Rework the container to run as non-root, use heredocs for readability and use apt-get
--no-install-recommends to keep the size down. Rename the CI jobs to
debian-12-arm32-<variant> to follow the naming scheme of all the other
CI jobs.
Signed-off-by: Javi Merino <javi.merino@cloud.com>
---
.../debian/12-arm64v8-arm32-gcc.dockerfile | 28 +++++++++++++++++++
.../bookworm-arm64v8-arm32-gcc.dockerfile | 24 ----------------
automation/gitlab-ci/build.yaml | 20 ++++++-------
automation/gitlab-ci/test.yaml | 14 +++++-----
automation/scripts/containerize | 2 +-
5 files changed, 46 insertions(+), 42 deletions(-)
create mode 100644 automation/build/debian/12-arm64v8-arm32-gcc.dockerfile
delete mode 100644 automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
diff --git a/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile
new file mode 100644
index 000000000000..bdc935706bfa
--- /dev/null
+++ b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile
@@ -0,0 +1,28 @@
+# syntax=docker/dockerfile:1
+FROM --platform=linux/arm64/v8 debian:bookworm
+LABEL maintainer.name="The Xen Project" \
+ maintainer.email="xen-devel@lists.xenproject.org"
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf-
+
+RUN <<EOF
+#!/bin/bash
+ set -eu
+
+ useradd --create-home user
+
+ apt-get update
+ DEPS=(
+ bison
+ build-essential
+ flex
+ gcc-arm-linux-gnueabihf
+ )
+ apt-get --yes --no-install-recommends install "${DEPS[@]}"
+
+ rm -rf /var/lib/apt/lists*
+EOF
+
+USER user
+WORKDIR /build
diff --git a/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile b/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
deleted file mode 100644
index 95b3f0428372..000000000000
--- a/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile
+++ /dev/null
@@ -1,24 +0,0 @@
-# syntax=docker/dockerfile:1
-FROM --platform=linux/arm64/v8 debian:bookworm
-LABEL maintainer.name="The Xen Project" \
- maintainer.email="xen-devel@lists.xenproject.org"
-
-ENV DEBIAN_FRONTEND=noninteractive
-ENV USER root
-ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf-
-
-RUN mkdir /build
-WORKDIR /build
-
-# build depends
-RUN apt-get update && \
- apt-get --quiet --yes install \
- build-essential \
- flex \
- bison \
- git \
- gcc-arm-linux-gnueabihf \
- && \
- apt-get autoremove -y && \
- apt-get clean && \
- rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index c687298cc924..380021d49f12 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -367,39 +367,39 @@ debian-12-riscv64-gcc-debug:
# Arm32 cross-build
-debian-bookworm-gcc-arm32:
+debian-12-arm32-gcc:
extends: .gcc-arm32-cross-build
variables:
- CONTAINER: debian:bookworm-arm64v8-arm32-gcc
+ CONTAINER: debian:12-arm64v8-arm32-gcc
HYPERVISOR_ONLY: y
-debian-bookworm-gcc-arm32-debug:
+debian-12-arm32-gcc-debug:
extends: .gcc-arm32-cross-build-debug
variables:
- CONTAINER: debian:bookworm-arm64v8-arm32-gcc
+ CONTAINER: debian:12-arm64v8-arm32-gcc
HYPERVISOR_ONLY: y
-debian-bookworm-gcc-arm32-randconfig:
+debian-12-arm32-gcc-randconfig:
extends: .gcc-arm32-cross-build
variables:
- CONTAINER: debian:bookworm-arm64v8-arm32-gcc
+ CONTAINER: debian:12-arm64v8-arm32-gcc
HYPERVISOR_ONLY: y
RANDCONFIG: y
-debian-bookworm-gcc-arm32-debug-staticmem:
+debian-12-arm32-gcc-debug-staticmem:
extends: .gcc-arm32-cross-build-debug
variables:
- CONTAINER: debian:bookworm-arm64v8-arm32-gcc
+ CONTAINER: debian:12-arm64v8-arm32-gcc
HYPERVISOR_ONLY: y
EXTRA_XEN_CONFIG: |
CONFIG_EXPERT=y
CONFIG_UNSUPPORTED=y
CONFIG_STATIC_MEMORY=y
-debian-bookworm-gcc-arm32-debug-earlyprintk:
+debian-12-arm32-gcc-debug-earlyprintk:
extends: .gcc-arm32-cross-build-debug
variables:
- CONTAINER: debian:bookworm-arm64v8-arm32-gcc
+ CONTAINER: debian:12-arm64v8-arm32-gcc
HYPERVISOR_ONLY: y
EXTRA_XEN_CONFIG: |
CONFIG_EARLY_UART_CHOICE_PL011=y
diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml
index 248281f47942..42baa82fe36f 100644
--- a/automation/gitlab-ci/test.yaml
+++ b/automation/gitlab-ci/test.yaml
@@ -398,7 +398,7 @@ qemu-smoke-dom0less-arm32-gcc:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32
+ - debian-12-arm32-gcc
qemu-smoke-dom0less-arm32-gcc-debug:
extends: .qemu-arm32
@@ -406,7 +406,7 @@ qemu-smoke-dom0less-arm32-gcc-debug:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32-debug
+ - debian-12-arm32-gcc-debug
qemu-smoke-dom0less-arm32-gcc-debug-staticmem:
extends: .qemu-arm32
@@ -414,7 +414,7 @@ qemu-smoke-dom0less-arm32-gcc-debug-staticmem:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh static-mem 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32-debug-staticmem
+ - debian-12-arm32-gcc-debug-staticmem
qemu-smoke-dom0less-arm32-gcc-debug-gzip:
extends: .qemu-arm32
@@ -422,7 +422,7 @@ qemu-smoke-dom0less-arm32-gcc-debug-gzip:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh gzip 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32-debug
+ - debian-12-arm32-gcc-debug
qemu-smoke-dom0less-arm32-gcc-without-dom0:
extends: .qemu-arm32
@@ -430,7 +430,7 @@ qemu-smoke-dom0less-arm32-gcc-without-dom0:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh without-dom0 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32
+ - debian-12-arm32-gcc
qemu-smoke-dom0less-arm32-gcc-debug-without-dom0:
extends: .qemu-arm32
@@ -438,7 +438,7 @@ qemu-smoke-dom0less-arm32-gcc-debug-without-dom0:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh without-dom0 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32-debug
+ - debian-12-arm32-gcc-debug
qemu-smoke-dom0less-arm32-gcc-debug-earlyprintk:
extends: .qemu-arm32
@@ -446,7 +446,7 @@ qemu-smoke-dom0less-arm32-gcc-debug-earlyprintk:
- ./automation/scripts/qemu-smoke-dom0less-arm32.sh earlyprintk 2>&1 | tee ${LOGFILE}
needs:
- *arm32-test-needs
- - debian-bookworm-gcc-arm32-debug-earlyprintk
+ - debian-12-arm32-gcc-debug-earlyprintk
qemu-alpine-x86_64-gcc:
extends: .qemu-x86-64
diff --git a/automation/scripts/containerize b/automation/scripts/containerize
index 1b75c8d93724..c9988bfe927d 100755
--- a/automation/scripts/containerize
+++ b/automation/scripts/containerize
@@ -36,7 +36,7 @@ case "_${CONTAINER}" in
_bookworm-x86_64-gcc-ibt) CONTAINER="${BASE}/debian:12-x86_64-gcc-ibt" ;;
_bookworm|_bookworm-x86_64|_) CONTAINER="${BASE}/debian:12-x86_64" ;;
_bookworm-i386|_bookworm-x86_32) CONTAINER="${BASE}/debian:12-x86_32" ;;
- _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:bookworm-arm64v8-arm32-gcc" ;;
+ _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:12-arm64v8-arm32-gcc" ;;
_bookworm-arm64v8) CONTAINER="${BASE}/debian:12-arm64v8" ;;
_bookworm-cppcheck) CONTAINER="${BASE}/debian:bookworm-cppcheck" ;;
_opensuse-leap|_leap) CONTAINER="${BASE}/opensuse:leap-15.6-x86_64" ;;
--
2.45.2On Thu, Oct 24, 2024 at 11:04:19AM +0100, Javi Merino wrote: > diff --git a/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile > new file mode 100644 > index 000000000000..bdc935706bfa > --- /dev/null > +++ b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile > @@ -0,0 +1,28 @@ > +# syntax=docker/dockerfile:1 > +FROM --platform=linux/arm64/v8 debian:bookworm > +LABEL maintainer.name="The Xen Project" \ > + maintainer.email="xen-devel@lists.xenproject.org" Recent update of other dockerfile was repeating the "LABEL" intruction for each label, maybe we should continue to do that (which avoid the backslash at the end of lines). > + > +ENV DEBIAN_FRONTEND=noninteractive > +ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf- While the syntax "ENV VAR value" is supported, it's been discouraged by docker's doc (https://docs.docker.com/reference/dockerfile/#env). Also, here we have two ENV instructions with two different syntax, could you use the = for declaring CROSS_COMPILE as well? Thanks, -- Anthony Perard | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
On Thu, Oct 24, 2024 at 11:51:16AM +0000, Anthony PERARD wrote: > On Thu, Oct 24, 2024 at 11:04:19AM +0100, Javi Merino wrote: > > diff --git a/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile > > new file mode 100644 > > index 000000000000..bdc935706bfa > > --- /dev/null > > +++ b/automation/build/debian/12-arm64v8-arm32-gcc.dockerfile > > @@ -0,0 +1,28 @@ > > +# syntax=docker/dockerfile:1 > > +FROM --platform=linux/arm64/v8 debian:bookworm > > +LABEL maintainer.name="The Xen Project" \ > > + maintainer.email="xen-devel@lists.xenproject.org" > > Recent update of other dockerfile was repeating the "LABEL" intruction > for each label, maybe we should continue to do that (which avoid the > backslash at the end of lines). Sure. I will do that if there's a v2 (or for other dockerfiles). > > +ENV DEBIAN_FRONTEND=noninteractive > > +ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf- > > While the syntax "ENV VAR value" is supported, it's been discouraged by > docker's doc (https://docs.docker.com/reference/dockerfile/#env). Also, > here we have two ENV instructions with two different syntax, could you > use the = for declaring CROSS_COMPILE as well? I hadn't even noticed that they were using different syntax. I'll use ENV VAR=value from now on. Thanks, Javi
© 2016 - 2024 Red Hat, Inc.