ci: Use prebuilt Docker images

Don't waste precious CI time reinstalling/upgrading packages.

Most of the scripts here were taken from GLib's CI scripts, but adjusted
to deal with dependencies that might change between branches rather than
different distros.

3 files changed, 198 insertions, 0 deletions

diff --git a/.gitlab-ci/README.md b/.gitlab-ci/README.md
new file mode 100644
index 0000000..c5ca98c
--- /dev/null
+++ b/.gitlab-ci/README.md
@@ -0,0 +1,25 @@
+# CI support stuff
+
+## Docker image
+
+GitLab CI jobs run in a Docker image, defined here. To update that image
+(perhaps to install some more packages):
+
+1. Edit `.gitlab-ci/$BRANCH.Dockerfile` with the changes you want
+1. Run `.gitlab-ci/run-docker.sh build --branch=$BRANCH --version=1` to build
+   the new image (bump the version from the latest listed for the main branch)
+   https://gitlab.gnome.org/GNOME/libsecret/container_registry). If `--branch`
+   is not specified, it will use the default branch
+1. Run `.gitlab-ci/run-docker.sh push --branch=$BRANCH --version=1` to upload
+   the new image to the GNOME GitLab Docker registry
+    * If this is the first time you're doing this, you'll need to log into the
+      registry
+    * If you use 2-factor authentication on your GNOME GitLab account, you'll
+      need to [create a personal access token][pat] and use that rather than
+      your normal password — the token should have `read_registry` and
+      `write_registry` permissions
+1. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new
+   image
+
+[pat]: https://gitlab.gnome.org/-/profile/personal_access_tokens
+[cs]: https://scan.coverity.com/
diff --git a/.gitlab-ci/master.Dockerfile b/.gitlab-ci/master.Dockerfile
new file mode 100644
index 0000000..ee0c344
--- /dev/null
+++ b/.gitlab-ci/master.Dockerfile
@@ -0,0 +1,38 @@
+FROM fedora:34
+
+RUN dnf update -y \
+    && dnf install -y \
+           clang-analyzer \
+           cppcheck \
+           dbus-x11 \
+           docbook-style-xsl \
+           gettext \
+           gi-docgen \
+           git \
+           glib2-devel \
+           gobject-introspection-devel \
+           lcov \
+           libasan \
+           libubsan \
+           libgcrypt-devel \
+           libxslt \
+           meson \
+           python3-dbus \
+           python3-gobject \
+           redhat-rpm-config \
+           swtpm \
+           swtpm-tools \
+           tpm2-abrmd \
+           tpm2-tss-devel \
+           vala \
+           valgrind-devel \
+    && dnf clean all
+
+ARG HOST_USER_ID=5555
+ENV HOST_USER_ID ${HOST_USER_ID}
+RUN useradd -u $HOST_USER_ID -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8
diff --git a/.gitlab-ci/run-docker.sh b/.gitlab-ci/run-docker.sh
new file mode 100755
index 0000000..63cbacf
--- /dev/null
+++ b/.gitlab-ci/run-docker.sh
@@ -0,0 +1,135 @@
+#!/bin/bash
+
+read_arg() {
+    # $1 = arg name
+    # $2 = arg value
+    # $3 = arg parameter
+    local rematch='^[^=]*=(.*)$'
+    if [[ $2 =~ $rematch ]]; then
+        read -r "$1" <<< "${BASH_REMATCH[1]}"
+    else
+        read -r "$1" <<< "$3"
+        # There is no way to shift our callers args, so
+        # return 1 to indicate they should do it instead.
+        return 1
+    fi
+}
+
+if type -p podman &>/dev/null; then
+    # Using podman
+    DOCKER_CMD="podman"
+    # Docker is actually implemented by podman, and its OCI output
+    # is incompatible with some of the dockerd instances on GitLab
+    # CI runners.
+    export BUILDAH_FORMAT=docker
+elif getent group docker | grep -q "\b${USER}\b"; then
+    DOCKER_CMD="docker"
+else
+    DOCKER_CMD="sudo docker"
+fi
+
+set -e
+
+branch=""
+version=""
+build=0
+run=0
+push=0
+list=0
+print_help=0
+no_login=0
+
+while (($# > 0)); do
+    case "${1%%=*}" in
+        build) build=1;;
+        run) run=1;;
+        push) push=1;;
+        list) list=1;;
+        help) print_help=1;;
+        --branch|-b) read_arg branch "$@" || shift;;
+        --version|-v) read_arg version "$@" || shift;;
+        --no-login) no_login=1;;
+        *) echo -e "\\e[1;31mERROR\\e[0m: Unknown option '$1'"; exit 1;;
+    esac
+    shift
+done
+
+if [ $print_help == 1 ]; then
+    echo "$0 - Build and run Docker images"
+    echo ""
+    echo "Usage: $0 <command> [options] [basename]"
+    echo ""
+    echo "Available commands"
+    echo ""
+    echo "  build     - Build Docker image"
+    echo "  run       - Run Docker image"
+    echo "  push      - Push Docker image to the registry"
+    echo "  list      - List available images"
+    echo "  help      - This help message"
+    echo ""
+    exit 0
+fi
+
+cd "$(dirname "$0")"
+
+if [ $list == 1 ]; then
+    echo "Available Docker images:"
+    for f in *.Dockerfile; do
+        filename=$( basename -- "$f" )
+        basename="${filename%.*}"
+
+        echo -e "  \\e[1;39m$basename\\e[0m"
+    done
+    exit 0
+fi
+
+# We really need to know the branch name after this point
+if [[ -z "${branch}" ]]; then
+    branch=master
+fi
+
+DOCKERFILE="${branch}.Dockerfile"
+if [ ! -f "$DOCKERFILE" ]; then
+    echo -e "\\e[1;31mERROR\\e[0m: '$DOCKERFILE' not found"
+    exit 1
+fi
+
+if [ -z "${version}" ]; then
+    version="latest"
+else
+    version="v$version"
+fi
+
+TAG="registry.gitlab.gnome.org/gnome/libsecret/${branch}:${version}"
+
+if [ $build == 1 ]; then
+    echo -e "\\e[1;32mBUILDING\\e[0m: ${TAG} for branch '${branch}'"
+    $DOCKER_CMD build \
+        --build-arg HOST_USER_ID="$UID" \
+        --tag "${TAG}" \
+        --file "$DOCKERFILE" .
+    exit $?
+fi
+
+if [ $push == 1 ]; then
+    echo -e "\\e[1;32mPUSHING\\e[0m: ${TAG} for branch '${branch}'"
+
+    if [ $no_login == 0 ]; then
+        $DOCKER_CMD login registry.gitlab.gnome.org
+    fi
+
+    $DOCKER_CMD push "${TAG}"
+    exit $?
+fi
+
+if [ $run == 1 ]; then
+    echo -e "\\e[1;32mRUNNING\\e[0m: ${TAG} for branch '${branch}'"
+    $DOCKER_CMD run \
+        --rm \
+        --volume "$(pwd)/..:/home/user/app" \
+        --workdir "/home/user/app" \
+        --tty \
+        --interactive "${TAG}" \
+        bash
+    exit $?
+fi