From c90b1ab2f17709ec2b03d5dd87b3a2759b812f07 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Tue, 8 Aug 2023 16:00:06 +0100 Subject: [PATCH 1/7] gitlab-ci: document the get_version implicit nature Had a silly moment a while back, assuming the stage is no longer needed. That's not the case, so add a brief commit about that. Signed-off-by: Emil Velikov --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7ce53da..d25d3de 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,8 @@ lint: - releases - tags +# This is an implicit gitlab stage, with the build.env variables used by either +# other stages or auxiliarry scripts. get_version: stage: .pre script: From 5ec09f5357975d4823606cb9dd4c274426b612e3 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 16:19:17 +0100 Subject: [PATCH 2/7] gitlab-ci: install devtools without its dependencies We only need devtools for the pacman.conf. While currently we install a dozen+ of extra dependencies, weighting in at over 100M. Signed-off-by: Emil Velikov --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d25d3de..3e42fe0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -59,7 +59,8 @@ get_version: .rootfs: stage: rootfs before_script: - - pacman -Syu --noconfirm make devtools fakechroot fakeroot + - pacman -Syu --noconfirm make fakechroot fakeroot + - pacman -Sdd --noconfirm devtools script: - make $PWD/output/Dockerfile.$GROUP artifacts: From 9d3774ce35e71d2f08e5faadd6c78e7f8d41940d Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 16:19:24 +0100 Subject: [PATCH 3/7] gitlab-ci: de-duplicate matrix option Just push the parallel/matrix into the templates. Signed-off-by: Emil Velikov --- .gitlab-ci.yml | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3e42fe0..6440095 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -58,6 +58,9 @@ get_version: .rootfs: stage: rootfs + parallel: + matrix: + - GROUP: [base, base-devel] before_script: - pacman -Syu --noconfirm make fakechroot fakeroot - pacman -Sdd --noconfirm devtools @@ -75,9 +78,6 @@ rootfs: - releases - schedules - tags - parallel: - matrix: - - GROUP: [base, base-devel] rootfs:secure: extends: .rootfs @@ -90,12 +90,12 @@ rootfs:secure: except: - tags - releases - parallel: - matrix: - - GROUP: [base, base-devel] .image: stage: image + parallel: + matrix: + - GROUP: [base, base-devel] tags: - vm before_script: @@ -114,9 +114,6 @@ image:build: - releases - schedules - tags - parallel: - matrix: - - GROUP: [base, base-devel] before_script: - pacman -Syu --noconfirm podman - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" @@ -131,9 +128,6 @@ image:build:secure: - schedules except: - tags - parallel: - matrix: - - GROUP: [base, base-devel] before_script: - pacman -Syu --noconfirm podman - podman login -u "$GITLAB_PROJECT_USER" -p "$GITLAB_PROJECT_TOKEN" "$CI_REGISTRY" @@ -149,9 +143,6 @@ image:publish:secure: - vm only: - tags - parallel: - matrix: - - GROUP: [base, base-devel] before_script: - pacman -Syu --noconfirm podman - podman login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_ACCESS_TOKEN" "docker.io" From 8589e40bd8252cc772034c4c633d70234929cdee Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 16:19:30 +0100 Subject: [PATCH 4/7] README: s/docker/podman/ in the requirements We're switched to podman a while ago. Signed-off-by: Emil Velikov --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index baf03f2..9b4bb88 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ Install the following Arch Linux packages: * make * devtools -* docker +* podman * fakechroot * fakeroot From 615bfa55ea3646f7505a8a1a7d3385425dfd1852 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 16:19:34 +0100 Subject: [PATCH 5/7] Drop erroneous oci- prefix for image-base{,-devel} targets The targets never had a docker/oci prefix. Update the PHONY targets in the Makefile and the README. Signed-off-by: Emil Velikov --- Makefile | 4 ++-- README.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 83c3210..86b5714 100644 --- a/Makefile +++ b/Makefile @@ -66,10 +66,10 @@ $(OUTPUTDIR)/Dockerfile.base-devel: $(OUTPUTDIR)/base-devel.tar.zst # The following is for local builds only, it is not used by the CI/CD pipeline -.PHONY: oci-image-base +.PHONY: image-base image-base: $(OUTPUTDIR)/Dockerfile.base ${OCITOOL} build -f $(OUTPUTDIR)/Dockerfile.base -t archlinux/archlinux:base $(OUTPUTDIR) -.PHONY: oci-image-base-devel +.PHONY: image-base-devel image-base-devel: $(OUTPUTDIR)/Dockerfile.base-devel ${OCITOOL} build -f $(OUTPUTDIR)/Dockerfile.base-devel -t archlinux/archlinux:base-devel $(OUTPUTDIR) diff --git a/README.md b/README.md index 9b4bb88..f63139c 100644 --- a/README.md +++ b/README.md @@ -43,9 +43,9 @@ Install the following Arch Linux packages: Make sure your user can directly interact with Podman (i.e. `podman info` works). ### Usage -Run `make oci-image-base` to build the `archlinux:base` image with the -`base` meta package installed. You can also run `make oci-image-base-devel` to -build the image `archlinux:base-devel` which additionally has the `base-devel` group installed. +Run `make image-base` to build the `archlinux:base` image with the `base` meta +package installed. You can also run `make image-base-devel` to build the image +`archlinux:base-devel` which additionally has the `base-devel` group installed. ## Pipeline From 9c32b05bfa8a9baaa8f16b710983138a5362356e Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 16:19:39 +0100 Subject: [PATCH 6/7] README: rewrap, use standalone references Re-wrap the readme to about 80 columns and use standalone references for the long URLs. Reduces the eye-bleed for casual contributors. Signed-off-by: Emil Velikov --- README.md | 61 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 50 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index f63139c..aaf6ce6 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,25 @@ # Arch Linux OCI Images -[![pipeline status](https://gitlab.archlinux.org/archlinux/archlinux-docker/badges/master/pipeline.svg)](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/commits/master) +[![pipeline status][pipeline]][commits] Arch Linux provides OCI-Compliant container images in multiple repositories: -* [Weekly in the official DockerHub library](https://hub.docker.com/_/archlinux): `podman pull docker.io/library/archlinux:latest` or `docker pull archlinux:latest` -* [Daily in our DockerHub repository](https://hub.docker.com/r/archlinux/archlinux): `podman pull docker.io/archlinux/archlinux:latest` or `docker pull archlinux/archlinux:latest` -* [Daily in our quay.io repository](https://quay.io/repository/archlinux/archlinux): `podman pull quay.io/archlinux/archlinux:latest` or `docker pull quay.io/archlinux/archlinux:latest` -* [Daily in our ghcr.io repository](https://github.com/archlinux/archlinux-docker/pkgs/container/archlinux): `podman pull ghcr.io/archlinux/archlinux:latest` or `docker pull ghcr.io/archlinux/archlinux:latest` +* [Weekly in the official DockerHub library][hub-arch]: +`podman pull docker.io/library/archlinux:latest` or `docker pull archlinux:latest` +* [Daily in our DockerHub repository][hub-containers]: +`podman pull docker.io/archlinux/archlinux:latest` or `docker pull archlinux/archlinux:latest` +* [Daily in our quay.io repository][quay-containers]: +`podman pull quay.io/archlinux/archlinux:latest` or `docker pull quay.io/archlinux/archlinux:latest` +* [Daily in our ghcr.io repository][ghcr-containers]: +`podman pull ghcr.io/archlinux/archlinux:latest` or `docker pull ghcr.io/archlinux/archlinux:latest` -Two versions of the image are provided: `base` (approx. 150 MiB) and `base-devel` (approx. 260 MiB), containing the respective meta package. Both are available as tags with `latest` pointing to `base`. Additionally, images are tagged with their date and build job number, f.e. `base-devel-20201118.0.9436`. +Two versions of the image are provided: `base` (approx. 150 MiB) and `base-devel` +(approx. 260 MiB), containing the respective meta package. Both are available as +tags with `latest` pointing to `base`. Additionally, images are tagged with their +date and build job number, f.e. `base-devel-20201118.0.9436`. -While the images are regularly kept up to date it is strongly recommended running `pacman -Syu` right after starting a container due to the rolling release nature of Arch Linux. +While the images are regularly kept up to date it is strongly recommended +running `pacman -Syu` right after starting a container due to the rolling +release nature of Arch Linux. ## Principles * Provide the Arch experience in a Docker image @@ -29,7 +38,8 @@ While the images are regularly kept up to date it is strongly recommended runnin ## Building your own image -[This repository](https://gitlab.archlinux.org/archlinux/archlinux-docker) contains all scripts and files needed to create an OCI image for Arch Linux. +[This repository][self] contains all scripts and files needed to create an OCI +image for Arch Linux. ### Dependencies Install the following Arch Linux packages: @@ -51,12 +61,41 @@ package installed. You can also run `make image-base-devel` to build the image ### Daily releases -Daily images are build with scheduled [GitLab CI](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/master/.gitlab-ci.yml) using our own runner infrastructure. Initially root filesystem archives are constructed and provided in our [package registry](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/packages). The released multi-stage Dockerfile downloads those archives and verifies their integrity before unpacking it into an OCI image layer. Images are built using [podman](https://podman.io/), which also publishes them to our external repositories. +Daily images are build with scheduled [GitLab CI][in-tree-CI] using our own +runner infrastructure. Initially root filesystem archives are constructed and +provided in our [package registry][self-package-registry]. The released +multi-stage Dockerfile downloads those archives and verifies their integrity +before unpacking it into an OCI image layer. Images are built using +[podman](https://podman.io/), which also publishes them to our external +repositories. ### Weekly releases -Weekly releases to the official DockerHub library use the same pipeline as daily builds. Updates are provided as automatic [pull requests](https://github.com/docker-library/official-images/pulls?q=is%3Apr+archlinux+is%3Aclosed+author%3Aarchlinux-github) to the [official-images library](https://github.com/docker-library/official-images/blob/master/library/archlinux), whose GitHub pipeline will build the images using our provided rootfs archives and Dockerfiles. +Weekly releases to the official DockerHub library use the same pipeline as +daily builds. Updates are provided as automatic [pull requests][github-docker-prs] +to the [official-images library][github-docker-arch], whose GitHub pipeline will +build the images using our provided rootfs archives and Dockerfiles. ### Development -Changes in Git feature branches are built and tested using the pipeline as well. Development images are uploaded to our [GitLab Container Registry](https://gitlab.archlinux.org/archlinux/archlinux-docker/container_registry). +Changes in Git feature branches are built and tested using the pipeline as well. +Development images are uploaded to our +[GitLab Container Registry][self-container-registry]. + +[pipeline]: https://gitlab.archlinux.org/archlinux/archlinux-docker/badges/master/pipeline.svg +[commits]: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/commits/master + +[hub-arch]: https://hub.docker.com/_/archlinux +[hub-containers]: https://hub.docker.com/r/archlinux/archlinux +[quay-containers]: https://quay.io/repository/archlinux/archlinux +[ghcr-containers]: https://github.com/archlinux/archlinux-docker/pkgs/container/archlinux + +[self]: https://gitlab.archlinux.org/archlinux/archlinux-docker + +[in-tree-CI]: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/master/.gitlab-ci.yml +[self-package-registry]: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/packages + +[github-docker-prs]: https://github.com/docker-library/official-images/pulls?q=is%3Apr+archlinux+is%3Aclosed+author%3Aarchlinux-github +[github-docker-arch]: https://github.com/docker-library/official-images/blob/master/library/archlinux + +[self-container-registry]: https://gitlab.archlinux.org/archlinux/archlinux-docker/container_registry From ffd47f737e7ab2123f15df9effd2601fbb832554 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Mon, 7 Aug 2023 17:12:42 +0100 Subject: [PATCH 7/7] Use the in-tree mirrorlist Currently we use the system mirrorlist for the pacman invocation. The system config may or may not be identical to the in-tree one - as one of my dev machines was kind enough to remind me. The tooling should be self-contained and leak as few builder specific as possible. Signed-off-by: Emil Velikov --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 86b5714..38c8e37 100644 --- a/Makefile +++ b/Makefile @@ -10,9 +10,11 @@ define rootfs install -Dm644 /usr/share/devtools/pacman.conf.d/extra.conf $(BUILDDIR)/etc/pacman.conf cat pacman-conf.d-noextract.conf >> $(BUILDDIR)/etc/pacman.conf + sed 's/Include = /&rootfs/g' < $(BUILDDIR)/etc/pacman.conf > pacman.conf + fakechroot -- fakeroot -- pacman -Sy -r $(BUILDDIR) \ --noconfirm --dbpath $(BUILDDIR)/var/lib/pacman \ - --config $(BUILDDIR)/etc/pacman.conf \ + --config pacman.conf \ --noscriptlet \ --hookdir $(BUILDDIR)/alpm-hooks/usr/share/libalpm/hooks/ $(2)