diff options
-rw-r--r-- | bionic-amd64-tf-m-build/Dockerfile | 85 | ||||
-rwxr-xr-x | bionic-amd64-tf-m-build/build.sh | 19 | ||||
-rw-r--r-- | bionic-amd64-tf-m-build/jenkins-slave | 100 | ||||
-rw-r--r-- | bionic-amd64-tf-m-build/requirements_python2.txt | 1 | ||||
-rw-r--r-- | bionic-amd64-tf-m-build/requirements_python3.txt | 13 |
5 files changed, 218 insertions, 0 deletions
diff --git a/bionic-amd64-tf-m-build/Dockerfile b/bionic-amd64-tf-m-build/Dockerfile new file mode 100644 index 0000000..057d963 --- /dev/null +++ b/bionic-amd64-tf-m-build/Dockerfile @@ -0,0 +1,85 @@ +FROM ubuntu:bionic + +ENV DEBIAN_FRONTEND=noninteractive +ENV PATH=/home/buildslave/tools/bin:${PATH} +ENV PLANTUML_JAR_PATH=/usr/share/plantuml/plantuml.jar +ENV PKG_DEPS="\ + build-essential \ + curl \ + default-jre \ + device-tree-compiler \ + doxygen \ + git \ + graphviz \ + jq \ + libffi-dev \ + libssl-dev \ + openjdk-8-jdk \ + openssh-server \ + perl \ + python \ + python-psutil \ + python3 \ + python3-crypto \ + python3-dev \ + python3-psutil \ + python3-pyasn1 \ + srecord \ + sudo \ + tree \ + unzip \ + virtualenv \ + wget \ + zip \ +" + +# Can be overriden at build time +ARG BUILDSLAVE_PASSWORD=buildslave +ARG VERSION=3.28 + +COPY requirements_*.txt /opt/ +COPY jenkins-slave /usr/local/bin/jenkins-slave + +RUN set -e ;\ + apt update -q=2 ;\ + apt dist-upgrade -q=2 --yes ;\ + apt install -q=2 --yes --no-install-recommends ${PKG_DEPS} ;\ + curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash ;\ + apt update -q=2 ;\ + apt install -q=2 --yes --no-install-recommends git-lfs ;\ + # Install Python requirements + curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py ;\ + python2 /tmp/get-pip.py ;\ + pip2 install --no-cache-dir -r /opt/requirements_python2.txt ;\ + python3 /tmp/get-pip.py ;\ + pip3 install --no-cache-dir -r /opt/requirements_python3.txt ;\ + # Setup buildslave user for Jenkins + useradd -m -s /bin/bash buildslave ;\ + echo "buildslave:$BUILDSLAVE_PASSWORD" | chpasswd ;\ + echo 'buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins ;\ + chmod 0440 /etc/sudoers.d/jenkins ;\ + mkdir -p /var/run/sshd /home/buildslave/tools ;\ + # Install cppcheck + wget -q http://github.com/danmar/cppcheck/releases/download/1.81/cppcheck-1.81.tar.gz -O /tmp/cppcheck.tar.gz ;\ + tar -xf /tmp/cppcheck.tar.gz -C /opt ;\ + (cd /opt/cppcheck-*; make CFGDIR=/opt/cppcheck-1.81/cfg; make install; make clean) ;\ + # Install PlantUML + curl --create-dirs -fsSLo ${PLANTUML_JAR_PATH} https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2019.6/plantuml-1.2019.6.jar ;\ + # Install Jenkins remoting + curl --create-dirs -fsSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar ;\ + # Install toolchain + curl --create-dirs -fsSLo /tmp/gcc-arm-none-eabi-linux.tar.bz2 'https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2?revision=2cc92fb5-3e0e-402d-9197-bdfc8224d8a5?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,6-2017-q2-update' ;\ + tar -xf /tmp/gcc-arm-none-eabi-linux.tar.bz2 -C /home/buildslave/tools --strip-components=1 ;\ + # Install CMake + curl --create-dirs -fsSLo /tmp/cmake-Linux-x86_64.tar.gz https://cmake.org/files/v3.7/cmake-3.7.2-Linux-x86_64.tar.gz ;\ + tar -xf /tmp/cmake-Linux-x86_64.tar.gz -C /home/buildslave/tools --strip-components=1 ;\ + # Fix permissions + chmod 0755 /usr/share/jenkins ;\ + chmod 0644 /usr/share/jenkins/slave.jar ;\ + chmod 0755 /usr/local/bin/jenkins-slave ;\ + chown -R buildslave:buildslave /home/buildslave/tools ;\ + # Cleanup + apt clean ;\ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +ENTRYPOINT ["/usr/local/bin/jenkins-slave"] diff --git a/bionic-amd64-tf-m-build/build.sh b/bionic-amd64-tf-m-build/build.sh new file mode 100755 index 0000000..34f1765 --- /dev/null +++ b/bionic-amd64-tf-m-build/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +trap cleanup_exit INT TERM EXIT + +cleanup_exit() +{ + rm -f *.list *.key +} + +export LANG=C + +DISTRIBUTION=$(basename ${PWD} | cut -f1 -d '-') +ARCHITECTURE=$(basename ${PWD} | cut -f2 -d '-') + +image=trustedfirmware/ci-${ARCHITECTURE}-ubuntu:${DISTRIBUTION} +docker build --pull --tag=$image . +echo $image > .docker-tag diff --git a/bionic-amd64-tf-m-build/jenkins-slave b/bionic-amd64-tf-m-build/jenkins-slave new file mode 100644 index 0000000..4d89307 --- /dev/null +++ b/bionic-amd64-tf-m-build/jenkins-slave @@ -0,0 +1,100 @@ +#!/usr/bin/env sh + +# The MIT License +# +# Copyright (c) 2015, CloudBees, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Usage jenkins-slave.sh [options] -url http://jenkins [SECRET] [AGENT_NAME] +# Optional environment variables : +# * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network +# * JENKINS_URL : alternate jenkins URL +# * JENKINS_SECRET : agent secret, if not set as an argument +# * JENKINS_AGENT_NAME : agent name, if not set as an argument +# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir + +if [ $# -eq 1 ]; then + + # if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image + exec "$@" + +else + + # if -tunnel is not provided, try env vars + case "$@" in + *"-tunnel "*) ;; + *) + if [ ! -z "$JENKINS_TUNNEL" ]; then + TUNNEL="-tunnel $JENKINS_TUNNEL" + fi ;; + esac + + # if -workDir is not provided, try env vars + if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then + case "$@" in + *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;; + *) + WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;; + esac + fi + + if [ -n "$JENKINS_URL" ]; then + URL="-url $JENKINS_URL" + fi + + if [ -n "$JENKINS_NAME" ]; then + JENKINS_AGENT_NAME="$JENKINS_NAME" + fi + + if [ -z "$JNLP_PROTOCOL_OPTS" ]; then + echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior" + JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true" + fi + + # if java home is defined, use it + JAVA_BIN="java" + if [ "$JAVA_HOME" ]; then + JAVA_BIN="$JAVA_HOME/bin/java" + fi + + # if both required options are defined, do not pass the parameters + OPT_JENKINS_SECRET="" + if [ -n "$JENKINS_SECRET" ]; then + case "$@" in + *"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;; + esac + fi + + OPT_JENKINS_AGENT_NAME="" + if [ -n "$JENKINS_AGENT_NAME" ]; then + case "$@" in + *"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;; + *) + OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;; + esac + fi + + #TODO: Handle the case when the command-line and Environment variable contain different values. + #It is fine it blows up for now since it should lead to an error anyway. + + exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@" +fi diff --git a/bionic-amd64-tf-m-build/requirements_python2.txt b/bionic-amd64-tf-m-build/requirements_python2.txt new file mode 100644 index 0000000..4449ba8 --- /dev/null +++ b/bionic-amd64-tf-m-build/requirements_python2.txt @@ -0,0 +1 @@ +pygments==2.2.0 diff --git a/bionic-amd64-tf-m-build/requirements_python3.txt b/bionic-amd64-tf-m-build/requirements_python3.txt new file mode 100644 index 0000000..507db57 --- /dev/null +++ b/bionic-amd64-tf-m-build/requirements_python3.txt @@ -0,0 +1,13 @@ +cbor==1.0.0 +cryptography==2.7 +Jinja2==2.10 +MarkupSafe==1.1.0 +PyYAML==3.12 +pycryptodome==3.6.6 +pyasn1==0.1.9 +m2r==0.2.1 +Sphinx==2.0.1 +sphinx-rtd-theme==0.4.3 +sphinxcontrib-plantuml==0.15 +xmltodict==0.12.0 +imgtool==1.6.0 |