1#!/usr/bin/env python3
2#
3# Build the required docker image to run package unit tests
4#
5# Script Variables:
6#   DOCKER_IMG_NAME:  <optional, the name of the docker image to generate>
7#                     default is openbmc/ubuntu-unit-test
8#   DISTRO:           <optional, the distro to build a docker image against>
9#   FORCE_DOCKER_BUILD: <optional, a non-zero value with force all Docker
10#                     images to be rebuilt rather than reusing caches.>
11#   BUILD_URL:        <optional, used to detect running under CI context
12#                     (ex. Jenkins)>
13#   BRANCH:           <optional, branch to build from each of the openbmc/
14#                     repositories>
15#                     default is master, which will be used if input branch not
16#                     provided or not found
17#   UBUNTU_MIRROR:    <optional, the URL of a mirror of Ubuntu to override the
18#                     default ones in /etc/apt/sources.list>
19#                     default is empty, and no mirror is used.
20#   http_proxy        The HTTP address of the proxy server to connect to.
21#                     Default: "", proxy is not setup if this is not set
22
23import os
24import sys
25import threading
26from datetime import date
27from hashlib import sha256
28
29# typing.Dict is used for type-hints.
30from typing import Any, Callable, Dict, Iterable, Optional  # noqa: F401
31
32from sh import docker, git, nproc, uname  # type: ignore
33
34try:
35    # Python before 3.8 doesn't have TypedDict, so reroute to standard 'dict'.
36    from typing import TypedDict
37except Exception:
38
39    class TypedDict(dict):  # type: ignore
40        # We need to do this to eat the 'total' argument.
41        def __init_subclass__(cls, **kwargs: Any) -> None:
42            super().__init_subclass__()
43
44
45# Declare some variables used in package definitions.
46prefix = "/usr/local"
47proc_count = nproc().strip()
48
49
50class PackageDef(TypedDict, total=False):
51    """Package Definition for packages dictionary."""
52
53    # rev [optional]: Revision of package to use.
54    rev: str
55    # url [optional]: lambda function to create URL: (package, rev) -> url.
56    url: Callable[[str, str], str]
57    # depends [optional]: List of package dependencies.
58    depends: Iterable[str]
59    # build_type [required]: Build type used for package.
60    #   Currently supported: autoconf, cmake, custom, make, meson
61    build_type: str
62    # build_steps [optional]: Steps to run for 'custom' build_type.
63    build_steps: Iterable[str]
64    # config_flags [optional]: List of options to pass configuration tool.
65    config_flags: Iterable[str]
66    # config_env [optional]: List of environment variables to set for config.
67    config_env: Iterable[str]
68    # custom_post_dl [optional]: List of steps to run after download, but
69    #   before config / build / install.
70    custom_post_dl: Iterable[str]
71    # custom_post_install [optional]: List of steps to run after install.
72    custom_post_install: Iterable[str]
73
74    # __tag [private]: Generated Docker tag name for package stage.
75    __tag: str
76    # __package [private]: Package object associated with this package.
77    __package: Any  # Type is Package, but not defined yet.
78
79
80# Packages to include in image.
81packages = {
82    "boost": PackageDef(
83        rev="1.83.0",
84        url=(
85            lambda pkg, rev: f"https://boostorg.jfrog.io/artifactory/main/release/{rev}/source/{pkg}_{rev.replace('.', '_')}.tar.gz"  # noqa: E501
86        ),
87        build_type="custom",
88        build_steps=[
89            (
90                "curl --remote-name"
91                " https://github.com/williamspatrick/beast/commit/98f8b1fbd059a35754c2c7b2841769cf8d021272.patch"
92                " && patch -p2 <"
93                " 98f8b1fbd059a35754c2c7b2841769cf8d021272.patch &&"
94                " ./bootstrap.sh"
95                f" --prefix={prefix} --with-libraries=context,coroutine,url"
96            ),
97            "./b2",
98            f"./b2 install --prefix={prefix}",
99        ],
100    ),
101    "USCiLab/cereal": PackageDef(
102        rev="v1.3.2",
103        build_type="custom",
104        build_steps=[f"cp -a include/cereal/ {prefix}/include/"],
105    ),
106    "danmar/cppcheck": PackageDef(
107        rev="2.9",
108        build_type="cmake",
109    ),
110    "CLIUtils/CLI11": PackageDef(
111        rev="v2.3.2",
112        build_type="cmake",
113        config_flags=[
114            "-DBUILD_TESTING=OFF",
115            "-DCLI11_BUILD_DOCS=OFF",
116            "-DCLI11_BUILD_EXAMPLES=OFF",
117        ],
118    ),
119    "fmtlib/fmt": PackageDef(
120        rev="10.0.0",
121        build_type="cmake",
122        config_flags=[
123            "-DFMT_DOC=OFF",
124            "-DFMT_TEST=OFF",
125        ],
126    ),
127    "Naios/function2": PackageDef(
128        rev="4.2.1",
129        build_type="custom",
130        build_steps=[
131            f"mkdir {prefix}/include/function2",
132            f"cp include/function2/function2.hpp {prefix}/include/function2/",
133        ],
134    ),
135    # release-1.13.0
136    "google/googletest": PackageDef(
137        rev="b796f7d44681514f58a683a3a71ff17c94edb0c1",
138        build_type="cmake",
139        config_env=["CXXFLAGS=-std=c++20"],
140        config_flags=["-DTHREADS_PREFER_PTHREAD_FLAG=ON"],
141    ),
142    "nghttp2/nghttp2": PackageDef(
143        rev="v1.54.0",
144        build_type="cmake",
145        config_env=["CXXFLAGS=-std=c++20"],
146        config_flags=[
147            "-DENABLE_LIB_ONLY=ON",
148            "-DENABLE_STATIC_LIB=ON",
149        ],
150    ),
151    "nlohmann/json": PackageDef(
152        rev="v3.11.2",
153        build_type="cmake",
154        config_flags=["-DJSON_BuildTests=OFF"],
155        custom_post_install=[
156            (
157                f"ln -s {prefix}/include/nlohmann/json.hpp"
158                f" {prefix}/include/json.hpp"
159            ),
160        ],
161    ),
162    "json-c/json-c": PackageDef(
163        rev="json-c-0.16-20220414",
164        build_type="cmake",
165    ),
166    # Snapshot from 2019-05-24
167    "linux-test-project/lcov": PackageDef(
168        rev="v1.15",
169        build_type="make",
170    ),
171    "LibVNC/libvncserver": PackageDef(
172        rev="LibVNCServer-0.9.13",
173        build_type="cmake",
174    ),
175    "leethomason/tinyxml2": PackageDef(
176        rev="9.0.0",
177        build_type="cmake",
178    ),
179    "tristanpenman/valijson": PackageDef(
180        rev="v0.7",
181        build_type="cmake",
182        config_flags=[
183            "-Dvalijson_BUILD_TESTS=0",
184            "-Dvalijson_INSTALL_HEADERS=1",
185        ],
186    ),
187    "open-power/pdbg": PackageDef(build_type="autoconf"),
188    "openbmc/gpioplus": PackageDef(
189        depends=["openbmc/stdplus"],
190        build_type="meson",
191        config_flags=[
192            "-Dexamples=false",
193            "-Dtests=disabled",
194        ],
195    ),
196    "openbmc/phosphor-dbus-interfaces": PackageDef(
197        depends=["openbmc/sdbusplus"],
198        build_type="meson",
199        config_flags=["-Dgenerate_md=false"],
200    ),
201    "openbmc/phosphor-logging": PackageDef(
202        depends=[
203            "USCiLab/cereal",
204            "openbmc/phosphor-dbus-interfaces",
205            "openbmc/sdbusplus",
206            "openbmc/sdeventplus",
207        ],
208        build_type="meson",
209        config_flags=[
210            "-Dlibonly=true",
211            "-Dtests=disabled",
212            f"-Dyamldir={prefix}/share/phosphor-dbus-yaml/yaml",
213        ],
214    ),
215    "openbmc/phosphor-objmgr": PackageDef(
216        depends=[
217            "CLIUtils/CLI11",
218            "boost",
219            "leethomason/tinyxml2",
220            "openbmc/phosphor-dbus-interfaces",
221            "openbmc/phosphor-logging",
222            "openbmc/sdbusplus",
223        ],
224        build_type="meson",
225        config_flags=[
226            "-Dtests=disabled",
227        ],
228    ),
229    "openbmc/libpeci": PackageDef(
230        build_type="meson",
231        config_flags=[
232            "-Draw-peci=disabled",
233        ],
234    ),
235    "openbmc/libpldm": PackageDef(
236        build_type="meson",
237        config_flags=[
238            "-Dabi=deprecated,stable",
239            "-Doem-ibm=enabled",
240            "-Dtests=disabled",
241        ],
242    ),
243    "openbmc/sdbusplus": PackageDef(
244        build_type="meson",
245        custom_post_dl=[
246            "cd tools",
247            f"./setup.py install --root=/ --prefix={prefix}",
248            "cd ..",
249        ],
250        config_flags=[
251            "-Dexamples=disabled",
252            "-Dtests=disabled",
253        ],
254    ),
255    "openbmc/sdeventplus": PackageDef(
256        depends=[
257            "Naios/function2",
258            "openbmc/stdplus",
259        ],
260        build_type="meson",
261        config_flags=[
262            "-Dexamples=false",
263            "-Dtests=disabled",
264        ],
265    ),
266    "openbmc/stdplus": PackageDef(
267        depends=[
268            "fmtlib/fmt",
269            "google/googletest",
270            "Naios/function2",
271        ],
272        build_type="meson",
273        config_flags=[
274            "-Dexamples=false",
275            "-Dtests=disabled",
276            "-Dgtest=enabled",
277        ],
278    ),
279}  # type: Dict[str, PackageDef]
280
281# Define common flags used for builds
282configure_flags = " ".join(
283    [
284        f"--prefix={prefix}",
285    ]
286)
287cmake_flags = " ".join(
288    [
289        "-DBUILD_SHARED_LIBS=ON",
290        "-DCMAKE_BUILD_TYPE=RelWithDebInfo",
291        f"-DCMAKE_INSTALL_PREFIX:PATH={prefix}",
292        "-GNinja",
293        "-DCMAKE_MAKE_PROGRAM=ninja",
294    ]
295)
296meson_flags = " ".join(
297    [
298        "--wrap-mode=nodownload",
299        f"-Dprefix={prefix}",
300    ]
301)
302
303
304class Package(threading.Thread):
305    """Class used to build the Docker stages for each package.
306
307    Generally, this class should not be instantiated directly but through
308    Package.generate_all().
309    """
310
311    # Copy the packages dictionary.
312    packages = packages.copy()
313
314    # Lock used for thread-safety.
315    lock = threading.Lock()
316
317    def __init__(self, pkg: str):
318        """pkg - The name of this package (ex. foo/bar )"""
319        super(Package, self).__init__()
320
321        self.package = pkg
322        self.exception = None  # type: Optional[Exception]
323
324        # Reference to this package's
325        self.pkg_def = Package.packages[pkg]
326        self.pkg_def["__package"] = self
327
328    def run(self) -> None:
329        """Thread 'run' function.  Builds the Docker stage."""
330
331        # In case this package has no rev, fetch it from Github.
332        self._update_rev()
333
334        # Find all the Package objects that this package depends on.
335        #   This section is locked because we are looking into another
336        #   package's PackageDef dict, which could be being modified.
337        Package.lock.acquire()
338        deps: Iterable[Package] = [
339            Package.packages[deppkg]["__package"]
340            for deppkg in self.pkg_def.get("depends", [])
341        ]
342        Package.lock.release()
343
344        # Wait until all the depends finish building.  We need them complete
345        # for the "COPY" commands.
346        for deppkg in deps:
347            deppkg.join()
348
349        # Generate this package's Dockerfile.
350        dockerfile = f"""
351FROM {docker_base_img_name}
352{self._df_copycmds()}
353{self._df_build()}
354"""
355
356        # Generate the resulting tag name and save it to the PackageDef.
357        #   This section is locked because we are modifying the PackageDef,
358        #   which can be accessed by other threads.
359        Package.lock.acquire()
360        tag = Docker.tagname(self._stagename(), dockerfile)
361        self.pkg_def["__tag"] = tag
362        Package.lock.release()
363
364        # Do the build / save any exceptions.
365        try:
366            Docker.build(self.package, tag, dockerfile)
367        except Exception as e:
368            self.exception = e
369
370    @classmethod
371    def generate_all(cls) -> None:
372        """Ensure a Docker stage is created for all defined packages.
373
374        These are done in parallel but with appropriate blocking per
375        package 'depends' specifications.
376        """
377
378        # Create a Package for each defined package.
379        pkg_threads = [Package(p) for p in cls.packages.keys()]
380
381        # Start building them all.
382        #   This section is locked because threads depend on each other,
383        #   based on the packages, and they cannot 'join' on a thread
384        #   which is not yet started.  Adding a lock here allows all the
385        #   threads to start before they 'join' their dependencies.
386        Package.lock.acquire()
387        for t in pkg_threads:
388            t.start()
389        Package.lock.release()
390
391        # Wait for completion.
392        for t in pkg_threads:
393            t.join()
394            # Check if the thread saved off its own exception.
395            if t.exception:
396                print(f"Package {t.package} failed!", file=sys.stderr)
397                raise t.exception
398
399    @staticmethod
400    def df_all_copycmds() -> str:
401        """Formulate the Dockerfile snippet necessary to copy all packages
402        into the final image.
403        """
404        return Package.df_copycmds_set(Package.packages.keys())
405
406    @classmethod
407    def depcache(cls) -> str:
408        """Create the contents of the '/tmp/depcache'.
409        This file is a comma-separated list of "<pkg>:<rev>".
410        """
411
412        # This needs to be sorted for consistency.
413        depcache = ""
414        for pkg in sorted(cls.packages.keys()):
415            depcache += "%s:%s," % (pkg, cls.packages[pkg]["rev"])
416        return depcache
417
418    def _update_rev(self) -> None:
419        """Look up the HEAD for missing a static rev."""
420
421        if "rev" in self.pkg_def:
422            return
423
424        # Check if Jenkins/Gerrit gave us a revision and use it.
425        if gerrit_project == self.package and gerrit_rev:
426            print(
427                f"Found Gerrit revision for {self.package}: {gerrit_rev}",
428                file=sys.stderr,
429            )
430            self.pkg_def["rev"] = gerrit_rev
431            return
432
433        # Ask Github for all the branches.
434        lookup = git(
435            "ls-remote", "--heads", f"https://github.com/{self.package}"
436        )
437
438        # Find the branch matching {branch} (or fallback to master).
439        #   This section is locked because we are modifying the PackageDef.
440        Package.lock.acquire()
441        for line in lookup.split("\n"):
442            if f"refs/heads/{branch}" in line:
443                self.pkg_def["rev"] = line.split()[0]
444            elif (
445                "refs/heads/master" in line or "refs/heads/main" in line
446            ) and "rev" not in self.pkg_def:
447                self.pkg_def["rev"] = line.split()[0]
448        Package.lock.release()
449
450    def _stagename(self) -> str:
451        """Create a name for the Docker stage associated with this pkg."""
452        return self.package.replace("/", "-").lower()
453
454    def _url(self) -> str:
455        """Get the URL for this package."""
456        rev = self.pkg_def["rev"]
457
458        # If the lambda exists, call it.
459        if "url" in self.pkg_def:
460            return self.pkg_def["url"](self.package, rev)
461
462        # Default to the github archive URL.
463        return f"https://github.com/{self.package}/archive/{rev}.tar.gz"
464
465    def _cmd_download(self) -> str:
466        """Formulate the command necessary to download and unpack to source."""
467
468        url = self._url()
469        if ".tar." not in url:
470            raise NotImplementedError(
471                f"Unhandled download type for {self.package}: {url}"
472            )
473
474        cmd = f"curl -L {url} | tar -x"
475
476        if url.endswith(".bz2"):
477            cmd += "j"
478        elif url.endswith(".gz"):
479            cmd += "z"
480        else:
481            raise NotImplementedError(
482                f"Unknown tar flags needed for {self.package}: {url}"
483            )
484
485        return cmd
486
487    def _cmd_cd_srcdir(self) -> str:
488        """Formulate the command necessary to 'cd' into the source dir."""
489        return f"cd {self.package.split('/')[-1]}*"
490
491    def _df_copycmds(self) -> str:
492        """Formulate the dockerfile snippet necessary to COPY all depends."""
493
494        if "depends" not in self.pkg_def:
495            return ""
496        return Package.df_copycmds_set(self.pkg_def["depends"])
497
498    @staticmethod
499    def df_copycmds_set(pkgs: Iterable[str]) -> str:
500        """Formulate the Dockerfile snippet necessary to COPY a set of
501        packages into a Docker stage.
502        """
503
504        copy_cmds = ""
505
506        # Sort the packages for consistency.
507        for p in sorted(pkgs):
508            tag = Package.packages[p]["__tag"]
509            copy_cmds += f"COPY --from={tag} {prefix} {prefix}\n"
510            # Workaround for upstream docker bug and multiple COPY cmds
511            # https://github.com/moby/moby/issues/37965
512            copy_cmds += "RUN true\n"
513
514        return copy_cmds
515
516    def _df_build(self) -> str:
517        """Formulate the Dockerfile snippet necessary to download, build, and
518        install a package into a Docker stage.
519        """
520
521        # Download and extract source.
522        result = f"RUN {self._cmd_download()} && {self._cmd_cd_srcdir()} && "
523
524        # Handle 'custom_post_dl' commands.
525        custom_post_dl = self.pkg_def.get("custom_post_dl")
526        if custom_post_dl:
527            result += " && ".join(custom_post_dl) + " && "
528
529        # Build and install package based on 'build_type'.
530        build_type = self.pkg_def["build_type"]
531        if build_type == "autoconf":
532            result += self._cmd_build_autoconf()
533        elif build_type == "cmake":
534            result += self._cmd_build_cmake()
535        elif build_type == "custom":
536            result += self._cmd_build_custom()
537        elif build_type == "make":
538            result += self._cmd_build_make()
539        elif build_type == "meson":
540            result += self._cmd_build_meson()
541        else:
542            raise NotImplementedError(
543                f"Unhandled build type for {self.package}: {build_type}"
544            )
545
546        # Handle 'custom_post_install' commands.
547        custom_post_install = self.pkg_def.get("custom_post_install")
548        if custom_post_install:
549            result += " && " + " && ".join(custom_post_install)
550
551        return result
552
553    def _cmd_build_autoconf(self) -> str:
554        options = " ".join(self.pkg_def.get("config_flags", []))
555        env = " ".join(self.pkg_def.get("config_env", []))
556        result = "./bootstrap.sh && "
557        result += f"{env} ./configure {configure_flags} {options} && "
558        result += f"make -j{proc_count} && make install"
559        return result
560
561    def _cmd_build_cmake(self) -> str:
562        options = " ".join(self.pkg_def.get("config_flags", []))
563        env = " ".join(self.pkg_def.get("config_env", []))
564        result = "mkdir builddir && cd builddir && "
565        result += f"{env} cmake {cmake_flags} {options} .. && "
566        result += "cmake --build . --target all && "
567        result += "cmake --build . --target install && "
568        result += "cd .."
569        return result
570
571    def _cmd_build_custom(self) -> str:
572        return " && ".join(self.pkg_def.get("build_steps", []))
573
574    def _cmd_build_make(self) -> str:
575        return f"make -j{proc_count} && make install"
576
577    def _cmd_build_meson(self) -> str:
578        options = " ".join(self.pkg_def.get("config_flags", []))
579        env = " ".join(self.pkg_def.get("config_env", []))
580        result = f"{env} meson setup builddir {meson_flags} {options} && "
581        result += "ninja -C builddir && ninja -C builddir install"
582        return result
583
584
585class Docker:
586    """Class to assist with Docker interactions.  All methods are static."""
587
588    @staticmethod
589    def timestamp() -> str:
590        """Generate a timestamp for today using the ISO week."""
591        today = date.today().isocalendar()
592        return f"{today[0]}-W{today[1]:02}"
593
594    @staticmethod
595    def tagname(pkgname: Optional[str], dockerfile: str) -> str:
596        """Generate a tag name for a package using a hash of the Dockerfile."""
597        result = docker_image_name
598        if pkgname:
599            result += "-" + pkgname
600
601        result += ":" + Docker.timestamp()
602        result += "-" + sha256(dockerfile.encode()).hexdigest()[0:16]
603
604        return result
605
606    @staticmethod
607    def build(pkg: str, tag: str, dockerfile: str) -> None:
608        """Build a docker image using the Dockerfile and tagging it with 'tag'."""
609
610        # If we're not forcing builds, check if it already exists and skip.
611        if not force_build:
612            if docker.image.ls(tag, "--format", '"{{.Repository}}:{{.Tag}}"'):
613                print(
614                    f"Image {tag} already exists.  Skipping.", file=sys.stderr
615                )
616                return
617
618        # Build it.
619        #   Capture the output of the 'docker build' command and send it to
620        #   stderr (prefixed with the package name).  This allows us to see
621        #   progress but not polute stdout.  Later on we output the final
622        #   docker tag to stdout and we want to keep that pristine.
623        #
624        #   Other unusual flags:
625        #       --no-cache: Bypass the Docker cache if 'force_build'.
626        #       --force-rm: Clean up Docker processes if they fail.
627        docker.build(
628            proxy_args,
629            "--network=host",
630            "--force-rm",
631            "--no-cache=true" if force_build else "--no-cache=false",
632            "-t",
633            tag,
634            "-",
635            _in=dockerfile,
636            _out=(
637                lambda line: print(
638                    pkg + ":", line, end="", file=sys.stderr, flush=True
639                )
640            ),
641        )
642
643
644# Read a bunch of environment variables.
645docker_image_name = os.environ.get(
646    "DOCKER_IMAGE_NAME", "openbmc/ubuntu-unit-test"
647)
648force_build = os.environ.get("FORCE_DOCKER_BUILD")
649is_automated_ci_build = os.environ.get("BUILD_URL", False)
650distro = os.environ.get("DISTRO", "ubuntu:mantic")
651branch = os.environ.get("BRANCH", "master")
652ubuntu_mirror = os.environ.get("UBUNTU_MIRROR")
653http_proxy = os.environ.get("http_proxy")
654
655gerrit_project = os.environ.get("GERRIT_PROJECT")
656gerrit_rev = os.environ.get("GERRIT_PATCHSET_REVISION")
657
658# Ensure appropriate docker build output to see progress and identify
659# any issues
660os.environ["BUILDKIT_PROGRESS"] = "plain"
661
662# Set up some common variables.
663username = os.environ.get("USER", "root")
664homedir = os.environ.get("HOME", "/root")
665gid = os.getgid()
666uid = os.getuid()
667
668# Use well-known constants if user is root
669if username == "root":
670    homedir = "/root"
671    gid = 0
672    uid = 0
673
674# Determine the architecture for Docker.
675arch = uname("-m").strip()
676if arch == "ppc64le":
677    docker_base = "ppc64le/"
678elif arch == "x86_64":
679    docker_base = ""
680elif arch == "aarch64":
681    docker_base = "arm64v8/"
682else:
683    print(
684        f"Unsupported system architecture({arch}) found for docker image",
685        file=sys.stderr,
686    )
687    sys.exit(1)
688
689# Special flags if setting up a deb mirror.
690mirror = ""
691if "ubuntu" in distro and ubuntu_mirror:
692    mirror = f"""
693RUN echo "deb {ubuntu_mirror} \
694        $(. /etc/os-release && echo $VERSION_CODENAME) \
695        main restricted universe multiverse" > /etc/apt/sources.list && \\
696    echo "deb {ubuntu_mirror} \
697        $(. /etc/os-release && echo $VERSION_CODENAME)-updates \
698            main restricted universe multiverse" >> /etc/apt/sources.list && \\
699    echo "deb {ubuntu_mirror} \
700        $(. /etc/os-release && echo $VERSION_CODENAME)-security \
701            main restricted universe multiverse" >> /etc/apt/sources.list && \\
702    echo "deb {ubuntu_mirror} \
703        $(. /etc/os-release && echo $VERSION_CODENAME)-proposed \
704            main restricted universe multiverse" >> /etc/apt/sources.list && \\
705    echo "deb {ubuntu_mirror} \
706        $(. /etc/os-release && echo $VERSION_CODENAME)-backports \
707            main restricted universe multiverse" >> /etc/apt/sources.list
708"""
709
710# Special flags for proxying.
711proxy_cmd = ""
712proxy_keyserver = ""
713proxy_args = []
714if http_proxy:
715    proxy_cmd = f"""
716RUN echo "[http]" >> {homedir}/.gitconfig && \
717    echo "proxy = {http_proxy}" >> {homedir}/.gitconfig
718"""
719    proxy_keyserver = f"--keyserver-options http-proxy={http_proxy}"
720
721    proxy_args.extend(
722        [
723            "--build-arg",
724            f"http_proxy={http_proxy}",
725            "--build-arg",
726            f"https_proxy={http_proxy}",
727        ]
728    )
729
730# Create base Dockerfile.
731dockerfile_base = f"""
732FROM {docker_base}{distro}
733
734{mirror}
735
736ENV DEBIAN_FRONTEND noninteractive
737
738ENV PYTHONPATH "/usr/local/lib/python3.10/site-packages/"
739
740# Sometimes the ubuntu key expires and we need a way to force an execution
741# of the apt-get commands for the dbgsym-keyring.  When this happens we see
742# an error like: "Release: The following signatures were invalid:"
743# Insert a bogus echo that we can change here when we get this error to force
744# the update.
745RUN echo "ubuntu keyserver rev as of 2021-04-21"
746
747# We need the keys to be imported for dbgsym repos
748# New releases have a package, older ones fall back to manual fetching
749# https://wiki.ubuntu.com/Debug%20Symbol%20Packages
750# Known issue with gpg to get keys via proxy -
751# https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1788190, hence using
752# curl to get keys.
753RUN apt-get update && apt-get dist-upgrade -yy && \
754    ( apt-get install -yy gpgv ubuntu-dbgsym-keyring || \
755        ( apt-get install -yy dirmngr curl && \
756          curl -sSL \
757          'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622' \
758          | apt-key add - ))
759
760# Parse the current repo list into a debug repo list
761RUN sed -n '/^deb /s,^deb [^ ]* ,deb http://ddebs.ubuntu.com ,p' \
762        /etc/apt/sources.list >/etc/apt/sources.list.d/debug.list
763
764# Remove non-existent debug repos
765RUN sed -i '/-\\(backports\\|security\\) /d' /etc/apt/sources.list.d/debug.list
766
767RUN cat /etc/apt/sources.list.d/debug.list
768
769RUN apt-get update && apt-get dist-upgrade -yy && apt-get install -yy \
770    abi-compliance-checker \
771    abi-dumper \
772    autoconf \
773    autoconf-archive \
774    bison \
775    clang-17 \
776    clang-format-17 \
777    clang-tidy-17 \
778    clang-tools-17 \
779    cmake \
780    curl \
781    dbus \
782    device-tree-compiler \
783    flex \
784    g++-13 \
785    gcc-13 \
786    git \
787    iproute2 \
788    iputils-ping \
789    libaudit-dev \
790    libc6-dbg \
791    libc6-dev \
792    libconfig++-dev \
793    libcryptsetup-dev \
794    libdbus-1-dev \
795    libevdev-dev \
796    libgpiod-dev \
797    libi2c-dev \
798    libjpeg-dev \
799    libjson-perl \
800    libldap2-dev \
801    libmimetic-dev \
802    libnl-3-dev \
803    libnl-genl-3-dev \
804    libpam0g-dev \
805    libpciaccess-dev \
806    libperlio-gzip-perl \
807    libpng-dev \
808    libprotobuf-dev \
809    libsnmp-dev \
810    libssl-dev \
811    libsystemd-dev \
812    libtool \
813    liburing-dev \
814    libxml2-utils \
815    libxml-simple-perl \
816    ninja-build \
817    npm \
818    pkg-config \
819    protobuf-compiler \
820    python3 \
821    python3-dev\
822    python3-git \
823    python3-mako \
824    python3-pip \
825    python3-setuptools \
826    python3-socks \
827    python3-yaml \
828    rsync \
829    shellcheck \
830    sudo \
831    systemd \
832    valgrind \
833    valgrind-dbgsym \
834    vim \
835    wget \
836    xxd
837
838RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 13 \
839  --slave /usr/bin/g++ g++ /usr/bin/g++-13 \
840  --slave /usr/bin/gcov gcov /usr/bin/gcov-13 \
841  --slave /usr/bin/gcov-dump gcov-dump /usr/bin/gcov-dump-13 \
842  --slave /usr/bin/gcov-tool gcov-tool /usr/bin/gcov-tool-13
843RUN update-alternatives --remove cpp /usr/bin/cpp && \
844    update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-13 13
845
846RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-17 1000 \
847  --slave /usr/bin/clang++ clang++ /usr/bin/clang++-17 \
848  --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-17 \
849  --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-17 \
850  --slave /usr/bin/run-clang-tidy run-clang-tidy.py \
851        /usr/bin/run-clang-tidy-17 \
852  --slave /usr/bin/scan-build scan-build /usr/bin/scan-build-17
853
854"""
855
856if is_automated_ci_build:
857    dockerfile_base += f"""
858# Run an arbitrary command to polute the docker cache regularly force us
859# to re-run `apt-get update` daily.
860RUN echo {Docker.timestamp()}
861RUN apt-get update && apt-get dist-upgrade -yy
862
863"""
864
865dockerfile_base += """
866RUN pip3 install --break-system-packages \
867        beautysh \
868        black \
869        codespell \
870        flake8 \
871        gitlint \
872        inflection \
873        isort \
874        jsonschema \
875        meson==1.2.3 \
876        protobuf \
877        requests
878
879RUN npm install -g \
880        eslint@latest eslint-plugin-json@latest \
881        markdownlint-cli@latest \
882        prettier@latest
883"""
884
885# Build the base and stage docker images.
886docker_base_img_name = Docker.tagname("base", dockerfile_base)
887Docker.build("base", docker_base_img_name, dockerfile_base)
888Package.generate_all()
889
890# Create the final Dockerfile.
891dockerfile = f"""
892# Build the final output image
893FROM {docker_base_img_name}
894{Package.df_all_copycmds()}
895
896# Some of our infrastructure still relies on the presence of this file
897# even though it is no longer needed to rebuild the docker environment
898# NOTE: The file is sorted to ensure the ordering is stable.
899RUN echo '{Package.depcache()}' > /tmp/depcache
900
901# Ensure the group, user, and home directory are created (or rename them if
902# they already exist).
903RUN if grep -q ":{gid}:" /etc/group ; then \
904        groupmod -n {username} $(awk -F : '{{ if ($3 == {gid}) {{ print $1 }} }}' /etc/group) ; \
905    else \
906        groupadd -f -g {gid} {username} ; \
907    fi
908RUN mkdir -p "{os.path.dirname(homedir)}"
909RUN if grep -q ":{uid}:" /etc/passwd ; then \
910        usermod -l {username} -d {homedir} -m $(awk -F : '{{ if ($3 == {uid}) {{ print $1 }} }}' /etc/passwd) ; \
911    else \
912        useradd -d {homedir} -m -u {uid} -g {gid} {username} ; \
913    fi
914RUN sed -i '1iDefaults umask=000' /etc/sudoers
915RUN echo "{username} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
916
917# Ensure user has ability to write to /usr/local for different tool
918# and data installs
919RUN chown -R {username}:{username} /usr/local/share
920
921{proxy_cmd}
922
923RUN /bin/bash
924"""
925
926# Do the final docker build
927docker_final_img_name = Docker.tagname(None, dockerfile)
928Docker.build("final", docker_final_img_name, dockerfile)
929
930# Print the tag of the final image.
931print(docker_final_img_name)
932