xref: /openbmc/openbmc-build-scripts/scripts/build-unit-test-docker (revision 9698215ec28b6de476f11d03361cfdaf125ae9cb)
1#!/usr/bin/env python3
2#
3# Build the required docker image to run package unit tests
4#
5# Script Variables:
6#   DOCKER_IMG_NAME:  <optional, the name of the docker image to generate>
7#                     default is openbmc/ubuntu-unit-test
8#   DISTRO:           <optional, the distro to build a docker image against>
9#   FORCE_DOCKER_BUILD: <optional, a non-zero value with force all Docker
10#                     images to be rebuilt rather than reusing caches.>
11#   BUILD_URL:        <optional, used to detect running under CI context
12#                     (ex. Jenkins)>
13#   BRANCH:           <optional, branch to build from each of the openbmc/
14#                     repositories>
15#                     default is master, which will be used if input branch not
16#                     provided or not found
17#   UBUNTU_MIRROR:    <optional, the URL of a mirror of Ubuntu to override the
18#                     default ones in /etc/apt/sources.list>
19#                     default is empty, and no mirror is used.
20#   DOCKER_REG:       <optional, the URL of a docker registry to utilize
21#                     instead of our default (public.ecr.aws/ubuntu)
22#                     (ex. docker.io)
23#   http_proxy        The HTTP address of the proxy server to connect to.
24#                     Default: "", proxy is not setup if this is not set
25
26import json
27import os
28import re
29import sys
30import threading
31import urllib.request
32from datetime import date
33from hashlib import sha256
34
35# typing.Dict is used for type-hints.
36from typing import Any, Callable, Dict, Iterable, Optional  # noqa: F401
37
38from sh import docker, git, nproc  # type: ignore
39
40try:
41    # Python before 3.8 doesn't have TypedDict, so reroute to standard 'dict'.
42    from typing import TypedDict
43except Exception:
44
45    class TypedDict(dict):  # type: ignore
46        # We need to do this to eat the 'total' argument.
47        def __init_subclass__(cls, **kwargs: Any) -> None:
48            super().__init_subclass__()
49
50
51# Declare some variables used in package definitions.
52prefix = "/usr/local"
53proc_count = nproc().strip()
54
55
56class PackageDef(TypedDict, total=False):
57    """Package Definition for packages dictionary."""
58
59    # rev [optional]: Revision of package to use.
60    rev: str
61    # url [optional]: lambda function to create URL: (package, rev) -> url.
62    url: Callable[[str, str], str]
63    # depends [optional]: List of package dependencies.
64    depends: Iterable[str]
65    # build_type [required]: Build type used for package.
66    #   Currently supported: autoconf, cmake, custom, make, meson
67    build_type: str
68    # build_steps [optional]: Steps to run for 'custom' build_type.
69    build_steps: Iterable[str]
70    # config_flags [optional]: List of options to pass configuration tool.
71    config_flags: Iterable[str]
72    # config_env [optional]: List of environment variables to set for config.
73    config_env: Iterable[str]
74    # custom_post_dl [optional]: List of steps to run after download, but
75    #   before config / build / install.
76    custom_post_dl: Iterable[str]
77    # custom_post_install [optional]: List of steps to run after install.
78    custom_post_install: Iterable[str]
79
80    # __tag [private]: Generated Docker tag name for package stage.
81    __tag: str
82    # __package [private]: Package object associated with this package.
83    __package: Any  # Type is Package, but not defined yet.
84
85
86# Packages to include in image.
87packages = {
88    "boost": PackageDef(
89        rev="1.86.0",
90        url=(
91            lambda pkg, rev: f"https://github.com/boostorg/{pkg}/releases/download/{pkg}-{rev}/{pkg}-{rev}-cmake.tar.gz"
92        ),
93        build_type="custom",
94        build_steps=[
95            (
96                "./bootstrap.sh"
97                f" --prefix={prefix} --with-libraries=atomic,context,coroutine,filesystem,process,url"
98            ),
99            "./b2",
100            f"./b2 install --prefix={prefix} valgrind=on",
101        ],
102    ),
103    "USCiLab/cereal": PackageDef(
104        rev="v1.3.2",
105        build_type="custom",
106        build_steps=[f"cp -a include/cereal/ {prefix}/include/"],
107    ),
108    "danmar/cppcheck": PackageDef(
109        rev="2.12.1",
110        build_type="cmake",
111    ),
112    "CLIUtils/CLI11": PackageDef(
113        rev="v2.3.2",
114        build_type="cmake",
115        config_flags=[
116            "-DBUILD_TESTING=OFF",
117            "-DCLI11_BUILD_DOCS=OFF",
118            "-DCLI11_BUILD_EXAMPLES=OFF",
119        ],
120    ),
121    "fmtlib/fmt": PackageDef(
122        rev="10.1.1",
123        build_type="cmake",
124        config_flags=[
125            "-DFMT_DOC=OFF",
126            "-DFMT_TEST=OFF",
127        ],
128    ),
129    "Naios/function2": PackageDef(
130        rev="4.2.4",
131        build_type="custom",
132        build_steps=[
133            f"mkdir {prefix}/include/function2",
134            f"cp include/function2/function2.hpp {prefix}/include/function2/",
135        ],
136    ),
137    "google/googletest": PackageDef(
138        rev="v1.15.2",
139        build_type="cmake",
140        config_env=["CXXFLAGS=-std=c++20"],
141        config_flags=["-DTHREADS_PREFER_PTHREAD_FLAG=ON"],
142    ),
143    "nghttp2/nghttp2": PackageDef(
144        rev="v1.61.0",
145        build_type="cmake",
146        config_env=["CXXFLAGS=-std=c++20"],
147        config_flags=[
148            "-DENABLE_LIB_ONLY=ON",
149            "-DENABLE_STATIC_LIB=ON",
150        ],
151    ),
152    "nlohmann/json": PackageDef(
153        rev="v3.11.2",
154        build_type="cmake",
155        config_flags=["-DJSON_BuildTests=OFF"],
156        custom_post_install=[
157            (
158                f"ln -s {prefix}/include/nlohmann/json.hpp"
159                f" {prefix}/include/json.hpp"
160            ),
161        ],
162    ),
163    "json-c/json-c": PackageDef(
164        rev="json-c-0.17-20230812",
165        build_type="cmake",
166    ),
167    "LibVNC/libvncserver": PackageDef(
168        rev="LibVNCServer-0.9.14",
169        build_type="cmake",
170    ),
171    "leethomason/tinyxml2": PackageDef(
172        rev="9.0.0",
173        build_type="cmake",
174    ),
175    "tristanpenman/valijson": PackageDef(
176        rev="v1.0.1",
177        build_type="cmake",
178        config_flags=[
179            "-Dvalijson_BUILD_TESTS=0",
180            "-Dvalijson_INSTALL_HEADERS=1",
181        ],
182    ),
183    "open-power/pdbg": PackageDef(build_type="autoconf"),
184    "openbmc/gpioplus": PackageDef(
185        build_type="meson",
186        config_flags=[
187            "-Dexamples=false",
188            "-Dtests=disabled",
189        ],
190    ),
191    "openbmc/phosphor-dbus-interfaces": PackageDef(
192        depends=["openbmc/sdbusplus"],
193        build_type="meson",
194        config_flags=["-Dgenerate_md=false"],
195    ),
196    "openbmc/phosphor-logging": PackageDef(
197        depends=[
198            "USCiLab/cereal",
199            "openbmc/phosphor-dbus-interfaces",
200            "openbmc/sdbusplus",
201            "openbmc/sdeventplus",
202        ],
203        build_type="meson",
204        config_flags=[
205            "-Dlibonly=true",
206            "-Dtests=disabled",
207            f"-Dyamldir={prefix}/share/phosphor-dbus-yaml/yaml",
208        ],
209    ),
210    "openbmc/phosphor-objmgr": PackageDef(
211        depends=[
212            "CLIUtils/CLI11",
213            "boost",
214            "leethomason/tinyxml2",
215            "openbmc/phosphor-dbus-interfaces",
216            "openbmc/phosphor-logging",
217            "openbmc/sdbusplus",
218        ],
219        build_type="meson",
220        config_flags=[
221            "-Dtests=disabled",
222        ],
223    ),
224    "openbmc/libpeci": PackageDef(
225        build_type="meson",
226        config_flags=[
227            "-Draw-peci=disabled",
228        ],
229    ),
230    "openbmc/libpldm": PackageDef(
231        build_type="meson",
232        config_flags=[
233            "-Dabi=deprecated,stable",
234            "-Dtests=false",
235            "-Dabi-compliance-check=false",
236        ],
237    ),
238    "openbmc/sdbusplus": PackageDef(
239        depends=[
240            "nlohmann/json",
241        ],
242        build_type="meson",
243        custom_post_dl=[
244            "cd tools",
245            f"./setup.py install --root=/ --prefix={prefix}",
246            "cd ..",
247        ],
248        config_flags=[
249            "-Dexamples=disabled",
250            "-Dtests=disabled",
251        ],
252    ),
253    "openbmc/sdeventplus": PackageDef(
254        depends=[
255            "openbmc/stdplus",
256        ],
257        build_type="meson",
258        config_flags=[
259            "-Dexamples=false",
260            "-Dtests=disabled",
261        ],
262    ),
263    "openbmc/stdplus": PackageDef(
264        depends=[
265            "fmtlib/fmt",
266            "google/googletest",
267            "Naios/function2",
268        ],
269        build_type="meson",
270        config_flags=[
271            "-Dexamples=false",
272            "-Dtests=disabled",
273            "-Dgtest=enabled",
274        ],
275    ),
276}  # type: Dict[str, PackageDef]
277
278# Define common flags used for builds
279configure_flags = " ".join(
280    [
281        f"--prefix={prefix}",
282    ]
283)
284cmake_flags = " ".join(
285    [
286        "-DBUILD_SHARED_LIBS=ON",
287        "-DCMAKE_BUILD_TYPE=RelWithDebInfo",
288        f"-DCMAKE_INSTALL_PREFIX:PATH={prefix}",
289        "-GNinja",
290        "-DCMAKE_MAKE_PROGRAM=ninja",
291    ]
292)
293meson_flags = " ".join(
294    [
295        "--wrap-mode=nodownload",
296        f"-Dprefix={prefix}",
297    ]
298)
299
300
301class Package(threading.Thread):
302    """Class used to build the Docker stages for each package.
303
304    Generally, this class should not be instantiated directly but through
305    Package.generate_all().
306    """
307
308    # Copy the packages dictionary.
309    packages = packages.copy()
310
311    # Lock used for thread-safety.
312    lock = threading.Lock()
313
314    def __init__(self, pkg: str):
315        """pkg - The name of this package (ex. foo/bar )"""
316        super(Package, self).__init__()
317
318        self.package = pkg
319        self.exception = None  # type: Optional[Exception]
320
321        # Reference to this package's
322        self.pkg_def = Package.packages[pkg]
323        self.pkg_def["__package"] = self
324
325    def run(self) -> None:
326        """Thread 'run' function.  Builds the Docker stage."""
327
328        # In case this package has no rev, fetch it from Github.
329        self._update_rev()
330
331        # Find all the Package objects that this package depends on.
332        #   This section is locked because we are looking into another
333        #   package's PackageDef dict, which could be being modified.
334        Package.lock.acquire()
335        deps: Iterable[Package] = [
336            Package.packages[deppkg]["__package"]
337            for deppkg in self.pkg_def.get("depends", [])
338        ]
339        Package.lock.release()
340
341        # Wait until all the depends finish building.  We need them complete
342        # for the "COPY" commands.
343        for deppkg in deps:
344            deppkg.join()
345
346        # Generate this package's Dockerfile.
347        dockerfile = f"""
348FROM {docker_base_img_name}
349{self._df_copycmds()}
350{self._df_build()}
351"""
352
353        # Generate the resulting tag name and save it to the PackageDef.
354        #   This section is locked because we are modifying the PackageDef,
355        #   which can be accessed by other threads.
356        Package.lock.acquire()
357        tag = Docker.tagname(self._stagename(), dockerfile)
358        self.pkg_def["__tag"] = tag
359        Package.lock.release()
360
361        # Do the build / save any exceptions.
362        try:
363            Docker.build(self.package, tag, dockerfile)
364        except Exception as e:
365            self.exception = e
366
367    @classmethod
368    def generate_all(cls) -> None:
369        """Ensure a Docker stage is created for all defined packages.
370
371        These are done in parallel but with appropriate blocking per
372        package 'depends' specifications.
373        """
374
375        # Create a Package for each defined package.
376        pkg_threads = [Package(p) for p in cls.packages.keys()]
377
378        # Start building them all.
379        #   This section is locked because threads depend on each other,
380        #   based on the packages, and they cannot 'join' on a thread
381        #   which is not yet started.  Adding a lock here allows all the
382        #   threads to start before they 'join' their dependencies.
383        Package.lock.acquire()
384        for t in pkg_threads:
385            t.start()
386        Package.lock.release()
387
388        # Wait for completion.
389        for t in pkg_threads:
390            t.join()
391            # Check if the thread saved off its own exception.
392            if t.exception:
393                print(f"Package {t.package} failed!", file=sys.stderr)
394                raise t.exception
395
396    @staticmethod
397    def df_all_copycmds() -> str:
398        """Formulate the Dockerfile snippet necessary to copy all packages
399        into the final image.
400        """
401        return Package.df_copycmds_set(Package.packages.keys())
402
403    @classmethod
404    def depcache(cls) -> str:
405        """Create the contents of the '/tmp/depcache'.
406        This file is a comma-separated list of "<pkg>:<rev>".
407        """
408
409        # This needs to be sorted for consistency.
410        depcache = ""
411        for pkg in sorted(cls.packages.keys()):
412            depcache += "%s:%s," % (pkg, cls.packages[pkg]["rev"])
413        return depcache
414
415    def _check_gerrit_topic(self) -> bool:
416        if not gerrit_topic:
417            return False
418        if not self.package.startswith("openbmc/"):
419            return False
420        if gerrit_project == self.package and gerrit_rev:
421            return False
422
423        try:
424            commits = json.loads(
425                urllib.request.urlopen(
426                    f"https://gerrit.openbmc.org/changes/?q=status:open+project:{self.package}+topic:{gerrit_topic}"
427                )
428                .read()
429                .splitlines()[-1]
430            )
431
432            if len(commits) == 0:
433                return False
434            if len(commits) > 1:
435                print(
436                    f"{self.package} has more than 1 commit under {gerrit_topic}; using lastest upstream: {len(commits)}",
437                    file=sys.stderr,
438                )
439                return False
440
441            change_id = commits[0]["id"]
442
443            commit = json.loads(
444                urllib.request.urlopen(
445                    f"https://gerrit.openbmc.org/changes/{change_id}/revisions/current/commit"
446                )
447                .read()
448                .splitlines()[-1]
449            )["commit"]
450
451            print(
452                f"Using {commit} from {gerrit_topic} for {self.package}",
453                file=sys.stderr,
454            )
455            self.pkg_def["rev"] = commit
456            return True
457
458        except urllib.error.HTTPError as e:
459            print(
460                f"Error loading topic {gerrit_topic} for {self.package}: ",
461                e,
462                file=sys.stderr,
463            )
464            return False
465
466    def _update_rev(self) -> None:
467        """Look up the HEAD for missing a static rev."""
468
469        if "rev" in self.pkg_def:
470            return
471
472        if self._check_gerrit_topic():
473            return
474
475        # Check if Jenkins/Gerrit gave us a revision and use it.
476        if gerrit_project == self.package and gerrit_rev:
477            print(
478                f"Found Gerrit revision for {self.package}: {gerrit_rev}",
479                file=sys.stderr,
480            )
481            self.pkg_def["rev"] = gerrit_rev
482            return
483
484        # Ask Github for all the branches.
485        lookup = git(
486            "ls-remote", "--heads", f"https://github.com/{self.package}"
487        )
488
489        # Find the branch matching {branch} (or fallback to master).
490        #   This section is locked because we are modifying the PackageDef.
491        Package.lock.acquire()
492        for line in lookup.split("\n"):
493            if re.fullmatch(f".*{branch}$", line.strip()):
494                self.pkg_def["rev"] = line.split()[0]
495                break
496            elif (
497                "refs/heads/master" in line or "refs/heads/main" in line
498            ) and "rev" not in self.pkg_def:
499                self.pkg_def["rev"] = line.split()[0]
500        Package.lock.release()
501
502    def _stagename(self) -> str:
503        """Create a name for the Docker stage associated with this pkg."""
504        return self.package.replace("/", "-").lower()
505
506    def _url(self) -> str:
507        """Get the URL for this package."""
508        rev = self.pkg_def["rev"]
509
510        # If the lambda exists, call it.
511        if "url" in self.pkg_def:
512            return self.pkg_def["url"](self.package, rev)
513
514        # Default to the github archive URL.
515        return f"https://github.com/{self.package}/archive/{rev}.tar.gz"
516
517    def _cmd_download(self) -> str:
518        """Formulate the command necessary to download and unpack to source."""
519
520        url = self._url()
521        if ".tar." not in url:
522            raise NotImplementedError(
523                f"Unhandled download type for {self.package}: {url}"
524            )
525
526        cmd = f"curl -L {url} | tar -x"
527
528        if url.endswith(".bz2"):
529            cmd += "j"
530        elif url.endswith(".gz"):
531            cmd += "z"
532        else:
533            raise NotImplementedError(
534                f"Unknown tar flags needed for {self.package}: {url}"
535            )
536
537        return cmd
538
539    def _cmd_cd_srcdir(self) -> str:
540        """Formulate the command necessary to 'cd' into the source dir."""
541        return f"cd {self.package.split('/')[-1]}*"
542
543    def _df_copycmds(self) -> str:
544        """Formulate the dockerfile snippet necessary to COPY all depends."""
545
546        if "depends" not in self.pkg_def:
547            return ""
548        return Package.df_copycmds_set(self.pkg_def["depends"])
549
550    @staticmethod
551    def df_copycmds_set(pkgs: Iterable[str]) -> str:
552        """Formulate the Dockerfile snippet necessary to COPY a set of
553        packages into a Docker stage.
554        """
555
556        copy_cmds = ""
557
558        # Sort the packages for consistency.
559        for p in sorted(pkgs):
560            tag = Package.packages[p]["__tag"]
561            copy_cmds += f"COPY --from={tag} {prefix} {prefix}\n"
562            # Workaround for upstream docker bug and multiple COPY cmds
563            # https://github.com/moby/moby/issues/37965
564            copy_cmds += "RUN true\n"
565
566        return copy_cmds
567
568    def _df_build(self) -> str:
569        """Formulate the Dockerfile snippet necessary to download, build, and
570        install a package into a Docker stage.
571        """
572
573        # Download and extract source.
574        result = f"RUN {self._cmd_download()} && {self._cmd_cd_srcdir()} && "
575
576        # Handle 'custom_post_dl' commands.
577        custom_post_dl = self.pkg_def.get("custom_post_dl")
578        if custom_post_dl:
579            result += " && ".join(custom_post_dl) + " && "
580
581        # Build and install package based on 'build_type'.
582        build_type = self.pkg_def["build_type"]
583        if build_type == "autoconf":
584            result += self._cmd_build_autoconf()
585        elif build_type == "cmake":
586            result += self._cmd_build_cmake()
587        elif build_type == "custom":
588            result += self._cmd_build_custom()
589        elif build_type == "make":
590            result += self._cmd_build_make()
591        elif build_type == "meson":
592            result += self._cmd_build_meson()
593        else:
594            raise NotImplementedError(
595                f"Unhandled build type for {self.package}: {build_type}"
596            )
597
598        # Handle 'custom_post_install' commands.
599        custom_post_install = self.pkg_def.get("custom_post_install")
600        if custom_post_install:
601            result += " && " + " && ".join(custom_post_install)
602
603        return result
604
605    def _cmd_build_autoconf(self) -> str:
606        options = " ".join(self.pkg_def.get("config_flags", []))
607        env = " ".join(self.pkg_def.get("config_env", []))
608        result = "./bootstrap.sh && "
609        result += f"{env} ./configure {configure_flags} {options} && "
610        result += f"make -j{proc_count} && make install"
611        return result
612
613    def _cmd_build_cmake(self) -> str:
614        options = " ".join(self.pkg_def.get("config_flags", []))
615        env = " ".join(self.pkg_def.get("config_env", []))
616        result = "mkdir builddir && cd builddir && "
617        result += f"{env} cmake {cmake_flags} {options} .. && "
618        result += "cmake --build . --target all && "
619        result += "cmake --build . --target install && "
620        result += "cd .."
621        return result
622
623    def _cmd_build_custom(self) -> str:
624        return " && ".join(self.pkg_def.get("build_steps", []))
625
626    def _cmd_build_make(self) -> str:
627        return f"make -j{proc_count} && make install"
628
629    def _cmd_build_meson(self) -> str:
630        options = " ".join(self.pkg_def.get("config_flags", []))
631        env = " ".join(self.pkg_def.get("config_env", []))
632        result = f"{env} meson setup builddir {meson_flags} {options} && "
633        result += "ninja -C builddir && ninja -C builddir install"
634        return result
635
636
637class Docker:
638    """Class to assist with Docker interactions.  All methods are static."""
639
640    @staticmethod
641    def timestamp() -> str:
642        """Generate a timestamp for today using the ISO week."""
643        today = date.today().isocalendar()
644        return f"{today[0]}-W{today[1]:02}"
645
646    @staticmethod
647    def tagname(pkgname: Optional[str], dockerfile: str) -> str:
648        """Generate a tag name for a package using a hash of the Dockerfile."""
649        result = docker_image_name
650        if pkgname:
651            result += "-" + pkgname
652
653        result += ":" + Docker.timestamp()
654        result += "-" + sha256(dockerfile.encode()).hexdigest()[0:16]
655
656        return result
657
658    @staticmethod
659    def build(pkg: str, tag: str, dockerfile: str) -> None:
660        """Build a docker image using the Dockerfile and tagging it with 'tag'."""
661
662        # If we're not forcing builds, check if it already exists and skip.
663        if not force_build:
664            if docker.image.ls(tag, "--format", '"{{.Repository}}:{{.Tag}}"'):
665                print(
666                    f"Image {tag} already exists.  Skipping.", file=sys.stderr
667                )
668                return
669
670        # Build it.
671        #   Capture the output of the 'docker build' command and send it to
672        #   stderr (prefixed with the package name).  This allows us to see
673        #   progress but not pollute stdout.  Later on we output the final
674        #   docker tag to stdout and we want to keep that pristine.
675        #
676        #   Other unusual flags:
677        #       --no-cache: Bypass the Docker cache if 'force_build'.
678        #       --force-rm: Clean up Docker processes if they fail.
679        docker.build(
680            proxy_args,
681            "--network=host",
682            "--force-rm",
683            "--no-cache=true" if force_build else "--no-cache=false",
684            "-t",
685            tag,
686            "-",
687            _in=dockerfile,
688            _out=(
689                lambda line: print(
690                    pkg + ":", line, end="", file=sys.stderr, flush=True
691                )
692            ),
693            _err_to_out=True,
694        )
695
696
697# Read a bunch of environment variables.
698docker_image_name = os.environ.get(
699    "DOCKER_IMAGE_NAME", "openbmc/ubuntu-unit-test"
700)
701force_build = os.environ.get("FORCE_DOCKER_BUILD")
702is_automated_ci_build = os.environ.get("BUILD_URL", False)
703distro = os.environ.get("DISTRO", "ubuntu:noble")
704branch = os.environ.get("BRANCH", "master")
705ubuntu_mirror = os.environ.get("UBUNTU_MIRROR")
706docker_reg = os.environ.get("DOCKER_REG", "public.ecr.aws/ubuntu")
707http_proxy = os.environ.get("http_proxy")
708
709gerrit_project = os.environ.get("GERRIT_PROJECT")
710gerrit_rev = os.environ.get("GERRIT_PATCHSET_REVISION")
711gerrit_topic = os.environ.get("GERRIT_TOPIC")
712
713# Ensure appropriate docker build output to see progress and identify
714# any issues
715os.environ["BUILDKIT_PROGRESS"] = "plain"
716
717# Set up some common variables.
718username = os.environ.get("USER", "root")
719homedir = os.environ.get("HOME", "/root")
720gid = os.getgid()
721uid = os.getuid()
722
723# Use well-known constants if user is root
724if username == "root":
725    homedir = "/root"
726    gid = 0
727    uid = 0
728
729# Special flags if setting up a deb mirror.
730mirror = ""
731if "ubuntu" in distro and ubuntu_mirror:
732    mirror = f"""
733RUN echo "deb {ubuntu_mirror} \
734        $(. /etc/os-release && echo $VERSION_CODENAME) \
735        main restricted universe multiverse" > /etc/apt/sources.list && \\
736    echo "deb {ubuntu_mirror} \
737        $(. /etc/os-release && echo $VERSION_CODENAME)-updates \
738            main restricted universe multiverse" >> /etc/apt/sources.list && \\
739    echo "deb {ubuntu_mirror} \
740        $(. /etc/os-release && echo $VERSION_CODENAME)-security \
741            main restricted universe multiverse" >> /etc/apt/sources.list && \\
742    echo "deb {ubuntu_mirror} \
743        $(. /etc/os-release && echo $VERSION_CODENAME)-proposed \
744            main restricted universe multiverse" >> /etc/apt/sources.list && \\
745    echo "deb {ubuntu_mirror} \
746        $(. /etc/os-release && echo $VERSION_CODENAME)-backports \
747            main restricted universe multiverse" >> /etc/apt/sources.list
748"""
749
750# Special flags for proxying.
751proxy_cmd = ""
752proxy_keyserver = ""
753proxy_args = []
754if http_proxy:
755    proxy_cmd = f"""
756RUN echo "[http]" >> {homedir}/.gitconfig && \
757    echo "proxy = {http_proxy}" >> {homedir}/.gitconfig
758"""
759    proxy_keyserver = f"--keyserver-options http-proxy={http_proxy}"
760
761    proxy_args.extend(
762        [
763            "--build-arg",
764            f"http_proxy={http_proxy}",
765            "--build-arg",
766            f"https_proxy={http_proxy}",
767        ]
768    )
769
770# Create base Dockerfile.
771dockerfile_base = f"""
772FROM {docker_reg}/{distro}
773
774{mirror}
775
776ENV DEBIAN_FRONTEND noninteractive
777
778ENV PYTHONPATH "/usr/local/lib/python3.10/site-packages/"
779
780# Sometimes the ubuntu key expires and we need a way to force an execution
781# of the apt-get commands for the dbgsym-keyring.  When this happens we see
782# an error like: "Release: The following signatures were invalid:"
783# Insert a bogus echo that we can change here when we get this error to force
784# the update.
785RUN echo "ubuntu keyserver rev as of 2021-04-21"
786
787# We need the keys to be imported for dbgsym repos
788# New releases have a package, older ones fall back to manual fetching
789# https://wiki.ubuntu.com/Debug%20Symbol%20Packages
790# Known issue with gpg to get keys via proxy -
791# https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190, hence using
792# curl to get keys.
793RUN apt-get update && apt-get dist-upgrade -yy && \
794    ( apt-get install -yy gpgv ubuntu-dbgsym-keyring || \
795        ( apt-get install -yy dirmngr curl && \
796          curl -sSL \
797          'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622' \
798          | apt-key add - ))
799
800# Parse the current repo list into a debug repo list
801RUN sed -n '/^deb /s,^deb [^ ]* ,deb http://ddebs.ubuntu.com ,p' \
802        /etc/apt/sources.list >/etc/apt/sources.list.d/debug.list
803
804# Remove non-existent debug repos
805RUN sed -i '/-\\(backports\\|security\\) /d' /etc/apt/sources.list.d/debug.list
806
807RUN cat /etc/apt/sources.list.d/debug.list
808
809RUN apt-get update && apt-get dist-upgrade -yy && apt-get install -yy \
810    abi-compliance-checker \
811    abi-dumper \
812    autoconf \
813    autoconf-archive \
814    bison \
815    cmake \
816    curl \
817    dbus \
818    device-tree-compiler \
819    flex \
820    g++-14 \
821    gcc-14 \
822    git \
823    glib-2.0 \
824    gnupg \
825    iproute2 \
826    iputils-ping \
827    libaudit-dev \
828    libc6-dbg \
829    libc6-dev \
830    libcjson-dev \
831    libconfig++-dev \
832    libcryptsetup-dev \
833    libdbus-1-dev \
834    libevdev-dev \
835    libgpiod-dev \
836    libi2c-dev \
837    libjpeg-dev \
838    libjson-perl \
839    libldap2-dev \
840    libmimetic-dev \
841    libnl-3-dev \
842    libnl-genl-3-dev \
843    libpam0g-dev \
844    libpciaccess-dev \
845    libperlio-gzip-perl \
846    libpng-dev \
847    libprotobuf-dev \
848    libsnmp-dev \
849    libssl-dev \
850    libsystemd-dev \
851    libtool \
852    liburing-dev \
853    libxml2-utils \
854    libxml-simple-perl \
855    lsb-release \
856    ninja-build \
857    npm \
858    pkg-config \
859    protobuf-compiler \
860    python3 \
861    python3-dev\
862    python3-git \
863    python3-mako \
864    python3-pip \
865    python3-protobuf \
866    python3-setuptools \
867    python3-socks \
868    python3-yaml \
869    rsync \
870    shellcheck \
871    socat \
872    software-properties-common \
873    sudo \
874    systemd \
875    valgrind \
876    vim \
877    wget \
878    xxd
879
880RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14 \
881  --slave /usr/bin/g++ g++ /usr/bin/g++-14 \
882  --slave /usr/bin/gcov gcov /usr/bin/gcov-14 \
883  --slave /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-14 \
884  --slave /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-14
885RUN update-alternatives --remove cpp /usr/bin/cpp && \
886    update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-14 14
887
888# Set up LLVM apt repository.
889RUN bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" 18
890
891# Install extra clang tools
892RUN apt-get install \
893        clang-18 \
894        clang-format-18 \
895        clang-tidy-18
896
897RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-18 1000 \
898  --slave /usr/bin/clang++ clang++ /usr/bin/clang++-18 \
899  --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-18 \
900  --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-18 \
901  --slave /usr/bin/run-clang-tidy run-clang-tidy.py \
902        /usr/bin/run-clang-tidy-18 \
903  --slave /usr/bin/scan-build scan-build /usr/bin/scan-build-18
904
905"""
906
907if is_automated_ci_build:
908    dockerfile_base += f"""
909# Run an arbitrary command to pollute the docker cache regularly force us
910# to re-run `apt-get update` daily.
911RUN echo {Docker.timestamp()}
912RUN apt-get update && apt-get dist-upgrade -yy
913
914"""
915
916dockerfile_base += """
917RUN pip3 install --break-system-packages \
918        beautysh \
919        black \
920        codespell \
921        flake8 \
922        gcovr \
923        gitlint \
924        inflection \
925        isoduration \
926        isort \
927        jsonschema \
928        meson==1.3.0 \
929        requests
930
931RUN npm install -g \
932        eslint@v8.56.0 eslint-plugin-json@v3.1.0 \
933        markdownlint-cli@latest \
934        prettier@latest
935"""
936
937# Build the base and stage docker images.
938docker_base_img_name = Docker.tagname("base", dockerfile_base)
939Docker.build("base", docker_base_img_name, dockerfile_base)
940Package.generate_all()
941
942# Create the final Dockerfile.
943dockerfile = f"""
944# Build the final output image
945FROM {docker_base_img_name}
946{Package.df_all_copycmds()}
947
948# Some of our infrastructure still relies on the presence of this file
949# even though it is no longer needed to rebuild the docker environment
950# NOTE: The file is sorted to ensure the ordering is stable.
951RUN echo '{Package.depcache()}' > /tmp/depcache
952
953# Ensure the group, user, and home directory are created (or rename them if
954# they already exist).
955RUN if grep -q ":{gid}:" /etc/group ; then \
956        groupmod -n {username} $(awk -F : '{{ if ($3 == {gid}) {{ print $1 }} }}' /etc/group) ; \
957    else \
958        groupadd -f -g {gid} {username} ; \
959    fi
960RUN mkdir -p "{os.path.dirname(homedir)}"
961RUN if grep -q ":{uid}:" /etc/passwd ; then \
962        usermod -l {username} -d {homedir} -m $(awk -F : '{{ if ($3 == {uid}) {{ print $1 }} }}' /etc/passwd) ; \
963    else \
964        useradd -d {homedir} -m -u {uid} -g {gid} {username} ; \
965    fi
966RUN sed -i '1iDefaults umask=000' /etc/sudoers
967RUN echo "{username} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
968
969# Ensure user has ability to write to /usr/local for different tool
970# and data installs
971RUN chown -R {username}:{username} /usr/local/share
972
973# Update library cache
974RUN ldconfig
975
976{proxy_cmd}
977
978RUN /bin/bash
979"""
980
981# Do the final docker build
982docker_final_img_name = Docker.tagname(None, dockerfile)
983Docker.build("final", docker_final_img_name, dockerfile)
984
985# Print the tag of the final image.
986print(docker_final_img_name)
987