From: Marek Pikuła <m.pikula@partner.samsung.com>
Date: Tue, 16 Jan 2024 13:31:37 +0000 (+0100)
Subject: Add Docker image build GitHub Workflow
X-Git-Tag: accepted/tizen/unified/20240419.110853~9
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=93a88d3067f5a5bf6b907f47a786183cca1281c5;p=platform%2Fcore%2Fsystem%2Fupgrade-tools.git

Add Docker image build GitHub Workflow

Change-Id: I376c5043dc3d70abcb13554f978fdd3212ca5acd
Signed-off-by: Marek Pikuła <m.pikula@partner.samsung.com>
---

diff --git a/.github/docker-build-cleanup.yml b/.github/docker-build-cleanup.yml
new file mode 100644
index 0000000..bb865c7
--- /dev/null
+++ b/.github/docker-build-cleanup.yml
@@ -0,0 +1,14 @@
+artifactory-cleanup:
+  server: https://bart.sec.samsung.net/artifactory/
+
+  # $VAR is auto populated from environment variables (but only here)
+  user: $BART_ID
+  password: $BART_KEY
+
+  policies:
+  - name: Remove old images
+    rules:
+    - rule: Repo
+      name: tizen-system-upgrade-tools-docker-local
+    - rule: DeleteDockerImagesOlderThan
+      days: 30
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
new file mode 100644
index 0000000..3cf856e
--- /dev/null
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,104 @@
+name: Build Docker environment image
+
+on:
+  push:
+    branches: [tizen]
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * 0"
+
+env:
+  REGISTRY: tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net
+  IMAGE_NAME: upgrade-tools
+
+jobs:
+  build:
+    runs-on:
+      - code-linux
+      - code-default
+
+    steps:
+      - name: Prepare environment variables
+        run: |
+          # Docker FROM image registry
+          FROM_IMAGE_NAMESPACE=$([ "${{ github.server_url }}" == "https://github.sec.samsung.net" ] && echo "docker-remote.bart.sec.samsung.net" || echo "library" )
+          echo "BUILD_ARGS=FROM_IMAGE_NAMESPACE=${FROM_IMAGE_NAMESPACE=}" >> ${GITHUB_ENV}
+
+          # Docker image tag name
+          GITHUB_REF=${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}
+          if [ "${GITHUB_REF}" == "latest" ]; then
+            echo "::error::Branch name clash with `latest` tag."
+            exit 1
+          fi
+          DOCKER_TAG=$([ "${GITHUB_REF}" == "tizen" ] && echo latest || echo ${GITHUB_REF})
+
+          # Docker image name
+          echo "CACHE_IMAGE_NAME=type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache" >> ${GITHUB_ENV}
+          echo "FULL_IMAGE_NAME=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${DOCKER_TAG}" >> ${GITHUB_ENV}
+
+      - name: Checkout sources
+        uses: code-actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: code-actions/docker-setup-buildx-action@v2
+
+      - name: Log in to BART
+        uses: code-actions/docker-login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.BART_ID }}
+          password: ${{ secrets.BART_KEY }}
+
+      - if: ${{ github.event_name == 'schedule' }}
+        name: Build and Push Docker image (on schedule)
+        uses: code-actions/docker-build-push-action@v5
+        with:
+          pull: true
+          build-args: ${{ env.BUILD_ARGS }}
+          tags: ${{ env.FULL_IMAGE_NAME }}
+          cache-to: ${{ env.CACHE_IMAGE_NAME }},mode=max
+          push: true
+
+      - if: ${{ github.event_name != 'schedule' }}
+        name: Build and Push Docker image (on push)
+        uses: code-actions/docker-build-push-action@v5
+        with:
+          pull: true
+          build-args: ${{ env.BUILD_ARGS }}
+          tags: ${{ env.FULL_IMAGE_NAME }}
+          cache-from: ${{ env.CACHE_IMAGE_NAME }}
+          cache-to: ${{ env.CACHE_IMAGE_NAME }},mode=max
+          push: true
+
+      - name: Add image name to notice
+        run: echo "::notice title="Image built and pushed to BART"::${{ env.FULL_IMAGE_NAME }}"
+      - if: github.event_name == 'pull_request'
+        name: Push image name as a PR comment
+        uses: code-actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Docker image built and pushed to BART as ${{ env.FULL_IMAGE_NAME }}"
+            })
+
+  cleanup:
+    runs-on:
+      - code-linux
+      - code-default
+    container:
+        image: devopshq/artifactory-cleanup
+
+    steps:
+      - name: Checkout sources
+        uses: code-actions/checkout@v4
+
+      - name: Cleanup Docker images
+        run: artifactory-cleanup --config .github/docker-build-cleanup.yml --destroy
+        env:
+          BART_ID: ${{ secrets.BART_ID }}
+          BART_KEY: ${{ secrets.BART_KEY }}
diff --git a/Dockerfile b/Dockerfile
index d216270..0936cdf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,10 @@
 # syntax=docker/dockerfile-upstream:master-labs
 # Stage 1: bsdiff build image
-FROM docker-remote.bart.sec.samsung.net/ubuntu:20.04 as build
+
+ARG FROM_IMAGE_NAMESPACE=library
+# Alternatively "docker-remote.bart.sec.samsung.net".
+
+FROM ${FROM_IMAGE_NAMESPACE}/ubuntu:20.04 as build
 
 COPY bsdiff /bsdiff
 RUN apt-get update \
@@ -16,7 +20,7 @@ RUN apt-get update \
 	&& make install
 
 # Stage 2: upgrade-tools image
-FROM docker-remote.bart.sec.samsung.net/ubuntu:20.04
+FROM ${FROM_IMAGE_NAMESPACE}/ubuntu:20.04
 
 RUN apt-get update \
 	&& DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
diff --git a/README b/README
index 7378702..9c25ad1 100644
--- a/README
+++ b/README
@@ -12,3 +12,83 @@ the functionality of firmware update base on OTA mechanism.
  This functionality does NOT support official signing & validation method.
 This means it requires proper mechanism for binary validation offered by each
 manufacturers.
+
+
+## Docker environment
+
+OS Upgrade tools have a dedicated Docker environment image, which can be used
+for local OS Upgrade image creation, as well as for CI.
+
+The image can be either built by executing `docker-build.sh` script or by
+pulling the image from BART registry.
+
+### Using BART registry (recommended)
+
+The Docker image is built in
+[`docker-build`](./.github/workflows/docker-build.yml) workflow in this
+repository. It is stored in BART Docker registry as
+`tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools`.
+
+For the default branch (`tizen`), an image with tag `latest` is generated. In
+case a PR on GitHub is submitted, Docker image with tag name derived from the
+git branch name is pushed to the registry in order to test the delta image
+generation by the new image. For example, for a PR from branch `ghactions`,
+there will be image called
+`tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:ghactions`.
+
+You can pull the image by executing the following commands:
+
+```shell
+# Needs to be executed only once:
+$ docker login tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net
+Username: <BART ID>
+Password: <BART Identity Key>
+Login Succeeded
+$ docker pull tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:<Docker tag>
+```
+
+- BART ID â username used as BART login.
+- BART Identity Key â identity key for your account which can be generated
+  [here](https://bart.sec.samsung.net/ui/user_profile).
+- Docker tag â `latest` for the default image, or PR-specific tag name.
+
+### Local image build
+
+First, ensure that you have the latest Docker with BuildKit enabled (version 23
+and above), as the image requires some extensions which were enabled recently.
+It is advised to use the [official Docker
+CE](https://docs.docker.com/engine/install/). It is not requried to have the
+*Docker Desktop* â `docker-ce` package is enough. Distro-provided Docker package
+may or may not work, and this setup is not directly supported. BuildKit is
+enabled by default from version 23 of Docker Engine, but [can be explicitly
+enabled](https://docs.docker.com/build/buildkit/#getting-started) for some
+older versions.
+
+By default, the FROM image is taken from the official Docker Hub (i.e.,
+`library` namespace). If you want to source it from BART, export
+`FROM_IMAGE_NAMESPACE=docker-remote.bart.sec.samsung.net` as environment
+variable before executing the build script.
+
+To build the Docker image locally, execute:
+
+```shell
+$ ./docker-build.sh
+```
+
+### Delta generation in Docker environment
+
+Save input tar.gz images in `images/old` and `images/new`. Once you have the
+Docker image pulled or built, you can execute delta image generation in the
+following manner:
+
+```shell
+$ TARGET=rpi4
+$ docker run --privileged=true \
+    -v $(pwd)/images/old:/tota-upg/mk_delta/$TARGET/data/old_tar:ro \
+    -v $(pwd)/images/new:/tota-upg/mk_delta/$TARGET/data/new_tar:ro \
+    -v $(pwd)/images/result:/tota-upg/mk_delta/$TARGET/result \
+    tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools \
+    /tota-upg/scripts/delta-generation.sh /tota-upg/ $TARGET
+```
+
+Generated delta images will be stored in `images/result`.
diff --git a/docker-build.sh b/docker-build.sh
index da6f99c..a66c67d 100755
--- a/docker-build.sh
+++ b/docker-build.sh
@@ -10,4 +10,6 @@ if [ "${DOCKER_CFG_GIT_BRANCH}x" != "x" ]; then
 	DOCKER_ARGS="${DOCKER_ARGS} --build-arg CFG_GIT_BRANCH="${DOCKER_CFG_GIT_BRANCH}""
 fi
 
-exec docker build ${DOCKER_ARGS} -t upgrade-tools:latest .
+exec docker build ${DOCKER_ARGS} \
+    --build-arg FROM_IMAGE_NAMESPACE=${FROM_IMAGE_NAMESPACE:-library} \
+    -t tizen-system-upgrade-tools-docker-local.bart.sec.samsung.net/upgrade-tools:latest .