ENT-13777, ENT-13784: Added container-based CFEngine package builder#2146
ENT-13777, ENT-13784: Added container-based CFEngine package builder#2146larsewi wants to merge 9 commits intocfengine:masterfrom
Conversation
|
Thanks for submitting a pull request! Maybe @craigcomstock can review this? |
olehermanse
left a comment
olehermanse
left a comment
There was a problem hiding this comment.
Looks good overall, some comments and suggestions here and there.
| @@ -0,0 +1,362 @@ | |||
| #!/usr/bin/env python3 | |||
There was a problem hiding this comment.
IIRC craig said we already have a script for this, which is used in GH Actions. Might be good to align this, maybe delete the old one and start using the new one if appropriate.
There was a problem hiding this comment.
Yepp, he probably means enterprise/ci/docker-build-package.sh. Although this script also runs tests, which we are trying to separate.
We can replace it after adding SFTP cache support to build-in-container.py.
| # === Build steps === | ||
| run_step "01-autogen" "$BASEDIR/buildscripts/build-scripts/autogen" | ||
| run_step "02-install-dependencies" "$BASEDIR/buildscripts/build-scripts/install-dependencies" | ||
| if [ "$EXPLICIT_ROLE" = "hub" ]; then | ||
| run_step "03-mission-portal-deps" install_mission_portal_deps | ||
| fi | ||
| run_step "04-configure" "$BASEDIR/buildscripts/build-scripts/configure" | ||
| run_step "05-compile" "$BASEDIR/buildscripts/build-scripts/compile" | ||
| run_step "06-package" "$BASEDIR/buildscripts/build-scripts/package" |
There was a problem hiding this comment.
Looks like we should rename build-scripts folder to steps / build-steps 😅.
|
|
||
| ENV DEBIAN_FRONTEND=noninteractive | ||
|
|
||
| # Build tools extracted from ci/cfengine-build-host-setup.cf (debian|ubuntu section) |
There was a problem hiding this comment.
yeah, it would be sad to copy/paste that content here so that now we have to maintain two locations again.
There was a problem hiding this comment.
Yeah, I will look into these things
|
|
||
| # Hub build tools: Node.js 20 LTS (system nodejs is too old for modern npm | ||
| # packages that use the node: protocol), PHP, and Composer | ||
| RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ |
There was a problem hiding this comment.
would be nice to stick with individual scripts we can maintain with new versions like https://github.com/cfengine/buildscripts/blob/master/ci/linux-install-jdk21.sh
larsewi
force-pushed
the
container
branch
3 times, most recently
from
a950f51 to
945be75
Compare
Introduced build-in-container, a Python/Docker-based build system that builds CFEngine packages inside containers using the existing build scripts. Ticket: ENT-13777 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Replaced the ListPlatformsAction custom argparse action with a simple --list-platforms store_true flag, and moved argument validation from argparse's required=True to manual post-parse checks. This allows future flags (e.g. --push-image) to bypass build-specific arguments like --project, --role, and --build-type. Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
larsewi
force-pushed
the
container
branch
3 times, most recently
from
ff051d4 to
60bb3a1
Compare
Each platform entry now includes a versioned image_tag field composed from the platform name and IMAGE_VERSION. The build_image() function uses this tag instead of constructing it locally. This prepares for registry-based image management where the tag includes a version for cache busting. Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
The --push-image flag is a standalone image management operation that builds and pushes a container image to the registry. It only requires --platform (not --project/--role/--build-type). Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
- registry_image_ref() returns the fully-qualified ghcr.io reference - pull_image() pulls from the registry, returns None on failure - push_image() tags a local image and pushes it to the registry Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
- --push-image: builds with --no-cache and pushes to registry, then exits - --rebuild-image: builds locally, skips registry - Default: pulls from registry, falls back to local build on failure Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Added --push-image to argument tables, documented the registry pull/push workflow, fallback behavior, and toolchain update process. Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Manually triggered workflow that builds and pushes container images to ghcr.io. Builds all platforms in parallel via a matrix strategy. Ticket: ENT-13784 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
larsewi
changed the title
|
Added container registry support since last review and tested it on my fork. Seems to work. Maybe we need to edit some permissions upstream. @olehermanse, @craigcomstock this is a rough WIP please let me know what you think. |
4 participants
build-in-container, a Python/Docker-based build tool that builds CFEngine packages inside containers using the existing build scriptsSee
build-in-container.mdfor full documentation.