--- /dev/null
+artifactory-cleanup:
+ server: https://bart.sec.samsung.net/artifactory/
+
+ # $VAR is auto populated from environment variables (but only here)
+ user: $BART_ID
+ password: $BART_KEY
+
+ policies:
+ - name: Remove old images
+ rules:
+ - rule: Repo
+ name: tizen-system-upgrade-tools-docker-local
+ - rule: DeleteDockerImagesOlderThan
+ days: 30
--- /dev/null
+name: Build Docker environment image
+
+on:
+ push:
+ branches: [tizen]
+ pull_request:
+ workflow_dispatch:
+ schedule:
+ - cron: "0 0 * * 0"
+
+env:
+ REGISTRY: tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net
+ IMAGE_NAME: upgrade-tools
+
+jobs:
+ build:
+ runs-on:
+ - code-linux
+ - code-default
+
+ steps:
+ - name: Prepare environment variables
+ run: |
+ # Docker FROM image registry
+ FROM_IMAGE_NAMESPACE=$([ "${{ github.server_url }}" == "https://github.sec.samsung.net" ] && echo "docker-remote.bart.sec.samsung.net" || echo "library" )
+ echo "BUILD_ARGS=FROM_IMAGE_NAMESPACE=${FROM_IMAGE_NAMESPACE=}" >> ${GITHUB_ENV}
+
+ # Docker image tag name
+ GITHUB_REF=${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}
+ if [ "${GITHUB_REF}" == "latest" ]; then
+ echo "::error::Branch name clash with `latest` tag."
+ exit 1
+ fi
+ DOCKER_TAG=$([ "${GITHUB_REF}" == "tizen" ] && echo latest || echo ${GITHUB_REF})
+
+ # Docker image name
+ echo "CACHE_IMAGE_NAME=type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache" >> ${GITHUB_ENV}
+ echo "FULL_IMAGE_NAME=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${DOCKER_TAG}" >> ${GITHUB_ENV}
+
+ - name: Checkout sources
+ uses: code-actions/checkout@v4
+
+ - name: Set up Docker Buildx
+ id: buildx
+ uses: code-actions/docker-setup-buildx-action@v2
+
+ - name: Log in to BART
+ uses: code-actions/docker-login-action@v3
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ secrets.BART_ID }}
+ password: ${{ secrets.BART_KEY }}
+
+ - if: ${{ github.event_name == 'schedule' }}
+ name: Build and Push Docker image (on schedule)
+ uses: code-actions/docker-build-push-action@v5
+ with:
+ pull: true
+ build-args: ${{ env.BUILD_ARGS }}
+ tags: ${{ env.FULL_IMAGE_NAME }}
+ cache-to: ${{ env.CACHE_IMAGE_NAME }},mode=max
+ push: true
+
+ - if: ${{ github.event_name != 'schedule' }}
+ name: Build and Push Docker image (on push)
+ uses: code-actions/docker-build-push-action@v5
+ with:
+ pull: true
+ build-args: ${{ env.BUILD_ARGS }}
+ tags: ${{ env.FULL_IMAGE_NAME }}
+ cache-from: ${{ env.CACHE_IMAGE_NAME }}
+ cache-to: ${{ env.CACHE_IMAGE_NAME }},mode=max
+ push: true
+
+ - name: Add image name to notice
+ run: echo "::notice title="Image built and pushed to BART"::${{ env.FULL_IMAGE_NAME }}"
+ - if: github.event_name == 'pull_request'
+ name: Push image name as a PR comment
+ uses: code-actions/github-script@v6
+ with:
+ script: |
+ github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: "Docker image built and pushed to BART as ${{ env.FULL_IMAGE_NAME }}"
+ })
+
+ cleanup:
+ runs-on:
+ - code-linux
+ - code-default
+ container:
+ image: devopshq/artifactory-cleanup
+
+ steps:
+ - name: Checkout sources
+ uses: code-actions/checkout@v4
+
+ - name: Cleanup Docker images
+ run: artifactory-cleanup --config .github/docker-build-cleanup.yml --destroy
+ env:
+ BART_ID: ${{ secrets.BART_ID }}
+ BART_KEY: ${{ secrets.BART_KEY }}
# syntax=docker/dockerfile-upstream:master-labs
# Stage 1: bsdiff build image
-FROM docker-remote.bart.sec.samsung.net/ubuntu:20.04 as build
+
+ARG FROM_IMAGE_NAMESPACE=library
+# Alternatively "docker-remote.bart.sec.samsung.net".
+
+FROM ${FROM_IMAGE_NAMESPACE}/ubuntu:20.04 as build
COPY bsdiff /bsdiff
RUN apt-get update \
&& make install
# Stage 2: upgrade-tools image
-FROM docker-remote.bart.sec.samsung.net/ubuntu:20.04
+FROM ${FROM_IMAGE_NAMESPACE}/ubuntu:20.04
RUN apt-get update \
&& DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
This functionality does NOT support official signing & validation method.
This means it requires proper mechanism for binary validation offered by each
manufacturers.
+
+
+## Docker environment
+
+OS Upgrade tools have a dedicated Docker environment image, which can be used
+for local OS Upgrade image creation, as well as for CI.
+
+The image can be either built by executing `docker-build.sh` script or by
+pulling the image from BART registry.
+
+### Using BART registry (recommended)
+
+The Docker image is built in
+[`docker-build`](./.github/workflows/docker-build.yml) workflow in this
+repository. It is stored in BART Docker registry as
+`tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools`.
+
+For the default branch (`tizen`), an image with tag `latest` is generated. In
+case a PR on GitHub is submitted, Docker image with tag name derived from the
+git branch name is pushed to the registry in order to test the delta image
+generation by the new image. For example, for a PR from branch `ghactions`,
+there will be image called
+`tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:ghactions`.
+
+You can pull the image by executing the following commands:
+
+```shell
+# Needs to be executed only once:
+$ docker login tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net
+Username: <BART ID>
+Password: <BART Identity Key>
+Login Succeeded
+$ docker pull tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:<Docker tag>
+```
+
+- BART ID – username used as BART login.
+- BART Identity Key – identity key for your account which can be generated
+ [here](https://bart.sec.samsung.net/ui/user_profile).
+- Docker tag – `latest` for the default image, or PR-specific tag name.
+
+### Local image build
+
+First, ensure that you have the latest Docker with BuildKit enabled (version 23
+and above), as the image requires some extensions which were enabled recently.
+It is advised to use the [official Docker
+CE](https://docs.docker.com/engine/install/). It is not requried to have the
+*Docker Desktop* – `docker-ce` package is enough. Distro-provided Docker package
+may or may not work, and this setup is not directly supported. BuildKit is
+enabled by default from version 23 of Docker Engine, but [can be explicitly
+enabled](https://docs.docker.com/build/buildkit/#getting-started) for some
+older versions.
+
+By default, the FROM image is taken from the official Docker Hub (i.e.,
+`library` namespace). If you want to source it from BART, export
+`FROM_IMAGE_NAMESPACE=docker-remote.bart.sec.samsung.net` as environment
+variable before executing the build script.
+
+To build the Docker image locally, execute:
+
+```shell
+$ ./docker-build.sh
+```
+
+### Delta generation in Docker environment
+
+Save input tar.gz images in `images/old` and `images/new`. Once you have the
+Docker image pulled or built, you can execute delta image generation in the
+following manner:
+
+```shell
+$ TARGET=rpi4
+$ docker run --privileged=true \
+ -v $(pwd)/images/old:/tota-upg/mk_delta/$TARGET/data/old_tar:ro \
+ -v $(pwd)/images/new:/tota-upg/mk_delta/$TARGET/data/new_tar:ro \
+ -v $(pwd)/images/result:/tota-upg/mk_delta/$TARGET/result \
+ tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools \
+ /tota-upg/scripts/delta-generation.sh /tota-upg/ $TARGET
+```
+
+Generated delta images will be stored in `images/result`.
DOCKER_ARGS="${DOCKER_ARGS} --build-arg CFG_GIT_BRANCH="${DOCKER_CFG_GIT_BRANCH}""
fi
-exec docker build ${DOCKER_ARGS} -t upgrade-tools:latest .
+exec docker build ${DOCKER_ARGS} \
+ --build-arg FROM_IMAGE_NAMESPACE=${FROM_IMAGE_NAMESPACE:-library} \
+ -t tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:latest .