From f041aeaa74bda4b11859b1c8b4187d021aa70442 Mon Sep 17 00:00:00 2001 From: Ernesto Ojeda Date: Tue, 14 Jul 2020 09:14:03 -0700 Subject: [PATCH] update for new snapcraft, fix old bugs Migrated from ci-management: https://github.com/edgexfoundry/ci-management/pull/617 Changes by Ian Johnson Due to some libraries that snapcraft/python use for outputting, the ordering of some output gets lost when it is piped through docker. To fix this we can just run snapcraft through unbuffer, which is provided through the expect package. This is needed because now snapcraft will use "snap pack" from the host, and so we need the snap command in the docker container alongside the snapcraft snap. The previous behavior would not actually fail the build setup if for example the SHA's didn't match, but now if the SHA's don't match, sha512sum will exit non-zero and using && results in the whole command failing. We also should delete the sha512 file as well, it is not needed during the build. Fixes: #517 Signed-off-by: Ernesto Ojeda --- Dockerfile | 37 ++++++++++++++++++++++--------------- Jenkinsfile | 2 ++ entrypoint.sh | 18 +++++++++--------- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f70d4c..ac6ca24 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,25 +14,32 @@ ARG ARCH # We do this because we can't easily run snapd (and thus snaps) inside a # docker container without disabling important security protections enabled # for docker containers. +# Note that now snapcraft depends on snapd for the "snap pack" command, so we +# have to also install snapd as an apt package, even though snapd is not +# functional inside the docker container, we do this last so it doesn't get +# cleaned up # TODO: add a little bit of error checking for the curl calls in case we ever # are on a proxy or something and we end up downloading a login page or # or something like that RUN apt-get update && \ - apt-get dist-upgrade --yes && \ - apt-get install --yes \ - curl sudo jq squashfs-tools && \ - for thesnap in core core18 snapcraft; do \ - dlUrl=$(curl -s -H 'X-Ubuntu-Series: 16' -H "X-Ubuntu-Architecture: $ARCH" "https://api.snapcraft.io/api/v1/snaps/details/$thesnap" | jq '.download_url' -r); \ - dlSHA=$(curl -s -H 'X-Ubuntu-Series: 16' -H "X-Ubuntu-Architecture: $ARCH" "https://api.snapcraft.io/api/v1/snaps/details/$thesnap" | jq '.download_sha512' -r); \ - curl -s -L $dlUrl --output $thesnap.snap; \ - echo "$dlSHA $thesnap.snap"; \ - echo "$dlSHA $thesnap.snap" > $thesnap.snap.sha512; \ - sha512sum -c $thesnap.snap.sha512; \ - mkdir -p /snap/$thesnap && unsquashfs -n -d /snap/$thesnap/current $thesnap.snap && rm $thesnap.snap; \ - done && \ - apt remove --yes --purge curl jq squashfs-tools && \ - apt-get autoclean --yes && \ - apt-get clean --yes + apt-get dist-upgrade --yes && \ + apt-get install --yes \ + curl sudo jq squashfs-tools && \ + for thesnap in core core18 snapcraft; do \ + dlUrl=$(curl -s -H 'X-Ubuntu-Series: 16' -H "X-Ubuntu-Architecture: $ARCH" "https://api.snapcraft.io/api/v1/snaps/details/$thesnap" | jq '.download_url' -r) && \ + dlSHA=$(curl -s -H 'X-Ubuntu-Series: 16' -H "X-Ubuntu-Architecture: $ARCH" "https://api.snapcraft.io/api/v1/snaps/details/$thesnap" | jq '.download_sha512' -r) && \ + curl -s -L $dlUrl --output $thesnap.snap && \ + echo "$dlSHA $thesnap.snap" > $thesnap.snap.sha512 && \ + sha512sum -c $thesnap.snap.sha512 && \ + mkdir -p /snap/$thesnap && \ + unsquashfs -n -d /snap/$thesnap/current $thesnap.snap && \ + rm $thesnap.snap.sha512 && \ + rm $thesnap.snap; \ + done && \ + apt remove --yes --purge curl jq squashfs-tools && \ + apt-get autoclean --yes && \ + apt-get clean --yes && \ + apt-get install snapd --yes # The upstream dockerfile just uses this file locally from the repo since it's # in the same build context, but rather than copy that file here into the diff --git a/Jenkinsfile b/Jenkinsfile index a18bcd1..87e94f2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -20,5 +20,7 @@ edgeXBuildDocker ( dockerImageName: 'edgex-snap-builder', dockerNamespace: 'edgex-devops', dockerNexusRepo: 'snapshots', + dockerPushLatest: false, + dockerTags: ['new-snap-updates'], releaseBranchOverride: 'snapcraft-builder' ) \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 3925257..a52cdd1 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -19,29 +19,29 @@ case "$JOB_TYPE" in "stage") # Stage jobs build the snap locally and release it pushd /build > /dev/null - snapcraft clean - snapcraft + unbuffer snapcraft clean + unbuffer snapcraft popd > /dev/null pushd /build > /dev/null - snapcraft login --with /build/edgex-snap-store-login + unbuffer snapcraft login --with /build/edgex-snap-store-login # Push the snap up to the store and release it on the specified # channel - snapcraft push "$SNAP_NAME"*.snap --release "$SNAP_CHANNEL" + unbuffer snapcraft push "$SNAP_NAME"*.snap --release "$SNAP_CHANNEL" # Also force an update of the meta-data - snapcraft push-metadata "$SNAP_NAME"*.snap --force + unbuffer snapcraft push-metadata "$SNAP_NAME"*.snap --force popd > /dev/null ;; "release") # Release jobs will promote an already built snap revision # in the store to a channel. - snapcraft login --with /build/edgex-snap-store-login - snapcraft release "$SNAP_NAME" "$SNAP_REVISION" "$SNAP_CHANNEL" + unbuffer snapcraft login --with /build/edgex-snap-store-login + unbuffer snapcraft release "$SNAP_NAME" "$SNAP_REVISION" "$SNAP_CHANNEL" ;; *) # Do normal build and nothing else to verify the snap builds pushd /build > /dev/null - snapcraft clean - snapcraft + unbuffer snapcraft clean + unbuffer snapcraft popd > /dev/null ;; esac \ No newline at end of file