From 95866de4990ac4b3877b676c33a13d5bc992f3fc Mon Sep 17 00:00:00 2001 From: Austin Bozowski Date: Fri, 15 Apr 2022 13:58:21 -0700 Subject: [PATCH] Place zap hash in dockerfile and verify origin Remove logic around zap from build.sh Create generic method to set up build context in build.sh Add script to create build context Add logic in dockerfile to ensure origin stays in sync --- integrations/docker/build.sh | 31 ++--------- .../docker/images/chip-build-zap/Dockerfile | 51 +++++++++++++++++-- .../images/chip-build-zap/buildcontext.sh | 2 + 3 files changed, 51 insertions(+), 33 deletions(-) create mode 100755 integrations/docker/images/chip-build-zap/buildcontext.sh diff --git a/integrations/docker/build.sh b/integrations/docker/build.sh index 0773266a65d06d..54dee0156c7bb6 100755 --- a/integrations/docker/build.sh +++ b/integrations/docker/build.sh @@ -45,7 +45,6 @@ VERSION=${DOCKER_BUILD_VERSION:-$(sed 's/ .*//' version)} --push push image(s) to docker.io (requires docker login for \"$ORG\") --help get this message --squash squash docker layers before push them to docker.io (requires docker-squash python module) - --zap commit hash of desired zap to bundle in zap-including images " exit 0 } @@ -72,33 +71,9 @@ if [[ ${*/--no-cache//} != "${*}" ]]; then BUILD_ARGS+=(--no-cache) fi -# Special condition to include zapinfo in zap build context -ZAP_IMAGE_NAME='chip-build-zap' -if [[ $IMAGE == $ZAP_IMAGE_NAME ]]; then - - working_tree_root=$(dirname $(readlink -e '../../..')) - zap_default_location='third_party/zap/repo' - zap_info_file_name=zapinfo - zap_image_build_context=$(pwd) - - cd $working_tree_root - chip_sha=$(git show | head -n 1 | awk '{print $2}') - cd $zap_image_build_context - - if [[ ${*/--zap//} != "${*}" ]]; then - zap_install_customized='YES' - zap_sha=${*/--zap=/} - zap_sha=$(echo $zap_sha | awk '{print $1}') - echo "using custom zap commit: " $zap_sha - - else - zap_install_customized='NO' - cd $working_tree_root - zap_sha=$(git ls-tree master $zap_default_location | awk '{print $3}') - cd $zap_image_build_context - fi - - echo "CUSTOM" $zap_install_customized "project-chip/connectedhomeip" $chip_sha "project-chip/zap" $zap_sha > $zap_info_file_name +# Prepare context if required +if [[ -f './buildcontext.sh' ]]; then + source './buildcontext.sh' fi docker build "${BUILD_ARGS[@]}" --build-arg VERSION="$VERSION" -t "$ORG/$IMAGE:$VERSION" . diff --git a/integrations/docker/images/chip-build-zap/Dockerfile b/integrations/docker/images/chip-build-zap/Dockerfile index eab393ad5fe3cd..c6b5e9254e7c23 100644 --- a/integrations/docker/images/chip-build-zap/Dockerfile +++ b/integrations/docker/images/chip-build-zap/Dockerfile @@ -1,15 +1,56 @@ ARG VERSION=latest FROM connectedhomeip/chip-build:${VERSION} +ENV ZAP_COMMIT=7ab717d08dfe9b0ba9de907fc7c6eb6549c86bf7 + +ENV CHIP_ORIGIN=https://github.com/abozowski/connectedhomeip ENV ZAP_ORIGIN=https://github.com/project-chip/zap.git +# Check zap in chip origin +COPY context.txt /local_chip_commit.txt +WORKDIR /tmp +RUN git clone $CHIP_ORIGIN +WORKDIR ./connectedhomeip +RUN git checkout $(cat /local_chip_commit.txt) +RUN git ls-tree master third_party/zap/repo | awk '{print $3}'> /remote_zap_commit.txt +RUN cat /remote_zap_commit.txt + +# Check the dockerfile in chip origin +WORKDIR ./integrations/docker/images/chip-build-zap +RUN cat Dockerfile | grep -m 1"ENV ZAP" +RUN dfc=$(cat Dockerfile | grep -m 1 'ENV ZAP_COMMIT'); echo ${dfc#*=} > /remote_dockerfile_commit.txt; +RUN cat /remote_dockerfile_commit.txt + +# Verify local against origin +ENV VERIFY=/verify.sh +RUN echo "LOCAL_CHIP_COMMIT=$(cat /local_chip_commit.txt)" > $VERIFY +RUN echo "REMOTE_ZAP_COMMIT=$(cat /remote_zap_commit.txt)" >> $VERIFY +RUN echo "REMOTE_DOCKERFILE_COMMIT=$(cat /remote_dockerfile_commit.txt)" >> $VERIFY +RUN echo " echo 'LOCAL_CHIP_COMMIT \$LOCAL_CHIP_COMMIT'" >> $VERIFY +RUN echo " echo 'LOCAL_DOCKERFILE_COMMIT $ZAP_COMMIT'" >> $VERIFY +RUN echo " echo 'REMOTE_ZAP_COMMIT \$REMOTE_ZAP_COMMIT'" >> $VERIFY +RUN echo " echo 'REMOTE_DOCKERFILE_COMMIT \$REMOTE_DOCKERFILE_COMMIT'" >> $VERIFY +RUN echo "if [[ \$REMOTE_ZAP_COMMIT != $ZAP_COMMIT ]] || [[ \$REMOTE_DOCKERFILE_COMMIT != $ZAP_COMMIT ]]; then" >> $VERIFY +RUN echo " echo 'This image is being built in an instance of $CHIP_ORIGIN at commit \$LOCAL_CHIP_COMMIT'" >> $VERIFY +RUN echo " echo 'For this commit, $CHIP_ORIGIN has zap submodule at \$REMOTE_ZAP_COMMIT'" >> $VERIFY +RUN echo " echo 'The Dockerfile in $CHIP_ORIGIN has the zap submodule at \$REMOTE_DOCKERFILE_COMMIT'" >> $VERIFY +RUN echo " echo '$CHIP_ORIGIN is not in sync with this build specifying $ZAP_COMMIT'" >> $VERIFY +RUN echo " echo 'If the zap commit requested for the build is ahead of the submodule, please update the submodule in origin and checkout.'" >> $VERIFY +RUN echo " echo 'If the zap commit requested in the build is behind the submodule, please update and push this Dockerfile before building.'" >> $VERIFY +RUN echo " exit 1" >> $VERIFY +RUN echo "else" >> $VERIFY +RUN echo " echo 'Origin matches build'" >> $VERIFY +RUN echo "fi" >> $VERIFY +RUN chmod +x $VERIFY +RUN cat $VERIFY +RUN $VERIFY + +# Build zap at the correct commit WORKDIR /opt -COPY zapinfo . -RUN echo $(cat zapinfo) +RUN rm -R /tmp/connectedhomeip RUN git clone $ZAP_ORIGIN -WORKDIR /opt/zap -RUN mv ../zapinfo zapinfo -RUN git checkout $(cat zapinfo | awk '{print $6}') +WORKDIR ./zap +RUN git checkout $ZAP_COMMIT RUN npm ci RUN mkdir ../zapout diff --git a/integrations/docker/images/chip-build-zap/buildcontext.sh b/integrations/docker/images/chip-build-zap/buildcontext.sh new file mode 100755 index 00000000000000..fed41498b03733 --- /dev/null +++ b/integrations/docker/images/chip-build-zap/buildcontext.sh @@ -0,0 +1,2 @@ +repo_root=$(dirname $(readlink -e '../../../')) +echo $(git --git-dir=$repo_root/.git show -s --format=%H) > context.txt