Fix build-master job, added script for install packages (apk)

596f0425 · Jiří Ježek · František Řezníček · 0e50f628 · 596f0425 · 596f0425
Commit 596f0425 authored 1 year ago by Jiří Ježek Committed by František Řezníček 1 year ago
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,24 +5,31 @@ stages:
 # common parts --------------------------------------------------------------
 image: registry.gitlab.ics.muni.cz:443/cloud/container-registry/docker:latest
-services:
-  - name: registry.gitlab.ics.muni.cz:443/cloud/container-registry/docker:latest-dind
-    alias: docker
 before_script:
  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+.common-artifacts: &common-artifacts
+  artifacts:
+    expire_in: 14 days
+    when: always
+    name: logs
+    paths:
+      - "*.log"
 # build jobs ----------------------------------------------------------------
 .build-common: &build-common
+  <<: *common-artifacts
  stage: build
+  before_script:
+  - ci/dependencies/install-pkgs-apk.sh ci/dependencies/requirements-build-common.apk > pkgs-install.log   
+  - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script: |
-    export DOCKER_CONTENT_TRUST=1
    for i_image_tag in ${IMAGES}; do
-      export DOCKER_CONTENT_TRUST=1
      i_image_dir=$(echo "${i_image_tag}" | awk 'BEGIN{FS=":"}{printf $NF}')
-      docker build --pull -t "${CONTAINER_IMAGE_REGISTRY_NAMESPACE}/${i_image_tag}" ./${i_image_dir}
+      podman build --pull -t "${CONTAINER_IMAGE_REGISTRY_NAMESPACE}/${i_image_tag}" ./${i_image_dir}
-      export DOCKER_CONTENT_TRUST=0
+      podman push "${CONTAINER_IMAGE_REGISTRY_NAMESPACE}/${i_image_tag}"
-      docker push "${CONTAINER_IMAGE_REGISTRY_NAMESPACE}/${i_image_tag}"
    done
 build-master:
@@ -46,8 +53,9 @@ build-branches:
    - tags
 build-pull-tag-push:
+  <<: *common-artifacts
  # avoiding pip's externally-managed-environment error https://gitlab.ics.muni.cz/cloud/container-registry/-/jobs/904509
-  image: debian:11 
+  image: debian:12
  stage: build
  variables:
    IMAGES: "centos:7 centos:8 almalinux:8 rockylinux:8 debian:10 debian:10-slim debian:11 debian:11-slim"
@@ -57,11 +65,10 @@ build-pull-tag-push:
    SSHUTTLE_ROUTED_SUBNETS: "10.16.0.0/16 147.251.62.0/24 147.251.63.0/24"
    SSHUTTLE_EXCLUDED_SUBNETS: "147.251.62.9/32"
  before_script:
-    - ci/dependencies/install-pkgs.sh ci/dependencies/requirements.apt > pkgs-install.log
+    - ci/dependencies/install-pkgs-apt.sh ci/dependencies/requirements.apt > pkgs-install.log
    - ci/dependencies/install-pymodules.sh ci/dependencies/requirements.pip > pymodules-install.log
    - service docker start
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - mkdir -p "${HOME}/.ssh"
    - ssh_private_key_file="SSH_PRIVATE_KEY_PRODUCTION"
    - cp -f "${!ssh_private_key_file}" "${HOME}/.ssh/id_rsa"
@@ -80,8 +87,7 @@ build-pull-tag-push:
 .upstream-container-release-downstream: &upstream-container-release-downstream
  stage: upstream-container-release-downstream
  script: |
-    apk update
+    ci/dependencies/install-pkgs-apk.sh ci/dependencies/requirements-build-pull-tag-push.apk > pkgs-install.log
-    apk add gettext gawk
    export BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S)
    export CI_BUILD_HOSTNAME="$(hostname)"
    export CONTAINER_IMAGE_TAG="$(echo "${CI_COMMIT_TAG}" | awk -F/ '{printf $2}')"
@@ -100,13 +106,13 @@ build-pull-tag-push:
      echo "Releasing ${DEST_IMAGE_NAME} also as ${i_dest_image_name}"
      docker push "${i_dest_image_name}"
    done
  artifacts:
    expire_in: 1 mo
    when: always
    name: upstream-app-dockerfiles
    paths:
      - upstream-app/Dockerfile*
+      - "*.log"
 node-exporter:
  <<: *upstream-container-release-downstream

--- a/ci/dependencies/install-pkgs-apk.sh
+++ b/ci/dependencies/install-pkgs-apk.sh
+#!/bin/sh
+# 
+# install-pkgs-apk.sh <pkg-requirement-file> ... [pkg-repository-url] ...  [package-name] ...
+# 
+# installs linux packages from various sources
+# * <pkg-requirement-file> i.e. packages listed in text file
+# * [pkg-repository-url]   i.e. enable foreign package repository
+# * [package-name]         i.e. explicitly listed packages
+#
+# Note: Only Alpine-like Linux distros with apk are supported at the moment
+set -eo pipefail
+APT='apk'
+function install_pkgs_from_requirement_file() {
+    local file="$1"
+    ${APT} add $(grep -v '^#' "${file}")
+}
+function install_pkg_repository() {
+    local repo_url="$1"
+    echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> "/etc/apk/repositories"
+    yum-config-manager --add-repo "${repo_url}"
+}
+function install_pkgs() {
+    ${APT} add "$@"
+}
+apk update
+for i_arg in "$@"; do
+  if [ -r "${i_arg}" ]; then
+      install_pkgs_from_requirement_file "${i_arg}"
+  elif [[ "${i_arg}" =~ https?://.+ ]]; then
+      install_pkg_repository "${i_arg}"
+  else
+      install_pkgs "${i_arg}"
+  fi
+done
--- a/ci/dependencies/install-pkgs.sh
+++ b/ci/dependencies/install-pkgs.sh
 #!/usr/bin/env bash
 # 
-# install-pkgs.sh <pkg-requirement-file> ... [pkg-repository-url] ...  [package-name] ...
+# install-pkgs-apt.sh <pkg-requirement-file> ... [pkg-repository-url] ...  [package-name] ...
 # 
 # installs linux packages from various sources
 # * <pkg-requirement-file> i.e. packages listed in text file
 # * [pkg-repository-url]   i.e. enable foreign package repository
 # * [package-name]         i.e. explicitly listed packages
 #
-# Note: Only RHEL-like Linux distros with yum are supported at the moment
+# Note: Only Debian/Ubuntu-like Linux distros with apt are supported at the moment
 set -eo pipefail

--- a/ci/dependencies/requirements-build-common.apk
+++ b/ci/dependencies/requirements-build-common.apk
+podman
\ No newline at end of file
--- a/ci/dependencies/requirements-build-pull-tag-push.apk
+++ b/ci/dependencies/requirements-build-pull-tag-push.apk
+gettext
+gawk
\ No newline at end of file
--- a/ci/dependencies/requirements.apt
+++ b/ci/dependencies/requirements.apt
 python3-pip
 docker.io
\ No newline at end of file