From 1c2c18a16a1e18d9680fe72d444094b386b05231 Mon Sep 17 00:00:00 2001 From: Ted Hess Date: Wed, 5 Dec 2018 13:35:05 -0500 Subject: [PATCH] CircleCI: Do not run build as root. Move to public docker repo. Change docker hub repository to 'openwrtorg'. Create and use non-root user 'build'. Add xz-utils and unzip. Use version numbers for docker images (SHA has no sense of time). Disable pipefail in build step Signed-off-by: Ted Hess --- .circleci/Dockerfile | 6 ++++++ .circleci/README | 6 +++--- .circleci/config.yml | 3 ++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile index 6eea9d250..b619ffd74 100644 --- a/.circleci/Dockerfile +++ b/.circleci/Dockerfile @@ -14,8 +14,14 @@ subversion \ time \ wget \ zlib1g-dev \ +unzip \ +xz-utils \ && rm -rf /var/lib/apt/lists/* +RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build +USER build +ENV HOME /home/build + # LEDE Build System (LEDE GnuPG key for unattended build jobs) RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \ && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust diff --git a/.circleci/README b/.circleci/README index 3bd10119b..8b26582ef 100644 --- a/.circleci/README +++ b/.circleci/README @@ -1,6 +1,6 @@ # Build/update the docker image docker pull debian:9 -docker build --rm . -docker tag docker.io/champtar/openwrtpackagesci:latest -docker push docker.io/champtar/openwrtpackagesci:latest +docker build --rm -t docker.io/openwrtorg/packages-cci:latest . +docker tag docker.io/openwrtorg/packages-cci: +docker push docker.io/openwrtorg/packages-cci diff --git a/.circleci/config.yml b/.circleci/config.yml index ed4ca96a6..8a8bef1c5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2.0 jobs: build: docker: - - image: docker.io/champtar/openwrtpackagesci@sha256:96ef72edc70cba371ea5676fba15ee25b3a94f538f648a27454b699edce61da0 + - image: docker.io/openwrtorg/packages-cci:v1.0.1 environment: - SDK_BASE_URL: "https://downloads.openwrt.org/snapshots/targets/ar71xx/generic" - SDK_FILE: "openwrt-sdk-ar71xx-generic_gcc-7.3.0_musl.Linux-x86_64.tar.xz" @@ -89,6 +89,7 @@ jobs: name: Download source/check/compile working_directory: ~/build_dir command: | + set +o pipefail PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -v '/files/' | awk -F/ '{ print $(NF-1) }') if [ -z "$PKGS" ] ; then echo_blue "WARNING: No new or modified packages found!"