Place zap hash in dockerfile and verify origin

Remove logic around zap from build.sh Create generic method to set up build context in build.sh Add script to create build context Add logic in dockerfile to ensure origin stays in sync
project-chip · Apr 15, 2022 · 95866de · 95866de
1 parent 0bfc8a1
commit 95866de
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 33 deletions.
diff --git a/integrations/docker/build.sh b/integrations/docker/build.sh
@@ -45,7 +45,6 @@ VERSION=${DOCKER_BUILD_VERSION:-$(sed 's/ .*//' version)}
    --push      push image(s) to docker.io (requires docker login for \"$ORG\")
    --help      get this message
    --squash    squash docker layers before push them to docker.io (requires docker-squash python module)
-   --zap       commit hash of desired zap to bundle in zap-including images
 "
     exit 0
 }
@@ -72,33 +71,9 @@ if [[ ${*/--no-cache//} != "${*}" ]]; then
     BUILD_ARGS+=(--no-cache)
 fi
 
-# Special condition to include zapinfo in zap build context
-ZAP_IMAGE_NAME='chip-build-zap'
-if [[ $IMAGE == $ZAP_IMAGE_NAME ]]; then
-
-  working_tree_root=$(dirname $(readlink -e '../../..'))
-  zap_default_location='third_party/zap/repo'
-  zap_info_file_name=zapinfo
-  zap_image_build_context=$(pwd)
-
-  cd $working_tree_root
-  chip_sha=$(git show | head -n 1 | awk '{print $2}')
-  cd $zap_image_build_context
-
-  if [[ ${*/--zap//} != "${*}" ]]; then
-    zap_install_customized='YES'
-    zap_sha=${*/--zap=/}
-    zap_sha=$(echo $zap_sha | awk '{print $1}')
-    echo "using custom zap commit: " $zap_sha
-
-  else
-    zap_install_customized='NO'
-    cd $working_tree_root
-    zap_sha=$(git ls-tree master $zap_default_location |  awk '{print $3}')
-    cd $zap_image_build_context
-  fi
-
-  echo "CUSTOM" $zap_install_customized "project-chip/connectedhomeip" $chip_sha "project-chip/zap" $zap_sha > $zap_info_file_name
+# Prepare context if required
+if [[ -f './buildcontext.sh' ]]; then
+    source './buildcontext.sh'
 fi
 
 docker build "${BUILD_ARGS[@]}" --build-arg VERSION="$VERSION" -t "$ORG/$IMAGE:$VERSION" .

diff --git a/integrations/docker/images/chip-build-zap/Dockerfile b/integrations/docker/images/chip-build-zap/Dockerfile
@@ -1,15 +1,56 @@
 ARG VERSION=latest
 FROM connectedhomeip/chip-build:${VERSION}
 
+ENV ZAP_COMMIT=7ab717d08dfe9b0ba9de907fc7c6eb6549c86bf7
+
+ENV CHIP_ORIGIN=https://github.com/abozowski/connectedhomeip
 ENV ZAP_ORIGIN=https://github.com/project-chip/zap.git
 
+# Check zap in chip origin
+COPY context.txt /local_chip_commit.txt
+WORKDIR /tmp
+RUN git clone $CHIP_ORIGIN
+WORKDIR ./connectedhomeip
+RUN git checkout $(cat /local_chip_commit.txt)
+RUN git ls-tree master third_party/zap/repo | awk '{print $3}'> /remote_zap_commit.txt
+RUN cat /remote_zap_commit.txt
+
+# Check the dockerfile in chip origin
+WORKDIR ./integrations/docker/images/chip-build-zap
+RUN cat Dockerfile | grep -m 1"ENV ZAP"
+RUN dfc=$(cat Dockerfile | grep -m 1 'ENV ZAP_COMMIT'); echo ${dfc#*=} > /remote_dockerfile_commit.txt;
+RUN cat /remote_dockerfile_commit.txt
+
+# Verify local against origin
+ENV VERIFY=/verify.sh
+RUN echo "LOCAL_CHIP_COMMIT=$(cat /local_chip_commit.txt)" > $VERIFY
+RUN echo "REMOTE_ZAP_COMMIT=$(cat /remote_zap_commit.txt)" >> $VERIFY
+RUN echo "REMOTE_DOCKERFILE_COMMIT=$(cat /remote_dockerfile_commit.txt)" >> $VERIFY
+RUN echo "    echo 'LOCAL_CHIP_COMMIT \$LOCAL_CHIP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'LOCAL_DOCKERFILE_COMMIT $ZAP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'REMOTE_ZAP_COMMIT \$REMOTE_ZAP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'REMOTE_DOCKERFILE_COMMIT \$REMOTE_DOCKERFILE_COMMIT'" >> $VERIFY
+RUN echo "if [[ \$REMOTE_ZAP_COMMIT != $ZAP_COMMIT ]] || [[ \$REMOTE_DOCKERFILE_COMMIT != $ZAP_COMMIT ]]; then" >> $VERIFY
+RUN echo "    echo 'This image is being built in an instance of $CHIP_ORIGIN at commit \$LOCAL_CHIP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'For this commit, $CHIP_ORIGIN has zap submodule at \$REMOTE_ZAP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'The Dockerfile in $CHIP_ORIGIN has the zap submodule at \$REMOTE_DOCKERFILE_COMMIT'" >> $VERIFY
+RUN echo "    echo '$CHIP_ORIGIN is not in sync with this build specifying $ZAP_COMMIT'" >> $VERIFY
+RUN echo "    echo 'If the zap commit requested for the build is ahead of the submodule, please update the submodule in origin and checkout.'" >> $VERIFY
+RUN echo "    echo 'If the zap commit requested in the build is behind the submodule, please update and push this Dockerfile before building.'" >> $VERIFY
+RUN echo "    exit 1" >> $VERIFY
+RUN echo "else" >> $VERIFY
+RUN echo "    echo 'Origin matches build'" >> $VERIFY
+RUN echo "fi" >> $VERIFY
+RUN chmod +x $VERIFY
+RUN cat $VERIFY
+RUN $VERIFY
+
+# Build zap at the correct commit
 WORKDIR /opt
-COPY zapinfo .
-RUN echo $(cat zapinfo)
+RUN rm -R /tmp/connectedhomeip
 RUN git clone $ZAP_ORIGIN
-WORKDIR /opt/zap
-RUN mv ../zapinfo zapinfo
-RUN git checkout $(cat zapinfo | awk '{print $6}')
+WORKDIR ./zap
+RUN git checkout $ZAP_COMMIT
 RUN npm ci
 
 RUN mkdir ../zapout

diff --git a/integrations/docker/images/chip-build-zap/buildcontext.sh b/integrations/docker/images/chip-build-zap/buildcontext.sh
@@ -0,0 +1,2 @@
+repo_root=$(dirname $(readlink -e '../../../'))
+echo $(git --git-dir=$repo_root/.git show -s --format=%H) > context.txt
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		repo_root=$(dirname $(readlink -e '../../../'))
		echo $(git --git-dir=$repo_root/.git show -s --format=%H) > context.txt