Merge pull request #85 from bfritz/switch_from_aci_chroot_to_docker

replace make + alpinelinux-chroot-install with just + docker
bfritz · Feb 23, 2025 · 6af6ad4 · 6af6ad4
2 parents 770fdb2 + ae785a9
commit 6af6ad4
Show file tree

Hide file tree

Showing 6 changed files with 241 additions and 228 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -7,47 +7,99 @@ on:
 
 jobs:
   test-scripts:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - uses: extractions/setup-just@v2
 
       - name: install linters
         run: sudo apt-get install -y shellcheck
 
       - name: lint
-        run: make lint
+        run: just lint
 
       - name: test
-        run: make test
+        run: just test
 
-  build-images:
-    needs: test-scripts
-    runs-on: ubuntu-20.04
+  build-image-build:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: extractions/setup-just@v2
+
+      - name: setup qemu
+        uses: docker/setup-qemu-action@v3
+
+      - name: setup docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: build multi-platform alpine-build image
+        run: |
+          just build-image-build --build-arg BUILD_USER_UID=$(id -u) --platform linux/amd64  -o type=docker,dest=- > /tmp/builder-linux_amd64.tar
+          just build-image-build --build-arg BUILD_USER_UID=$(id -u) --platform linux/arm64  -o type=docker,dest=- > /tmp/builder-linux_arm64.tar
+          just build-image-build --build-arg BUILD_USER_UID=$(id -u) --platform linux/arm/v6 -o type=docker,dest=- > /tmp/builder-linux_arm_v6.tar
+
+      - name: upload multi-platform alpine-build image
+        uses: actions/upload-artifact@v4
+        with:
+          name: builder
+          path: /tmp/builder-*.tar
+
+  image-build:
+    needs: [test-scripts, build-image-build]
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
-        image:
-          - k0s-worker-x86_64
-          - rpi-basic-armhf
-          - rpi-basic-aarch64
-          - rpi-firewall-aarch64
-          - rpi-k0s-controller-aarch64
-          - rpi-ruuvi-armhf
-          - rpi-snapcast-client-armhf
+        include:
+          - image: k0s-worker
+            platform: linux/amd64
+          - image: rpi-basic
+            platform: linux/arm/v6
+          - image: rpi-basic
+            platform: linux/arm64
+          - image: rpi-firewall
+            platform: linux/arm64
+          - image: rpi-k0s-controller
+            platform: linux/arm64
+          - image: rpi-ruuvi
+            platform: linux/arm/v6
+          - image: rpi-snapcast-client
+            platform: linux/arm/v6
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - uses: extractions/setup-just@v2
+
+      - name: setup qemu
+        uses: docker/setup-qemu-action@v3
+
+      - name: download alpine-build image
+        uses: actions/download-artifact@v4
+        with:
+          name: builder
+          path: /tmp
+
+      - name: load alpine-build image
+        run: |
+          cat /tmp/builder-linux_amd64.tar  | docker load
+          cat /tmp/builder-linux_arm64.tar  | docker load
+          cat /tmp/builder-linux_arm_v6.tar | docker load
 
       - name: build ${{ matrix.image }}
         env:
           # from `wpa_passphrase test_essid supersecret`
           HL_WIFI_SSID: "test_essid"
           HL_WIFI_PSK: "40faa8d23b3cf02b10e0f06cd69e179dfad59db25761909c3ecfdaa49bad53d0"
-        run: make ${{ matrix.image }}
+        run: |
+          just aports-refresh
+          just abuild-keygen --platform ${{ matrix.platform }}
+          just build ${{ matrix.image }} ${{ matrix.platform }}
 
-      - name: list-images-content
-        run: make list-images-content
+#      - name: list-images-content
+#        run: make list-images-content
 
   # The bors bot should only merge if the full matrix of images build successfully.
   # See:
@@ -56,8 +108,8 @@ jobs:
   # * https://github.com/rust-lang/crater/blob/9ab6f9697c901c4a44025cf0a39b73ad5b37d198/.github/workflows/bors.yml#L125-L149
   end-success:
     name: bors build finished
-    needs: build-images
-    runs-on: ubuntu-20.04
+    needs: image-build
+    runs-on: ubuntu-24.04
     steps:
       - name: mark as success
         if: github.event_name == 'push' && success()

diff --git a/Dockerfile.build b/Dockerfile.build
@@ -0,0 +1,33 @@
+ARG ALPINE_VERSION=0
+FROM alpine:${ALPINE_VERSION}
+
+ARG BUILD_USER
+ENV BUILD_USER=${BUILD_USER}
+
+ARG BUILD_USER_UID=1000
+ENV BUILD_USER_UID=${BUILD_USER_UID}
+
+RUN apk add --no-cache \
+    abuild \
+    apk-tools \
+    alpine-conf \
+    busybox \
+    curl \
+    fakeroot \
+    sudo \
+    squashfs-tools \
+    mkinitfs \
+    grub-efi \
+    mtools \
+    xorriso
+
+RUN adduser -u $BUILD_USER_UID -G users -s /bin/sh -D $BUILD_USER \
+    && adduser $BUILD_USER abuild \
+    && echo "$BUILD_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel \
+    && chmod 640 /etc/sudoers.d/wheel
+
+# Without an `apk update` here, build of Raspberry Pi images will fail with
+# `gzip: invalid magic` when running an `apk fetch` for `rbi_blobs`.
+RUN apk update
+
+USER ${BUILD_USER}:users
diff --git a/Justfile b/Justfile
@@ -0,0 +1,134 @@
+platform := 'linux/amd64'
+
+alpine_version := "3.20"
+alpine_builder_tag := "alpine-builder:" + alpine_version + "-latest"
+alpine_mirror := "http://dl-cdn.alpinelinux.org/alpine/"
+alpine_main_repo := alpine_mirror + "v" + alpine_version + "/main"
+alpine_community_repo := alpine_mirror + "v" + alpine_version + "/community"
+
+aports_repo := "https://github.com/alpinelinux/aports.git"
+aports_dir := "aports"
+
+build_user := "imagebuilder"
+build_keys := `find keys/ -type f -print -quit 2> /dev/null || true`
+
+shellspec_dir := "shellspec"
+shellspec_repo := "https://github.com/shellspec/shellspec.git"
+shellspec_tag := "0.28.1"
+
+
+# List all recipes
+@default:
+    just --list --unsorted
+
+# Build all Alpine images
+build-all: \
+    (build "k0s_worker" "linux/amd64") \
+    (build "rpi_basic" "linux/arm/v6") \
+    (build "rpi_basic" "linux/arm64") \
+    (build "rpi_firewall" "linux/arm64") \
+    (build "rpi_k0s_controller" "linux/arm64") \
+    (build "rpi_ruuvi" "linux/arm/v6") \
+    (build "rpi_snapcast_client" "linux/arm/v6")
+
+
+# Build single Alpine image
+build image platform=platform:
+    @echo "Building {{image}} ..."
+    @if [ -z "{{build_keys}}" ]; then echo "No build keys yet.  Run \`just abuild-keygen\`"; exit 1; fi
+    @mkdir -p out
+    docker run --rm \
+      --user $(id -u) \
+      --platform={{platform}} \
+      --volume $(pwd)/{{aports_dir}}:/aports:ro \
+      --volume $(pwd)/scripts:/home/{{build_user}}/.mkimage:ro \
+      --volume $(pwd)/keys:/home/{{build_user}}/.abuild:ro \
+      --volume $(pwd)/overlays:/overlays:ro \
+      --volume $(pwd)/out:/out \
+      --env HL_OVERLAY_DIR="${HL_OVERLAY_DIR:-}" \
+      --env HL_HOSTNAME="${HL_HOSTNAME:-}" \
+      --env HL_NTP_SERVER="${HL_NTP_SERVER:-}" \
+      --env HL_SNAPCAST_SERVER="${HL_SNAPCAST_SERVER:-}" \
+      --env HL_SSH_KEY_URL="${HL_SSH_KEY_URL:-}" \
+      --env HL_WIFI_SSID="${HL_WIFI_SSID:-}" \
+      --env HL_WIFI_PSK="${HL_WIFI_PSK:-}" \
+      {{alpine_builder_tag}} \
+        sh -x /aports/scripts/mkimage.sh \
+          --profile {{image}} \
+          --outdir /out \
+          --repository {{alpine_main_repo}} \
+          --repository {{alpine_community_repo}}
+
+build-image-tag:
+    @echo "{{alpine_builder_tag}}"
+
+# Run `abuild-keygen` inside build container to generate build keys
+[positional-arguments]
+abuild-keygen *args:
+    @mkdir -p keys
+    docker run --rm \
+      --user $(id -u) \
+      --volume $(pwd)/keys:/home/{{build_user}}/.abuild \
+      $@ \
+      {{alpine_builder_tag}} \
+        abuild-keygen -a -i -n
+
+# Either clone the Alpine aports git repo or update its main branch
+aports-refresh:
+    #!/bin/sh
+    set -e
+    if [ ! -e {{aports_dir}}/.git ]; then
+        mkdir -p {{aports_dir}}
+        git clone --shallow-since=2022-07-01 {{aports_repo}} {{aports_dir}}
+    fi
+    git -C {{aports_dir}} pull origin master --ff-only
+
+# Build multi-architecture docker build image with enough dependencies to run `mkimage.sh` from aports
+[positional-arguments]
+build-image-build *args='--platform linux/amd64,linux/arm64,linux/arm/v6':
+    docker buildx build \
+      --build-arg ALPINE_VERSION={{alpine_version}} \
+      --build-arg BUILD_USER={{build_user}} \
+      $@ \
+      -f Dockerfile.build \
+      -t {{alpine_builder_tag}} \
+      .
+
+# Open shell in build image using docker
+build-image-shell user=build_user platform=platform:
+    @echo "Shell for platform {{platform}}..."
+    docker run -it --rm \
+      --platform={{platform}} \
+      --volume $(pwd)/{{aports_dir}}:/aports:ro \
+      --volume $(pwd)/scripts:/home/{{build_user}}/.mkimage:ro \
+      --volume $(pwd)/keys:/home/{{build_user}}/.abuild:ro \
+      --volume $(pwd)/overlays:/overlays:ro \
+      --volume $(pwd)/out:/out \
+      --user {{user}} \
+      {{alpine_builder_tag}} \
+        sh
+
+[private]
+shellspec-refresh:
+    #!/bin/sh
+    set -e
+    if [ ! -e {{shellspec_dir}}/.git ]; then
+        mkdir -p {{shellspec_dir}}
+        git -c advice.detachedHead=false clone --depth 1 -b {{shellspec_tag}} {{shellspec_repo}} {{shellspec_dir}}
+    fi
+
+# Lint the shell scripts used to build images
+lint:
+    shellcheck --exclude=SC1090,SC1091 scripts/shared.sh scripts/genapkovl-*.sh
+
+# Run unit tests of shell scripts used to build images
+test: shellspec-refresh
+    {{shellspec_dir}}/shellspec
+
+ls-iso path:
+    mount_dir=$(mktemp -d) \
+      && sudo mount -o ro {{path}} $mount_dir && (cd $mount_dir; find . -ls) \
+      ; sudo umount $mount_dir
+
+ls-tgz path:
+    tar tvzf {{path}}
diff --git a/Makefile b/Makefile