + gdb + gnome-console # can't do without *some* terminal + flatpak-spawn # run host commands + flatpak # for host apps + abattis-cantarell-fonts # system font + gnome-backgrounds # no blank background! + ) + buildah run $build_cntr dnf config-manager --set-disabled '*-modular,*-openh264' + buildah run $build_cntr dnf install -y "${extra_packages[@]}" + buildah run $build_cntr dnf clean all + buildah run $build_cntr rm -rf /var/lib/cache/dnf + + # work around non-working pkexec + local fake_pkexec=$(mktemp) + cat > $fake_pkexec <<-'EOF' + #!/bin/sh + exec su -c "$*" + EOF + buildah copy --chmod 755 $build_cntr $fake_pkexec /usr/bin/pkexec + + # disable gnome-keyring activation: + # it either asks for unlocking the login keyring on startup, or it detects + # the running host daemon and doesn't export the object on the bus, which + # blocks the activating service until it hits the timeout + buildah run $build_cntr rm /usr/share/dbus-1/services/org.freedesktop.secrets.service + + local srcdir=$(realpath $(dirname $0)) + buildah copy --chmod 755 $build_cntr $srcdir/install-meson-project.sh /usr/libexec + + # include convenience script for updating mutter dependency + local update_mutter=$(mktemp) + cat > $update_mutter <<-EOF + #!/bin/sh + /usr/libexec/install-meson-project.sh https://gitlab.gnome.org/GNOME/mutter.git $MUTTER_BRANCH + EOF + buildah copy --chmod 755 $build_cntr $update_mutter /usr/bin/update-mutter + + buildah config --env HOME- \ + --label com.github.containers.toolbox=true \ + --label org.opencontainers.image.base.name=$MUTTER_CI_IMAGE \ + $build_cntr + + buildah commit $build_cntr $TOOLBOX_IMAGE +} + + +MUTTER_CI_IMAGE=$1 +MUTTER_BRANCH=${2:-$CI_COMMIT_BRANCH} + +TOOLBOX_IMAGE=$CI_REGISTRY_IMAGE/toolbox:${MUTTER_BRANCH#gnome-} + +[[ -n "$MUTTER_CI_IMAGE" && -n "$MUTTER_BRANCH" ]] || + die "Usage: $(basename $0) MUTTER_CI_IMAGE [MUTTER_BRANCH]" + +if [[ -z "$FORCE_REBUILD" ]]; then + if check_image_base; then + echo Image $TOOLBOX_IMAGE exists and is up to date. + exit 0 + fi +fi + +[[ -n "$CI_REGISTRY" && -n "$CI_REGISTRY_USER" && -n "$CI_REGISTRY_PASSWORD" ]] || + die "Insufficient information to log in." + +podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + +build_container + +podman push $TOOLBOX_IMAGE |