From c67e9601969dfdaedb20cee3a3392f4ece37bde0 Mon Sep 17 00:00:00 2001
From: Alex Tercete <alex.tercete@arm.com>
Date: Mon, 21 Oct 2024 16:30:01 +0100
Subject: [PATCH 1/4] ci: use custom image with SSH and Bazelisk

---
 .gitlab-ci.yml | 23 +++++++++++++++++++++++
 Dockerfile     |  4 ++++
 2 files changed, 27 insertions(+)
 create mode 100644 Dockerfile

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a4765239..1fbe8623 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,8 @@
 include:
   - component: "${CI_SERVER_HOST}/ci/component/bazelisk/bazelisk@v1.0.0-beta.4"
     inputs:
+      image: "${CI_REGISTRY_IMAGE}"
+      tag: latest
       variables: |
         CI_PROJECT_DIR
         CI_PROJECT_ID
@@ -19,8 +21,29 @@ default:
   tags:
     - arm64
 
+oci:
+  stage: .pre
+  image: docker:27.3.0
+  tags:
+    - dind
+  services:
+    - docker:27.3.0-dind
+  variables:
+    DOCKER_TLS_CERTDIR: "/certs"
+    DOCKER_HOST: tcp://docker:2376
+    DOCKER_TLS_VERIFY: "true"
+    DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
+    HEALTHCHECK_TCP_PORT: "2376"
+  script:
+    - docker info
+    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+    - docker buildx build --tag="$CI_REGISTRY_IMAGE" --push .
+  rules: !reference [.bazelisk, rules]
+
 test:
   extends: .bazelisk
+  needs:
+    - oci
   cache:
     - !reference [.bazelisk, cache]
     - key: "bazel-cache-${CI_PROJECT_ID}"
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..ef9196fa
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+FROM debian:12-slim
+RUN apt update && apt install -y wget openssh-client
+RUN wget https://github.com/bazelbuild/bazelisk/releases/download/v1.22.1/bazelisk-linux-arm64 \
+  && chmod +x bazelisk-linux-arm64 && mv bazelisk-linux-arm64 /usr/local/bin/bazelisk
-- 
GitLab


From dc03875e839148e6a683ca107594b47a9ca4e730 Mon Sep 17 00:00:00 2001
From: Alex Tercete <alex.tercete@arm.com>
Date: Wed, 23 Oct 2024 12:20:06 +0000
Subject: [PATCH 2/4] ci: optimise image

---
 .gitlab-ci.yml | 2 +-
 Dockerfile     | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1fbe8623..7da6904d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,7 +37,7 @@ oci:
   script:
     - docker info
     - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-    - docker buildx build --tag="$CI_REGISTRY_IMAGE" --push .
+    - docker buildx build --tag="$CI_REGISTRY_IMAGE" --push --cache-from "type=registry,ref=$CI_REGISTRY_IMAGE" --build-arg BUILDKIT_INLINE_CACHE=1 .
   rules: !reference [.bazelisk, rules]
 
 test:
diff --git a/Dockerfile b/Dockerfile
index ef9196fa..fc7f3ad8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,3 @@
 FROM debian:12-slim
-RUN apt update && apt install -y wget openssh-client
-RUN wget https://github.com/bazelbuild/bazelisk/releases/download/v1.22.1/bazelisk-linux-arm64 \
-  && chmod +x bazelisk-linux-arm64 && mv bazelisk-linux-arm64 /usr/local/bin/bazelisk
+RUN apt update && apt install -y openssh-client && rm -r /var/lib/apt/lists/*
+COPY --from=registry.gitlab.arm.com/ci/component/bazelisk:1.0.0-beta.5 /usr/bin/bazelisk /usr/local/bin/bazelisk
-- 
GitLab


From 03a3b1fac4058b4b349f23e1aeac60169fd8fdf3 Mon Sep 17 00:00:00 2001
From: Alex Tercete <alex.tercete@arm.com>
Date: Wed, 23 Oct 2024 13:14:22 +0000
Subject: [PATCH 3/4] ci: use correct image tags

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7da6904d..3c308006 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ include:
   - component: "${CI_SERVER_HOST}/ci/component/bazelisk/bazelisk@v1.0.0-beta.4"
     inputs:
       image: "${CI_REGISTRY_IMAGE}"
-      tag: latest
+      tag: "${CI_COMMIT_SHA}"
       variables: |
         CI_PROJECT_DIR
         CI_PROJECT_ID
@@ -37,7 +37,7 @@ oci:
   script:
     - docker info
     - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-    - docker buildx build --tag="$CI_REGISTRY_IMAGE" --push --cache-from "type=registry,ref=$CI_REGISTRY_IMAGE" --build-arg BUILDKIT_INLINE_CACHE=1 .
+    - docker buildx build --tag="$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" --push --cache-from "type=registry,ref=$CI_REGISTRY_IMAGE:$CI_COMMIT_BEFORE_SHA" --build-arg BUILDKIT_INLINE_CACHE=1 .
   rules: !reference [.bazelisk, rules]
 
 test:
-- 
GitLab


From 6b427fe4256215a8856c8b69b445536e52207a6c Mon Sep 17 00:00:00 2001
From: Alex Tercete <alex.tercete@arm.com>
Date: Wed, 23 Oct 2024 14:47:56 +0100
Subject: [PATCH 4/4] ci: add ca-certificates to image

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index fc7f3ad8..38eeb036 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,3 @@
 FROM debian:12-slim
-RUN apt update && apt install -y openssh-client && rm -r /var/lib/apt/lists/*
+RUN apt update && apt install -y ca-certificates openssh-client && rm -r /var/lib/apt/lists/*
 COPY --from=registry.gitlab.arm.com/ci/component/bazelisk:1.0.0-beta.5 /usr/bin/bazelisk /usr/local/bin/bazelisk
-- 
GitLab