RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 04:52:59 +01:00
Code Releases Activity

Merge pull request #20877 from maribu/tools/docker

Browse Source 
build system: simplify docker image pinning
This commit is contained in:
Marian Buschsieweke 2024-10-11 10:08:54 +00:00 committed by GitHub
commit 0ffad1d65f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dist/tools/buildsystem_sanity_check/check.sh vendored
View File

@ -382,20 +382,12 @@ check_tests_application_path() {
} }
check_pinned_docker_version_is_up_to_date() { check_pinned_docker_version_is_up_to_date() {
local pinned_digest
local pinned_repo_digest local pinned_repo_digest
local upstream_digest
local upstream_repo_digest local upstream_repo_digest
pinned_digest="$(awk '/^DOCKER_TESTED_IMAGE_ID := (.*)$/ { print substr($0, index($0, $3)); exit }' "$RIOTMAKE/docker.inc.mk")"
pinned_repo_digest="$(awk '/^DOCKER_TESTED_IMAGE_REPO_DIGEST := (.*)$/ { print substr($0, index($0, $3)); exit }' "$RIOTMAKE/docker.inc.mk")" pinned_repo_digest="$(awk '/^DOCKER_TESTED_IMAGE_REPO_DIGEST := (.*)$/ { print substr($0, index($0, $3)); exit }' "$RIOTMAKE/docker.inc.mk")"
# not using docker and jq here but a python script to not have to install # not using docker and jq here but a python script to not have to install
# more stuff for the static test docker image # more stuff for the static test docker image
IFS=' ' read -r upstream_digest upstream_repo_digest <<< "$("$RIOTTOOLS/buildsystem_sanity_check/get_dockerhub_digests.py" "riot/riotbuild")" IFS=' ' read -r upstream_repo_digest <<< "$("$RIOTTOOLS/buildsystem_sanity_check/get_dockerhub_digests.py" "riot/riotbuild")"
if [ "$pinned_digest" != "$upstream_digest" ]; then
git -C "${RIOTBASE}" grep -n '^DOCKER_TESTED_IMAGE_ID :=' "$RIOTMAKE/docker.inc.mk" \
| error_with_message "Update docker image SHA256 to ${upstream_digest}"
fi
if [ "$pinned_repo_digest" != "$upstream_repo_digest" ]; then if [ "$pinned_repo_digest" != "$upstream_repo_digest" ]; then
git -C "${RIOTBASE}" grep -n '^DOCKER_TESTED_IMAGE_REPO_DIGEST :=' "$RIOTMAKE/docker.inc.mk" \ git -C "${RIOTBASE}" grep -n '^DOCKER_TESTED_IMAGE_REPO_DIGEST :=' "$RIOTMAKE/docker.inc.mk" \

4
dist/tools/buildsystem_sanity_check/get_dockerhub_digests.py vendored
View File

@ -87,5 +87,5 @@ if __name__ == '__main__':
if len(sys.argv) != 2: if len(sys.argv) != 2:
sys.exit(f"Usage {sys.argv[0]} <REPO_NAME>") sys.exit(f"Usage {sys.argv[0]} <REPO_NAME>")
digest, repo_digest = get_upstream_digests(sys.argv[1]) _, repo_digest = get_upstream_digests(sys.argv[1])
print(f"{digest} {repo_digest}") print(f"{repo_digest}")

32
makefiles/docker.inc.mk
View File

@ -5,13 +5,10 @@
# When the docker image is updated, checks at # When the docker image is updated, checks at
# dist/tools/buildsystem_sanity_check/check.sh start complaining in CI, and # dist/tools/buildsystem_sanity_check/check.sh start complaining in CI, and
# provide the latest values to verify and fill in. # provide the latest values to verify and fill in.
DOCKER_TESTED_IMAGE_ID := 1329f419ec1a045a5830361f288536a56a0671a3b0db216e469369b00719cdff
DOCKER_TESTED_IMAGE_REPO_DIGEST := d5a70c06703731ddfebb98e9227eb03a69f02c393d9e89bbbcd65d71f3ef056e DOCKER_TESTED_IMAGE_REPO_DIGEST := d5a70c06703731ddfebb98e9227eb03a69f02c393d9e89bbbcd65d71f3ef056e
DOCKER_PULL_IDENTIFIER := docker.io/riot/riotbuild@sha256:$(DOCKER_TESTED_IMAGE_REPO_DIGEST) DOCKER_PULL_IDENTIFIER := docker.io/riot/riotbuild@sha256:$(DOCKER_TESTED_IMAGE_REPO_DIGEST)
DOCKER_IMAGE_DEFAULT := sha256:$(DOCKER_TESTED_IMAGE_ID) export DOCKER_IMAGE ?= $(DOCKER_PULL_IDENTIFIER)
DOCKER_AUTO_PULL ?= 1
export DOCKER_IMAGE ?= $(DOCKER_IMAGE_DEFAULT)
export DOCKER_BUILD_ROOT ?= /data/riotbuild export DOCKER_BUILD_ROOT ?= /data/riotbuild
DOCKER_RIOTBASE ?= $(DOCKER_BUILD_ROOT)/riotbase DOCKER_RIOTBASE ?= $(DOCKER_BUILD_ROOT)/riotbase
@ -39,25 +36,6 @@ else
export INSIDE_DOCKER := 0 export INSIDE_DOCKER := 0
endif endif
ifeq (0:1,$(INSIDE_DOCKER):$(BUILD_IN_DOCKER))
ifeq ($(DOCKER_IMAGE),$(DOCKER_IMAGE_DEFAULT))
IMAGE_PRESENT:=$(shell $(DOCKER) image inspect $(DOCKER_IMAGE) 2>/dev/null >/dev/null && echo 1 || echo 0)
ifeq (0,$(IMAGE_PRESENT))
$(warning Required docker image $(DOCKER_IMAGE) not installed)
ifeq (1,$(DOCKER_AUTO_PULL))
$(info Pulling required image automatically. You can disable this with DOCKER_AUTO_PULL=0)
DEPS_FOR_RUNNING_DOCKER += docker-pull
else
$(info Building with latest available riotbuild image. You can pull the correct image automatically with DOCKER_AUTO_PULL=1)
# The currently set DOCKER_IMAGE is not locally available, and the
# user opted out to automatically pull it. Fall back to the
# latest (locally) available riot/riotbuild image instead.
export DOCKER_IMAGE := docker.io/riot/riotbuild:latest
endif
endif
endif
endif
# Default target for building inside a Docker container if nothing was given # Default target for building inside a Docker container if nothing was given
export DOCKER_MAKECMDGOALS ?= all export DOCKER_MAKECMDGOALS ?= all
# List of all exported environment variables that shall be passed on to the # List of all exported environment variables that shall be passed on to the
@ -164,6 +142,9 @@ DOCKER_USER ?= $$(id -u)
DOCKER_USER_OPT = $(if $(_docker_is_podman),--userns keep-id,--user $(DOCKER_USER)) DOCKER_USER_OPT = $(if $(_docker_is_podman),--userns keep-id,--user $(DOCKER_USER))
DOCKER_RUN_FLAGS ?= --rm --tty $(DOCKER_USER_OPT) DOCKER_RUN_FLAGS ?= --rm --tty $(DOCKER_USER_OPT)
# Explicitly set the platform to what the image is expecting
DOCKER_RUN_FLAGS += --platform linux/amd64
# allow setting make args from command line like '-j' # allow setting make args from command line like '-j'
DOCKER_MAKE_ARGS ?= DOCKER_MAKE_ARGS ?=
@ -378,11 +359,6 @@ docker_run_make = \
-w '$(DOCKER_APPDIR)' '$2' \ -w '$(DOCKER_APPDIR)' '$2' \
$(MAKE) $(DOCKER_OVERRIDE_CMDLINE) $4 $1 $(MAKE) $(DOCKER_OVERRIDE_CMDLINE) $4 $1
# This target pulls the docker image required for BUILD_IN_DOCKER
.PHONY: docker-pull
docker-pull:
$(DOCKER) pull '$(DOCKER_PULL_IDENTIFIER)'
# This will execute `make $(DOCKER_MAKECMDGOALS)` inside a Docker container. # This will execute `make $(DOCKER_MAKECMDGOALS)` inside a Docker container.
# We do not push the regular $(MAKECMDGOALS) to the container's make command in # We do not push the regular $(MAKECMDGOALS) to the container's make command in
# order to only perform building inside the container and defer executing any # order to only perform building inside the container and defer executing any