From f21710ef53bb7c2c7895b1af5616e5297d9fb1d1 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 5 Jun 2024 11:25:46 +0100 Subject: [PATCH 01/25] test: genassets.sh changes for CI compatibility. GitLab CI runners can only access git repos using the https protocol, so update the bootwrapper URL suitably. Additionally make the assets directory more friendly for caching by ensuring only generated files that we want to cache are put there. So move the script itself up a level, and make the build directory a sibling - if building fails, we would not want to accidentally cache that directory. Signed-off-by: Ryan Roberts --- test/{assets => }/buildroot.config | 0 test/{assets => }/genassets.sh | 13 ++++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) rename test/{assets => }/buildroot.config (100%) rename test/{assets => }/genassets.sh (81%) diff --git a/test/assets/buildroot.config b/test/buildroot.config similarity index 100% rename from test/assets/buildroot.config rename to test/buildroot.config diff --git a/test/assets/genassets.sh b/test/genassets.sh similarity index 81% rename from test/assets/genassets.sh rename to test/genassets.sh index 35373f0..f9e4827 100755 --- a/test/assets/genassets.sh +++ b/test/genassets.sh @@ -11,12 +11,15 @@ # Exit on error and echo commands. set -ex -ASSETS_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -BUILD_DIR=${ASSETS_DIR}/build +SOURCE_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +ASSETS_DIR=${SOURCE_DIR}/assets +BUILD_DIR=${SOURCE_DIR}/build export ARCH=arm64 export CROSS_COMPILE=aarch64-linux-gnu- -# Delete any previous build directory and start from scratch. +# Delete any previous assets and build directories and start from scratch. +rm -rf ${ASSETS_DIR} &> /dev/null +mkdir -p ${ASSETS_DIR} rm -rf ${BUILD_DIR} &> /dev/null mkdir -p ${BUILD_DIR} pushd ${BUILD_DIR} @@ -39,7 +42,7 @@ chmod +x buildroot_overlay/etc/init.d/S10poweroff git clone https://github.com/buildroot/buildroot.git cd buildroot git checkout 2022.05.3 -cp ${ASSETS_DIR}/buildroot.config .config +cp ${SOURCE_DIR}/buildroot.config .config ./utils/config --set-val BR2_ROOTFS_OVERLAY "\"${BUILD_DIR}/buildroot_overlay\"" make olddefconfig make BR2_JLEVEL=`nproc` @@ -56,7 +59,7 @@ cp arch/arm64/boot/Image ${ASSETS_DIR}/. cd - # Build a bootwrapper axf. -git clone git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git +git clone https://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git cd boot-wrapper-aarch64 autoreconf -i ./configure \ -- GitLab From 048b3be68732d2a32536a10c43f56e3e5df79e1e Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 6 Jun 2024 10:42:20 +0100 Subject: [PATCH 02/25] test: Improve test list format and test naming To make test.py more suitable for use in CI, let's do a better job of standardising the test names using type, config and overlay. And for run tests, let's add a tag to identify the run configuration, since we often run the same build in different configs. By reflecting this hierachy in the test list, we also fix a previous problem where the same build configuraiton was passed to Shrinkwrap multiple times, so this should speed up the test run. Signed-off-by: Ryan Roberts --- test/test.py | 147 +++++++++++++++++++++++++-------------------------- 1 file changed, 73 insertions(+), 74 deletions(-) diff --git a/test/test.py b/test/test.py index 54ef6a0..797b7da 100755 --- a/test/test.py +++ b/test/test.py @@ -27,45 +27,43 @@ CONFIGS = [ { 'config': 'ns-preload.yaml', 'btvars': {}, - 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, - 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, - }, - { - 'config': 'ns-edk2.yaml', - 'btvars': {}, - 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'rtvars': { + 'default': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, { 'config': 'ns-edk2.yaml', 'btvars': {}, 'rtvars': { - 'KERNEL': KERNEL, - 'ROOTFS': ROOTFS, - 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + 'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'acpi': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, - { - 'config': 'ffa-tftf.yaml', - 'btvars': {}, - 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, - 'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet. - }, { 'config': 'ffa-tftf.yaml', 'btvars': {}, 'rtvars': { - 'KERNEL': KERNEL, - 'ROOTFS': ROOTFS, - 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + 'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'acpi': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, }, 'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet. }, { 'config': 'bootwrapper.yaml', 'btvars': {}, - 'rtvars': {'BOOTWRAPPER': BOOTWRAPPER, 'ROOTFS': ROOTFS}, + 'rtvars': { + 'default': {'BOOTWRAPPER': BOOTWRAPPER, 'ROOTFS': ROOTFS}, + }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, ] @@ -109,31 +107,18 @@ def arch_in_range(arch, start, end): return start <= arch and arch <= end -def print_result(r): - def report(status, type, config, overlay): - desc = f'{status.upper()}: {type}: {config},{overlay}' - count = (1, 0) if status == 'pass' else (0, 1) - return count[0], count[1], desc - - if r['type'] == 'build': - configs = r['configs'] - elif r['type'] == 'run': - configs = [r['config']] - else: - assert(False) - - nr_pass = 0 - nr_fail = 0 - for c in configs: - p, f, desc = report(r['status'], - r['type'], - c, - r['overlay']) - nr_pass += p - nr_fail += f - print(desc) +def test_name(r): + def add_part(parts, result, name): + if name in result and result[name]: + if not (name == 'tag' and result[name] == 'default'): + parts.append(result[name]) - return nr_pass, nr_fail + parts = [] + add_part(parts, r, 'type') + add_part(parts, r, 'config') + add_part(parts, r, 'overlay') + add_part(parts, r, 'tag') + return ':'.join(parts) def print_results(): @@ -141,14 +126,13 @@ def print_results(): print(json.dumps(results, indent=4)) nr_pass = 0 - nr_fail = 0 print('TEST REPORT SUMMARY') for r in results: - p, f = print_result(r) - nr_pass += p - nr_fail += f + print(f'{r["status"].upper()}: {test_name(r)}') + if r['status'] == 'pass': + nr_pass += 1 - print(f'pass: {nr_pass}, fail: {nr_fail}') + print(f'pass: {nr_pass}, fail: {len(results) - nr_pass}') class WrongExit(Exception): @@ -163,18 +147,12 @@ def run(cmd, timeout=None, expect=0): def build_configs(configs, overlay=None, btvarss=None): - result = { - 'type': 'build', - 'status': 'fail', - 'error': None, - 'configs': configs, - 'overlay': overlay, - 'btvarss': btvarss, - } + + status = 'pass' + error = None rt = f'-R {RUNTIME} -I {IMAGE}' - overlay = f'-o {overlay}' if overlay else '' - cleanargs = f'{" ".join(configs)} {overlay}' + cleanargs = f'{" ".join(configs)} {f"-o {overlay}" if overlay else ""}' if btvarss is None: btvarss = [{}] * len(configs) @@ -195,36 +173,49 @@ def build_configs(configs, overlay=None, btvarss=None): version=(1, 2)) with open(tmpfilename, 'r') as tmpfile: print(tmpfile.read()) - buildargs = f'{tmpfilename} {overlay}' + buildargs = f'{tmpfilename} {f"-o {overlay}" if overlay else ""}' try: run(f'shrinkwrap {rt} clean {cleanargs}', None) run(f'shrinkwrap {rt} buildall {buildargs}', None) - result['status'] = 'pass' except Exception as e: - result['error'] = str(e) + status = 'fail' + error = str(e) - results.append(result) + global results + results += [{ + 'type': 'build', + 'status': status, + 'error': error, + 'config': config, + 'overlay': overlay, + 'btvars': btvars, + } for config, btvars in zip(configs, btvarss)] + + +def run_config(config, overlay, rtvars, tag): + def make_rtcmds(rtvars): + return ' '.join([f'-r {k}={v}' for k, v in rtvars.items()]) + + runargs = make_rtcmds(rtvars) -def run_config(config, overlay=None, runargs=None, runtime=600): result = { 'type': 'run', 'status': 'fail', 'error': None, 'config': config, 'overlay': overlay, - 'runargs': runargs, - 'runtime': runtime, + 'rtvars': rtvars, + 'tag': tag, } rt = f'-R {RUNTIME} -I {IMAGE}' overlay = f'-o {overlay}' if overlay else '' - runargs = runargs if runargs else '' args = f'{config} {overlay} {runargs}' try: - run(f'shrinkwrap {rt} run {args}', runtime) + run(f'shrinkwrap {rt} run {args}', timeout=600) result['status'] = 'pass' except Exception as e: result['error'] = str(e) @@ -232,8 +223,14 @@ def run_config(config, overlay=None, runargs=None, runtime=600): results.append(result) -def make_rtcmds(rtvars): - return ' '.join([f'-r {k}={v}' for k, v in rtvars.items()]) +def run_configs(configs, overlay=None, rtvarss=None): + + if rtvarss is None: + rtvarss = [{'default': {}}] * len(configs) + + for config, _rtvars in zip(configs, rtvarss): + for tag, rtvars in _rtvars.items(): + run_config(config, overlay, rtvars, tag) def do_main(smoke_test): @@ -249,8 +246,7 @@ def do_main(smoke_test): if len(configs) == 0: continue build_configs(configs, f'arch/{arch}.yaml', btvarss=btvarss) - for config, rtvars in zip(configs, rtvarss): - run_config(config, f'arch/{arch}.yaml', make_rtcmds(rtvars)) + run_configs(configs, f'arch/{arch}.yaml', rtvarss=rtvarss) # Special-case configs that don't support arch overrides. build_configs(['cca-3world.yaml', 'cca-4world.yaml'], @@ -258,8 +254,11 @@ def do_main(smoke_test): {'GUEST_ROOTFS': ROOTFS}, {'GUEST_ROOTFS': ROOTFS} ]) - run_config('cca-3world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) - run_config('cca-4world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) + run_configs(['cca-3world.yaml', 'cca-4world.yaml'], None, + rtvarss=[ + {'default': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}}, + {'default': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}}, + ]) print_results() -- GitLab From 8539f7f66d44210ad7126c0b70fec866f130e3e8 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 6 Jun 2024 10:47:39 +0100 Subject: [PATCH 03/25] test: Run multiple fvps in parallel When running on a system with enough RAM and multiple CPUs, we can do multiple FVP runs in parallel to save text execution time. This is useful for the CI. A new option, `--fvpjobs` is added to specify the maximum number of parallel instances. When 1 (the default), shrinkwrap continues to output directly to the console as before. When >1, the entire output of each run is captured then dumpped to stdout out atomically. Signed-off-by: Ryan Roberts --- test/test.py | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/test/test.py b/test/test.py index 797b7da..2c14b29 100755 --- a/test/test.py +++ b/test/test.py @@ -5,15 +5,18 @@ import argparse import json +import multiprocessing as mp import os import re import subprocess +import sys import tempfile import yaml RUNTIME = None IMAGE = None +FVPJOBS = None ASSETS = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'assets') @@ -135,15 +138,16 @@ def print_results(): print(f'pass: {nr_pass}, fail: {len(results) - nr_pass}') -class WrongExit(Exception): - pass - - -def run(cmd, timeout=None, expect=0): +def run(cmd, timeout=None, expect=0, capture=False): print(f'+ {cmd}') - ret = subprocess.run(cmd, timeout=timeout, shell=True) + ret = subprocess.run(cmd, timeout=timeout, shell=True, + universal_newlines=True, + stdout=subprocess.PIPE if capture else None, + stderr=subprocess.STDOUT if capture else None) if ret.returncode != expect: - raise WrongExit(ret) + raise subprocess.CalledProcessError(ret.returncode, ret.args, + output=ret.stdout, stderr=ret.stderr) + return ret.stdout def build_configs(configs, overlay=None, btvarss=None): @@ -193,7 +197,7 @@ def build_configs(configs, overlay=None, btvarss=None): } for config, btvars in zip(configs, btvarss)] -def run_config(config, overlay, rtvars, tag): +def run_config(config, overlay, rtvars, tag, capture): def make_rtcmds(rtvars): return ' '.join([f'-r {k}={v}' for k, v in rtvars.items()]) @@ -215,12 +219,17 @@ def run_config(config, overlay, rtvars, tag): args = f'{config} {overlay} {runargs}' try: - run(f'shrinkwrap {rt} run {args}', timeout=600) + stdout = run(f'shrinkwrap {rt} run {args}', + timeout=600, capture=capture) result['status'] = 'pass' + except (subprocess.TimeoutExpired, subprocess.CalledProcessError) as e: + stdout = e.stdout + result['error'] = str(e) except Exception as e: + stdout = None result['error'] = str(e) - results.append(result) + return result, stdout def run_configs(configs, overlay=None, rtvarss=None): @@ -228,9 +237,16 @@ def run_configs(configs, overlay=None, rtvarss=None): if rtvarss is None: rtvarss = [{'default': {}}] * len(configs) + params = [] for config, _rtvars in zip(configs, rtvarss): for tag, rtvars in _rtvars.items(): - run_config(config, overlay, rtvars, tag) + params.append((config, overlay, rtvars, tag, FVPJOBS > 1)) + + with mp.Pool(processes=FVPJOBS) as pool: + for result, stdout in pool.starmap(run_config, params): + results.append(result) + if stdout: + sys.stdout.write(stdout) def do_main(smoke_test): @@ -285,6 +301,10 @@ def main(): help="""If using a container runtime, specifies the name of the image to use. Defaults to the official shrinkwrap image.""") + parser.add_argument('-f', '--fvpjobs', + metavar='count', required=False, default=1, type=int, + help="""Maximum number of FVPs to run in parallel.""") + parser.add_argument('-s', '--smoke-test', required=False, default=False, action='store_true', help="""If specified, run a smaller selection of tests.""") @@ -293,8 +313,10 @@ def main(): global RUNTIME global IMAGE + global FVPJOBS RUNTIME = args.runtime IMAGE = args.image + FVPJOBS = args.fvpjobs do_main(args.smoke_test) -- GitLab From 701af5c1e35e9e5b4ecb9f7e2b2898c2fa0e23d4 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 6 Jun 2024 13:30:08 +0100 Subject: [PATCH 04/25] test: Optionally output results in junit format This format can be consumed by gitlab CI. While at it, exit with non-zero exit code if any tests fail. Signed-off-by: Ryan Roberts --- test/test.py | 67 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 10 deletions(-) diff --git a/test/test.py b/test/test.py index 2c14b29..78051d5 100755 --- a/test/test.py +++ b/test/test.py @@ -11,6 +11,7 @@ import re import subprocess import sys import tempfile +from xml.sax.saxutils import escape, quoteattr import yaml @@ -124,9 +125,48 @@ def test_name(r): return ':'.join(parts) -def print_results(): - print('TEST REPORT JSON') - print(json.dumps(results, indent=4)) +def print_testcase(f, case): + if case['status'] == 'pass': + element = 'system-out' + prop = '' + if case['status'] == 'fail': + element = 'failure' + prop = ' type="failure"' + if case['status'] == 'error': + element = 'error' + prop = ' type="error"' + if case['status'] == 'skip': + element = 'skipped' + prop = ' type="skipped"' + + print(f' ', file=f) + if case['error'] == None: + print(f' <{element}{prop}/>', file=f) + else: + print(f' <{element}{prop}>', file=f) + print(escape(case['error']), file=f) + print(f' ', file=f) + print(' ', file=f) + + +def print_testsuite(f, suitename, cases): + print(f' ', file=f) + for case in cases: + print_testcase(f, case) + print(' ', file=f) + + +def print_junit_results(f, suitename, cases): + print('', file=f) + print('', file=f) + print_testsuite(f, suitename, cases) + print('', file=f) + + +def print_results(junit=None): + if junit: + with open(junit, 'w') as f: + print_junit_results(f, 'selftest', results) nr_pass = 0 print('TEST REPORT SUMMARY') @@ -137,6 +177,8 @@ def print_results(): print(f'pass: {nr_pass}, fail: {len(results) - nr_pass}') + return nr_pass == len(results) + def run(cmd, timeout=None, expect=0, capture=False): print(f'+ {cmd}') @@ -249,16 +291,16 @@ def run_configs(configs, overlay=None, rtvarss=None): sys.stdout.write(stdout) -def do_main(smoke_test): - if smoke_test: +def do_main(args): + if args.smoke_test: arches = set([c['arch']['end'] for c in CONFIGS]) else: arches = list(arch_range('v8.0', ARCH_LATEST)) for arch in arches: - configs = [c['config'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] - btvarss = [c['btvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] - rtvarss = [c['rtvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] + configs = [c['config'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if args.smoke_test else c['arch']['start'], c['arch']['end'])] + btvarss = [c['btvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if args.smoke_test else c['arch']['start'], c['arch']['end'])] + rtvarss = [c['rtvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if args.smoke_test else c['arch']['start'], c['arch']['end'])] if len(configs) == 0: continue build_configs(configs, f'arch/{arch}.yaml', btvarss=btvarss) @@ -276,7 +318,8 @@ def do_main(smoke_test): {'default': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}}, ]) - print_results() + success = print_results(args.junit) + exit(not success) def main(): @@ -301,6 +344,10 @@ def main(): help="""If using a container runtime, specifies the name of the image to use. Defaults to the official shrinkwrap image.""") + parser.add_argument('-j', '--junit', + metavar='file', required=False, default=None, + help="""Optionally output results in junit format to specified file.""") + parser.add_argument('-f', '--fvpjobs', metavar='count', required=False, default=1, type=int, help="""Maximum number of FVPs to run in parallel.""") @@ -318,7 +365,7 @@ def main(): IMAGE = args.image FVPJOBS = args.fvpjobs - do_main(args.smoke_test) + do_main(args) if __name__ == "__main__": -- GitLab From c2ac5220bbfec7a88d8fd2d5f3d58ca09d3c6f5a Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 09:33:26 +0100 Subject: [PATCH 05/25] docker: Cache web packages while building build.sh previously downloaded the toolchains and fvp from the web everytime it was invoked and deleted them when finished. This is expensive, but worse, on the CI, wget is not available in the container we must use to build the image. So let's store the packages in a separate `assets` subdirectory, and first check if what we need is there before downloading it. Additionally don't delete them when finished. Locally, this avoids subsequent invocations needing to download the packages. On the CI, we can cache the directory so that subsequent pipelines are faster. Finally add a special version, `none`, which if specified, syncs the package cache but exits without actually building any images. This is useful to enable separating the process of populating the cache on CI. Signed-off-by: Ryan Roberts --- docker/Dockerfile.full | 4 ++-- docker/Dockerfile.fvp | 2 +- docker/Dockerfile.slim | 2 +- docker/build.sh | 35 +++++++++++++++++++++++++++-------- 4 files changed, 31 insertions(+), 12 deletions(-) diff --git a/docker/Dockerfile.full b/docker/Dockerfile.full index 8b45c1e..e007691 100644 --- a/docker/Dockerfile.full +++ b/docker/Dockerfile.full @@ -20,7 +20,7 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb # even omit it by providing the special name "none". ARG TCH_PKG_NAME_AARCH32 ARG TCH_PATH_AARCH32 -COPY ${TCH_PKG_NAME_AARCH32} /tools/. +COPY assets/${TCH_PKG_NAME_AARCH32} /tools/. RUN cd /tools \ && if [ "${TCH_PKG_NAME_AARCH32}" != "none" ]; then \ tar xf ${TCH_PKG_NAME_AARCH32}; \ @@ -36,7 +36,7 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb ARG TCH_LLVM_PKG_NAME ARG TCH_LLVM_PATH -COPY ${TCH_LLVM_PKG_NAME} /tools/. +COPY assets/${TCH_LLVM_PKG_NAME} /tools/. RUN cd /tools \ && if [ "${TCH_LLVM_PKG_NAME}" != "none" ]; then \ tar xf ${TCH_LLVM_PKG_NAME}; \ diff --git a/docker/Dockerfile.fvp b/docker/Dockerfile.fvp index aa2d0be..9b2026d 100644 --- a/docker/Dockerfile.fvp +++ b/docker/Dockerfile.fvp @@ -10,7 +10,7 @@ FROM ${BASE} ARG FVP_PKG_NAME ARG FVP_MODEL_DIR ARG FVP_PLUGIN_DIR -COPY ${FVP_PKG_NAME} /tools/. +COPY assets/${FVP_PKG_NAME} /tools/. RUN cd /tools \ && if [ "${FVP_PKG_NAME}" != "none" ]; then \ tar xf ${FVP_PKG_NAME}; \ diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index c6bf3f6..4971fa9 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -175,7 +175,7 @@ RUN mkdir /tools # even omit it by providing the special name "none". ARG TCH_PKG_NAME_AARCH64 ARG TCH_PATH_AARCH64 -COPY ${TCH_PKG_NAME_AARCH64} /tools/. +COPY assets/${TCH_PKG_NAME_AARCH64} /tools/. RUN cd /tools \ && if [ "${TCH_PKG_NAME_AARCH64}" != "none" ]; then \ tar xf ${TCH_PKG_NAME_AARCH64}; \ diff --git a/docker/build.sh b/docker/build.sh index 528f772..fd760a7 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -17,6 +17,7 @@ Where: is something like "latest" or "v1.0.0". If is "local", the resulting image is NOT pushed to the remote repository. +If is "none", the package cache is synced but no image is built. EOF } @@ -66,11 +67,33 @@ fi echo "Building for version ${VERSION} for ${ARCH}..." +wget_or_cache() +{ + FILE=$1 + URL=$2 + + if [ ! -f ${FILE} ]; then + wget -q -O ${FILE} ${URL} + fi +} + +# Do everything relative to this script's directory. +ROOT=$( dirname $( readlink -f "$0" ) ) +cd ${ROOT} + +# Grab the pre-built packages. +mkdir -p assets +wget_or_cache assets/${TCH_PKG_NAME_AARCH64} ${TCH_PKG_URL_AARCH64}/${TCH_PKG_NAME_AARCH64} +wget_or_cache assets/${TCH_LLVM_PKG_NAME} ${TCH_LLVM_PKG_URL}/${TCH_LLVM_PKG_NAME} +wget_or_cache assets/${TCH_PKG_NAME_AARCH32} ${TCH_PKG_URL_AARCH32}/${TCH_PKG_NAME_AARCH32} +wget_or_cache assets/${FVP_PKG_NAME} ${FVP_PKG_URL}/${FVP_PKG_NAME} + +# Short circuit building the images if requested. +if [ "${VERSION}" = "none" ]; then + exit +fi + # Build the image. -wget -q -O ${TCH_PKG_NAME_AARCH64} ${TCH_PKG_URL_AARCH64}/${TCH_PKG_NAME_AARCH64} -wget -q -O ${TCH_LLVM_PKG_NAME} ${TCH_LLVM_PKG_URL}/${TCH_LLVM_PKG_NAME} -wget -q -O ${TCH_PKG_NAME_AARCH32} ${TCH_PKG_URL_AARCH32}/${TCH_PKG_NAME_AARCH32} -wget -q -O ${FVP_PKG_NAME} ${FVP_PKG_URL}/${FVP_PKG_NAME} docker build \ --build-arg=BASE=docker.io/library/debian:bookworm-slim \ --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ @@ -103,10 +126,6 @@ docker build \ --file=Dockerfile.fvp \ --tag=${REGISTRY}/base-full:${VERSION}-${ARCH} \ . -rm -rf ${TCH_PKG_NAME_AARCH64} > /dev/null 2>&1 || true -rm -rf ${TCH_LLVM_PKG_NAME} > /dev/null 2>&1 || true -rm -rf ${TCH_PKG_NAME_AARCH32} > /dev/null 2>&1 || true -rm -rf ${FVP_PKG_NAME} > /dev/null 2>&1 || true # If not a local version, publish the image. if [ "${VERSION}" != "local" ]; then -- GitLab From ab7b137fde3e462b61c9c5a368b002235a1c4026 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 09:55:22 +0100 Subject: [PATCH 06/25] docker: Enhance build.sh to support kaniko When building images on CI, we need to use Kaniko, since docker doesn't work when running inside docker. So let's enhance the script to allow the user to specify the driver. While we are at it, also allow the user to specify the registry, since that will be needed for CI too, to store temporary images. Additionally, ensure the script runs under sh, since bash is not available in the kaniko container image. For some reason `uname -p` returns "unknown" on CI runners, so let's switch to the more standard `uname -m` instead. Signed-off-by: Ryan Roberts --- docker/build.sh | 207 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 151 insertions(+), 56 deletions(-) diff --git a/docker/build.sh b/docker/build.sh index fd760a7..5aef881 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -1,37 +1,95 @@ -#!/bin/bash +#!/bin/sh # Copyright (c) 2022, Arm Limited. # SPDX-License-Identifier: MIT set -e -function usage() +usage() { - cat << EOF +cat << EOF Builds and optionally publishes shrinkwrap docker images for the architecture of the host system. (x86_64 and aarch64 are currently supported). Usage: -$(basename $0) +$(basename $0) [--driver docker|kaniko] [--registry ] --version Where: + --driver determines how the image will be built: + docker: (default) and will use "docker build" and "docker push". + This is usually what you want when running locally. + kaniko: Uses kaniko, which does not require access to the docker daemon. + Useful on CI systems where running inside a container. Must be + running inside the kaniko container. + + is the registry to publish to (defaults to docker.io/shrinkwraptool). is something like "latest" or "v1.0.0". -If is "local", the resulting image is NOT pushed to the remote repository. +The user is responsible for having already configured the driver connection to +the registry. + +If is "local" and --driver is "docker", the resulting image is NOT pushed +to the remote repository but instead kept locally by docker. + If is "none", the package cache is synced but no image is built. EOF } +DRIVER="docker" +REGISTRY="docker.io/shrinkwraptool" +VERSION= +ARCH=$(uname -m) + # Parse command line. -if [ "$#" -ne 1 ]; then - usage - exit 1 +while [ $# -gt 0 ]; do + case $1 in + --version) + VERSION="$2" + shift # past argument + shift # past value + ;; + --registry) + REGISTRY="$2" + shift # past argument + shift # past value + ;; + --driver) + DRIVER="$2" + shift # past argument + shift # past value + ;; + -h|--help) + usage + exit 0 + ;; + -*|--*) + echo "error: unexpected named argument! ($1)" + usage + exit 1 + ;; + *) + echo "error: unexpected positional argument! ($1)" + usage + exit 1 + ;; + esac +done + +if [ -z ${VERSION} ]; then + echo "error: no version provided!" + usage + exit 1 fi -VERSION="${1}" -ARCH=$(uname -p) -REGISTRY=shrinkwraptool + +if [ "${DRIVER}" != "docker" ] && [ "${DRIVER}" != "kaniko" ]; then + echo "error: invalid driver provided! (${DRIVER})" + usage + exit 1 +fi + +echo "Building image for ${ARCH} with driver=${DRIVER},registry=${REGISTRY},version=${VERSION}..." # Configure the arch-specific variables which are passed to the Dockerfile. -if [ "${ARCH}" == "x86_64" ]; then +if [ "${ARCH}" = "x86_64" ]; then TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-elf.tar.xz TCH_PATH_AARCH64=arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-elf/bin @@ -45,8 +103,8 @@ if [ "${ARCH}" == "x86_64" ]; then FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.24_11_Linux64.tgz FVP_MODEL_DIR=Base_RevC_AEMvA_pkg/models/Linux64_GCC-9.3 FVP_PLUGIN_DIR=Base_RevC_AEMvA_pkg/plugins/Linux64_GCC-9.3 -# ARCH is "aarch64" on Ubuntu, or "arm" on Mac OS -elif [ "${ARCH}" == "aarch64" ] || [ "${ARCH}" == "arm" ]; then +# ARCH is "aarch64" on Ubuntu, or "arm64" on Mac OS +elif [ "${ARCH}" = "aarch64" ] || [ "${ARCH}" = "arm64" ]; then TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-13.2.rel1-aarch64-aarch64-none-elf.tar.xz TCH_PATH_AARCH64=arm-gnu-toolchain-13.2.Rel1-aarch64-aarch64-none-elf/bin @@ -65,8 +123,6 @@ else exit 1 fi -echo "Building for version ${VERSION} for ${ARCH}..." - wget_or_cache() { FILE=$1 @@ -93,44 +149,83 @@ if [ "${VERSION}" = "none" ]; then exit fi -# Build the image. -docker build \ - --build-arg=BASE=docker.io/library/debian:bookworm-slim \ - --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ - --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ - --file=Dockerfile.slim \ - --tag=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ - . -docker build \ - --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ - --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ - --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ - --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ - --file=Dockerfile.fvp \ - --tag=${REGISTRY}/base-slim:${VERSION}-${ARCH} \ - . -docker build \ - --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ - --build-arg=TCH_PKG_NAME_AARCH32=${TCH_PKG_NAME_AARCH32} \ - --build-arg=TCH_PATH_AARCH32=${TCH_PATH_AARCH32} \ - --build-arg=TCH_LLVM_PKG_NAME=${TCH_LLVM_PKG_NAME} \ - --build-arg=TCH_LLVM_PATH=${TCH_LLVM_PATH} \ - --file=Dockerfile.full \ - --tag=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ - . -docker build \ - --build-arg=BASE=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ - --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ - --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ - --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ - --file=Dockerfile.fvp \ - --tag=${REGISTRY}/base-full:${VERSION}-${ARCH} \ - . - -# If not a local version, publish the image. -if [ "${VERSION}" != "local" ]; then - docker push ${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} - docker push ${REGISTRY}/base-slim:${VERSION}-${ARCH} - docker push ${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} - docker push ${REGISTRY}/base-full:${VERSION}-${ARCH} +# Build the images. +if [ "${DRIVER}" = "docker" ]; then + docker build \ + --build-arg=BASE=docker.io/library/debian:bookworm-slim \ + --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ + --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ + --file=Dockerfile.slim \ + --tag=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + . + docker build \ + --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ + --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ + --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ + --file=Dockerfile.fvp \ + --tag=${REGISTRY}/base-slim:${VERSION}-${ARCH} \ + . + docker build \ + --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + --build-arg=TCH_PKG_NAME_AARCH32=${TCH_PKG_NAME_AARCH32} \ + --build-arg=TCH_PATH_AARCH32=${TCH_PATH_AARCH32} \ + --build-arg=TCH_LLVM_PKG_NAME=${TCH_LLVM_PKG_NAME} \ + --build-arg=TCH_LLVM_PATH=${TCH_LLVM_PATH} \ + --file=Dockerfile.full \ + --tag=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ + . + docker build \ + --build-arg=BASE=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ + --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ + --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ + --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ + --file=Dockerfile.fvp \ + --tag=${REGISTRY}/base-full:${VERSION}-${ARCH} \ + . + + # If not a local version, publish the image. + if [ "${VERSION}" != "local" ]; then + docker push ${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} + docker push ${REGISTRY}/base-slim:${VERSION}-${ARCH} + docker push ${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} + docker push ${REGISTRY}/base-full:${VERSION}-${ARCH} + fi +elif [ "${DRIVER}" = "kaniko" ]; then + # Build the images. + /kaniko/executor \ + --build-arg=BASE=docker.io/library/debian:bookworm-slim \ + --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ + --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ + --dockerfile=Dockerfile.slim \ + --destination=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + --context=. + /kaniko/executor \ + --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ + --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ + --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ + --dockerfile=Dockerfile.fvp \ + --destination=${REGISTRY}/base-slim:${VERSION}-${ARCH} \ + --context=. + /kaniko/executor \ + --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ + --build-arg=TCH_PKG_NAME_AARCH32=${TCH_PKG_NAME_AARCH32} \ + --build-arg=TCH_PATH_AARCH32=${TCH_PATH_AARCH32} \ + --build-arg=TCH_LLVM_PKG_NAME=${TCH_LLVM_PKG_NAME} \ + --build-arg=TCH_LLVM_PATH=${TCH_LLVM_PATH} \ + --dockerfile=Dockerfile.full \ + --destination=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ + --context=. + /kaniko/executor \ + --build-arg=BASE=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ + --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ + --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ + --build-arg=FVP_PLUGIN_DIR=${FVP_PLUGIN_DIR} \ + --dockerfile=Dockerfile.fvp \ + --destination=${REGISTRY}/base-full:${VERSION}-${ARCH} \ + --context=. +else + echo "Driver ${DRIVER} not supported" + exit 1 fi -- GitLab From ceac633bd83a5badb8216c1f10e37601f1c98b89 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 14:13:13 +0100 Subject: [PATCH 07/25] docker: Allow caching packages for other arches When running on the CI, we want to be able to cache packages for arches other than the arch we are running on, so allow optional --arch to be passed to the script. Signed-off-by: Ryan Roberts --- docker/build.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/docker/build.sh b/docker/build.sh index 5aef881..3e8c246 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -11,7 +11,7 @@ Builds and optionally publishes shrinkwrap docker images for the architecture of the host system. (x86_64 and aarch64 are currently supported). Usage: -$(basename $0) [--driver docker|kaniko] [--registry ] --version +$(basename $0) [--driver docker|kaniko] [--registry ] [--arch ] --version Where: --driver determines how the image will be built: @@ -21,6 +21,12 @@ Where: Useful on CI systems where running inside a container. Must be running inside the kaniko container. + --arch optionally provides a target arch label that overrides the default + `uname -m`. Must be either "aarch64" or "x86_64". Unless `--version none`, + must match the arch of the machine used to run the script. For + `--version none` can be set to any supported arch to download that arch's + package cache. + is the registry to publish to (defaults to docker.io/shrinkwraptool). is something like "latest" or "v1.0.0". @@ -57,6 +63,11 @@ while [ $# -gt 0 ]; do shift # past argument shift # past value ;; + --arch) + ARCH="$2" + shift # past argument + shift # past value + ;; -h|--help) usage exit 0 @@ -86,8 +97,6 @@ if [ "${DRIVER}" != "docker" ] && [ "${DRIVER}" != "kaniko" ]; then exit 1 fi -echo "Building image for ${ARCH} with driver=${DRIVER},registry=${REGISTRY},version=${VERSION}..." - # Configure the arch-specific variables which are passed to the Dockerfile. if [ "${ARCH}" = "x86_64" ]; then TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel @@ -120,9 +129,12 @@ elif [ "${ARCH}" = "aarch64" ] || [ "${ARCH}" = "arm64" ]; then FVP_PLUGIN_DIR=Base_RevC_AEMvA_pkg/plugins/Linux64_armv8l_GCC-9.3 else echo "Host architecture ${ARCH} not supported" + usage exit 1 fi +echo "Building image for ${ARCH} with driver=${DRIVER},registry=${REGISTRY},version=${VERSION}..." + wget_or_cache() { FILE=$1 -- GitLab From a90457d7e0c5dd35561745edccb9a078f66ec955 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 11:42:39 +0100 Subject: [PATCH 08/25] docker: Cleanup after each kaniko invocation Previously, the base-full image contained the directory structure for the FVP package, but all the files were missing. Experimentation concluded that Kaniko was getting confused because it has already untared the fvp package for the base-slim image. If I comment out building that image, then base-full contains all the required files. So let's work around that issue by providing `--cleanup` to Kaniko, which will cause it to clean its self up at the end of each invocation so as not to confuse future invocations. With this in place, the base-slim image is now correct. Signed-off-by: Ryan Roberts --- docker/build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/build.sh b/docker/build.sh index 3e8c246..c631b83 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -206,6 +206,7 @@ if [ "${DRIVER}" = "docker" ]; then elif [ "${DRIVER}" = "kaniko" ]; then # Build the images. /kaniko/executor \ + --cleanup \ --build-arg=BASE=docker.io/library/debian:bookworm-slim \ --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ @@ -213,6 +214,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --destination=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ --context=. /kaniko/executor \ + --cleanup \ --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ @@ -221,6 +223,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --destination=${REGISTRY}/base-slim:${VERSION}-${ARCH} \ --context=. /kaniko/executor \ + --cleanup \ --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ --build-arg=TCH_PKG_NAME_AARCH32=${TCH_PKG_NAME_AARCH32} \ --build-arg=TCH_PATH_AARCH32=${TCH_PATH_AARCH32} \ @@ -230,6 +233,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --destination=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ --context=. /kaniko/executor \ + --cleanup \ --build-arg=BASE=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ -- GitLab From 25309440912890012ead12cab5d9a0561ef38ed0 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 11:45:55 +0100 Subject: [PATCH 09/25] docker: Ensure kaniko caches layers to speedup rebuilds This causes kaniko to cache layer meta data in the gitlab registry and check for hits when building images. So if (parts of) the dockerfile is the same between CI pipelines, the cache can be used to speed everything up. Signed-off-by: Ryan Roberts --- docker/build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/build.sh b/docker/build.sh index c631b83..c14f2cc 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -207,6 +207,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then # Build the images. /kaniko/executor \ --cleanup \ + --cache=true --cache-copy-layers --cache-run-layers \ --build-arg=BASE=docker.io/library/debian:bookworm-slim \ --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ @@ -215,6 +216,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --context=. /kaniko/executor \ --cleanup \ + --cache=true --cache-copy-layers --cache-run-layers \ --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ @@ -224,6 +226,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --context=. /kaniko/executor \ --cleanup \ + --cache=true --cache-copy-layers --cache-run-layers \ --build-arg=BASE=${REGISTRY}/base-slim-nofvp:${VERSION}-${ARCH} \ --build-arg=TCH_PKG_NAME_AARCH32=${TCH_PKG_NAME_AARCH32} \ --build-arg=TCH_PATH_AARCH32=${TCH_PATH_AARCH32} \ @@ -234,6 +237,7 @@ elif [ "${DRIVER}" = "kaniko" ]; then --context=. /kaniko/executor \ --cleanup \ + --cache=true --cache-copy-layers --cache-run-layers \ --build-arg=BASE=${REGISTRY}/base-full-nofvp:${VERSION}-${ARCH} \ --build-arg=FVP_PKG_NAME=${FVP_PKG_NAME} \ --build-arg=FVP_MODEL_DIR=${FVP_MODEL_DIR} \ -- GitLab From 33cbe00062e6a6c2110869764e924ad0bd303509 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 15:53:57 +0100 Subject: [PATCH 10/25] docker: Support manifest-tool in publish.sh Enhance publish.sh to support choice of driver (either docker or manifest-tool), much like build.sh. This will allow its use on CI, which is running in a container and cannot therefore use docker. Signed-off-by: Ryan Roberts --- docker/publish.sh | 190 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 152 insertions(+), 38 deletions(-) diff --git a/docker/publish.sh b/docker/publish.sh index 48f3f68..e89e0c4 100755 --- a/docker/publish.sh +++ b/docker/publish.sh @@ -1,59 +1,173 @@ -#!/bin/bash +#!/bin/sh # Copyright (c) 2022, Arm Limited. # SPDX-License-Identifier: MIT -set -ex +set -e -function usage() +usage() { - cat << EOF +cat << EOF Creates a manifest list for a multiarch docker image and publishes it so that users can pull an image using a generic name and the variant for their machine architecture is automatically selected. Usage: -$(basename $0) +$(basename $0) [--driver docker|manifest-tool] [--user --password ] [--registry ] --version Where: + --driver determines how the image will be published: + docker: (default) and will use "docker manifest". This is usually + what you want when running locally. + manifest-tool: Uses manifest-tool, which does not require access to the + docker daemon. Useful on CI systems where running inside a + container. + + is required by manifest-tool to access the registry + is required by manifest-tool to access the registry + is the registry to publish to (defaults to docker.io/shrinkwraptool). is something like "latest" or "v1.0.0". An image for each of the supported architectures must have already been built and published with . + +The user is responsible for having already configured the driver connection to +the registry. EOF } +DRIVER="docker" +USER= +PASSWORD= +REGISTRY="docker.io/shrinkwraptool" +VERSION= + # Parse command line. -if [ "$#" -ne 1 ]; then - usage - exit 1 +while [ $# -gt 0 ]; do + case $1 in + --version) + VERSION="$2" + shift # past argument + shift # past value + ;; + --registry) + REGISTRY="$2" + shift # past argument + shift # past value + ;; + --driver) + DRIVER="$2" + shift # past argument + shift # past value + ;; + --user) + USER="$2" + shift # past argument + shift # past value + ;; + --password) + PASSWORD="$2" + shift # past argument + shift # past value + ;; + -h|--help) + usage + exit 0 + ;; + -*|--*) + echo "error: unexpected named argument! ($1)" + usage + exit 1 + ;; + *) + echo "error: unexpected positional argument! ($1)" + usage + exit 1 + ;; + esac +done + +if [ -z ${VERSION} ]; then + echo "error: no version provided!" + usage + exit 1 +fi + +if [ "${DRIVER}" != "docker" ] && [ "${DRIVER}" != "manifest-tool" ]; then + echo "error: invalid driver provided! (${DRIVER})" + usage + exit 1 +fi + +if [ "${DRIVER}" = "manifest-tool" ]; then + if [ -z ${USER} ] || [ -z ${PASSWORD} ]; then + echo "error: --user and --password are required when using manifest-tool!" + usage + exit 1 + fi +fi + +echo "Publishing multiarch image with driver=${DRIVER},registry=${REGISTRY},version=${VERSION}..." + +# Do everything relative to this script's directory. +ROOT=$( dirname $( readlink -f "$0" ) ) +cd ${ROOT} + +if [ "${DRIVER}" = "docker" ]; then + # base-slim-nofvp + docker manifest create ${REGISTRY}/base-slim-nofvp:${VERSION} \ + ${REGISTRY}/base-slim-nofvp:${VERSION}-aarch64 \ + ${REGISTRY}/base-slim-nofvp:${VERSION}-x86_64 + docker manifest push ${REGISTRY}/base-slim-nofvp:${VERSION} + docker manifest rm ${REGISTRY}/base-slim-nofvp:${VERSION} + + # base-slim + docker manifest create ${REGISTRY}/base-slim:${VERSION} \ + ${REGISTRY}/base-slim:${VERSION}-aarch64 \ + ${REGISTRY}/base-slim:${VERSION}-x86_64 + docker manifest push ${REGISTRY}/base-slim:${VERSION} + docker manifest rm ${REGISTRY}/base-slim:${VERSION} + + # base-full-nofvp + docker manifest create ${REGISTRY}/base-full-nofvp:${VERSION} \ + ${REGISTRY}/base-full-nofvp:${VERSION}-aarch64 \ + ${REGISTRY}/base-full-nofvp:${VERSION}-x86_64 + docker manifest push ${REGISTRY}/base-full-nofvp:${VERSION} + docker manifest rm ${REGISTRY}/base-full-nofvp:${VERSION} + + # base-full + docker manifest create ${REGISTRY}/base-full:${VERSION} \ + ${REGISTRY}/base-full:${VERSION}-aarch64 \ + ${REGISTRY}/base-full:${VERSION}-x86_64 + docker manifest push ${REGISTRY}/base-full:${VERSION} + docker manifest rm ${REGISTRY}/base-full:${VERSION} +elif [ "${DRIVER}" = "manifest-tool" ]; then + manifest_publish() + { + NAME=$1 + MANIFEST=$(mktemp) + + cat << EOF > ${MANIFEST} +image: ${REGISTRY}/${NAME}:${VERSION} +manifests: + - image: ${REGISTRY}/${NAME}:${VERSION}-aarch64 + platform: + architecture: arm64 + os: linux + - image: ${REGISTRY}/${NAME}:${VERSION}-x86_64 + platform: + architecture: amd64 + os: linux +EOF + + manifest-tool-linux-amd64 --username ${USER} --password ${PASSWORD} push from-spec ${MANIFEST} + rm -rf ${MANIFEST} + } + + manifest_publish "base-slim-nofvp" + manifest_publish "base-slim" + manifest_publish "base-full-nofvp" + manifest_publish "base-full" +else + echo "Driver ${DRIVER} not supported" + exit 1 fi -VERSION="$1" -REGISTRY=shrinkwraptool - -# base-slim-nofvp -docker manifest create ${REGISTRY}/base-slim-nofvp:${VERSION} \ - ${REGISTRY}/base-slim-nofvp:${VERSION}-aarch64 \ - ${REGISTRY}/base-slim-nofvp:${VERSION}-x86_64 -docker manifest push ${REGISTRY}/base-slim-nofvp:${VERSION} -docker manifest rm ${REGISTRY}/base-slim-nofvp:${VERSION} - -# base-slim -docker manifest create ${REGISTRY}/base-slim:${VERSION} \ - ${REGISTRY}/base-slim:${VERSION}-aarch64 \ - ${REGISTRY}/base-slim:${VERSION}-x86_64 -docker manifest push ${REGISTRY}/base-slim:${VERSION} -docker manifest rm ${REGISTRY}/base-slim:${VERSION} - -# base-full-nofvp -docker manifest create ${REGISTRY}/base-full-nofvp:${VERSION} \ - ${REGISTRY}/base-full-nofvp:${VERSION}-aarch64 \ - ${REGISTRY}/base-full-nofvp:${VERSION}-x86_64 -docker manifest push ${REGISTRY}/base-full-nofvp:${VERSION} -docker manifest rm ${REGISTRY}/base-full-nofvp:${VERSION} - -# base-full -docker manifest create ${REGISTRY}/base-full:${VERSION} \ - ${REGISTRY}/base-full:${VERSION}-aarch64 \ - ${REGISTRY}/base-full:${VERSION}-x86_64 -docker manifest push ${REGISTRY}/base-full:${VERSION} -docker manifest rm ${REGISTRY}/base-full:${VERSION} -- GitLab From 0151faf44849eb7c90f28741f391ee0f381936a2 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 10:58:58 +0100 Subject: [PATCH 11/25] docker: Install pyyaml needed by shrinkwrap Shrinkwrap requires pyyaml. When running inside the image, as it does on the CI, we must ensure this package is available. Signed-off-by: Ryan Roberts --- docker/Dockerfile.slim | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index 4971fa9..bf3beb9 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -36,7 +36,8 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb wget RUN pip3 install \ termcolor \ - tuxmake + tuxmake \ + pyyaml # Install packages requried by TF-A. # From https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/prerequisites.html. -- GitLab From 99bb57bd4e492b87adf4e14f2539df245cd6285f Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 09:57:43 +0100 Subject: [PATCH 12/25] ci --- .gitlab-ci.yml | 108 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..93645b8 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,108 @@ +variables: + KUBERNETES_CPU_REQUEST: 32 + KUBERNETES_MEMORY_REQUEST: 16Gi + FORCE_PREP_TEST_ASSETS: + value: "false" + options: + - "true" + - "false" + description: "If true, forces test assets to be prepped even if cached from a previous run." + FORCE_PREP_DOCKER_ASSETS: + value: "false" + options: + - "true" + - "false" + description: "If true, forces docker assets to be prepped even if cached from a previous run." + +stages: + - prep + - build + - test + - deploy + +prep-docker-assets: + stage: prep + image: shrinkwraptool/base-full:latest + tags: + - amd64 + cache: + key: docker-assets + policy: pull-push + paths: + - docker/assets/ + script: + - | + if [ -f ./docker/assets/.cache_exists ] && [ "$FORCE_PREP_DOCKER_ASSETS" == "false" ]; then + echo "Cache already exists and prep not forced: skipping." + else + ./docker/build.sh --pkgcache ./docker/assets --version none + echo > ./docker/assets/.cache_exists + fi + +build-docker-image: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + # parallel: + # matrix: + # - TAG: amd64 + # - TAG: arm64 + tags: + - amd64 + cache: + key: docker-assets + policy: pull + paths: + - docker/assets/ + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"${CI_REGISTRY_IMAGE}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json + - ./docker/build.sh --driver kaniko --pkgcache ./docker/assets --registry ${CI_REGISTRY_IMAGE} --version test1 + +prep-test-assets: + stage: prep + image: shrinkwraptool/base-full:latest + tags: + - amd64 + cache: + key: test-assets + policy: pull-push + paths: + - test/assets/ + script: + - | + if [ -f ./test/assets/.cache_exists ] && [ "$FORCE_PREP_TEST_ASSETS" == "false" ]; then + echo "Cache already exists and prep not forced: skipping." + else + ./test/genassets.sh + echo > ./test/assets/.cache_exists + fi + +test-self-amd64: + stage: test + image: shrinkwraptool/base-full:latest + tags: + - amd64 + cache: + key: test-assets + policy: pull + paths: + - test/assets/ + script: + - export PATH=$PWD/shrinkwrap:$PATH + - export SHRINKWRAP_BUILD=$PWD/shrinkwrap_workspace + - export SHRINKWRAP_PACKAGE=$PWD/shrinkwrap_workspace/package + - ./test/test.py --runtime null --smoke-test --fvpjobs 4 --junit selftest-amd64.xml + artifacts: + name: "selftest-amd64" + paths: + - selftest-amd64.xml + reports: + junit: selftest-amd64.xml + +# deploy-docker-image: +# stage: deploy +# script: +# - echo "Deploying docker image..." +# - echo "Docker image deployed." -- GitLab From beb93dab405ab24aeaada79576d4f9eebf12c49c Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 09:05:09 +0000 Subject: [PATCH 13/25] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 93645b8..07fd7c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -35,7 +35,7 @@ prep-docker-assets: if [ -f ./docker/assets/.cache_exists ] && [ "$FORCE_PREP_DOCKER_ASSETS" == "false" ]; then echo "Cache already exists and prep not forced: skipping." else - ./docker/build.sh --pkgcache ./docker/assets --version none + ./docker/build.sh --version none echo > ./docker/assets/.cache_exists fi @@ -58,7 +58,7 @@ build-docker-image: script: - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"${CI_REGISTRY_IMAGE}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - ./docker/build.sh --driver kaniko --pkgcache ./docker/assets --registry ${CI_REGISTRY_IMAGE} --version test1 + - ./docker/build.sh --driver kaniko --registry ${CI_REGISTRY_IMAGE} --version test1 prep-test-assets: stage: prep -- GitLab From 5ec1c058081cac678128cc52e95acbf52d5b1db9 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 09:24:32 +0000 Subject: [PATCH 14/25] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 07fd7c5..4d91259 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -81,7 +81,7 @@ prep-test-assets: test-self-amd64: stage: test - image: shrinkwraptool/base-full:latest + image: registry.gitlab.arm.com/tooling/shrinkwrap/base-full:test1-x86_64 tags: - amd64 cache: -- GitLab From 3681cafa538aa972f347265f529a7c7309bd10d0 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 9 Jun 2024 17:03:01 +0100 Subject: [PATCH 15/25] ci --- .gitlab-ci.yml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4d91259..bc06b50 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,12 +44,13 @@ build-docker-image: image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] - # parallel: - # matrix: - # - TAG: amd64 - # - TAG: arm64 + parallel: + matrix: + - TAG: + - amd64 + - arm64 tags: - - amd64 + - ${TAG} cache: key: docker-assets policy: pull @@ -58,7 +59,7 @@ build-docker-image: script: - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"${CI_REGISTRY_IMAGE}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - ./docker/build.sh --driver kaniko --registry ${CI_REGISTRY_IMAGE} --version test1 + - ./docker/build.sh --driver kaniko --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} prep-test-assets: stage: prep @@ -79,11 +80,16 @@ prep-test-assets: echo > ./test/assets/.cache_exists fi -test-self-amd64: +test-self: stage: test - image: registry.gitlab.arm.com/tooling/shrinkwrap/base-full:test1-x86_64 + image: registry.gitlab.arm.com/tooling/shrinkwrap/base-slim:${CI_PIPELINE_IID}-x86_64 + parallel: + matrix: + - TAG: + - amd64 + - arm64 tags: - - amd64 + - ${TAG} cache: key: test-assets policy: pull @@ -93,13 +99,13 @@ test-self-amd64: - export PATH=$PWD/shrinkwrap:$PATH - export SHRINKWRAP_BUILD=$PWD/shrinkwrap_workspace - export SHRINKWRAP_PACKAGE=$PWD/shrinkwrap_workspace/package - - ./test/test.py --runtime null --smoke-test --fvpjobs 4 --junit selftest-amd64.xml + - ./test/test.py --runtime null --smoke-test --fvpjobs 4 --junit selftest-${TAG}.xml artifacts: - name: "selftest-amd64" + name: selftest-${TAG} paths: - - selftest-amd64.xml + - selftest-${TAG}.xml reports: - junit: selftest-amd64.xml + junit: selftest-${TAG}.xml # deploy-docker-image: # stage: deploy -- GitLab From 8bb8f7b83401f3c16cb37047da35f64ac9a29cb8 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 14:16:33 +0100 Subject: [PATCH 16/25] ci --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bc06b50..1e06f7a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -35,7 +35,8 @@ prep-docker-assets: if [ -f ./docker/assets/.cache_exists ] && [ "$FORCE_PREP_DOCKER_ASSETS" == "false" ]; then echo "Cache already exists and prep not forced: skipping." else - ./docker/build.sh --version none + ./docker/build.sh --version none --arch x86_64 + ./docker/build.sh --version none --arch aarch64 echo > ./docker/assets/.cache_exists fi -- GitLab From c59983203573197fa44970bc56a14487467b3071 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 16:04:40 +0100 Subject: [PATCH 17/25] ci --- .gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e06f7a..72125fa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,7 @@ variables: stages: - prep - build + - publish - test - deploy @@ -62,6 +63,18 @@ build-docker-image: - echo "{\"auths\":{\"${CI_REGISTRY_IMAGE}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - ./docker/build.sh --driver kaniko --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} +publish-docker-image: + stage: publish + image: shrinkwraptool/base-full:latest + tags: + - amd64 + script: + - mkdir bin + - cd bin + - curl -L https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz + - cd - + - ./docker/publish.sh --driver manifest --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} + prep-test-assets: stage: prep image: shrinkwraptool/base-full:latest -- GitLab From b9644711ed8595645388a3aa5173ddeb847614b4 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 17:27:39 +0100 Subject: [PATCH 18/25] ci --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72125fa..338af36 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ publish-docker-image: - cd bin - curl -L https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz - cd - - - ./docker/publish.sh --driver manifest --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} + - ./docker/publish.sh --driver manifest-tool --user ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} prep-test-assets: stage: prep -- GitLab From 1066aae95d3fca6e303eccff32da6574232fac3c Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 17:54:57 +0100 Subject: [PATCH 19/25] ci --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 338af36..e941c74 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,6 +73,7 @@ publish-docker-image: - cd bin - curl -L https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz - cd - + - export PATH=${PWD}/bin:${PATH} - ./docker/publish.sh --driver manifest-tool --user ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} prep-test-assets: -- GitLab From 6a4a88a1363cafe23dbd940949685e445f6ee057 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 11 Jun 2024 19:44:10 +0000 Subject: [PATCH 20/25] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e941c74..9f9e618 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -97,7 +97,7 @@ prep-test-assets: test-self: stage: test - image: registry.gitlab.arm.com/tooling/shrinkwrap/base-slim:${CI_PIPELINE_IID}-x86_64 + image: registry.gitlab.arm.com/tooling/shrinkwrap/base-slim:${CI_PIPELINE_IID} parallel: matrix: - TAG: -- GitLab From c36545732ddb6f384e3898140bb63c26df75a7e3 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 10:03:12 +0100 Subject: [PATCH 21/25] ci --- .gitlab-ci.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9f9e618..33ffb74 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ stages: prep-docker-assets: stage: prep - image: shrinkwraptool/base-full:latest + image: shrinkwraptool/base-slim:latest tags: - amd64 cache: @@ -65,20 +65,18 @@ build-docker-image: publish-docker-image: stage: publish - image: shrinkwraptool/base-full:latest + image: shrinkwraptool/base-slim:latest tags: - amd64 script: - mkdir bin - - cd bin - - curl -L https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz - - cd - - export PATH=${PWD}/bin:${PATH} + - curl -LsS https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz -C bin - ./docker/publish.sh --driver manifest-tool --user ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} prep-test-assets: stage: prep - image: shrinkwraptool/base-full:latest + image: shrinkwraptool/base-slim:latest tags: - amd64 cache: -- GitLab From 1a6659f50ae84242bcbe9b2d4d0defa683d4faa1 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 11:51:00 +0100 Subject: [PATCH 22/25] ci --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 33ffb74..8074ffc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -95,7 +95,7 @@ prep-test-assets: test-self: stage: test - image: registry.gitlab.arm.com/tooling/shrinkwrap/base-slim:${CI_PIPELINE_IID} + image: registry.gitlab.arm.com/tooling/shrinkwrap/base-full:${CI_PIPELINE_IID} parallel: matrix: - TAG: -- GitLab From a7c2bed59fa577528eb65961bb5ae2abf99481d8 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 14:03:26 +0100 Subject: [PATCH 23/25] ci --- .gitlab-ci.yml | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8074ffc..58cfdf9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,7 +17,6 @@ variables: stages: - prep - build - - publish - test - deploy @@ -63,15 +62,17 @@ build-docker-image: - echo "{\"auths\":{\"${CI_REGISTRY_IMAGE}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - ./docker/build.sh --driver kaniko --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} -publish-docker-image: - stage: publish +build-docker-manifest: + stage: build image: shrinkwraptool/base-slim:latest tags: - amd64 + needs: + - build-docker-image script: - mkdir bin - export PATH=${PWD}/bin:${PATH} - - curl -LsS https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz -C bin + - curl -LsS https://github.com/estesp/manifest-tool/releases/download/v2.0.6/binaries-manifest-tool-2.0.6.tar.gz | tar -xz -C bin - ./docker/publish.sh --driver manifest-tool --user ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} --registry ${CI_REGISTRY_IMAGE} --version ${CI_PIPELINE_IID} prep-test-assets: @@ -120,8 +121,18 @@ test-self: reports: junit: selftest-${TAG}.xml -# deploy-docker-image: -# stage: deploy -# script: -# - echo "Deploying docker image..." -# - echo "Docker image deployed." +deploy-docker-image: + stage: deploy + image: shrinkwraptool/base-slim:latest + tags: + - amd64 + script: + - mkdir bin + - export PATH=${PWD}/bin:${PATH} + - curl -LsS https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 > bin/regctl + - chmod 755 bin/regctl + - regctl registry login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD} docker.io + - regctl image copy registry.gitlab.arm.com/tooling/shrinkwrap/base-slim-nofvp:${CI_PIPELINE_IID} docker.io/shrinkwraptool/base-slim-nofvp:latest + - regctl image copy registry.gitlab.arm.com/tooling/shrinkwrap/base-slim:${CI_PIPELINE_IID} docker.io/shrinkwraptool/base-slim:latest + - regctl image copy registry.gitlab.arm.com/tooling/shrinkwrap/base-full-nofvp:${CI_PIPELINE_IID} docker.io/shrinkwraptool/base-full-nofvp:latest + - regctl image copy registry.gitlab.arm.com/tooling/shrinkwrap/base-full:${CI_PIPELINE_IID} docker.io/shrinkwraptool/base-full:latest -- GitLab From f15dfec0f017dc313cb04b7b0e997e313037db2b Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 17:09:39 +0100 Subject: [PATCH 24/25] ci --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 58cfdf9..5dca05c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -126,6 +126,8 @@ deploy-docker-image: image: shrinkwraptool/base-slim:latest tags: - amd64 + rules: + - if: ${CI_COMMIT_BRANCH} == ${CI_DEFAULT_BRANCH} script: - mkdir bin - export PATH=${PWD}/bin:${PATH} -- GitLab From a979328b644a730f590e5ddeb3bd25442bb29bab Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 12 Jun 2024 16:10:58 +0000 Subject: [PATCH 25/25] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5dca05c..f60f74a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -127,7 +127,7 @@ deploy-docker-image: tags: - amd64 rules: - - if: ${CI_COMMIT_BRANCH} == ${CI_DEFAULT_BRANCH} + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH script: - mkdir bin - export PATH=${PWD}/bin:${PATH} -- GitLab