From e471de82df68020e8bf3d541fed79ffaaac73e7a Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 5 Jul 2024 13:56:35 -0400 Subject: [PATCH] adopt focal builder; drop redhat7 and ubuntu bionic cpack builds; ubuntu install noble build if unknown codename --- .../openziti-tunnel-build-action/README.md | 7 -- .../redhat-7/Dockerfile | 46 ------------- .../redhat-7/entrypoint.sh | 60 ----------------- .../ubuntu-16.04/Dockerfile | 49 -------------- .../ubuntu-18.04/crossbuild.list | 7 -- .../ubuntu-18.04/entrypoint.sh | 67 ------------------- .../{ubuntu-18.04 => ubuntu-24.04}/Dockerfile | 44 ++++++------ .../ubuntu-24.04/crossbuild.list | 7 ++ .../entrypoint.sh | 9 ++- .github/cpack-matrix.yml | 32 ++------- .github/workflows/cmake.yml | 6 +- .github/workflows/cpack.yml | 15 ----- BUILD.md | 3 - scripts/install-ubuntu.bash | 9 ++- 14 files changed, 45 insertions(+), 316 deletions(-) delete mode 100644 .github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile delete mode 100755 .github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh delete mode 100644 .github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile delete mode 100644 .github/actions/openziti-tunnel-build-action/ubuntu-18.04/crossbuild.list delete mode 100755 .github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh rename .github/actions/openziti-tunnel-build-action/{ubuntu-18.04 => ubuntu-24.04}/Dockerfile (62%) create mode 100644 .github/actions/openziti-tunnel-build-action/ubuntu-24.04/crossbuild.list rename .github/actions/openziti-tunnel-build-action/{ubuntu-16.04 => ubuntu-24.04}/entrypoint.sh (90%) diff --git a/.github/actions/openziti-tunnel-build-action/README.md b/.github/actions/openziti-tunnel-build-action/README.md index e6c41ac3f..7ef0c3c71 100644 --- a/.github/actions/openziti-tunnel-build-action/README.md +++ b/.github/actions/openziti-tunnel-build-action/README.md @@ -15,13 +15,6 @@ - name: ubuntu version: "20.04" type: deb - - name: ubuntu - version: "18.04" - type: deb - - name: redhat - version: "7" - type: rpm - container: docker.io/library/centos:7 - name: redhat version: "8" type: rpm diff --git a/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile deleted file mode 100644 index ec3719cdb..000000000 --- a/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile +++ /dev/null @@ -1,46 +0,0 @@ -ARG CMAKE_VERSION="3.26.3" - -FROM docker.io/library/centos:7 - -ARG CMAKE_VERSION - -LABEL org.opencontainers.image.authors="support@netfoundry.io" - -USER root -WORKDIR /root/ - -ENV PATH="/usr/local/:${PATH}" -ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 -ENV TZ=UTC - -RUN yum -y install \ - "@Development Tools" \ - centos-release-scl \ - doxygen \ - graphviz \ - python3 \ - zlib-devel \ - epel-release \ - && yum -y install \ - devtoolset-11 \ - devtoolset-11-libatomic-devel \ - ninja-build \ - && yum clean all - -# needed only to build openssl. we can't use openssl from rocky's repos because it is too old. -RUN yum install -y perl-IPC-Cmd - -RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ - && (bash cmake.sh --skip-license --prefix=/usr/local) \ - && rm cmake.sh - -ENV VCPKG_ROOT=/usr/local/vcpkg -# this must be set on arm. see https://learn.microsoft.com/en-us/vcpkg/users/config-environment#vcpkg_force_system_binaries -ENV VCPKG_FORCE_SYSTEM_BINARIES=yes - -RUN cd /usr/local \ - && git clone --branch 2023.12.12 https://github.com/microsoft/vcpkg \ - && ./vcpkg/bootstrap-vcpkg.sh -disableMetrics - -COPY ./entrypoint.sh /root/ -ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh deleted file mode 100755 index cad61ac7c..000000000 --- a/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash -# -# RedHat 7 -# - -set -euo pipefail - -# these commands must be in the entrypoint so they are run after workspace is mounted on Docker workdir -echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" -echo "INFO: WORKDIR=${PWD}" -echo "INFO: $(git --version)" - -# if first positional is an expected arch string then set cmake preset, -# else use ci-linux-x64 (which actually just uses native/host tools - e.g. not cross compile) -if [ ${#} -ge 1 ]; then - cmake_preset="${1}" -else - cmake_preset="ci-linux-x64" -fi - -if [ ${#} -ge 2 ]; then - cmake_config="${2}" -else - cmake_config="Release" -fi - -# workspace dir for each build env is added to "safe" dirs in global config e.g. -# ~/.gitconfig so both runner and builder containers trust these dirs -# owned by different UIDs from that of Git's EUID. This is made necessary -# by newly-enforced directory boundaries in Git v2.35.2 -# ref: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ -for SAFE in \ - /github/workspace \ - /__w/ziti-tunnel-sdk-c/ziti-tunnel-sdk-c \ - /mnt ; do - git config --global --add safe.directory ${SAFE} -done - -cmake -E make_directory ./build -( - [[ -d ./build ]] && rm -r ./build - cmake -E make_directory ./build - # allow unset for scl_source scripts - set +u - source scl_source enable devtoolset-11 \ - && cmake \ - --preset "${cmake_preset}" \ - -DCMAKE_BUILD_TYPE="${cmake_config}" \ - -DBUILD_DIST_PACKAGES=ON \ - -DDISABLE_LIBSYSTEMD_FEATURE=ON \ - -DVCPKG_OVERLAY_PORTS="./vcpkg-overlays/linux-syslibs/redhat7" \ - -S . \ - -B ./build - source scl_source enable devtoolset-11 \ - && cmake \ - --build ./build \ - --config "${cmake_config}" \ - --target package \ - --verbose -) diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile deleted file mode 100644 index 1734cc1aa..000000000 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -ARG CMAKE_VERSION="3.26.3" - -FROM ubuntu:xenial - -ARG CMAKE_VERSION - -LABEL org.opencontainers.image.authors="support@netfoundry.io" - -ENV DEBIAN_FRONTEND=noninteractive -ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 -ENV TZ=UTC - -USER root -WORKDIR /root/ - -ENV PATH="/usr/local/:${PATH}" - -RUN apt-get -y update \ - && apt-get -y install \ - build-essential \ - curl \ - zip \ - unzip \ - tar \ - doxygen \ - git \ - graphviz \ - pkg-config \ - python3 \ - zlib1g-dev \ - ninja-build \ - && rm -rf /var/lib/apt/lists/* - -RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ - && (bash cmake.sh --skip-license --prefix=/usr/local) \ - && rm cmake.sh - -ENV VCPKG_ROOT=/usr/local/vcpkg -# this must be set on arm. see https://learn.microsoft.com/en-us/vcpkg/users/config-environment#vcpkg_force_system_binaries -ENV VCPKG_FORCE_SYSTEM_BINARIES=yes - -RUN cd /usr/local \ - && git config --global advice.detachedHead false \ - && git clone --branch 2023.12.12 https://github.com/microsoft/vcpkg \ - && ./vcpkg/bootstrap-vcpkg.sh -disableMetrics - -WORKDIR /github/workspace -COPY ./entrypoint.sh /root/ -ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/crossbuild.list b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/crossbuild.list deleted file mode 100644 index f4fb8ab65..000000000 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/crossbuild.list +++ /dev/null @@ -1,7 +0,0 @@ -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic main restricted -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic-updates main restricted -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic universe -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic-updates universe -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic multiverse -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic-updates multiverse -deb [arch=armhf,arm64] http://ports.ubuntu.com/ bionic-backports main restricted universe multiverse diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh deleted file mode 100755 index 01acd19f1..000000000 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash -# -# Ubuntu Bionic 18.04 -# - -set -euo pipefail - -# these commands must be in the entrypoint so they are run after workspace is mounted on Docker workdir -echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" -echo "INFO: WORKDIR=${PWD}" -echo "INFO: $(git --version)" - -# if first positional is an expected arch string then set cmake preset, -# else use ci-linux-x64 (which actually just uses native/host tools - e.g. not cross compile) -if [ ${#} -ge 1 ]; then - cmake_preset="${1}" -else - cmake_preset="ci-linux-x64" -fi - -if [ ${#} -ge 2 ]; then - cmake_config="${2}" -else - cmake_config="Release" -fi - -# workspace dir for each build env is added to "safe" dirs in global config e.g. -# ~/.gitconfig so both runner and builder containers trust these dirs -# owned by different UIDs from that of Git's EUID. This is made necessary -# by newly-enforced directory boundaries in Git v2.35.2 -# ref: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ -for SAFE in \ - /github/workspace \ - /__w/ziti-tunnel-sdk-c/ziti-tunnel-sdk-c \ - /mnt ; do - git config --global --add safe.directory ${SAFE} -done - -[[ -d ./build ]] && rm -r ./build -cmake \ - -E make_directory \ - ./build -cmake \ - --preset "${cmake_preset}" \ - -DCMAKE_BUILD_TYPE="${cmake_config}" \ - -DBUILD_DIST_PACKAGES=ON \ - -DVCPKG_OVERLAY_PORTS="./vcpkg-overlays/linux-syslibs/ubuntu18" \ - -S . \ - -B ./build -cmake \ - --build ./build \ - --config "${cmake_config}" \ - --target package \ - --verbose - -# The original idea behind that was to crudely test the built artifact inside -# the container image with the correct architecture before returning to allow -# the build job to succeed. Basically a smoke test to see if it would execute as -# built at all. I don't recall why I/we abandoned that idea in favor of only -# running the x86 artifact in the job container. So, we're not getting any value -# from those lines of the entrypoint scripts right now, and I agree we'd have to -# embellish the option parsing a bit to get that working. -# if (( ${#} )); then -# echo "INFO: running ziti-edge-tunnel" -# set -x -# "./build/programs/ziti-edge-tunnel/${cmake_config}/ziti-edge-tunnel" ${@} -# fi diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/Dockerfile similarity index 62% rename from .github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile rename to .github/actions/openziti-tunnel-build-action/ubuntu-24.04/Dockerfile index 738004c65..b71d2973f 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/Dockerfile @@ -1,9 +1,11 @@ ARG CMAKE_VERSION="3.26.3" +ARG VCPKG_VERSION="2024.01.12" -# Ubuntu Bionic 18.04 LTS -FROM ubuntu:bionic +# Ubuntu Noble 24.04 LTS +FROM ubuntu:noble ARG CMAKE_VERSION +ARG VCPKG_VERSION LABEL org.opencontainers.image.authors="support@netfoundry.io" @@ -14,13 +16,14 @@ ENV TZ=UTC USER root WORKDIR /root/ -ENV PATH="/usr/local/:${PATH}" - RUN apt-get update \ && apt-get -y install \ - build-essential \ - crossbuild-essential-armhf \ + gcc-arm-linux-gnueabihf \ + g++-arm-linux-gnueabihf \ + gcc-aarch64-linux-gnu \ crossbuild-essential-arm64 \ + crossbuild-essential-armhf \ + build-essential \ curl zip unzip tar \ doxygen \ git \ @@ -33,20 +36,20 @@ RUN apt-get update \ ninja-build \ && rm -rf /var/lib/apt/lists/* -RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ - && (bash cmake.sh --skip-license --prefix=/usr/local) \ - && rm cmake.sh - -RUN dpkg --add-architecture armhf -RUN dpkg --add-architecture arm64 COPY ./crossbuild.list /etc/apt/sources.list.d/crossbuild.list RUN sed -Ei 's/^deb/deb [arch=amd64]/g' /etc/apt/sources.list -RUN apt-get update -RUN apt-get -y install \ - zlib1g-dev:armhf \ - zlib1g-dev:arm64 \ - libssl-dev:armhf \ - libssl-dev:arm64 +RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf +RUN apt-get update \ + && apt-get -y install \ + libssl-dev:arm64 \ + libssl-dev:armhf \ + zlib1g-dev:arm64 \ + zlib1g-dev:armhf \ + && rm -rf /var/lib/apt/lists/* + +RUN curl -sSfL "https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh" -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh ENV VCPKG_ROOT=/usr/local/vcpkg # this must be set on arm. see https://learn.microsoft.com/en-us/vcpkg/users/config-environment#vcpkg_force_system_binaries @@ -54,9 +57,8 @@ ENV VCPKG_FORCE_SYSTEM_BINARIES=yes RUN cd /usr/local \ && git config --global advice.detachedHead false \ - && git clone --branch 2023.12.12 https://github.com/microsoft/vcpkg \ + && git clone --branch "${VCPKG_VERSION}" https://github.com/microsoft/vcpkg \ && ./vcpkg/bootstrap-vcpkg.sh -disableMetrics -WORKDIR /github/workspace COPY ./entrypoint.sh /root/ -ENTRYPOINT [ "/root/entrypoint.sh" ] \ No newline at end of file +ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/crossbuild.list b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/crossbuild.list new file mode 100644 index 000000000..777eccfd2 --- /dev/null +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/crossbuild.list @@ -0,0 +1,7 @@ +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble main restricted +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble-updates main restricted +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble universe +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble-updates universe +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble multiverse +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble-updates multiverse +deb [arch=arm64,armhf] http://ports.ubuntu.com/ noble-backports main restricted universe multiverse diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/entrypoint.sh similarity index 90% rename from .github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh rename to .github/actions/openziti-tunnel-build-action/ubuntu-24.04/entrypoint.sh index ad3e167d4..7554fde64 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-24.04/entrypoint.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Ubuntu Xenial 16.04 +# Debian Bookworm/Ubuntu Noble 24.04 # set -euo pipefail @@ -39,14 +39,13 @@ done [[ -d ./build ]] && rm -r ./build cmake \ -E make_directory \ - ./build + ./build cmake \ --preset "${cmake_preset}" \ -DCMAKE_BUILD_TYPE="${cmake_config}" \ -DBUILD_DIST_PACKAGES=ON \ - -DDISABLE_LIBSYSTEMD_FEATURE=ON \ - -DVCPKG_OVERLAY_PORTS="./vcpkg-overlays/linux-syslibs/ubuntu16" \ - -S . \ + "${TLSUV_TLSLIB:+-DTLSUV_TLSLIB=${TLSUV_TLSLIB}}" \ + -S "${PWD}/" \ -B ./build cmake \ --build ./build \ diff --git a/.github/cpack-matrix.yml b/.github/cpack-matrix.yml index 8f0f7f2e8..796d9c809 100644 --- a/.github/cpack-matrix.yml +++ b/.github/cpack-matrix.yml @@ -10,6 +10,10 @@ cpack_matrix: rpm: aarch64 deb: arm64 distro: + - name: ubuntu + version: "24.04" + release_name: noble + type: deb - name: ubuntu version: "22.04" release_name: jammy @@ -18,19 +22,6 @@ cpack_matrix: version: "20.04" release_name: focal type: deb - - name: ubuntu - version: "18.04" - release_name: bionic - type: deb - - name: ubuntu - version: "16.04" - release_name: xenial - type: deb - - name: redhat - version: "7" - release_name: ${{ null }} - type: rpm - container: docker.io/library/centos:7 - name: redhat version: "8" release_name: ${{ null }} @@ -42,21 +33,6 @@ cpack_matrix: type: rpm container: docker.io/library/rockylinux:9 exclude: - - distro: - name: ubuntu - release_name: xenial - arch: - cmake: ci-linux-arm - - distro: - name: ubuntu - release_name: xenial - arch: - cmake: ci-linux-arm64 - - distro: - name: ubuntu - release_name: bionic - arch: - cmake: ci-linux-arm - distro: name: redhat arch: diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index b13d7d48b..a7dfe652c 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -41,17 +41,17 @@ jobs: preset: windows-arm64-vs2022 - os: ubuntu-20.04 - container: openziti/ziti-builder:1.0.7 + container: openziti/ziti-builder:2.0.0 name: Linux x86_64 preset: linux-x64 - os: ubuntu-20.04 - container: openziti/ziti-builder:1.0.7 + container: openziti/ziti-builder:2.0.0 name: Linux arm preset: linux-arm - os: ubuntu-20.04 - container: openziti/ziti-builder:1.0.7 + container: openziti/ziti-builder:2.0.0 name: Linux arm64 preset: linux-arm64 diff --git a/.github/workflows/cpack.yml b/.github/workflows/cpack.yml index dce45fc4e..83895c1c3 100644 --- a/.github/workflows/cpack.yml +++ b/.github/workflows/cpack.yml @@ -75,21 +75,6 @@ jobs: dnf -y install git git --version - - name: install contemporary Git in runner container if RedHat 7 - if: ${{ matrix.distro.name == 'redhat' && matrix.distro.version == '7' }} - shell: bash - run: | - yum -y update - yum -y install centos-release-scl - yum -y install rh-git218 - source scl_source enable rh-git218 && git --version - cat << 'EOF' >| /root/git.sh - #!/bin/bash - source scl_source enable rh-git218 && git "${@}" - EOF - chmod +x /root/git.sh - update-alternatives --install /usr/bin/git git /root/git.sh 50 - - name: checkout workspace uses: actions/checkout@v4 with: diff --git a/BUILD.md b/BUILD.md index 39d543fb7..afa8fc5ea 100644 --- a/BUILD.md +++ b/BUILD.md @@ -204,8 +204,5 @@ Build the generic binary for arm64 with the `ci-linux-arm64` preset. ./scripts/ziti-builder.sh -p ci-linux-arm64 ``` -To build with OpenSSL on this Ubuntu Bionic-based (glibc 2.27) builder image, `export TLSUV_TLSLIB=openssl` and change -`vcpkg.json` to statically compile "openssl" instead of "mbedtls." - [1]: https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html [2]: https://cmake.org/download/ diff --git a/scripts/install-ubuntu.bash b/scripts/install-ubuntu.bash index b5b87bad3..85c7ed0d2 100755 --- a/scripts/install-ubuntu.bash +++ b/scripts/install-ubuntu.bash @@ -2,14 +2,16 @@ set -euxo pipefail +# shellcheck disable=SC1091 source /etc/os-release + [[ -n ${UBUNTU_CODENAME:-} ]] || { echo "Unable to determine Ubuntu version" >&2 exit 1 } case ${UBUNTU_CODENAME} in - jammy|focal|bionic) + noble|jammy|focal) UBUNTU_LTS=${UBUNTU_CODENAME} ;; lunar|kinetic|mantic) @@ -18,12 +20,9 @@ case ${UBUNTU_CODENAME} in impish|hirsute|groovy) UBUNTU_LTS=focal ;; - eoan|disco|cosmic) - UBUNTU_LTS=bionic - ;; *) echo "WARN: Ubuntu version: ${UBUNTU_CODENAME} not recognized, assuming latest" >&2 - UBUNTU_LTS=jammy + UBUNTU_LTS=noble ;; esac