From 48079b899e96fd5705846455bb2f8caf580e39a8 Mon Sep 17 00:00:00 2001 From: Drew Reed Date: Thu, 19 Jan 2023 08:40:53 +0000 Subject: [PATCH 1/2] ci: Move to new template version v1.1.1 As the new GitLab runners require us to build containers via buildah this change updates us to the latest template version incorporating the change. Changelog: other Signed-off-by: Drew Reed --- .gitlab-ci.yml | 4 ++-- .gitlab/ci/docker-image-builds.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f7b5615..1e6325c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited or its affiliates. All rights reserved. # # SPDX-License-Identifier: MIT --- @@ -36,7 +36,7 @@ variables: # include jobs include: - project: $PIPELINE_TEMPLATE_PROJECT - ref: v0.0.12 + ref: v1.1.1 file: - gitlab-ci/common_gitlab-ci.yml - gitlab-ci/docker-image-base_gitlab-ci.yml diff --git a/.gitlab/ci/docker-image-builds.yml b/.gitlab/ci/docker-image-builds.yml index de26eab..d312ec8 100644 --- a/.gitlab/ci/docker-image-builds.yml +++ b/.gitlab/ci/docker-image-builds.yml @@ -14,7 +14,7 @@ Build-Kas-Docker-Arch-Image: - ${BUILD_ARCH} variables: &Build-Kas-Docker-Arch-Image_variables DOCKER_IMAGE_NAME: kas-build-image - KANIKO_BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME + BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME rules: &Build-Kas-Docker-Arch-Image_rules - changes: - .gitlab-ci.yml @@ -37,7 +37,7 @@ Build-Utility-Docker-Arch-Image: tags: *Build-Kas-Docker-Arch-Image_tags variables: &Build-Utility-Docker-Arch-Image_variables DOCKER_IMAGE_NAME: utility-image - KANIKO_BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME + BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME rules: &Build-Utility-Docker-Arch-Image_rules - changes: - .gitlab-ci.yml @@ -60,7 +60,7 @@ Build-Lava-Docker-Arch-Image: tags: *Build-Kas-Docker-Arch-Image_tags variables: &Build-Lava-Docker-Arch-Image_variables DOCKER_IMAGE_NAME: lava-test-image - KANIKO_BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME + BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME rules: &Build-Lava-Docker-Arch-Image_rules - changes: - .gitlab-ci.yml -- GitLab From 035d4bf303e9b47f28bd3c0c07e487dd3454a701 Mon Sep 17 00:00:00 2001 From: Drew Reed Date: Fri, 3 Feb 2023 14:13:49 +0000 Subject: [PATCH 2/2] ci: Switch to using upstream kas container We no longer have to specify the user and group id in the kas Dockerfile as the entrypoint can now be run by setting some kubernetes variables. Remove the kas Dockerfile. Set git to treat the project directory as safe since the files are checked out as root but the build is executed as another user. Signed-off-by: Drew Reed --- .../Dockerfiles/kas-build-image/Dockerfile | 16 --------- .gitlab/ci/cassini-build.yml | 10 ++++-- .gitlab/ci/docker-image-builds.yml | 35 +++++-------------- .gitlab/ci/trigger-image-builds.yml | 5 +-- 4 files changed, 17 insertions(+), 49 deletions(-) delete mode 100644 .gitlab/Dockerfiles/kas-build-image/Dockerfile diff --git a/.gitlab/Dockerfiles/kas-build-image/Dockerfile b/.gitlab/Dockerfiles/kas-build-image/Dockerfile deleted file mode 100644 index 7d631fd..0000000 --- a/.gitlab/Dockerfiles/kas-build-image/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. -# -# SPDX-License-Identifier: MIT -ARG GHCR_MIRROR=ghcr.io/ - -FROM ${GHCR_MIRROR}siemens/kas/kas - -ARG local_user=cassini-ci -ARG user_id=999 -ARG group_id=999 - -RUN groupadd -g $group_id $local_user && useradd --no-log-init -m -d /builder -g $local_user -u $user_id $local_user \ - && chown -R $local_user:$local_user /builder \ - && cd /builder - -USER $local_user diff --git a/.gitlab/ci/cassini-build.yml b/.gitlab/ci/cassini-build.yml index 50a2199..8b5f5fa 100644 --- a/.gitlab/ci/cassini-build.yml +++ b/.gitlab/ci/cassini-build.yml @@ -13,10 +13,15 @@ TOOLCHAIN_DIR: $CACHE_DIR/$PROJECT_VERSION/toolchains .kas_build: - image: $CI_REGISTRY/$CI_PROJECT_PATH/$DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG + image: ${MIRROR_GHCR}/siemens/kas/kas:3.2 variables: - DOCKER_IMAGE_NAME: kas-build-image KAS_REPO_REF_DIR: $CACHE_DIR/$PROJECT_VERSION/repos + # These are needed as GitLab doesn't respect the container + # entrypoint by default + FF_KUBERNETES_HONOR_ENTRYPOINT: 1 + FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0 + USER_ID: 999 + GROUP_ID: 999 # Extend the kas base build to enab;e to use of repos that are not yet public .kas_build_cassini: @@ -36,6 +41,7 @@ https://${CI_SERVER_HOST} - git config --global user.email "you@example.com" - git config --global user.name "Your Name" + - git config --global --add safe.directory ${CI_PROJECT_DIR} # export parent pipeline global variables - echo PARENT_PIPELINE_ID = $PARENT_PIPELINE_ID - !reference [".kas_build", before_script] diff --git a/.gitlab/ci/docker-image-builds.yml b/.gitlab/ci/docker-image-builds.yml index d312ec8..6debbb5 100644 --- a/.gitlab/ci/docker-image-builds.yml +++ b/.gitlab/ci/docker-image-builds.yml @@ -1,8 +1,12 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited or its affiliates. All rights reserved. # # SPDX-License-Identifier: MIT --- -Build-Kas-Docker-Arch-Image: +# Conditions +.if-new-merge-request: &if-new-merge-request + if: '$CI_MERGE_REQUEST_IID && ($CI_MERGE_REQUEST_PROJECT_ID != $CI_MERGE_REQUEST_SOURCE_PROJECT_ID)' + +Build-Utility-Docker-Arch-Image: extends: .build-docker-image parallel: &Build-Matrix matrix: @@ -10,31 +14,8 @@ Build-Kas-Docker-Arch-Image: ARCH_SUFFIX: -amd64 - BUILD_ARCH: arm64 ARCH_SUFFIX: -arm64v8 - tags: &Build-Kas-Docker-Arch-Image_tags + tags: &Build-Arch-Image_tags - ${BUILD_ARCH} - variables: &Build-Kas-Docker-Arch-Image_variables - DOCKER_IMAGE_NAME: kas-build-image - BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME - rules: &Build-Kas-Docker-Arch-Image_rules - - changes: - - .gitlab-ci.yml - - .gitlab/ci/docker-image-builds.yml - - .gitlab/Dockerfiles/kas-build-image/**/* - -Build-Kas-Docker-Image: - extends: - - .build-docker-image - - .build-docker-multiarch-image - variables: *Build-Kas-Docker-Arch-Image_variables - rules: *Build-Kas-Docker-Arch-Image_rules - needs: - - job: Build-Kas-Docker-Arch-Image - artifacts: false - -Build-Utility-Docker-Arch-Image: - extends: .build-docker-image - parallel: *Build-Matrix - tags: *Build-Kas-Docker-Arch-Image_tags variables: &Build-Utility-Docker-Arch-Image_variables DOCKER_IMAGE_NAME: utility-image BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME @@ -57,7 +38,7 @@ Build-Utility-Docker-Image: Build-Lava-Docker-Arch-Image: extends: .build-docker-image parallel: *Build-Matrix - tags: *Build-Kas-Docker-Arch-Image_tags + tags: *Build-Arch-Image_tags variables: &Build-Lava-Docker-Arch-Image_variables DOCKER_IMAGE_NAME: lava-test-image BUILD_CONTEXT: $CI_PROJECT_DIR/.gitlab/Dockerfiles/$DOCKER_IMAGE_NAME diff --git a/.gitlab/ci/trigger-image-builds.yml b/.gitlab/ci/trigger-image-builds.yml index 26cc461..2787ee0 100644 --- a/.gitlab/ci/trigger-image-builds.yml +++ b/.gitlab/ci/trigger-image-builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Arm Limited or its affiliates. All rights reserved. +# Copyright (c) 2022-2023 Arm Limited or its affiliates. All rights reserved. # # SPDX-License-Identifier: MIT --- @@ -38,9 +38,6 @@ merge_jobs: trigger_jobs: needs: - merge_jobs - - job: Build-Kas-Docker-Image - optional: true - artifacts: false - job: Build-Utility-Docker-Image optional: true artifacts: false -- GitLab