[projects/cleanbuild.git] / bin / cleanbuild-docker.sh

#!/bin/sh
set -eu

PROGRAM=${0##*/}

# defaults
: ${PACKAGE_NAME=''}
: ${NETWORKING=false}
: ${TRACING=false}
: ${WITH=}
: ${WITHOUT=}
: ${KEEP_CONTAINER=true}
: ${TMPFS="4G"}
: ${EXEC=false}
: ${IGNORE_PACKAGES="systemd-init"}

dir=$(pwd)
image=registry.gitlab.com/pld-linux/cleanbuild
topdir=$dir/rpm
home=/home/builder

notice() {
	echo >&2 "[cleanbuild:notice]: $*"
}

die() {
	local rc=${2:-1}
	echo >&2 "[cleanbuild:error]: $1"
	exit $rc
}

is_no() {
	# Test syntax
	if [ $# = 0 ]; then
		return 2
	fi

	case "$1" in
	no|No|NO|false|False|FALSE|off|Off|OFF|N|n|0)
		# true returns zero
		return 0
		;;
	*)
		# false returns one
		return 1
		;;
	esac
}

is_bool() {
	[ "$1" = "true" -o "$1" = "false" ] || die "Invalid boolean value: $1"
}

tmpfs() {
	if is_no "${TMPFS:-true}" || [ "$TMPFS" = "0" ]; then
		return
	fi

	echo "--tmpfs $home/rpm/BUILD:rw,exec,nosuid,size=$TMPFS"
}

have_container() {
    local name="$1" id

    id=$(docker ps -f "label=cleanbuild=$name" --format '{{.ID}}')

    test -n "$id"
}

create_container() {
	if ! $KEEP_CONTAINER; then
		notice "Clean up old container: $name"
		docker kill $name >/dev/null 2>&1 || :
		docker rm $name >/dev/null 2>&1 || :
	fi

	install -d $topdir/logs

	# start the container
	if ! have_container "$PACKAGE_NAME"; then
		TMPFS_SIZE=$TMPFS \
		PACKAGE_NAME=$PACKAGE_NAME \
		docker-compose run --rm -d \
			--name=$name \
			--workdir=$home/rpm/packages/$PACKAGE_NAME \
			--label=cleanbuild=$PACKAGE_NAME \
			cleanbuild
	fi

	UID=$(id -u)
	GID=$(id -g)
	notice "Setup builder user ($UID:$GID)"

	docker exec --user=root -w / $name usermod -d $home builder

	if [ "$UID" -gt 0 ]; then
		docker exec --user=root -w / $name usermod -u $UID builder
	fi
	if [ "$GID" -gt 0 ]; then
		docker exec --user=root -w / $name groupmod -g $GID builder
	fi

	notice "Setup permissions"
	docker exec --user=root -w / $name sh -c "cd $home && chown builder:builder . rpm rpm/logs rpm/BUILD rpm/RPMS rpm/packages .ccache"

	if [ ! -d $topdir/rpm-build-tools ]; then
		notice "Initialize rpm-build-tools"
		docker exec -w / $name builder --init-rpm-dir
	fi
}

enter_container() {
	notice "Entering container for $PACKAGE_NAME"
	docker exec --user=root -it $name bash
}

generate_shell_code() {
	local shell="$1"

	case "$shell" in
	bash|ksh|zsh)
		echo "alias cleanbuild=$dir/cleanbuild"
		;;
	*)
		die "Unsupported shell: $shell"
		;;
	esac
}

package_prepare() {
	notice "Fetch sources and install dependencies"
	if [ -d $topdir/packages/$PACKAGE_NAME ]; then
		# chown, as it might be different owner (root) modified outside container
		notice "Fix ownership of existing package directory"
		docker exec --user=root -w / $name chown -R builder:builder $home/rpm/packages/$PACKAGE_NAME
	fi

	notice "Fetch package sources"
	docker exec --user=root -w / $name setfacl -x u:builder /etc/resolv.conf
	docker exec -w / $name builder -g $PACKAGE_NAME

	if ! $NETWORKING; then
		notice "Disable networking: Prevent network access for user builder like PLD Linux builders"
		docker exec --user=root -w / $name setfacl -m u:builder:--- /etc/resolv.conf
	fi

	notice "Find latest tag on the branch"
	git_tag=$(docker exec -w / -e GIT_DIR=$home/rpm/packages/$PACKAGE_NAME/.git $name git describe --tags --always)
	buildlog=rpm/logs/${git_tag#auto/*/}.log
	notice "Build log: $buildlog"
}

# Configure php versions, so that only one version is active
configure_php() {
	local PHP_VERSION=5.3
	local ignore_packages

	notice "Configure php: $PHP_VERSION"
	ignore_packages="$IGNORE_PACKAGES *php4* *php52* *php53* *php54* *php55* *php56* *php70* *php71* *php72* *php73* *php74* *php80* *php81* *php82*"
	ignore_packages=$(echo "$ignore_packages" | sed -e "s/ \*php${PHP_VERSION/./}\*//")

	docker exec --user=root -w / $name poldek-config ignore "$ignore_packages"
}

package_build() {
	# create default args for builder
	set -- -nn ${WITH:+--with "${WITH# }"} ${WITHOUT:+--without "${WITHOUT# }"} "$PACKAGE_NAME"

	configure_php

	while true; do
		notice "Install dependencies"
		docker exec -w / -t $name builder -g -R "$@"
		notice "Remove .la dependencies"
		docker exec --user=root -w / $name $home/cleanbuild/bin/cleanup-la
		notice "Reset findunusedbr state after deps install"
		docker exec --user=root -w / $name $home/cleanbuild/bin/findunusedbr -c / $home/rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec

		notice "Build package"
		docker exec -w $home $name cleanbuild/bin/teeboth $buildlog builder -bb --define '__spec_clean_body %{nil}' "$@" && rc=$? || rc=$?
		# Kill processes on Ctrl+C
		if [ "$rc" = 255 ]; then
			docker exec -w / $name pkill -e -u builder
			die "Aborted" $rc
		fi

		findbr=$PACKAGE_NAME.findbr.log
		builddir=$(docker exec -w $home $name sh -c 'test ! -d rpm/BUILD/* || echo rpm/BUILD/*')
		if [ -z "$builddir" ]; then
			die "No build dir. Build failed?" 6
		fi
		notice "Execute findbr"
		docker exec --user=root -w / $name sh -c "cd $home && cleanbuild/bin/findbr $builddir $buildlog" > $findbr

		installed_something=false
		while read pkg msg; do
			bin/addbr rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec "$pkg" "$msg" || continue
			installed_something=true
		done < $findbr
		rm -f $findbr

		# go for another try
		$installed_something && continue

		notice "Execute findunusedbr"
		docker exec --user=root -w / $name $home/cleanbuild/bin/findunusedbr -c / $home/rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec

		if [ $rc -eq 0 ] && ! $KEEP_CONTAINER; then
			notice "Finished ok, cleanup container"
			docker kill $name >/dev/null && docker rm $name >/dev/null || :
		fi

		# propagate error
		exit $rc
	done
}

parse_options() {
	local t
	t=$(getopt -o 'x' --long 'network,exec,no-tmpfs,notmpfs,tmpfs:,shellcode:,keep-container:,with:,without:' -n "$PROGRAM" -- "$@")
	[ $? != 0 ] && exit $?
	eval set -- "$t"

	while :; do
		case "$1" in
		-x)
			TRACING=true
			;;
		--network)
			NETWORKING=true
			;;
		--exec)
			EXEC=true
			;;
		--no-tmpfs|--notmpfs)
			TMPFS=false
			;;
		--shellcode)
			shift
			generate_shell_code "$1"
			exit 0
			;;
		--tmpfs)
			shift
			TMPFS="$1"
			;;
		--keep-container)
			shift
			is_bool "$1"
			KEEP_CONTAINER=$1
			;;
		--with)
			shift
			WITH="$WITH,$1"
			;;
		--without)
			shift
			WITHOUT="$WITHOUT,$1"
			;;
		--)
			shift
			break
			;;
		*)
			die "Internal error: [$1] not recognized!"
			;;
		esac
		shift
	done

	test "$#" -eq 1 || die "Package not specified or excess arguments"
	PACKAGE_NAME="${1%.spec}"
}

main() {
	parse_options "$@"

	$TRACING && set -x
	local name="cleanbuild-$PACKAGE_NAME"
	if $EXEC; then
		enter_container
		return
	fi
	create_container
	package_prepare
	package_build
}

main "$@"
Commit	Line	Data
ce96f77c	1	#!/bin/sh
e2ea04e5	2	set -eu
ce96f77c	3
e2ea04e5	4	PROGRAM=${0##*/}
ce96f77c	5
e2ea04e5 ER	6	# defaults
e2ea04e5 ER	7	: ${PACKAGE_NAME=''}
3ac42f8d	8	: ${NETWORKING=false}
5d14e3f9	9	: ${TRACING=false}
60584f5d ER	10	: ${WITH=}
60584f5d ER	11	: ${WITHOUT=}
c31e256f	12	: ${KEEP_CONTAINER=true}
2da31caa	13	: ${TMPFS="4G"}
0d37247d	14	: ${EXEC=false}
c5f5a91e	15	: ${IGNORE_PACKAGES="systemd-init"}
ce96f77c	16
ce96f77c	17	dir=$(pwd)
47ec7a26	18	image=registry.gitlab.com/pld-linux/cleanbuild
ce96f77c	19	topdir=$dir/rpm
8f52cf50	20	home=/home/builder
73d3710b	21
9ccc3554 ER	22	notice() {
	23	echo >&2 "[cleanbuild:notice]: $*"
	24	}
	25
e2ea04e5	26	die() {
20a616bf	27	local rc=${2:-1}
9ccc3554	28	echo >&2 "[cleanbuild:error]: $1"
20a616bf	29	exit $rc
e2ea04e5 ER	30	}
e2ea04e5 ER	31
2da31caa ER	32	is_no() {
	33	# Test syntax
	34	if [ $# = 0 ]; then
	35	return 2
	36	fi
	37
	38	case "$1" in
	39	no\|No\|NO\|false\|False\|FALSE\|off\|Off\|OFF\|N\|n\|0)
	40	# true returns zero
	41	return 0
	42	;;
	43	*)
	44	# false returns one
	45	return 1
	46	;;
	47	esac
	48	}
	49
defb816c ER	50	is_bool() {
	51	[ "$1" = "true" -o "$1" = "false" ] \|\| die "Invalid boolean value: $1"
	52	}
	53
2da31caa	54	tmpfs() {
8e5e409e	55	if is_no "${TMPFS:-true}" \|\| [ "$TMPFS" = "0" ]; then
2da31caa ER	56	return
	57	fi
	58
	59	echo "--tmpfs $home/rpm/BUILD:rw,exec,nosuid,size=$TMPFS"
	60	}
	61
98e02557 ER	62	have_container() {
	63	local name="$1" id
	64
bbed53cf	65	id=$(docker ps -f "label=cleanbuild=$name" --format '{{.ID}}')
98e02557 ER	66
	67	test -n "$id"
	68	}
	69
e2ea04e5	70	create_container() {
98e02557 ER	71	if ! $KEEP_CONTAINER; then
	72	notice "Clean up old container: $name"
	73	docker kill $name >/dev/null 2>&1 \|\| :
	74	docker rm $name >/dev/null 2>&1 \|\| :
	75	fi
ce96f77c	76
e2ea04e5	77	install -d $topdir/logs
ce96f77c	78
e2ea04e5	79	# start the container
6569f6a5	80	if ! have_container "$PACKAGE_NAME"; then
98e02557 ER	81	TMPFS_SIZE=$TMPFS \
	82	PACKAGE_NAME=$PACKAGE_NAME \
	83	docker-compose run --rm -d \
	84	--name=$name \
eb07c8d6	85	--workdir=$home/rpm/packages/$PACKAGE_NAME \
98e02557 ER	86	--label=cleanbuild=$PACKAGE_NAME \
	87	cleanbuild
	88	fi
ce96f77c	89
6569f6a5 ER	90	UID=$(id -u)
	91	GID=$(id -g)
	92	notice "Setup builder user ($UID:$GID)"
	93
e2ea04e5	94	docker exec --user=root -w / $name usermod -d $home builder
621943d5	95
6569f6a5 ER	96	if [ "$UID" -gt 0 ]; then
	97	docker exec --user=root -w / $name usermod -u $UID builder
	98	fi
	99	if [ "$GID" -gt 0 ]; then
	100	docker exec --user=root -w / $name groupmod -g $GID builder
	101	fi
	102
9ccc3554	103	notice "Setup permissions"
6569f6a5	104	docker exec --user=root -w / $name sh -c "cd $home && chown builder:builder . rpm rpm/logs rpm/BUILD rpm/RPMS rpm/packages .ccache"
e2ea04e5 ER	105
e2ea04e5 ER	106	if [ ! -d $topdir/rpm-build-tools ]; then
9ccc3554	107	notice "Initialize rpm-build-tools"
d59399e8	108	docker exec -w / $name builder --init-rpm-dir
ce96f77c	109	fi
e2ea04e5	110	}
ce96f77c	111
0d37247d ER	112	enter_container() {
	113	notice "Entering container for $PACKAGE_NAME"
	114	docker exec --user=root -it $name bash
	115	}
	116
e39bba15 ER	117	generate_shell_code() {
	118	local shell="$1"
	119
	120	case "$shell" in
	121	bash\|ksh\|zsh)
	122	echo "alias cleanbuild=$dir/cleanbuild"
	123	;;
	124	*)
	125	die "Unsupported shell: $shell"
	126	;;
	127	esac
	128	}
	129
e2ea04e5	130	package_prepare() {
9ccc3554	131	notice "Fetch sources and install dependencies"
e2ea04e5 ER	132	if [ -d $topdir/packages/$PACKAGE_NAME ]; then
e2ea04e5 ER	133	# chown, as it might be different owner (root) modified outside container
9ccc3554	134	notice "Fix ownership of existing package directory"
e2ea04e5 ER	135	docker exec --user=root -w / $name chown -R builder:builder $home/rpm/packages/$PACKAGE_NAME
e2ea04e5 ER	136	fi
9ccc3554 ER	137
9ccc3554 ER	138	notice "Fetch package sources"
98e02557	139	docker exec --user=root -w / $name setfacl -x u:builder /etc/resolv.conf
eb07c8d6	140	docker exec -w / $name builder -g $PACKAGE_NAME
e2ea04e5	141
9ccc3554 ER	142	if ! $NETWORKING; then
	143	notice "Disable networking: Prevent network access for user builder like PLD Linux builders"
	144	docker exec --user=root -w / $name setfacl -m u:builder:--- /etc/resolv.conf
	145	fi
e2ea04e5	146
4fbca347	147	notice "Find latest tag on the branch"
eb07c8d6	148	git_tag=$(docker exec -w / -e GIT_DIR=$home/rpm/packages/$PACKAGE_NAME/.git $name git describe --tags --always)
e2ea04e5	149	buildlog=rpm/logs/${git_tag#auto/*/}.log
4fbca347	150	notice "Build log: $buildlog"
e2ea04e5 ER	151	}
e2ea04e5 ER	152
c5f5a91e ER	153	# Configure php versions, so that only one version is active
	154	configure_php() {
	155	local PHP_VERSION=5.3
	156	local ignore_packages
	157
	158	notice "Configure php: $PHP_VERSION"
	159	ignore_packages="$IGNORE_PACKAGES php4 php52 php53 php54 php55 php56 php70 php71 php72 php73 php74 php80 php81 php82"
	160	ignore_packages=$(echo "$ignore_packages" \| sed -e "s/ \php${PHP_VERSION/./}\//")
	161
	162	docker exec --user=root -w / $name poldek-config ignore "$ignore_packages"
	163	}
	164
e2ea04e5	165	package_build() {
60584f5d ER	166	# create default args for builder
	167	set -- -nn ${WITH:+--with "${WITH# }"} ${WITHOUT:+--without "${WITHOUT# }"} "$PACKAGE_NAME"
	168
c5f5a91e ER	169	configure_php
c5f5a91e ER	170
e2ea04e5	171	while true; do
9ccc3554	172	notice "Install dependencies"
eb07c8d6	173	docker exec -w / -t $name builder -g -R "$@"
9ccc3554	174	notice "Remove .la dependencies"
60ca295b	175	docker exec --user=root -w / $name $home/cleanbuild/bin/cleanup-la
9ccc3554	176	notice "Reset findunusedbr state after deps install"
60ca295b	177	docker exec --user=root -w / $name $home/cleanbuild/bin/findunusedbr -c / $home/rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec
e2ea04e5	178
9ccc3554	179	notice "Build package"
eb07c8d6	180	docker exec -w $home $name cleanbuild/bin/teeboth $buildlog builder -bb --define '__spec_clean_body %{nil}' "$@" && rc=$? \|\| rc=$?
6ecf9aec ER	181	# Kill processes on Ctrl+C
6ecf9aec ER	182	if [ "$rc" = 255 ]; then
eb07c8d6	183	docker exec -w / $name pkill -e -u builder
6ecf9aec ER	184	die "Aborted" $rc
6ecf9aec ER	185	fi
e2ea04e5 ER	186
e2ea04e5 ER	187	findbr=$PACKAGE_NAME.findbr.log
eb07c8d6	188	builddir=$(docker exec -w $home $name sh -c 'test ! -d rpm/BUILD/* \|\| echo rpm/BUILD/*')
e2ea04e5	189	if [ -z "$builddir" ]; then
20a616bf	190	die "No build dir. Build failed?" 6
e2ea04e5	191	fi
9ccc3554	192	notice "Execute findbr"
60ca295b	193	docker exec --user=root -w / $name sh -c "cd $home && cleanbuild/bin/findbr $builddir $buildlog" > $findbr
e2ea04e5 ER	194
	195	installed_something=false
	196	while read pkg msg; do
03501aec	197	bin/addbr rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec "$pkg" "$msg" \|\| continue
e2ea04e5 ER	198	installed_something=true
	199	done < $findbr
	200	rm -f $findbr
	201
	202	# go for another try
	203	$installed_something && continue
	204
9ccc3554	205	notice "Execute findunusedbr"
60ca295b	206	docker exec --user=root -w / $name $home/cleanbuild/bin/findunusedbr -c / $home/rpm/packages/$PACKAGE_NAME/$PACKAGE_NAME.spec
e2ea04e5	207
ad5ed75b	208	if [ $rc -eq 0 ] && ! $KEEP_CONTAINER; then
9ccc3554	209	notice "Finished ok, cleanup container"
e2ea04e5 ER	210	docker kill $name >/dev/null && docker rm $name >/dev/null \|\| :
	211	fi
	212
	213	# propagate error
	214	exit $rc
	215	done
	216	}
	217
	218	parse_options() {
	219	local t
e39bba15	220	t=$(getopt -o 'x' --long 'network,exec,no-tmpfs,notmpfs,tmpfs:,shellcode:,keep-container:,with:,without:' -n "$PROGRAM" -- "$@")
e2ea04e5 ER	221	[ $? != 0 ] && exit $?
	222	eval set -- "$t"
	223
	224	while :; do
	225	case "$1" in
5d14e3f9 ER	226	-x)
	227	TRACING=true
	228	;;
3ac42f8d ER	229	--network)
	230	NETWORKING=true
	231	;;
0d37247d ER	232	--exec)
	233	EXEC=true
	234	;;
8447721f ER	235	--no-tmpfs\|--notmpfs)
	236	TMPFS=false
	237	;;
e39bba15 ER	238	--shellcode)
	239	shift
	240	generate_shell_code "$1"
	241	exit 0
	242	;;
2da31caa ER	243	--tmpfs)
	244	shift
	245	TMPFS="$1"
	246	;;
ad5ed75b	247	--keep-container)
c31e256f	248	shift
defb816c	249	is_bool "$1"
c31e256f	250	KEEP_CONTAINER=$1
ad5ed75b	251	;;
60584f5d ER	252	--with)
60584f5d ER	253	shift
9c5772e4	254	WITH="$WITH,$1"
60584f5d ER	255	;;
	256	--without)
	257	shift
9c5772e4	258	WITHOUT="$WITHOUT,$1"
60584f5d	259	;;
e2ea04e5 ER	260	--)
	261	shift
	262	break
	263	;;
	264	*)
	265	die "Internal error: [$1] not recognized!"
	266	;;
	267	esac
	268	shift
	269	done
	270
9ccc3554	271	test "$#" -eq 1 \|\| die "Package not specified or excess arguments"
e2ea04e5 ER	272	PACKAGE_NAME="${1%.spec}"
	273	}
	274
	275	main() {
	276	parse_options "$@"
	277
5d14e3f9	278	$TRACING && set -x
e2ea04e5	279	local name="cleanbuild-$PACKAGE_NAME"
0d37247d ER	280	if $EXEC; then
	281	enter_container
	282	return
	283	fi
6569f6a5	284	create_container
e2ea04e5 ER	285	package_prepare
	286	package_build
	287	}
	288
	289	main "$@"