# e.g. fedora:29@build-default
stages:
+ - bootstrapping # creates the initial container image (optional)
- container_check # check if the current container images are up to date
- container_prep # rebuild the container images if previous step failed
- build # for actually building things
MESON_BUILDDIR: "build dir"
NINJA_ARGS: 'test'
MESON_ARGS: ''
- FEDORA_CONTAINER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/fedora/$FEDORA_VERSION
- UBUNTU_CONTAINER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/ubuntu/$UBUNTU_VERSION
- ARCH_CONTAINER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/arch/rolling
- FREEBSD_CONTAINER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/freebsd/11.2
+ # We do not use CI_PROJECT_NAMESPACE or CI_REGISTRY_IMAGE because we want
+ # forks to use these particular images
+ PROJECT_NAMESPACE: libinput
+ FEDORA_CONTAINER_IMAGE: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/fedora/$FEDORA_VERSION
+ UBUNTU_CONTAINER_IMAGE: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/ubuntu/$UBUNTU_VERSION
+ ARCH_CONTAINER_IMAGE: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/arch/rolling
+ FREEBSD_CONTAINER_IMAGE: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/freebsd/11.2
# Until we have a VM with full access, we cannot run the test suite runner
SKIP_LIBINPUT_TEST_SUITE_RUNNER: 1
# udev isn't available/working properly in the containers
UDEV_NOT_AVAILABLE: 1
- # When using docker-in-docker (dind), it's wise to use the overlayfs driver
- # for improved performance.
- DOCKER_DRIVER: overlay2
GIT_DEPTH: 1
.default_artifacts: &default_artifacts
#################################################################
# #
+# bootstrapping stage #
+# #
+#################################################################
+
+# we need a minimalist image capable of buildah, podman, skopeo, curl,
+# jq, date and test. Instead of using a full fedora and install the
+# dependencies, we can build an alpine container through buildah with
+# the script at `ci/bootstrap.sh`
+bootstrap:
+ stage: bootstrapping
+ when: manual
+ image: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
+ script:
+ - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+ - bash ci/bootstrap.sh $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
+ - podman images
+ - podman push --quiet $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
+ # add an extra tag to the docker registry:
+ - skopeo copy docker://$CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest docker://$CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:$CI_JOB_ID
+ <<: *restrict_container_creation
+
+#################################################################
+# #
# container check stage #
# #
#################################################################
-# we need a minimalist image capable of skopeo, curl, jq, date and
-# test. Instead of using a full fedora and install the dependencies,
-# we can build an alpine container through buildah with the following
-# script:
-# -----
-# #!/bin/bash
-#
-# # build container
-#
-# buildcntr1=$(buildah from golang:alpine)
-# buildmnt1=$(buildah mount $buildcntr1)
-#
-# buildah run $buildcntr1 apk add --update \
-# --no-cache \
-# --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \
-# --allow-untrusted \
-# git make gcc musl-dev glib-dev ostree-dev \
-# gpgme-dev linux-headers btrfs-progs-dev \
-# libselinux-dev lvm2-dev
-# buildah run $buildcntr1 git clone https://github.com/projectatomic/skopeo.git /go/src/skopeo
-# buildah config --workingdir /go/src/skopeo $buildcntr1
-# buildah run $buildcntr1 go get -d -v ./...
-# buildah run $buildcntr1 make binary-local
-#
-#
-# buildcntr2=$(buildah from alpine:latest)
-# buildmnt2=$(buildah mount $buildcntr2)
-# buildah run $buildcntr2 apk add --update \
-# --no-cache \
-# --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \
-# --allow-untrusted \
-# jq curl glib gpgme ostree lvm2 libselinux
-# cp $buildmnt1/go/src/skopeo/skopeo $buildmnt2/usr/bin/skopeo
-#
-# buildah unmount $buildcntr2
-# buildah commit $buildcntr2 container://registry.freedesktop.org/libinput/libinput/skopeo:latest
-#
-# #clean up build
-#
-# buildah rm $buildcntr1 $buildcntr2
-# -----
.container-check: &container_check
stage: container_check
- image: registry.freedesktop.org/libinput/libinput/skopeo:latest
+ image: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
script:
# get the full container image name (CURRENT_CONTAINER_IMAGE still has indirections)
- CONTAINER_IMAGE=$(eval echo "$CURRENT_CONTAINER_IMAGE")
# check if image is less than a week old
- test $(($IMG_SECS + 604800)) -gt $TODAY_SECS
-
# export an artefact telling the next stage that the image is valid
- touch .img_ready
artifacts:
# stage had a build failure, i.e. the image is too old or if it is
# missing some dependencies.
#
-.fedora@container-prep: &fedora_container_prep
+
+.container-prep:
stage: container_prep
- image: docker:stable
- services:
- - docker:dind
- script:
+ image: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
+ before_script:
# if the check was successful, we just skip recreating the container image
- test -e .img_ready && exit 0
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # create a Dockerfile with our dependencies
- - echo "FROM fedora:$FEDORA_VERSION" > Dockerfile
- - echo "WORKDIR /app" >> Dockerfile
- - echo "RUN dnf upgrade -y ; dnf clean all" >> Dockerfile
- - echo "RUN dnf install -y $FEDORA_RPMS ; dnf clean all" >> Dockerfile
-
- # create the docker image
- - docker build --tag $FEDORA_CONTAINER_IMAGE:latest --tag $FEDORA_CONTAINER_IMAGE:$CI_JOB_ID .
-
- # push the docker image to the libinput registry
- - docker push $FEDORA_CONTAINER_IMAGE:latest
- - docker push $FEDORA_CONTAINER_IMAGE:$CI_JOB_ID
+ # log in to the registry
+ - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
<<: *restrict_container_creation
+.fedora@container-prep: &fedora_container_prep
+ extends: .container-prep
+ script:
+ - buildcntr=$(buildah from --quiet fedora:$FEDORA_VERSION)
+ - buildah run $buildcntr dnf upgrade -y
+ - buildah run $buildcntr dnf install -y $FEDORA_RPMS
+ - buildah run $buildcntr dnf clean all
+ - buildah config --workingdir /app $buildcntr
+ # tag the current container
+ - buildah commit --quiet $buildcntr $FEDORA_CONTAINER_IMAGE:latest
+ # clean up the working container
+ - buildah rm $buildcntr
+
+ # push the container image to the libinput registry
+ - podman push --quiet $FEDORA_CONTAINER_IMAGE:latest
+ - skopeo copy docker://$FEDORA_CONTAINER_IMAGE:latest docker://$FEDORA_CONTAINER_IMAGE:$CI_JOB_ID
+
fedora:28@container-prep:
variables:
GIT_STRATEGY: none
# Note: we can not use $FEDORA_VERSION here
- fedora:29@container-check
-# FIXME: we should clean up the apt cache between each run
.ubuntu@container-prep: &ubuntu_container_prep
- stage: container_prep
- image: docker:stable
- services:
- - docker:dind
+ extends: .container-prep
script:
- # if the check was successful, we just skip recreating the container image
- - test -e .img_ready && exit 0
-
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # create a Dockerfile with our dependencies
- - echo "FROM ubuntu:$UBUNTU_VERSION" > Dockerfile
- - echo "WORKDIR /app" >> Dockerfile
- - echo "RUN DEBIAN_FRONTEND=noninteractive apt-get update" >> Dockerfile
- - echo "RUN DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common" >> Dockerfile
- - echo "RUN DEBIAN_FRONTEND=noninteractive add-apt-repository universe" >> Dockerfile
- - echo "RUN DEBIAN_FRONTEND=noninteractive apt-get update" >> Dockerfile
- - echo "RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $UBUNTU_DEBS" >> Dockerfile
-
- # create the docker image
- - docker build --tag $UBUNTU_CONTAINER_IMAGE:latest --tag $UBUNTU_CONTAINER_IMAGE:$CI_JOB_ID .
-
- # push the docker image to the libinput registry
- - docker push $UBUNTU_CONTAINER_IMAGE:latest
- - docker push $UBUNTU_CONTAINER_IMAGE:$CI_JOB_ID
- <<: *restrict_container_creation
+ - buildcntr=$(buildah from --quiet ubuntu:$UBUNTU_VERSION)
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive apt-get update
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive add-apt-repository universe
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive apt-get update
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive apt-get install -y $UBUNTU_DEBS
+ - buildah run $buildcntr env DEBIAN_FRONTEND=noninteractive apt-get clean
+ - buildah config --workingdir /app $buildcntr
+ # tag the current container
+ - buildah commit --quiet $buildcntr $UBUNTU_CONTAINER_IMAGE:latest
+ # clean up the working container
+ - buildah rm $buildcntr
+
+ # push the container image to the libinput registry
+ - podman push --quiet $UBUNTU_CONTAINER_IMAGE:latest
+ - skopeo copy docker://$UBUNTU_CONTAINER_IMAGE:latest docker://$UBUNTU_CONTAINER_IMAGE:$CI_JOB_ID
ubuntu:17.10@container-prep:
+ extends: .ubuntu@container-prep
variables:
GIT_STRATEGY: none
UBUNTU_VERSION: "17.10"
- ubuntu:18.04@container-check
.arch@container-prep: &arch_container_prep
- stage: container_prep
- image: docker:stable
- services:
- - docker:dind
+ extends: .container-prep
script:
- # if the check was successful, we just skip recreating the docker image
- - test -e .img_ready && exit 0
-
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # create a Dockerfile with our dependencies
- - echo "FROM base/archlinux" > Dockerfile
- - echo "WORKDIR /app" >> Dockerfile
- - echo "RUN pacman -S --refresh; pacman -S --sysupgrade --noconfirm; pacman -S --clean --noconfirm" >> Dockerfile
- - echo "RUN pacman -S --noconfirm $ARCH_PKGS; pacman -S --clean --noconfirm" >> Dockerfile
-
- # create the docker image
- - docker build --tag $ARCH_CONTAINER_IMAGE:latest --tag $ARCH_CONTAINER_IMAGE:$CI_JOB_ID .
-
- # push the docker image to the libinput registry
- - docker push $ARCH_CONTAINER_IMAGE:latest
- - docker push $ARCH_CONTAINER_IMAGE:$CI_JOB_ID
- <<: *restrict_container_creation
+ - buildcntr=$(buildah from --quiet base/archlinux)
+ - buildah run $buildcntr pacman -S --refresh
+ - buildah run $buildcntr pacman -S --sysupgrade --noconfirm
+ - buildah run $buildcntr pacman -S --noconfirm $ARCH_PKGS
+ - buildah run $buildcntr pacman -S --clean --noconfirm
+ - buildah config --workingdir /app $buildcntr
+ # tag the current container
+ - buildah commit --quiet $buildcntr $ARCH_CONTAINER_IMAGE:latest
+ # clean up the working container
+ - buildah rm $buildcntr
+
+ # push the container image to the libinput registry
+ - podman push --quiet $ARCH_CONTAINER_IMAGE:latest
+ - skopeo copy docker://$ARCH_CONTAINER_IMAGE:latest docker://$ARCH_CONTAINER_IMAGE:$CI_JOB_ID
arch:rolling@container-prep:
variables:
- arch:rolling@container-check
.freebsd@container-prep: &freebsd_container_prep
- stage: container_prep
- image: docker:stable
- services:
- - docker:dind
+ extends: .container-prep
script:
- # if the check was successful, we just skip recreating the container image
- - test -e .img_ready && exit 0
-
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # create a Dockerfile with our dependencies
- - echo "FROM myfreeweb/freebsd-cross:latest" > Dockerfile
- - echo "WORKDIR /app" >> Dockerfile
- - echo "RUN apk add --no-cache $FREEBSD_BUILD_PKGS" >> Dockerfile
- - echo "RUN pkg -r /freebsd update -f" >> Dockerfile
- - echo "RUN pkg -r /freebsd install -y $FREEBSD_PKGS" >> Dockerfile
-
- # create the docker image
- - docker build --tag $FREEBSD_CONTAINER_IMAGE:latest --tag $FREEBSD_CONTAINER_IMAGE:$CI_JOB_ID .
-
- # push the docker image to the libinput registry
- - docker push $FREEBSD_CONTAINER_IMAGE:latest
- - docker push $FREEBSD_CONTAINER_IMAGE:$CI_JOB_ID
- <<: *restrict_container_creation
+ - buildcntr=$(buildah from --quiet myfreeweb/freebsd-cross:latest)
+ - buildah run $buildcntr apk add --no-cache $FREEBSD_BUILD_PKGS
+ - buildah run $buildcntr pkg -r /freebsd update -f
+ - buildah run $buildcntr pkg -r /freebsd install -y $FREEBSD_PKGS
+ - buildah config --workingdir /app $buildcntr
+ # tag the current container
+ - buildah commit --quiet $buildcntr $FREEBSD_CONTAINER_IMAGE:latest
+ # clean up the working container
+ - buildah rm $buildcntr
+
+ # push the container image to the libinput registry
+ - podman push --quiet $FREEBSD_CONTAINER_IMAGE:latest
+ - skopeo copy docker://$FREEBSD_CONTAINER_IMAGE:latest docker://$FREEBSD_CONTAINER_IMAGE:$CI_JOB_ID
freebsd:11.2@container-prep:
variables:
#
.container-clean: &container_clean
stage: container_check
- image: registry.freedesktop.org/libinput/libinput/skopeo:latest
+ image: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
script:
# get the full container image name (CURRENT_CONTAINER_IMAGE still has indirections)
- CONTAINER_IMAGE=$(eval echo "$CURRENT_CONTAINER_IMAGE")
- token=$(eval echo "\$$tokenname")
# request a token for the registry API
- - REGISTRY_TOKEN=$(curl https://gitlab.freedesktop.org/jwt/auth --get
+ - REGISTRY_TOKEN=$(curl https://$CI_REGISTRY/jwt/auth --get
--silent --show-error
-d client_id=docker
-d offline_token=true
allow_failure: true
<<: *restrict_container_creation
+bootstrap@container-clean:
+ extends: .container-clean
+ variables:
+ GIT_STRATEGY: none
+ CURRENT_CONTAINER_IMAGE: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers
+
fedora:28@container-clean:
variables:
GIT_STRATEGY: none
#
wayland-web:
- image: registry.freedesktop.org/libinput/libinput/jq:latest
+ image: $CI_REGISTRY/$PROJECT_NAMESPACE/$CI_PROJECT_NAME/containers:latest
stage: deploy
script:
- curl --request POST
--- /dev/null
+#!/bin/bash
+
+# build container
+
+set -o xtrace
+
+TAG=$1
+
+cat > /etc/containers/storage.conf <<EOF
+[storage]
+driver = "vfs"
+EOF
+
+buildcntr1=$(buildah from --quiet golang:alpine)
+buildmnt1=$(buildah mount $buildcntr1)
+
+buildah run $buildcntr1 apk add --update \
+ --no-cache \
+ --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \
+ bash git make gcc musl-dev glib-dev ostree-dev \
+ bats bzip2 python3-dev \
+ gpgme-dev linux-headers btrfs-progs-dev \
+ libselinux-dev lvm2-dev libseccomp-dev
+
+# build runc
+buildah run $buildcntr1 go get github.com/opencontainers/runc
+buildah config --workingdir /go/src/github.com/opencontainers/runc/ $buildcntr1
+buildah run $buildcntr1 bash -c 'make'
+buildah run $buildcntr1 bash -c 'make install'
+
+# build skopeo
+buildah run $buildcntr1 git clone --depth 1 --branch master https://github.com/containers/skopeo /go/src/github.com/containers/skopeo
+buildah config --workingdir /go/src/github.com/containers/skopeo/ $buildcntr1
+buildah run $buildcntr1 bash -c 'make binary-local'
+
+# build libpod
+buildah run $buildcntr1 git clone --depth 1 --branch master https://github.com/containers/libpod /go/src/github.com/containers/libpod
+buildah config --workingdir /go/src/github.com/containers/libpod/ $buildcntr1
+buildah run $buildcntr1 bash -c 'make install.tools'
+buildah run $buildcntr1 bash -c 'make'
+buildah run $buildcntr1 bash -c 'make install'
+
+# build buildah
+buildah run $buildcntr1 git clone --depth 1 --branch master https://github.com/containers/buildah /go/src/github.com/containers/buildah
+buildah config --workingdir /go/src/github.com/containers/buildah/ $buildcntr1
+buildah run $buildcntr1 bash -c 'make install.tools'
+buildah run $buildcntr1 bash -c 'make'
+buildah run $buildcntr1 bash -c 'make install'
+
+# build conmon
+buildah run $buildcntr1 git clone --depth 1 --branch master https://github.com/kubernetes-sigs/cri-o /go/src/github.com/kubernetes-sigs/cri-o
+buildah config --workingdir /go/src/github.com/kubernetes-sigs/cri-o/ $buildcntr1
+buildah run $buildcntr1 bash -c 'make install.tools'
+buildah run $buildcntr1 bash -c 'make'
+buildah run $buildcntr1 bash -c 'make install'
+
+
+buildcntr2=$(buildah from --quiet alpine:latest)
+buildmnt2=$(buildah mount $buildcntr2)
+buildah run $buildcntr2 apk add --update \
+ --no-cache \
+ --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \
+ bash jq curl glib gpgme ostree lvm2 libselinux libseccomp \
+ iptables ip6tables
+cp $buildmnt1/usr/local/sbin/runc $buildmnt2/usr/sbin/runc
+cp $buildmnt1/go/src/github.com/containers/skopeo/skopeo $buildmnt2/usr/bin/skopeo
+cp $buildmnt1/usr/local/bin/podman $buildmnt2/usr/bin/podman
+cp $buildmnt1/usr/local/bin/buildah $buildmnt2/usr/bin/buildah
+cp $buildmnt1/usr/local/bin/crio $buildmnt2/usr/bin/crio
+mkdir $buildmnt2/usr/libexec/crio
+cp $buildmnt1/usr/local/libexec/crio/conmon $buildmnt2/usr/libexec/crio/conmon
+cp $buildmnt1/usr/local/libexec/crio/pause $buildmnt2/usr/libexec/crio/pause
+
+mkdir $buildmnt2/etc/containers
+
+cat > $buildmnt2/etc/containers/registries.conf <<EOF
+# This is a system-wide configuration file used to
+# keep track of registries for various container backends.
+# It adheres to TOML format and does not support recursive
+# lists of registries.
+
+# The default location for this configuration file is /etc/containers/registries.conf.
+
+# The only valid categories are: 'registries.search', 'registries.insecure',
+# and 'registries.block'.
+
+[registries.search]
+registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org']
+
+# If you need to access insecure registries, add the registry's fully-qualified name.
+# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
+[registries.insecure]
+registries = []
+
+
+# If you need to block pull access from a registry, uncomment the section below
+# and add the registries fully-qualified name.
+#
+# Docker only
+[registries.block]
+registries = []
+EOF
+
+cat > $buildmnt2/etc/containers/policy.json <<EOF
+{
+ "default": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ],
+ "transports":
+ {
+ "docker-daemon":
+ {
+ "": [{"type":"insecureAcceptAnything"}]
+ }
+ }
+}
+EOF
+
+cat > $buildmnt2/etc/containers/storage.conf <<EOF
+# This file is is the configuration file for all tools
+# that use the containers/storage library.
+# See man 5 containers-storage.conf for more information
+# The "container storage" table contains all of the server options.
+[storage]
+
+# Default Storage Driver
+driver = "vfs"
+EOF
+
+buildah unmount $buildcntr2
+buildah commit --quiet $buildcntr2 $TAG
+
+#clean up build
+
+buildah rm $buildcntr1 $buildcntr2