# # THIS FILE IS GENERATED, DO NOT EDIT # # we cannot reuse exported variables in after_script, # so let's have a common definition .fdo.alpine_vars: &fdo_distro_vars # exporting templates variables # https://gitlab.com/gitlab-com/support-forum/issues/4349 - export BUILDAH_FORMAT=docker - export DISTRO=alpine - export DISTRO_TAG=$FDO_DISTRIBUTION_TAG - export FDO_DISTRIBUTION_VERSION="latest" - export DISTRO_VERSION="$FDO_DISTRIBUTION_VERSION" - export DISTRO_EXEC=$FDO_DISTRIBUTION_EXEC - if [ x"$FDO_REPO_SUFFIX" == x"" ] ; then export FDO_REPO_SUFFIX=alpine/$DISTRO_VERSION ; fi - if [[ x"$FDO_UPSTREAM_REPO" != x"" ]] && [[ x"$FDO_UPSTREAM_REGISTRY" == x"" ]] ; then export FDO_UPSTREAM_REGISTRY="$(echo $FDO_UPSTREAM_REPO | tr '[:upper:]' '[:lower:]')" ; fi - export BUILDAH_RUN="buildah run --isolation chroot" - export BUILDAH_COMMIT="buildah commit --format docker" - export BUILDAH_FROM="buildah from --isolation=chroot" - export CACHE_DIR=${FDO_CACHE_DIR:-/cache} # to be able to test the following script in the CI of the ci-templates # project itself, we need to put a special case here to have a # different image to pull if it already exists - export REPO_SUFFIX_LOCAL=$FDO_REPO_SUFFIX - if [[ x"$REPO_SUFFIX_LOCAL" == x"alpine/ci_templates_test_upstream" ]] ; then export FDO_REPO_SUFFIX=${DISTRO}/${DISTRO_VERSION} ; fi # have a special definition for the test if the image already exists .fdo.alpine_exists: &fdo_distro_exists | # if-not-exists steps set -x if [[ -z "$FDO_FORCE_REBUILD" ]] then # disable exit on failure set +e # check if our image is already in the current registry # we store the sha of the digest and the layers skopeo inspect docker://$CI_REGISTRY_IMAGE/$REPO_SUFFIX_LOCAL:$DISTRO_TAG | jq '[.Digest, .Layers]' > local_sha # check if our image is already in the upstream registry if [[ -z "$FDO_UPSTREAM_REGISTRY" ]] then echo "WARNING! Variable \$FDO_UPSTREAM_REGISTRY or \$FDO_UPSTREAM_REPO is undefined, cannot check for images" else skopeo inspect docker://$CI_REGISTRY/$FDO_UPSTREAM_REGISTRY/$FDO_REPO_SUFFIX:$DISTRO_TAG | jq '[.Digest, .Layers]' > upstream_sha fi # reenable exit on failure set -e # if the upstream repo has an image, ensure we use the same if [ -s upstream_sha ] then # ensure we use the same image from upstream diff upstream_sha local_sha && exit 0 || true # copy the original image into the current project registry namespace # we do 2 attempts with skopeo copy at most skopeo copy --dest-creds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD \ docker://$CI_REGISTRY/$FDO_UPSTREAM_REGISTRY/$FDO_REPO_SUFFIX:$DISTRO_TAG \ docker://$CI_REGISTRY_IMAGE/$REPO_SUFFIX_LOCAL:$DISTRO_TAG || \ skopeo copy --dest-creds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD \ docker://$CI_REGISTRY/$FDO_UPSTREAM_REGISTRY/$FDO_REPO_SUFFIX:$DISTRO_TAG \ docker://$CI_REGISTRY_IMAGE/$REPO_SUFFIX_LOCAL:$DISTRO_TAG exit 0 fi # if we have a local image but none in the upstream repo, use our if [ -s local_sha ] then exit 0 fi fi .fdo.alpine: variables: FDO_DISTRIBUTION_NAME: "alpine" .fdo.container-build-common@alpine: extends: .fdo.alpine stage: build script: # check that the container registry is enabled - | if [[ -z "$CI_REGISTRY_IMAGE" ]] then # the container registry is not enabled in the project, no point to # continue; let the user know so they can fix their project settings echo The container registry is not enabled in $CI_PROJECT_PATH, \ enable it in the project general settings panel ; cat <<EOF > container-build-report.xml ; <?xml version="1.0" encoding="utf-8"?> <testsuites tests="1" errors="0" failures="1"> <testsuite name="registry-not-enabled" tests="1" errors="0" failures="1" skipped="0"> <testcase name="registry-not-enabled"> <failure message="The container registry is not enabled in $CI_PROJECT_PATH, enable it in the project general settings panel"/> </testcase> </testsuite> </testsuites> EOF exit 1 ; fi # log in to the registry - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - skopeo login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - *fdo_distro_vars - if [[ x"$DISTRO_TAG" == x"" ]] ; then echo $DISTRO tag missing; exit 1; fi - *fdo_distro_exists - if [[ x"$FDO_BASE_IMAGE" != x"" ]] ; then BASE_IMAGE="$FDO_BASE_IMAGE"; else BASE_IMAGE="alpine:latest"; fi - echo Building $FDO_REPO_SUFFIX:$DISTRO_TAG from $BASE_IMAGE # initial set up: take the base image, update it and install the packages - buildcntr=$($BUILDAH_FROM $BASE_IMAGE) - buildmnt=$(buildah mount $buildcntr) - $BUILDAH_RUN $buildcntr apk update - $BUILDAH_RUN $buildcntr apk upgrade - $BUILDAH_RUN $buildcntr apk add bash - if [[ x"$FDO_DISTRIBUTION_PACKAGES" != x"" ]] ; then $BUILDAH_RUN $buildcntr apk add $FDO_DISTRIBUTION_PACKAGES ; fi # check if there is an optional post install script and run it - if [[ x"$DISTRO_EXEC" != x"" ]] ; then echo Running $DISTRO_EXEC ; set -x ; mkdir $buildmnt/tmp/clone ; pushd $buildmnt/tmp/clone ; git init ; git remote add origin $CI_REPOSITORY_URL ; git fetch --depth 1 origin $CI_COMMIT_SHA ; git checkout FETCH_HEAD > /dev/null; buildah config --workingdir /tmp/clone --env HOME="$HOME" $buildcntr ; if [ -e $CACHE_DIR ] ; then CACHE="-v $CACHE_DIR:/cache:rw,shared,z" ; fi ; $BUILDAH_RUN $CACHE $buildcntr bash -c "set -x ; $DISTRO_EXEC" ; popd ; buildah config --workingdir / --env HOME="$HOME" $buildcntr ; rm -rf $buildmnt/tmp/clone ; set +x ; fi # do not store the packages database, it's pointless - $BUILDAH_RUN $buildcntr sh -c 'rm -f /var/cache/apk/APKINDEX.*' # set up the working directory - mkdir -p $buildmnt/app - buildah config --workingdir /app $buildcntr # umount the container, not required, but, heh - buildah unmount $buildcntr - if [[ x"$FDO_EXPIRES_AFTER" != x"" ]] ; then buildah config -l fdo.expires-after=$FDO_EXPIRES_AFTER $buildcntr; fi - if [[ x"$FDO_UPSTREAM_REPO" != x"" ]] ; then buildah config -l fdo.upstream-repo=$FDO_UPSTREAM_REPO $buildcntr; fi - buildah config -l fdo.pipeline_id="$CI_PIPELINE_ID" $buildcntr; - buildah config -l fdo.job_id="$CI_JOB_ID" $buildcntr; - buildah config -l fdo.project="$CI_PROJECT_PATH" $buildcntr; - buildah config -l fdo.commit="$CI_COMMIT_SHA" $buildcntr; # tag the current container - $BUILDAH_COMMIT $buildcntr $CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$DISTRO_TAG # clean up the working container - buildah rm $buildcntr # push the container image to the registry # There is a bug when pushing 2 tags in the same repo with the same base: # this may fail. Just retry it after. - set -x - podman push $CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$DISTRO_TAG || true - sleep 2 - podman push $CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$DISTRO_TAG - set +x artifacts: paths: - container-build-report.xml reports: junit: container-build-report.xml ### # Checks for a pre-existing alpine container image and builds it if # it does not yet exist. # # If an image with the same version or suffix exists in the upstream project's registry, # the image is copied into this project's registry. # If no such image exists, the image is built and pushed to the local registry. # # **Example:** # # .. code-block:: yaml # # my-alpine-image: # extends: .fdo.container-build@alpine@x86_64 # variables: # FDO_DISTRIBUTION_PACKAGES: 'curl wget gcc valgrind' # FDO_DISTRIBUTION_TAG: '2020-03-20' # # # # **Reserved by this template:** # # - ``image:`` do not override # - ``script:`` do not override # # **Variables:** # # .. attribute:: FDO_DISTRIBUTION_TAG # # **This variable is required** # # String to identify the image in the registry. # # .. attribute:: FDO_UPSTREAM_REPO # # The GitLab project path to the upstream project # # .. attribute:: FDO_UPSTREAM_REGISTRY # # The GitLab project path to the upstream registry. If not defined, # it will default to $FDO_UPSTREAM_REPO changed to lower case. # # .. attribute:: FDO_REPO_SUFFIX # # The repository name suffix to use, see below. # # .. attribute:: FDO_DISTRIBUTION_PACKAGES # # Packages to install as a space-separated single string, e.g. "curl wget" # # .. attribute:: FDO_DISTRIBUTION_EXEC # # An executable run after the installation of the :attr:`FDO_DISTRIBUTION_PACKAGES` # # .. attribute:: FDO_FORCE_REBUILD # # If set, the image will be built even if it exists in the registry already # # .. attribute:: FDO_BASE_IMAGE # # By default, the base image to start with is # ``alpine:latest`` # and all dependencies are installed on top of that base image. If # ``FDO_BASE_IMAGE`` is given, it references a different base image to start with. # This image usually requires the full registry path, e.g. # ``registry.freedesktop.org/projectGroup/projectName/repo_suffix:tag-name`` # # .. attribute:: FDO_EXPIRES_AFTER # # If set, enables an expiration time on the image to # aid the garbage collector in deciding when an image can be removed. This # should be set for temporary images that are not intended to be kept # forever. Allowed values are e.g. ``1h`` (one hour), ``2d`` (two days) or # ``3w`` (three weeks). # # .. attribute:: FDO_CACHE_DIR # # If set, the given directory is mounted as ``/cache`` # when ``FDO_DISTRIBUTION_EXEC`` is run. This can allow for passing of # cache values between build jobs (if run on the same runner). You should # not usually need to set this, it defaults to ``/cache`` from the host # and thus enables cache sharing by default. # # The resulting image will be pushed to the local registry. # # If :attr:`FDO_REPO_SUFFIX` was specified, the image path is # ``$CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$FDO_DISTRIBUTION_TAG``. # Use the ``.fdo.suffixed-image@alpine`` template to access or use this image. # # If :attr:`FDO_REPO_SUFFIX` was **not** specified, the image path is # ``$CI_REGISTRY_IMAGE/alpine/latest:$FDO_DISTRIBUTION_TAG``. # Use the ``.fdo.distribution-image@alpine`` template to access or use this image. # .fdo.container-build@alpine@x86_64: extends: .fdo.container-build-common@alpine image: quay.io/freedesktop.org/ci-templates:buildah-x86_64-2020-10-30.1 ### # Alias to ``.fdo.container-build@alpine@x86_64``. .fdo.container-build@alpine: extends: .fdo.container-build@alpine@x86_64 ### # Checks for a pre-existing alpine container image for the # ``aarch64`` processor architecture and builds it if it does not yet exist. # # This template requires runners with the ``aarch64`` tag. # # See ``.fdo.container-build@alpine@x86_64`` for details. .fdo.container-build@alpine@aarch64: extends: .fdo.container-build-common@alpine image: quay.io/freedesktop.org/ci-templates:buildah-aarch64-2020-10-30.1 tags: - aarch64 ### # alpine template that pulls the alpine image from the # registry based on ``FDO_DISTRIBUTION_TAG``. # This template must be provided the same variable values as supplied in # ``.fdo.container-build@alpine@x86_64``. # # This template sets ``image:`` to the generated image. You may override this. # # **Example:** # # .. code-block:: yaml # # my-alpine-test: # extends: .fdo.distribution-image@alpine # variables: # FDO_DISTRIBUTION_TAG: '2020-03-20' # script: # - meson builddir # - ninja -C builddir test # # **Variables:** # # .. attribute:: FDO_DISTRIBUTION_TAG # # **This variable is required** # # String to identify the image in the registry. # # The value supplied must be the same as supplied in # ``.fdo.container-build@alpine@x86_64``. # # .. attribute:: FDO_DISTRIBUTION_IMAGE # # **This variable is set by this template and should be treated as read-only** # # Path to the registry image # # .. attribute:: FDO_DISTRIBUTION_NAME # # **This variable is set by this template and should be treated as read-only** # # Set to the string "alpine" # # .. note:: If you used ``FDO_REPO_SUFFIX`` when building the container, use # ``.fdo.suffixed-image@alpine`` instead. .fdo.distribution-image@alpine: extends: .fdo.alpine image: $CI_REGISTRY_IMAGE/alpine/latest:$FDO_DISTRIBUTION_TAG variables: FDO_DISTRIBUTION_IMAGE: $CI_REGISTRY_IMAGE/alpine/latest:$FDO_DISTRIBUTION_TAG ### # alpine template that pulls the alpine image from the # registry based on ``FDO_REPO_SUFFIX``. # This template must be provided the same variable values as supplied in # ``.fdo.container-build@alpine@x86_64``. # # This template sets ``image:`` to the generated image. You may override this. # # **Example:** # # .. code-block:: yaml # # my-alpine-test@x86_64: # extends: .fdo.distribution-image@alpine # variables: # FDO_REPO_SUFFIX: 'some/path' # FDO_DISTRIBUTION_TAG: '2020-03-20' # script: # - meson builddir # - ninja -C builddir test # # # **Variables:** # # .. attribute:: FDO_REPO_SUFFIX # # **This variable is required** # # The repository name suffix. # # The value supplied must be the same as supplied in # ``.fdo.container-build@alpine@x86_64``. # # .. attribute:: FDO_DISTRIBUTION_TAG # # **This variable is required** # # String to identify the image in the registry. # # The value supplied must be the same as supplied in # ``.fdo.container-build@alpine@x86_64``. # # .. attribute:: FDO_DISTRIBUTION_IMAGE # # **This variable is set by this template and should be treated as read-only** # # Path to the registry image # # .. attribute:: FDO_DISTRIBUTION_NAME # # **This variable is set by this template and should be treated as read-only** # # Set to the string "alpine" # # # Variables provided by this template should be considered read-only. # # .. note:: If you did not use ``FDO_REPO_SUFFIX`` when building the container, use # ``.fdo.distribution-image@alpine`` instead. .fdo.suffixed-image@alpine: extends: .fdo.alpine image: $CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$FDO_DISTRIBUTION_TAG variables: FDO_DISTRIBUTION_IMAGE: $CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:$FDO_DISTRIBUTION_TAG