From 6ba33061ed8c674eeac70e8f3267313d10395dfe Mon Sep 17 00:00:00 2001
From: Austin Bozowski <bozowski@google.com>
Date: Wed, 13 Apr 2022 18:44:59 -0700
Subject: [PATCH] Build from hashes instead of dirs

---
 integrations/docker/build.sh                  | 48 ++++++++-----------
 .../docker/images/chip-build-zap/Dockerfile   | 10 +++-
 2 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/integrations/docker/build.sh b/integrations/docker/build.sh
index 3235e0d1725127..ba78de91c126c4 100755
--- a/integrations/docker/build.sh
+++ b/integrations/docker/build.sh
@@ -40,12 +40,12 @@ VERSION=${DOCKER_BUILD_VERSION:-$(sed 's/ .*//' version)}
   Build and (optionally tag as latest, push) a docker image from Dockerfile in CWD
 
   Options:
-   --no-cache   passed as a docker build argument
-   --latest     update latest to the current built version (\"$VERSION\")
-   --push       push image(s) to docker.io (requires docker login for \"$ORG\")
-   --help       get this message
-   --squash     squash docker layers before push them to docker.io (requires docker-squash python module)
-   --zap-path   path to a local directory containing zap (root of git repo). Without this option, zap is copied from the working tree.
+   --no-cache  passed as a docker build argument
+   --latest    update latest to the current built version (\"$VERSION\")
+   --push      push image(s) to docker.io (requires docker login for \"$ORG\")
+   --help      get this message
+   --squash    squash docker layers before push them to docker.io (requires docker-squash python module)
+   --zap       commit hash of desired zap to bundle in zap-including images
 "
     exit 0
 }
@@ -72,51 +72,43 @@ if [[ ${*/--no-cache//} != "${*}" ]]; then
     BUILD_ARGS+=(--no-cache)
 fi
 
-# Special condition to include zap source in build context
-# This copies from the working tree but we should clone @ build time with the hashes here to ensure local changes cannot cause issues
+# Special condition to include zapinfo in build context
 ZAP_INCLUDING_IMAGE='chip-build-zap'
 if [[ $IMAGE == $ZAP_INCLUDING_IMAGE ]]; then
 
   WORKING_TREE_ROOT=$(dirname $(readlink -e '../../..'))
   ZAP_DEFAULT_LOCATION='third_party/zap/repo'
-  ZAP_INCLUDING_IMAGE_CONTEXT=$(pwd)
   ZAP_INFO_FILE_NAME=zapinfo
+  ZAP_INCLUDING_IMAGE_CONTEXT=$(pwd)
+
   cd $WORKING_TREE_ROOT
   CHIP_SHA=$(git show | head -n 1 | awk '{print $2}')
   cd $ZAP_INCLUDING_IMAGE_CONTEXT
 
   if [[ ${*/--zap//} != "${*}" ]]; then
-    # Include zap in image from local folder
-    # Must be a git repo
-    ZAP_CUSTOM_PATH=${*/--zap=/}
-    ZAP_CUSTOM_PATH=$(echo $ZAP_CUSTOM_PATH | awk '{print $1}')
-    echo "Using custom zap dir" $ZAP_CUSTOM_PATH
-    cd $ZAP_CUSTOM_PATH
-    ZAP_SHA=$(git show | head -n 1 | awk '{print $2}')
-    cd $ZAP_INCLUDING_IMAGE_CONTEXT
-    cp -R $ZAP_CUSTOM_PATH .
-    mv ./$(basename $ZAP_CUSTOM_PATH) ./$(basename $ZAP_DEFAULT_LOCATION)
     ZAP_INSTALL_CUSTOMIZED='YES'
+    ZAP_SHA=${*/--zap=/}
+    ZAP_SHA=$(echo $ZAP_CUSTOM_SHA | awk '{print $1}')
+    echo "Using custom zap commit: " $ZAP_SHA
+
   else
-    # Copy zap into build context, save SHA info
+    ZAP_INSTALL_CUSTOMIZED='NO'
     cd $WORKING_TREE_ROOT
     ZAP_SHA=$(git ls-tree master $ZAP_DEFAULT_LOCATION |  awk '{print $3}')
-    git submodule update --init --recursive -- $ZAP_DEFAULT_LOCATION
-    cp -R $ZAP_DEFAULT_LOCATION $ZAP_INCLUDING_IMAGE_CONTEXT
     cd $ZAP_INCLUDING_IMAGE_CONTEXT
-    ZAP_INSTALL_CUSTOMIZED='NO'
   fi
-  echo "CUSTOM" $ZAP_INSTALL_CUSTOMIZED  "project-chip/connectedhomeip" $CHIP_SHA "project-chip/zap" $ZAP_SHA>> $ZAP_INFO_FILE_NAME
+
+  echo "CUSTOM" $ZAP_INSTALL_CUSTOMIZED "project-chip/connectedhomeip" $CHIP_SHA "project-chip/zap" $ZAP_SHA > $ZAP_INFO_FILE_NAME
 fi
 
 docker build "${BUILD_ARGS[@]}" --build-arg VERSION="$VERSION" -t "$ORG/$IMAGE:$VERSION" .
 docker image prune --force
 
-# Clean up zap from build conext
-if [[ ${*/--zap//} != "${*}" ]]; then
-  rm -R $ZAP_INCLUDING_IMAGE_CONTEXT/$(basename $ZAP_DEFAULT_LOCATION)
-  rm -R $ZAP_INCLUDING_IMAGE_CONTEXT/$ZAP_INFO_FILE_NAME
+# Clean up zap build conext. If the build fails, zapinfo will be in working tree
+if [[ $IMAGE == $ZAP_INCLUDING_IMAGE ]]; then
+  rm $ZAP_INCLUDING_IMAGE_CONTEXT/$ZAP_INFO_FILE_NAME
 fi
+# TODO: Safeguard: Prevent push if zap is custom?
 
 [[ ${*/--latest//} != "${*}" ]] && {
     docker tag "$ORG"/"$IMAGE":"$VERSION" "$ORG"/"$IMAGE":latest
diff --git a/integrations/docker/images/chip-build-zap/Dockerfile b/integrations/docker/images/chip-build-zap/Dockerfile
index dd3f82c42cc840..543951fde4c1f5 100644
--- a/integrations/docker/images/chip-build-zap/Dockerfile
+++ b/integrations/docker/images/chip-build-zap/Dockerfile
@@ -24,10 +24,16 @@ RUN pip3 install --no-cache-dir \
     lark==1.0.0                 \
     stringcase==1.2.0
 
+ENV ZAP_ORIGIN=https://github.com/project-chip/zap.git
+
 WORKDIR /
 COPY zapinfo zapinfo
-COPY repo zapinstall
-WORKDIR zapinstall
+RUN echo $(cat zapinfo)
+
+WORKDIR /zapinstall
+RUN git clone $ZAP_ORIGIN
+WORKDIR zap
+RUN git checkout $(cat ../../zapinfo | awk '{print $6}')
 RUN npm ci
 
 RUN mkdir ../zapout