aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFathi Boudra <fathi.boudra@linaro.org>2019-12-05 16:04:38 +0200
committerFathi Boudra <fathi.boudra@linaro.org>2019-12-05 16:04:38 +0200
commit52c89c1c199306bc22c62a2a386ff8d6401732b2 (patch)
tree909fd70ed93d89559751c49f9cb216f47bac1725
parent755b87642ad0106c61b919c7485dc6d2a12c72cc (diff)
downloaddockerfiles-52c89c1c199306bc22c62a2a386ff8d6401732b2.tar.gz
xenial-amd64-tf-m-build: refactor the Dockerfile
* more readable and consistent. * reduce the number of RUNs. * reduce the image size. Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Change-Id: Ie75fe714573801fec0d28b15459ac83de441c997
-rw-r--r--xenial-amd64-tf-m-build/Dockerfile155
-rwxr-xr-xxenial-amd64-tf-m-build/build.sh1
2 files changed, 76 insertions, 80 deletions
diff --git a/xenial-amd64-tf-m-build/Dockerfile b/xenial-amd64-tf-m-build/Dockerfile
index 276486c..38276ed 100644
--- a/xenial-amd64-tf-m-build/Dockerfile
+++ b/xenial-amd64-tf-m-build/Dockerfile
@@ -1,90 +1,85 @@
FROM ubuntu:xenial
-# Can be overriden at build time
-ARG BUILDSLAVE_PASSWORD=buildslave
-
-RUN apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y \
- && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
- build-essential \
- curl \
- default-jre \
- device-tree-compiler \
- doxygen \
- git \
- graphviz \
- jq \
- libffi-dev \
- libssl-dev \
- openjdk-8-jdk \
- openssh-server \
- perl \
- python \
- python-pip \
- python-psutil \
- python3 \
- python3-crypto \
- python3-dev \
- python3-pip \
- python3-psutil \
- python3-pyasn1 \
- python3-setuptools \
- python3-wheel \
- srecord \
- sudo \
- tree \
- unzip \
- virtualenv \
- wget \
- zip \
- && curl -s \
- https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh \
- | sudo bash \
- && apt-get update \
- && apt-get install -y git-lfs \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-ADD requirements_*.txt /opt/
-
-RUN pip -q install -r /opt/requirements_python2.txt \
- && pip3 -q install -r /opt/requirements_python3.txt
-
-RUN wget "http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz" \
- -q -O /tmp/cppcheck.tar.gz \
- && tar -C /opt -xzf /tmp/cppcheck.tar.gz \
- && cd /opt/cppcheck-1.81 \
- && make CFGDIR=/opt/cppcheck-1.81/cfg \
- && make install \
- && rm -rf /tmp/cppcheck.tar.gz
-
-RUN useradd -md /home/buildslave -s /bin/bash buildslave \
- && echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd \
- && echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins \
- && chmod 0440 /etc/sudoers.d/jenkins \
- && mkdir -p /var/run/sshd
-
-USER buildslave
-
-RUN mkdir -p /home/buildslave/tools \
- && curl -L 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' | tar -xj -C /home/buildslave/tools --strip-components=1 \
- && curl -L 'https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz' | tar -xz -C /home/buildslave/tools --strip-components=1
-
+ENV DEBIAN_FRONTEND=noninteractive
ENV PATH=/home/buildslave/tools/bin:${PATH}
-
-USER root
-
-RUN mkdir /usr/share/plantuml && \
- curl -L 'https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar' \
- -o /usr/share/plantuml/plantuml.jar
ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar
+ENV PKG_DEPS="\
+ build-essential \
+ curl \
+ default-jre \
+ device-tree-compiler \
+ doxygen \
+ git \
+ graphviz \
+ jq \
+ libffi-dev \
+ libssl-dev \
+ openjdk-8-jdk \
+ openssh-server \
+ perl \
+ python \
+ python-psutil \
+ python3 \
+ python3-crypto \
+ python3-dev \
+ python3-psutil \
+ python3-pyasn1 \
+ srecord \
+ sudo \
+ tree \
+ unzip \
+ virtualenv \
+ wget \
+ zip \
+"
+# Can be overriden at build time
+ARG BUILDSLAVE_PASSWORD=buildslave
ARG VERSION=3.28
-RUN curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \
- && chmod 755 /usr/share/jenkins \
- && chmod 644 /usr/share/jenkins/slave.jar
+COPY requirements_*.txt /opt/
COPY jenkins-slave /usr/local/bin/jenkins-slave
-RUN chmod 755 /usr/local/bin/jenkins-slave
+
+RUN set -e ;\
+ apt update -q=2 ;\
+ apt dist-upgrade -q=2 --yes ;\
+ apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\
+ curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\
+ apt update -q=2 ;\
+ apt install -q=2 --yes --no-install-recommends git-lfs ;\
+ # Install Python requirements
+ curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\
+ python2 /tmp/get-pip.py ;\
+ pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\
+ python3 /tmp/get-pip.py ;\
+ pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\
+ # Setup buildslave user for Jenkins
+ useradd -m -s /bin/bash buildslave ;\
+ echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\
+ echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\
+ chmod 0440 /etc/sudoers.d/jenkins ;\
+ mkdir -p /var/run/sshd /home/buildslave/tools ;\
+ # Install cppcheck
+ wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\
+ tar -xf /tmp/cppcheck.tar.gz -C /opt ;\
+ (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\
+ # Install PlantUML
+ curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\
+ # Install Jenkins remoting
+ curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\
+ # Install toolchain
+ curl --create-dirs -fsSLo /tmp/gcc-arm-none-eabi-linux.tar.bz2 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' ;\
+ tar -xf /tmp/gcc-arm-none-eabi-linux.tar.bz2 -C /home/buildslave/tools --strip-components=1 ;\
+ # Install CMake
+ curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz ;\
+ tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\
+ # Fix permissions
+ chmod 0755 /usr/share/jenkins ;\
+ chmod 0644 /usr/share/jenkins/slave.jar ;\
+ chmod 0755 /usr/local/bin/jenkins-slave ;\
+ chown -R buildslave:buildslave /home/buildslave/tools ;\
+ # Cleanup
+ apt clean ;\
+ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ENTRYPOINT ["/usr/local/bin/jenkins-slave"]
diff --git a/xenial-amd64-tf-m-build/build.sh b/xenial-amd64-tf-m-build/build.sh
index 482d49f..34f1765 100755
--- a/xenial-amd64-tf-m-build/build.sh
+++ b/xenial-amd64-tf-m-build/build.sh
@@ -1,4 +1,5 @@
#!/bin/sh
+
set -e
trap cleanup_exit INT TERM EXIT