-
Notifications
You must be signed in to change notification settings - Fork 804
/
build.sh
executable file
·199 lines (165 loc) · 6.27 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
#!/usr/bin/env bash
# shellcheck disable=SC2086,SC1091
# SC2086: We actually want some word splitting to happen
# SC1091: Secrets are sourced from a file that doesn't exist in the tree.
set -eu +x -o pipefail
ROOT=$(cd $(dirname $0) ; pwd)
TARGET=$1
# Home on the container
: ${C_HOME:=$HOME}
# User to run as on the container
: ${USERID:=$(id -u)}
source work/aws.sh
# For nightly-YYYY-MM-DD, tag should be nightly
# For lts-X.Y, tag should be ltsX
SHORTNAME=$(echo $TARGET | cut -d- -f 1)
if [ $SHORTNAME = "lts" ]
then
TAG=$(echo $TARGET | sed 's@^lts-\([0-9]*\)\.[0-9]*@lts\1@')
if [ -n "${NOPLAN:-}" ]
then
echo '* DO NOT EDIT work/ files: commit to lts-haskell/build-constraints! *'
exit 1
fi
else
TAG=$SHORTNAME
fi
WORKDIR=$ROOT/work/$TAG
IMAGE=ghcr.io/commercialhaskell/stackage/build:$TAG
docker pull $IMAGE
PANTRY_DIR=$ROOT/work/stack/pantry
STACK_DIR=$ROOT/work/stack
DOT_STACKAGE_DIR=$ROOT/work/dot-stackage
# ssh key is used for committing snapshots (and their constraints) to Github
SSH_DIR=$ROOT/work/ssh
mkdir -p \
"$PANTRY_DIR" \
"$STACK_DIR" \
"$DOT_STACKAGE_DIR" \
"$WORKDIR" \
"$SSH_DIR"
GITCONFIG=$ROOT/work/gitconfig
cat >$GITCONFIG <<EOF
[user]
email = [email protected]
name = Stackage Build host
EOF
HACKAGE_CREDS=$ROOT/work/hackage-creds
function require_400_file {
if [ ! -f "$1" ]
then
echo File not found: "$1"
exit 1
fi
chmod 400 "$1"
}
require_400_file "$SSH_DIR/id_rsa"
require_400_file "$HACKAGE_CREDS"
mkdir -p $ROOT/work/bin
BINDIR=$(cd $ROOT/work/bin ; pwd)
(
cd $BINDIR
rm -f curator stack *.bz2
curl -L "https://github.com/commercialhaskell/curator/releases/download/commit-54cc5a95a7e29550e0fd7a48b24ddad105d223b2/curator.bz2" | bunzip2 > curator
chmod +x curator
STACK_VERSION=2.15.7
# rc url
#curl -L https://github.com/commercialhaskell/stack/releases/download/rc%2Fv${STACK_VERSION}/stack-${STACK_VERSION}-linux-x86_64-bin > stack
curl -L https://github.com/commercialhaskell/stack/releases/download/v${STACK_VERSION}/stack-${STACK_VERSION}-linux-x86_64-bin > stack
chmod +x stack
docker run --rm -v $(pwd)/curator:/curator -v $(pwd)/stack:/stack $IMAGE /bin/bash -c "
echo -n 'curator version: '
/curator --version
echo -n 'stack version: '
/stack --version
"
)
# We share pantry directory between snapshots while the other content in .stack
# is stored separately (because e.g. Ubuntu releases between LTS and nightly
# could differ). Also the order of binds is important.
ARGS_COMMON="--rm -v $WORKDIR:$C_HOME/work -w $C_HOME/work -v $BINDIR/curator:/usr/bin/curator:ro -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro -v $BINDIR/stack:/usr/bin/stack:ro -v $STACK_DIR:$C_HOME/.stack -v $PANTRY_DIR:$C_HOME/.stack/pantry -v $HOME/.aws/config:$C_HOME/.aws/config:ro"
ARGS_PREBUILD="$ARGS_COMMON -u $USERID -e HOME=$C_HOME -v $DOT_STACKAGE_DIR:$C_HOME/.stackage"
ARGS_BUILD="$ARGS_COMMON"
# instance-data is an undocumented feature of S3 used by amazonka,
# see https://github.com/brendanhay/amazonka/issues/271
ARGS_UPLOAD="$ARGS_PREBUILD -v $HACKAGE_CREDS:/hackage-creds:ro -v $SSH_DIR:$C_HOME/.ssh:ro -v $GITCONFIG:$C_HOME/.gitconfig:ro -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ${AWS_ENDPOINT_URL:+-e AWS_ENDPOINT_URL=$AWS_ENDPOINT_URL} -v $DOT_STACKAGE_DIR:/dot-stackage"
# for debugging etc
if [ -n "${2:-}" ]
then
docker run -it $ARGS_UPLOAD $IMAGE $2
exit 0
fi
# Make sure we actually need this snapshot. We only check this for LTS releases
# since, for nightlies, we'd like to run builds even if they are unnecessary to
# get early warning information of upcoming failures. (See the duplicate check
# below for why this is safe.)
if [ $SHORTNAME = "lts" ]
then
docker run $ARGS_UPLOAD $IMAGE curator check-target-available --target $TARGET
fi
# Determine the new build plan
#
# * Update the package index (unless LTS)
# * Create a new plan
docker run $ARGS_PREBUILD $IMAGE /bin/bash -c "
set -e
if [ $SHORTNAME = 'nightly' ]; then
curator update
fi
curator constraints --target $TARGET
curator snapshot-incomplete --target $TARGET
curator snapshot
# Do the rest of the pre-build actions:
#
# * Check that the snapshot is valid
# * Fetch and unpack all needed tarballs (the build step does not have write access to the tarball directory)
"'
GHCVER=$(sed -n "s/^ghc-version: \(.*\)/\1/p" constraints.yaml)
stack setup ghc-$GHCVER --verbosity=error
stack exec --resolver=ghc-$GHCVER curator check-snapshot
curator unpack
'
case $SHORTNAME in
lts) JOBS=16 ;;
nightly) JOBS=16 ;;
esac
if [ -e "$SHORTNAME-build.log" ]
then
cp -p $SHORTNAME-build.log $SHORTNAME-build.log-previous
fi
# Now do the actual build. We need to first set the owner of the home directory
# correctly, so we run the command as root, change owner, and then use sudo to
# switch back to the current user
docker run $ARGS_BUILD $IMAGE nice -n 15 /bin/bash -c "
chown $USER $HOME
exec sudo -E -u $USER env \"HOME=$HOME\" \"PATH=\$PATH\" curator build --jobs $JOBS
" 2>&1 | tee $SHORTNAME-build.log
# Make sure we actually need this snapshot. We used to perform this check
# exclusively before building. Now we perform it after as well for the case of
# nightly, where we don't perform this check beforehand. This is also slightly
# safer, in case someone else already uploaded a specific snapshot while we
# were building.
docker run $ARGS_UPLOAD $IMAGE curator check-target-available --target $TARGET
# Successful build, so we need to:
#
# * Upload the docs to S3
# * Upload the new snapshot .yaml file to the appropriate Github repo, also upload its constraints
date
docker run $ARGS_UPLOAD $IMAGE /bin/bash -c "
set -e
ulimit -n hard
curator upload-docs --target $TARGET ${DOCS_BUCKET:+--bucket $DOCS_BUCKET}
curator upload-github --target $TARGET
"
date
# was fixed in https://github.com/commercialhaskell/curator/pull/24
docker run $ARGS_UPLOAD $IMAGE curator hackage-distro --target $TARGET
# Build and push docker image fpco/stack-build & fpco/stack-build-small for current release
if [ $SHORTNAME = "lts" ]
then
$ROOT/dockerfiles/build.sh $TARGET
$ROOT/dockerfiles/build.sh --push $TARGET
$ROOT/dockerfiles/build.sh --push --small $TARGET
fi
echo -n "Completed at "
date