Une MAJ de sécurité est nécessaire sur notre version actuelle. Elle sera effectuée lundi 02/08 entre 12h30 et 13h. L'interruption de service devrait durer quelques minutes (probablement moins de 5 minutes).

Commit e24573e6 authored by Emmanuel Thomé's avatar Emmanuel Thomé
Browse files

smaller context in docker containers

parent 2d19232d
Pipeline #215944 passed with stages
in 56 minutes and 23 seconds
......@@ -60,7 +60,10 @@ workflow:
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker pull $IMAGE:latest || true
- ci/00-dockerfile.sh | docker build -t $IMAGE --cache-from $IMAGE:latest -f - ci
# the command below is almost the same as:
# ci/00-dockerfile.sh | docker build -t $IMAGE --cache-from $IMAGE:latest -f - ci
# but with the specificity that the context is trimmed down
- ci/00-docker-build.sh $IMAGE
- docker push $IMAGE
- T=`date +%Y%m%d%H%M`-$CI_COMMIT_SHA ; docker tag $IMAGE:latest $IMAGE:$T ; docker push $IMAGE:$T
......
#!/bin/sh
# This wrapper is run on the hosts that build the containers, i.e. from
# the "docker" docker image, using /bin/sh. We do like to have
# "pipefail", although it's not obvious that it will work with /bin/sh.
# As a matter of fact, currently it does work, so we're happy.
set -e
set -o pipefail
# The goal is to minimize the context, so that silly little changes to
# the ci/ tree don't necessarily trigger a full rebuild of the
# containers.
IMAGE="$1"
tmp=$(mktemp -d /tmp/XXXXXXXXXX)
trap "rm -rf $tmp" EXIT
mkdir $tmp/context
needed_files() {
cat <<EOF
000-functions.sh
001-environment.sh
00-prepare-docker.sh
utilities/ncpus.sh
EOF
}
(cd "$(dirname $0)" ; needed_files | xargs tar cf $tmp/context.tar.gz)
(cd "$tmp"/context ; tar xf $tmp/context.tar.gz)
ci/00-dockerfile.sh > "$tmp/context/Dockerfile"
docker build -t $IMAGE --cache-from $IMAGE:latest $tmp/context
......@@ -85,15 +85,6 @@ export DOCKER_SCRIPT=1
export CI_BUILD_NAME="$1"
tmp=$(mktemp -d /tmp/XXXXXXXXXXXXXX)
trap "rm -rf $tmp" EXIT
cat > $tmp/prepare.sh <<EOF
# This installs packages just as our CI jobs do. However, because of the
# DOCKER_SCRIPT environment variable, some bonus packages are installed
# as well (vim, gdb).
/host/ci/00-prepare-docker.sh
. /host/ci/000-functions.sh
. /host/ci/001-environment.sh
. /host/ci/999-debug.sh
EOF
DARGS=()
if ! [ "$NO_REMOVE" ] ; then
......@@ -138,7 +129,6 @@ EOF
)
tanker vm run "${DARGS[@]}" -t $myimage "${commands[@]}"
else
ci/00-dockerfile.sh > $tmp/Dockerfile
# TODO what is this imagename business about ??? Seems to me that the
# whole command line, beyond CI_BUILD_NAME, is interpreted in a
# fairly weird way.
......@@ -149,7 +139,11 @@ else
imagename="${imagename//:/_}"
imagename="${imagename//-/_}"
imagename="debug_$imagename"
docker build -t "$imagename" -f $tmp/Dockerfile ci
# run with bash instead of sh. the "docker" docker image has a
# /bin/sh shell that groks "set -o pipefail", which appears in
# ci/00-docker-build.sh ; such is not the case of /bin/sh on debian,
# at least.
bash ci/00-docker-build.sh "$imagename"
echo "# NOTE: docker image is $imagename"
echo "# NOTE: this image contains a few extra debug tools"
docker run "${DARGS[@]}" -ti --hostname docker-script-$RANDOM --volume $PWD:/host "$imagename" /host/ci/999-debug.sh "$@"
......
......@@ -1632,3 +1632,4 @@ ci/utilities/tanker
ci/002-tanker.bash
ci/003-trap-add.bash
ci/004-disksize-watchdog.bash
ci/00-docker-build.sh
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment