diff options
-rw-r--r-- | xenial-amd64-tf-m-build/Dockerfile | 71 | ||||
-rwxr-xr-x | xenial-amd64-tf-m-build/build.sh | 18 | ||||
-rw-r--r-- | xenial-amd64-tf-m-build/jenkins-slave | 100 | ||||
-rw-r--r-- | xenial-amd64-tf-m-build/requirements_python2.txt | 1 | ||||
-rw-r--r-- | xenial-amd64-tf-m-build/requirements_python3.txt | 5 |
5 files changed, 195 insertions, 0 deletions
diff --git a/xenial-amd64-tf-m-build/Dockerfile b/xenial-amd64-tf-m-build/Dockerfile new file mode 100644 index 0000000..59e933e --- /dev/null +++ b/xenial-amd64-tf-m-build/Dockerfile @@ -0,0 +1,71 @@ +FROM ubuntu:xenial + +# Can be overriden at build time +ARG BUILDSLAVE_PASSWORD=buildslave + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + build-essential \ + curl \ + git \ + openjdk-8-jdk \ + openssh-server \ + perl \ + python \ + python-dev \ + python-pip \ + python-psutil \ + python3-crypto \ + python3-pip \ + python3-psutil \ + python3-pyasn1 \ + python3-setuptools \ + srecord \ + sudo \ + tree \ + unzip \ + virtualenv \ + wget \ + zip \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +ADD requirements_*.txt /opt/ + +RUN pip -q install -r /opt/requirements_python2.txt \ + && pip3 -q install -r /opt/requirements_python3.txt + +RUN wget "http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz" \ + -q -O /tmp/cppcheck.tar.gz \ + && tar -C /opt -xzf /tmp/cppcheck.tar.gz \ + && cd /opt/cppcheck-1.81 \ + && make CFGDIR=/opt/cppcheck-1.81/cfg \ + && make install \ + && rm -rf /tmp/cppcheck.tar.gz + +RUN useradd -md /home/buildslave -s /bin/bash buildslave \ + && echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd \ + && echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins \ + && chmod 0440 /etc/sudoers.d/jenkins \ + && mkdir -p /var/run/sshd + +USER buildslave + +RUN mkdir -p /home/buildslave/tools \ + && curl -L 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' | tar -xj -C /home/buildslave/tools --strip-components=1 \ + && curl -L 'https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz' | tar -xz -C /home/buildslave/tools --strip-components=1 + +ENV PATH=/home/buildslave/tools/bin:${PATH} + +USER root + +ARG VERSION=3.28 +RUN curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar \ + && chmod 755 /usr/share/jenkins \ + && chmod 644 /usr/share/jenkins/slave.jar + +COPY jenkins-slave /usr/local/bin/jenkins-slave +RUN chmod 755 /usr/local/bin/jenkins-slave + +ENTRYPOINT ["/usr/local/bin/jenkins-slave"] diff --git a/xenial-amd64-tf-m-build/build.sh b/xenial-amd64-tf-m-build/build.sh new file mode 100755 index 0000000..482d49f --- /dev/null +++ b/xenial-amd64-tf-m-build/build.sh @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +trap cleanup_exit INT TERM EXIT + +cleanup_exit() +{ + rm -f *.list *.key +} + +export LANG=C + +DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-') +ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-') + +image=trustedfirmware/ci-${ARCHITECTURE}-ubuntu:${DISTRIBUTION} +docker build --pull --tag=$image . +echo $image > .docker-tag diff --git a/xenial-amd64-tf-m-build/jenkins-slave b/xenial-amd64-tf-m-build/jenkins-slave new file mode 100644 index 0000000..4d89307 --- /dev/null +++ b/xenial-amd64-tf-m-build/jenkins-slave @@ -0,0 +1,100 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-slave.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi diff --git a/xenial-amd64-tf-m-build/requirements_python2.txt b/xenial-amd64-tf-m-build/requirements_python2.txt new file mode 100644 index 0000000..4449ba8 --- /dev/null +++ b/xenial-amd64-tf-m-build/requirements_python2.txt @@ -0,0 +1 @@ +pygments==2.2.0 diff --git a/xenial-amd64-tf-m-build/requirements_python3.txt b/xenial-amd64-tf-m-build/requirements_python3.txt new file mode 100644 index 0000000..c3653a2 --- /dev/null +++ b/xenial-amd64-tf-m-build/requirements_python3.txt @@ -0,0 +1,5 @@ +Jinja2==2.10 +MarkupSafe==1.0 +PyYAML==3.12 +pycryptodome==3.6.6 +pyasn1==0.1.9 |