diff options
author | Fathi Boudra <fathi.boudra@linaro.org> | 2019-12-05 16:04:38 +0200 |
---|---|---|
committer | Fathi Boudra <fathi.boudra@linaro.org> | 2019-12-05 16:04:38 +0200 |
commit | 52c89c1c199306bc22c62a2a386ff8d6401732b2 (patch) | |
tree | 909fd70ed93d89559751c49f9cb216f47bac1725 | |
parent | 755b87642ad0106c61b919c7485dc6d2a12c72cc (diff) | |
download | dockerfiles-52c89c1c199306bc22c62a2a386ff8d6401732b2.tar.gz |
xenial-amd64-tf-m-build: refactor the Dockerfile
* more readable and consistent.
* reduce the number of RUNs.
* reduce the image size.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Change-Id: Ie75fe714573801fec0d28b15459ac83de441c997
-rw-r--r-- | xenial-amd64-tf-m-build/Dockerfile | 155 | ||||
-rwxr-xr-x | xenial-amd64-tf-m-build/build.sh | 1 |
2 files changed, 76 insertions, 80 deletions
diff --git a/xenial-amd64-tf-m-build/Dockerfile b/xenial-amd64-tf-m-build/Dockerfile index 276486c..38276ed 100644 --- a/xenial-amd64-tf-m-build/Dockerfile +++ b/xenial-amd64-tf-m-build/Dockerfile @@ -1,90 +1,85 @@ FROM ubuntu:xenial -# Can be overriden at build time -ARG BUILDSLAVE_PASSWORD=buildslave - -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - build-essential \ - curl \ - default-jre \ - device-tree-compiler \ - doxygen \ - git \ - graphviz \ - jq \ - libffi-dev \ - libssl-dev \ - openjdk-8-jdk \ - openssh-server \ - perl \ - python \ - python-pip \ - python-psutil \ - python3 \ - python3-crypto \ - python3-dev \ - python3-pip \ - python3-psutil \ - python3-pyasn1 \ - python3-setuptools \ - python3-wheel \ - srecord \ - sudo \ - tree \ - unzip \ - virtualenv \ - wget \ - zip \ - && curl -s \ - https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh \ - | sudo bash \ - && apt-get update \ - && apt-get install -y git-lfs \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -ADD requirements_*.txt /opt/ - -RUN pip -q install -r /opt/requirements_python2.txt \ - && pip3 -q install -r /opt/requirements_python3.txt - -RUN wget "http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz" \ - -q -O /tmp/cppcheck.tar.gz \ - && tar -C /opt -xzf /tmp/cppcheck.tar.gz \ - && cd /opt/cppcheck-1.81 \ - && make CFGDIR=/opt/cppcheck-1.81/cfg \ - && make install \ - && rm -rf /tmp/cppcheck.tar.gz - -RUN useradd -md /home/buildslave -s /bin/bash buildslave \ - && echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd \ - && echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins \ - && chmod 0440 /etc/sudoers.d/jenkins \ - && mkdir -p /var/run/sshd - -USER buildslave - -RUN mkdir -p /home/buildslave/tools \ - && curl -L 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' | tar -xj -C /home/buildslave/tools --strip-components=1 \ - && curl -L 'https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz' | tar -xz -C /home/buildslave/tools --strip-components=1 - +ENV DEBIAN_FRONTEND=noninteractive ENV PATH=/home/buildslave/tools/bin:${PATH} - -USER root - -RUN mkdir /usr/share/plantuml && \ - curl -L 'https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar' \ - -o /usr/share/plantuml/plantuml.jar ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar +ENV PKG_DEPS="\ + build-essential \ + curl \ + default-jre \ + device-tree-compiler \ + doxygen \ + git \ + graphviz \ + jq \ + libffi-dev \ + libssl-dev \ + openjdk-8-jdk \ + openssh-server \ + perl \ + python \ + python-psutil \ + python3 \ + python3-crypto \ + python3-dev \ + python3-psutil \ + python3-pyasn1 \ + srecord \ + sudo \ + tree \ + unzip \ + virtualenv \ + wget \ + zip \ +" +# Can be overriden at build time +ARG BUILDSLAVE_PASSWORD=buildslave ARG VERSION=3.28 -RUN curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ - && chmod 755 /usr/share/jenkins \ - && chmod 644 /usr/share/jenkins/slave.jar +COPY requirements_*.txt /opt/ COPY jenkins-slave /usr/local/bin/jenkins-slave -RUN chmod 755 /usr/local/bin/jenkins-slave + +RUN set -e ;\ + apt update -q=2 ;\ + apt dist-upgrade -q=2 --yes ;\ + apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\ + curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\ + apt update -q=2 ;\ + apt install -q=2 --yes --no-install-recommends git-lfs ;\ + # Install Python requirements + curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\ + python2 /tmp/get-pip.py ;\ + pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\ + python3 /tmp/get-pip.py ;\ + pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\ + # Setup buildslave user for Jenkins + useradd -m -s /bin/bash buildslave ;\ + echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\ + echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\ + chmod 0440 /etc/sudoers.d/jenkins ;\ + mkdir -p /var/run/sshd /home/buildslave/tools ;\ + # Install cppcheck + wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\ + tar -xf /tmp/cppcheck.tar.gz -C /opt ;\ + (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\ + # Install PlantUML + curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\ + # Install Jenkins remoting + curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\ + # Install toolchain + curl --create-dirs -fsSLo /tmp/gcc-arm-none-eabi-linux.tar.bz2 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' ;\ + tar -xf /tmp/gcc-arm-none-eabi-linux.tar.bz2 -C /home/buildslave/tools --strip-components=1 ;\ + # Install CMake + curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz ;\ + tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\ + # Fix permissions + chmod 0755 /usr/share/jenkins ;\ + chmod 0644 /usr/share/jenkins/slave.jar ;\ + chmod 0755 /usr/local/bin/jenkins-slave ;\ + chown -R buildslave:buildslave /home/buildslave/tools ;\ + # Cleanup + apt clean ;\ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ENTRYPOINT ["/usr/local/bin/jenkins-slave"] diff --git a/xenial-amd64-tf-m-build/build.sh b/xenial-amd64-tf-m-build/build.sh index 482d49f..34f1765 100755 --- a/xenial-amd64-tf-m-build/build.sh +++ b/xenial-amd64-tf-m-build/build.sh @@ -1,4 +1,5 @@ #!/bin/sh + set -e trap cleanup_exit INT TERM EXIT |