1#!/usr/bin/env python3
2#
3# Build the required docker image to run package unit tests
4#
5# Script Variables:
6#   DOCKER_IMG_NAME:  <optional, the name of the docker image to generate>
7#                     default is openbmc/ubuntu-unit-test
8#   DISTRO:           <optional, the distro to build a docker image against>
9#   FORCE_DOCKER_BUILD: <optional, a non-zero value with force all Docker
10#                     images to be rebuilt rather than reusing caches.>
11#   BUILD_URL:        <optional, used to detect running under CI context
12#                     (ex. Jenkins)>
13#   BRANCH:           <optional, branch to build from each of the openbmc/
14#                     repositories>
15#                     default is master, which will be used if input branch not
16#                     provided or not found
17#   UBUNTU_MIRROR:    <optional, the URL of a mirror of Ubuntu to override the
18#                     default ones in /etc/apt/sources.list>
19#                     default is empty, and no mirror is used.
20#   http_proxy        The HTTP address of the proxy server to connect to.
21#                     Default: "", proxy is not setup if this is not set
22
23import os
24import sys
25import threading
26from datetime import date
27from hashlib import sha256
28
29# typing.Dict is used for type-hints.
30from typing import Any, Callable, Dict, Iterable, Optional  # noqa: F401
31
32from sh import docker, git, nproc, uname  # type: ignore
33
34try:
35    # Python before 3.8 doesn't have TypedDict, so reroute to standard 'dict'.
36    from typing import TypedDict
37except Exception:
38
39    class TypedDict(dict):  # type: ignore
40        # We need to do this to eat the 'total' argument.
41        def __init_subclass__(cls, **kwargs: Any) -> None:
42            super().__init_subclass__()
43
44
45# Declare some variables used in package definitions.
46prefix = "/usr/local"
47proc_count = nproc().strip()
48
49
50class PackageDef(TypedDict, total=False):
51    """Package Definition for packages dictionary."""
52
53    # rev [optional]: Revision of package to use.
54    rev: str
55    # url [optional]: lambda function to create URL: (package, rev) -> url.
56    url: Callable[[str, str], str]
57    # depends [optional]: List of package dependencies.
58    depends: Iterable[str]
59    # build_type [required]: Build type used for package.
60    #   Currently supported: autoconf, cmake, custom, make, meson
61    build_type: str
62    # build_steps [optional]: Steps to run for 'custom' build_type.
63    build_steps: Iterable[str]
64    # config_flags [optional]: List of options to pass configuration tool.
65    config_flags: Iterable[str]
66    # config_env [optional]: List of environment variables to set for config.
67    config_env: Iterable[str]
68    # custom_post_dl [optional]: List of steps to run after download, but
69    #   before config / build / install.
70    custom_post_dl: Iterable[str]
71    # custom_post_install [optional]: List of steps to run after install.
72    custom_post_install: Iterable[str]
73
74    # __tag [private]: Generated Docker tag name for package stage.
75    __tag: str
76    # __package [private]: Package object associated with this package.
77    __package: Any  # Type is Package, but not defined yet.
78
79
80# Packages to include in image.
81packages = {
82    "boost": PackageDef(
83        rev="1.84.0",
84        url=(
85            lambda pkg, rev: f"https://github.com/boostorg/{pkg}/releases/download/{pkg}-{rev}/{pkg}-{rev}.tar.gz"
86        ),
87        build_type="custom",
88        build_steps=[
89            (
90                "./bootstrap.sh"
91                f" --prefix={prefix} --with-libraries=context,coroutine,url"
92            ),
93            "./b2",
94            f"./b2 install --prefix={prefix}",
95        ],
96    ),
97    "USCiLab/cereal": PackageDef(
98        rev="v1.3.2",
99        build_type="custom",
100        build_steps=[f"cp -a include/cereal/ {prefix}/include/"],
101    ),
102    "danmar/cppcheck": PackageDef(
103        rev="2.12.1",
104        build_type="cmake",
105    ),
106    "CLIUtils/CLI11": PackageDef(
107        rev="v2.3.2",
108        build_type="cmake",
109        config_flags=[
110            "-DBUILD_TESTING=OFF",
111            "-DCLI11_BUILD_DOCS=OFF",
112            "-DCLI11_BUILD_EXAMPLES=OFF",
113        ],
114    ),
115    "fmtlib/fmt": PackageDef(
116        rev="10.1.1",
117        build_type="cmake",
118        config_flags=[
119            "-DFMT_DOC=OFF",
120            "-DFMT_TEST=OFF",
121        ],
122    ),
123    "Naios/function2": PackageDef(
124        rev="4.2.4",
125        build_type="custom",
126        build_steps=[
127            f"mkdir {prefix}/include/function2",
128            f"cp include/function2/function2.hpp {prefix}/include/function2/",
129        ],
130    ),
131    "google/googletest": PackageDef(
132        rev="v1.14.0",
133        build_type="cmake",
134        config_env=["CXXFLAGS=-std=c++20"],
135        config_flags=["-DTHREADS_PREFER_PTHREAD_FLAG=ON"],
136    ),
137    "nghttp2/nghttp2": PackageDef(
138        rev="v1.57.0",
139        build_type="cmake",
140        config_env=["CXXFLAGS=-std=c++20"],
141        config_flags=[
142            "-DENABLE_LIB_ONLY=ON",
143            "-DENABLE_STATIC_LIB=ON",
144        ],
145    ),
146    "nlohmann/json": PackageDef(
147        rev="v3.11.2",
148        build_type="cmake",
149        config_flags=["-DJSON_BuildTests=OFF"],
150        custom_post_install=[
151            (
152                f"ln -s {prefix}/include/nlohmann/json.hpp"
153                f" {prefix}/include/json.hpp"
154            ),
155        ],
156    ),
157    "json-c/json-c": PackageDef(
158        rev="json-c-0.17-20230812",
159        build_type="cmake",
160    ),
161    "linux-test-project/lcov": PackageDef(
162        rev="v1.16",
163        build_type="make",
164    ),
165    "LibVNC/libvncserver": PackageDef(
166        rev="LibVNCServer-0.9.14",
167        build_type="cmake",
168    ),
169    "leethomason/tinyxml2": PackageDef(
170        rev="9.0.0",
171        build_type="cmake",
172    ),
173    "tristanpenman/valijson": PackageDef(
174        rev="v1.0.1",
175        build_type="cmake",
176        config_flags=[
177            "-Dvalijson_BUILD_TESTS=0",
178            "-Dvalijson_INSTALL_HEADERS=1",
179        ],
180    ),
181    "open-power/pdbg": PackageDef(build_type="autoconf"),
182    "openbmc/gpioplus": PackageDef(
183        depends=["openbmc/stdplus"],
184        build_type="meson",
185        config_flags=[
186            "-Dexamples=false",
187            "-Dtests=disabled",
188        ],
189    ),
190    "openbmc/phosphor-dbus-interfaces": PackageDef(
191        depends=["openbmc/sdbusplus"],
192        build_type="meson",
193        config_flags=["-Dgenerate_md=false"],
194    ),
195    "openbmc/phosphor-logging": PackageDef(
196        depends=[
197            "USCiLab/cereal",
198            "openbmc/phosphor-dbus-interfaces",
199            "openbmc/sdbusplus",
200            "openbmc/sdeventplus",
201        ],
202        build_type="meson",
203        config_flags=[
204            "-Dlibonly=true",
205            "-Dtests=disabled",
206            f"-Dyamldir={prefix}/share/phosphor-dbus-yaml/yaml",
207        ],
208    ),
209    "openbmc/phosphor-objmgr": PackageDef(
210        depends=[
211            "CLIUtils/CLI11",
212            "boost",
213            "leethomason/tinyxml2",
214            "openbmc/phosphor-dbus-interfaces",
215            "openbmc/phosphor-logging",
216            "openbmc/sdbusplus",
217        ],
218        build_type="meson",
219        config_flags=[
220            "-Dtests=disabled",
221        ],
222    ),
223    "openbmc/libpeci": PackageDef(
224        build_type="meson",
225        config_flags=[
226            "-Draw-peci=disabled",
227        ],
228    ),
229    "openbmc/libpldm": PackageDef(
230        build_type="meson",
231        config_flags=[
232            "-Dabi=deprecated,stable",
233            "-Doem-ibm=enabled",
234            "-Dtests=disabled",
235        ],
236    ),
237    "openbmc/sdbusplus": PackageDef(
238        build_type="meson",
239        custom_post_dl=[
240            "cd tools",
241            f"./setup.py install --root=/ --prefix={prefix}",
242            "cd ..",
243        ],
244        config_flags=[
245            "-Dexamples=disabled",
246            "-Dtests=disabled",
247        ],
248    ),
249    "openbmc/sdeventplus": PackageDef(
250        depends=[
251            "Naios/function2",
252            "openbmc/stdplus",
253        ],
254        build_type="meson",
255        config_flags=[
256            "-Dexamples=false",
257            "-Dtests=disabled",
258        ],
259    ),
260    "openbmc/stdplus": PackageDef(
261        depends=[
262            "fmtlib/fmt",
263            "google/googletest",
264            "Naios/function2",
265        ],
266        build_type="meson",
267        config_flags=[
268            "-Dexamples=false",
269            "-Dtests=disabled",
270            "-Dgtest=enabled",
271        ],
272    ),
273}  # type: Dict[str, PackageDef]
274
275# Define common flags used for builds
276configure_flags = " ".join(
277    [
278        f"--prefix={prefix}",
279    ]
280)
281cmake_flags = " ".join(
282    [
283        "-DBUILD_SHARED_LIBS=ON",
284        "-DCMAKE_BUILD_TYPE=RelWithDebInfo",
285        f"-DCMAKE_INSTALL_PREFIX:PATH={prefix}",
286        "-GNinja",
287        "-DCMAKE_MAKE_PROGRAM=ninja",
288    ]
289)
290meson_flags = " ".join(
291    [
292        "--wrap-mode=nodownload",
293        f"-Dprefix={prefix}",
294    ]
295)
296
297
298class Package(threading.Thread):
299    """Class used to build the Docker stages for each package.
300
301    Generally, this class should not be instantiated directly but through
302    Package.generate_all().
303    """
304
305    # Copy the packages dictionary.
306    packages = packages.copy()
307
308    # Lock used for thread-safety.
309    lock = threading.Lock()
310
311    def __init__(self, pkg: str):
312        """pkg - The name of this package (ex. foo/bar )"""
313        super(Package, self).__init__()
314
315        self.package = pkg
316        self.exception = None  # type: Optional[Exception]
317
318        # Reference to this package's
319        self.pkg_def = Package.packages[pkg]
320        self.pkg_def["__package"] = self
321
322    def run(self) -> None:
323        """Thread 'run' function.  Builds the Docker stage."""
324
325        # In case this package has no rev, fetch it from Github.
326        self._update_rev()
327
328        # Find all the Package objects that this package depends on.
329        #   This section is locked because we are looking into another
330        #   package's PackageDef dict, which could be being modified.
331        Package.lock.acquire()
332        deps: Iterable[Package] = [
333            Package.packages[deppkg]["__package"]
334            for deppkg in self.pkg_def.get("depends", [])
335        ]
336        Package.lock.release()
337
338        # Wait until all the depends finish building.  We need them complete
339        # for the "COPY" commands.
340        for deppkg in deps:
341            deppkg.join()
342
343        # Generate this package's Dockerfile.
344        dockerfile = f"""
345FROM {docker_base_img_name}
346{self._df_copycmds()}
347{self._df_build()}
348"""
349
350        # Generate the resulting tag name and save it to the PackageDef.
351        #   This section is locked because we are modifying the PackageDef,
352        #   which can be accessed by other threads.
353        Package.lock.acquire()
354        tag = Docker.tagname(self._stagename(), dockerfile)
355        self.pkg_def["__tag"] = tag
356        Package.lock.release()
357
358        # Do the build / save any exceptions.
359        try:
360            Docker.build(self.package, tag, dockerfile)
361        except Exception as e:
362            self.exception = e
363
364    @classmethod
365    def generate_all(cls) -> None:
366        """Ensure a Docker stage is created for all defined packages.
367
368        These are done in parallel but with appropriate blocking per
369        package 'depends' specifications.
370        """
371
372        # Create a Package for each defined package.
373        pkg_threads = [Package(p) for p in cls.packages.keys()]
374
375        # Start building them all.
376        #   This section is locked because threads depend on each other,
377        #   based on the packages, and they cannot 'join' on a thread
378        #   which is not yet started.  Adding a lock here allows all the
379        #   threads to start before they 'join' their dependencies.
380        Package.lock.acquire()
381        for t in pkg_threads:
382            t.start()
383        Package.lock.release()
384
385        # Wait for completion.
386        for t in pkg_threads:
387            t.join()
388            # Check if the thread saved off its own exception.
389            if t.exception:
390                print(f"Package {t.package} failed!", file=sys.stderr)
391                raise t.exception
392
393    @staticmethod
394    def df_all_copycmds() -> str:
395        """Formulate the Dockerfile snippet necessary to copy all packages
396        into the final image.
397        """
398        return Package.df_copycmds_set(Package.packages.keys())
399
400    @classmethod
401    def depcache(cls) -> str:
402        """Create the contents of the '/tmp/depcache'.
403        This file is a comma-separated list of "<pkg>:<rev>".
404        """
405
406        # This needs to be sorted for consistency.
407        depcache = ""
408        for pkg in sorted(cls.packages.keys()):
409            depcache += "%s:%s," % (pkg, cls.packages[pkg]["rev"])
410        return depcache
411
412    def _update_rev(self) -> None:
413        """Look up the HEAD for missing a static rev."""
414
415        if "rev" in self.pkg_def:
416            return
417
418        # Check if Jenkins/Gerrit gave us a revision and use it.
419        if gerrit_project == self.package and gerrit_rev:
420            print(
421                f"Found Gerrit revision for {self.package}: {gerrit_rev}",
422                file=sys.stderr,
423            )
424            self.pkg_def["rev"] = gerrit_rev
425            return
426
427        # Ask Github for all the branches.
428        lookup = git(
429            "ls-remote", "--heads", f"https://github.com/{self.package}"
430        )
431
432        # Find the branch matching {branch} (or fallback to master).
433        #   This section is locked because we are modifying the PackageDef.
434        Package.lock.acquire()
435        for line in lookup.split("\n"):
436            if f"refs/heads/{branch}" in line:
437                self.pkg_def["rev"] = line.split()[0]
438            elif (
439                "refs/heads/master" in line or "refs/heads/main" in line
440            ) and "rev" not in self.pkg_def:
441                self.pkg_def["rev"] = line.split()[0]
442        Package.lock.release()
443
444    def _stagename(self) -> str:
445        """Create a name for the Docker stage associated with this pkg."""
446        return self.package.replace("/", "-").lower()
447
448    def _url(self) -> str:
449        """Get the URL for this package."""
450        rev = self.pkg_def["rev"]
451
452        # If the lambda exists, call it.
453        if "url" in self.pkg_def:
454            return self.pkg_def["url"](self.package, rev)
455
456        # Default to the github archive URL.
457        return f"https://github.com/{self.package}/archive/{rev}.tar.gz"
458
459    def _cmd_download(self) -> str:
460        """Formulate the command necessary to download and unpack to source."""
461
462        url = self._url()
463        if ".tar." not in url:
464            raise NotImplementedError(
465                f"Unhandled download type for {self.package}: {url}"
466            )
467
468        cmd = f"curl -L {url} | tar -x"
469
470        if url.endswith(".bz2"):
471            cmd += "j"
472        elif url.endswith(".gz"):
473            cmd += "z"
474        else:
475            raise NotImplementedError(
476                f"Unknown tar flags needed for {self.package}: {url}"
477            )
478
479        return cmd
480
481    def _cmd_cd_srcdir(self) -> str:
482        """Formulate the command necessary to 'cd' into the source dir."""
483        return f"cd {self.package.split('/')[-1]}*"
484
485    def _df_copycmds(self) -> str:
486        """Formulate the dockerfile snippet necessary to COPY all depends."""
487
488        if "depends" not in self.pkg_def:
489            return ""
490        return Package.df_copycmds_set(self.pkg_def["depends"])
491
492    @staticmethod
493    def df_copycmds_set(pkgs: Iterable[str]) -> str:
494        """Formulate the Dockerfile snippet necessary to COPY a set of
495        packages into a Docker stage.
496        """
497
498        copy_cmds = ""
499
500        # Sort the packages for consistency.
501        for p in sorted(pkgs):
502            tag = Package.packages[p]["__tag"]
503            copy_cmds += f"COPY --from={tag} {prefix} {prefix}\n"
504            # Workaround for upstream docker bug and multiple COPY cmds
505            # https://github.com/moby/moby/issues/37965
506            copy_cmds += "RUN true\n"
507
508        return copy_cmds
509
510    def _df_build(self) -> str:
511        """Formulate the Dockerfile snippet necessary to download, build, and
512        install a package into a Docker stage.
513        """
514
515        # Download and extract source.
516        result = f"RUN {self._cmd_download()} && {self._cmd_cd_srcdir()} && "
517
518        # Handle 'custom_post_dl' commands.
519        custom_post_dl = self.pkg_def.get("custom_post_dl")
520        if custom_post_dl:
521            result += " && ".join(custom_post_dl) + " && "
522
523        # Build and install package based on 'build_type'.
524        build_type = self.pkg_def["build_type"]
525        if build_type == "autoconf":
526            result += self._cmd_build_autoconf()
527        elif build_type == "cmake":
528            result += self._cmd_build_cmake()
529        elif build_type == "custom":
530            result += self._cmd_build_custom()
531        elif build_type == "make":
532            result += self._cmd_build_make()
533        elif build_type == "meson":
534            result += self._cmd_build_meson()
535        else:
536            raise NotImplementedError(
537                f"Unhandled build type for {self.package}: {build_type}"
538            )
539
540        # Handle 'custom_post_install' commands.
541        custom_post_install = self.pkg_def.get("custom_post_install")
542        if custom_post_install:
543            result += " && " + " && ".join(custom_post_install)
544
545        return result
546
547    def _cmd_build_autoconf(self) -> str:
548        options = " ".join(self.pkg_def.get("config_flags", []))
549        env = " ".join(self.pkg_def.get("config_env", []))
550        result = "./bootstrap.sh && "
551        result += f"{env} ./configure {configure_flags} {options} && "
552        result += f"make -j{proc_count} && make install"
553        return result
554
555    def _cmd_build_cmake(self) -> str:
556        options = " ".join(self.pkg_def.get("config_flags", []))
557        env = " ".join(self.pkg_def.get("config_env", []))
558        result = "mkdir builddir && cd builddir && "
559        result += f"{env} cmake {cmake_flags} {options} .. && "
560        result += "cmake --build . --target all && "
561        result += "cmake --build . --target install && "
562        result += "cd .."
563        return result
564
565    def _cmd_build_custom(self) -> str:
566        return " && ".join(self.pkg_def.get("build_steps", []))
567
568    def _cmd_build_make(self) -> str:
569        return f"make -j{proc_count} && make install"
570
571    def _cmd_build_meson(self) -> str:
572        options = " ".join(self.pkg_def.get("config_flags", []))
573        env = " ".join(self.pkg_def.get("config_env", []))
574        result = f"{env} meson setup builddir {meson_flags} {options} && "
575        result += "ninja -C builddir && ninja -C builddir install"
576        return result
577
578
579class Docker:
580    """Class to assist with Docker interactions.  All methods are static."""
581
582    @staticmethod
583    def timestamp() -> str:
584        """Generate a timestamp for today using the ISO week."""
585        today = date.today().isocalendar()
586        return f"{today[0]}-W{today[1]:02}"
587
588    @staticmethod
589    def tagname(pkgname: Optional[str], dockerfile: str) -> str:
590        """Generate a tag name for a package using a hash of the Dockerfile."""
591        result = docker_image_name
592        if pkgname:
593            result += "-" + pkgname
594
595        result += ":" + Docker.timestamp()
596        result += "-" + sha256(dockerfile.encode()).hexdigest()[0:16]
597
598        return result
599
600    @staticmethod
601    def build(pkg: str, tag: str, dockerfile: str) -> None:
602        """Build a docker image using the Dockerfile and tagging it with 'tag'."""
603
604        # If we're not forcing builds, check if it already exists and skip.
605        if not force_build:
606            if docker.image.ls(tag, "--format", '"{{.Repository}}:{{.Tag}}"'):
607                print(
608                    f"Image {tag} already exists.  Skipping.", file=sys.stderr
609                )
610                return
611
612        # Build it.
613        #   Capture the output of the 'docker build' command and send it to
614        #   stderr (prefixed with the package name).  This allows us to see
615        #   progress but not polute stdout.  Later on we output the final
616        #   docker tag to stdout and we want to keep that pristine.
617        #
618        #   Other unusual flags:
619        #       --no-cache: Bypass the Docker cache if 'force_build'.
620        #       --force-rm: Clean up Docker processes if they fail.
621        docker.build(
622            proxy_args,
623            "--network=host",
624            "--force-rm",
625            "--no-cache=true" if force_build else "--no-cache=false",
626            "-t",
627            tag,
628            "-",
629            _in=dockerfile,
630            _out=(
631                lambda line: print(
632                    pkg + ":", line, end="", file=sys.stderr, flush=True
633                )
634            ),
635        )
636
637
638# Read a bunch of environment variables.
639docker_image_name = os.environ.get(
640    "DOCKER_IMAGE_NAME", "openbmc/ubuntu-unit-test"
641)
642force_build = os.environ.get("FORCE_DOCKER_BUILD")
643is_automated_ci_build = os.environ.get("BUILD_URL", False)
644distro = os.environ.get("DISTRO", "ubuntu:noble")
645branch = os.environ.get("BRANCH", "master")
646ubuntu_mirror = os.environ.get("UBUNTU_MIRROR")
647http_proxy = os.environ.get("http_proxy")
648
649gerrit_project = os.environ.get("GERRIT_PROJECT")
650gerrit_rev = os.environ.get("GERRIT_PATCHSET_REVISION")
651
652# Ensure appropriate docker build output to see progress and identify
653# any issues
654os.environ["BUILDKIT_PROGRESS"] = "plain"
655
656# Set up some common variables.
657username = os.environ.get("USER", "root")
658homedir = os.environ.get("HOME", "/root")
659gid = os.getgid()
660uid = os.getuid()
661
662# Use well-known constants if user is root
663if username == "root":
664    homedir = "/root"
665    gid = 0
666    uid = 0
667
668# Determine the architecture for Docker.
669arch = uname("-m").strip()
670if arch == "ppc64le":
671    docker_base = "ppc64le/"
672elif arch == "x86_64":
673    docker_base = ""
674elif arch == "aarch64":
675    docker_base = "arm64v8/"
676else:
677    print(
678        f"Unsupported system architecture({arch}) found for docker image",
679        file=sys.stderr,
680    )
681    sys.exit(1)
682
683# Special flags if setting up a deb mirror.
684mirror = ""
685if "ubuntu" in distro and ubuntu_mirror:
686    mirror = f"""
687RUN echo "deb {ubuntu_mirror} \
688        $(. /etc/os-release && echo $VERSION_CODENAME) \
689        main restricted universe multiverse" > /etc/apt/sources.list && \\
690    echo "deb {ubuntu_mirror} \
691        $(. /etc/os-release && echo $VERSION_CODENAME)-updates \
692            main restricted universe multiverse" >> /etc/apt/sources.list && \\
693    echo "deb {ubuntu_mirror} \
694        $(. /etc/os-release && echo $VERSION_CODENAME)-security \
695            main restricted universe multiverse" >> /etc/apt/sources.list && \\
696    echo "deb {ubuntu_mirror} \
697        $(. /etc/os-release && echo $VERSION_CODENAME)-proposed \
698            main restricted universe multiverse" >> /etc/apt/sources.list && \\
699    echo "deb {ubuntu_mirror} \
700        $(. /etc/os-release && echo $VERSION_CODENAME)-backports \
701            main restricted universe multiverse" >> /etc/apt/sources.list
702"""
703
704# Special flags for proxying.
705proxy_cmd = ""
706proxy_keyserver = ""
707proxy_args = []
708if http_proxy:
709    proxy_cmd = f"""
710RUN echo "[http]" >> {homedir}/.gitconfig && \
711    echo "proxy = {http_proxy}" >> {homedir}/.gitconfig
712"""
713    proxy_keyserver = f"--keyserver-options http-proxy={http_proxy}"
714
715    proxy_args.extend(
716        [
717            "--build-arg",
718            f"http_proxy={http_proxy}",
719            "--build-arg",
720            f"https_proxy={http_proxy}",
721        ]
722    )
723
724# Create base Dockerfile.
725dockerfile_base = f"""
726FROM {docker_base}{distro}
727
728{mirror}
729
730ENV DEBIAN_FRONTEND noninteractive
731
732ENV PYTHONPATH "/usr/local/lib/python3.10/site-packages/"
733
734# Sometimes the ubuntu key expires and we need a way to force an execution
735# of the apt-get commands for the dbgsym-keyring.  When this happens we see
736# an error like: "Release: The following signatures were invalid:"
737# Insert a bogus echo that we can change here when we get this error to force
738# the update.
739RUN echo "ubuntu keyserver rev as of 2021-04-21"
740
741# We need the keys to be imported for dbgsym repos
742# New releases have a package, older ones fall back to manual fetching
743# https://wiki.ubuntu.com/Debug%20Symbol%20Packages
744# Known issue with gpg to get keys via proxy -
745# https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190, hence using
746# curl to get keys.
747RUN apt-get update && apt-get dist-upgrade -yy && \
748    ( apt-get install -yy gpgv ubuntu-dbgsym-keyring || \
749        ( apt-get install -yy dirmngr curl && \
750          curl -sSL \
751          'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622' \
752          | apt-key add - ))
753
754# Parse the current repo list into a debug repo list
755RUN sed -n '/^deb /s,^deb [^ ]* ,deb http://ddebs.ubuntu.com ,p' \
756        /etc/apt/sources.list >/etc/apt/sources.list.d/debug.list
757
758# Remove non-existent debug repos
759RUN sed -i '/-\\(backports\\|security\\) /d' /etc/apt/sources.list.d/debug.list
760
761RUN cat /etc/apt/sources.list.d/debug.list
762
763RUN apt-get update && apt-get dist-upgrade -yy && apt-get install -yy \
764    abi-compliance-checker \
765    abi-dumper \
766    autoconf \
767    autoconf-archive \
768    bison \
769    clang-17 \
770    clang-format-17 \
771    clang-tidy-17 \
772    clang-tools-17 \
773    cmake \
774    curl \
775    dbus \
776    device-tree-compiler \
777    flex \
778    g++-13 \
779    gcc-13 \
780    git \
781    iproute2 \
782    iputils-ping \
783    libaudit-dev \
784    libc6-dbg \
785    libc6-dev \
786    libconfig++-dev \
787    libcryptsetup-dev \
788    libdbus-1-dev \
789    libevdev-dev \
790    libgpiod-dev \
791    libi2c-dev \
792    libjpeg-dev \
793    libjson-perl \
794    libldap2-dev \
795    libmimetic-dev \
796    libnl-3-dev \
797    libnl-genl-3-dev \
798    libpam0g-dev \
799    libpciaccess-dev \
800    libperlio-gzip-perl \
801    libpng-dev \
802    libprotobuf-dev \
803    libsnmp-dev \
804    libssl-dev \
805    libsystemd-dev \
806    libtool \
807    liburing-dev \
808    libxml2-utils \
809    libxml-simple-perl \
810    ninja-build \
811    npm \
812    pkg-config \
813    protobuf-compiler \
814    python3 \
815    python3-dev\
816    python3-git \
817    python3-mako \
818    python3-pip \
819    python3-setuptools \
820    python3-socks \
821    python3-yaml \
822    rsync \
823    shellcheck \
824    sudo \
825    systemd \
826    valgrind \
827    valgrind-dbgsym \
828    vim \
829    wget \
830    xxd
831
832RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 13 \
833  --slave /usr/bin/g++ g++ /usr/bin/g++-13 \
834  --slave /usr/bin/gcov gcov /usr/bin/gcov-13 \
835  --slave /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-13 \
836  --slave /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-13
837RUN update-alternatives --remove cpp /usr/bin/cpp && \
838    update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-13 13
839
840RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-17 1000 \
841  --slave /usr/bin/clang++ clang++ /usr/bin/clang++-17 \
842  --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-17 \
843  --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-17 \
844  --slave /usr/bin/run-clang-tidy run-clang-tidy.py \
845        /usr/bin/run-clang-tidy-17 \
846  --slave /usr/bin/scan-build scan-build /usr/bin/scan-build-17
847
848"""
849
850if is_automated_ci_build:
851    dockerfile_base += f"""
852# Run an arbitrary command to polute the docker cache regularly force us
853# to re-run `apt-get update` daily.
854RUN echo {Docker.timestamp()}
855RUN apt-get update && apt-get dist-upgrade -yy
856
857"""
858
859dockerfile_base += """
860RUN pip3 install --break-system-packages \
861        beautysh \
862        black \
863        codespell \
864        flake8 \
865        gitlint \
866        inflection \
867        isort \
868        jsonschema \
869        meson==1.3.0 \
870        protobuf \
871        requests
872
873RUN npm install -g \
874        eslint@latest eslint-plugin-json@latest \
875        markdownlint-cli@latest \
876        prettier@latest
877"""
878
879# Build the base and stage docker images.
880docker_base_img_name = Docker.tagname("base", dockerfile_base)
881Docker.build("base", docker_base_img_name, dockerfile_base)
882Package.generate_all()
883
884# Create the final Dockerfile.
885dockerfile = f"""
886# Build the final output image
887FROM {docker_base_img_name}
888{Package.df_all_copycmds()}
889
890# Some of our infrastructure still relies on the presence of this file
891# even though it is no longer needed to rebuild the docker environment
892# NOTE: The file is sorted to ensure the ordering is stable.
893RUN echo '{Package.depcache()}' > /tmp/depcache
894
895# Ensure the group, user, and home directory are created (or rename them if
896# they already exist).
897RUN if grep -q ":{gid}:" /etc/group ; then \
898        groupmod -n {username} $(awk -F : '{{ if ($3 == {gid}) {{ print $1 }} }}' /etc/group) ; \
899    else \
900        groupadd -f -g {gid} {username} ; \
901    fi
902RUN mkdir -p "{os.path.dirname(homedir)}"
903RUN if grep -q ":{uid}:" /etc/passwd ; then \
904        usermod -l {username} -d {homedir} -m $(awk -F : '{{ if ($3 == {uid}) {{ print $1 }} }}' /etc/passwd) ; \
905    else \
906        useradd -d {homedir} -m -u {uid} -g {gid} {username} ; \
907    fi
908RUN sed -i '1iDefaults umask=000' /etc/sudoers
909RUN echo "{username} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
910
911# Ensure user has ability to write to /usr/local for different tool
912# and data installs
913RUN chown -R {username}:{username} /usr/local/share
914
915{proxy_cmd}
916
917RUN /bin/bash
918"""
919
920# Do the final docker build
921docker_final_img_name = Docker.tagname(None, dockerfile)
922Docker.build("final", docker_final_img_name, dockerfile)
923
924# Print the tag of the final image.
925print(docker_final_img_name)
926