From a31c8cf370fd56e744df7a012d474a593f2698ca Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordan@centricular.com>
Date: Mon, 29 Jul 2024 14:10:04 +0300
Subject: [PATCH] ci: Push a dedicated toolbox image

This is mostly done to remove the hardcoded HOME
env var that ci-templates appends to the image. See [1]

[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433#note_2243222

But it also allows us to add extra things useful for local
development to it, as long they don't interfere with the
build enviornment.

This also means we can switch the build image to be based
on top of the normal fedora one rather than toolbox,
so it will no longer advertise the toolbox compatible labels
since it was buggy anyway.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7455>
---
 .gitlab-ci.yml                    |  16 +++-
 ci/docker/fedora/install-deps.sh  |   2 +-
 ci/docker/fedora/prepare.sh       |   4 +-
 ci/scripts/build-toolbox-image.sh | 149 ++++++++++++++++++++++++++++++
 4 files changed, 167 insertions(+), 4 deletions(-)
 create mode 100644 ci/scripts/build-toolbox-image.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6483aa58da..e691286496 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -130,7 +130,6 @@ trigger:
 .fedora image:
   variables:
     CCACHE_DIR: '/cache/gstreamer/gstreamer/ccache/'
-    FDO_BASE_IMAGE: 'registry.fedoraproject.org/fedora-toolbox:40'
     FDO_DISTRIBUTION_VERSION: '40'
     FDO_REPO_SUFFIX: "$FEDORA_AMD64_SUFFIX"
     FDO_DISTRIBUTION_TAG: "$FEDORA_TAG-$GST_UPSTREAM_BRANCH"
@@ -146,6 +145,21 @@ fedora amd64 docker:
   # (which has faster network connectivity to the registry).
   tags: [ 'placeholder-job' ]
 
+# Build a toolbox specific image to workaround ci-templates
+fedora amd64 toolbox:
+  image: quay.io/freedesktop.org/ci-templates:container-build-base-2024-01-31.0
+  stage: 'preparation'
+  needs: ["fedora amd64 docker"]
+  # Note: assumption is that placeholder jobs run on a packet runner
+  # (which has faster network connectivity to the registry).
+  tags: [ 'placeholder-job' ]
+  variables:
+    GST_CI_IMAGE: !reference [".build fedora x86_64", "variables", FDO_DISTRIBUTION_IMAGE]
+    FDO_DISTRIBUTION_TAG: !reference [".fedora image", "variables", FDO_DISTRIBUTION_TAG]
+    FDO_REPO_SUFFIX: !reference [".fedora image", "variables", FDO_REPO_SUFFIX]
+  script:
+    - bash ci/scripts/build-toolbox-image.sh $GST_CI_IMAGE $FDO_DISTRIBUTION_TAG $GST_UPSTREAM_BRANCH
+
 .debian image:
   variables:
     CCACHE_DIR: '/cache/gstreamer/gstreamer/ccache_debian/'
diff --git a/ci/docker/fedora/install-deps.sh b/ci/docker/fedora/install-deps.sh
index 8471e36af9..17e1f00370 100644
--- a/ci/docker/fedora/install-deps.sh
+++ b/ci/docker/fedora/install-deps.sh
@@ -8,7 +8,7 @@ sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
 dnf -y swap coreutils-single coreutils-full
 
 # Add rpm fusion repositories in order to access all of the gst plugins
-sudo dnf install -y \
+dnf install -y \
   "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" \
   "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
 
diff --git a/ci/docker/fedora/prepare.sh b/ci/docker/fedora/prepare.sh
index 096c130f57..3589add372 100644
--- a/ci/docker/fedora/prepare.sh
+++ b/ci/docker/fedora/prepare.sh
@@ -2,12 +2,12 @@
 
 set -eux
 
+bash ./ci/docker/fedora/install-deps.sh
+
 # Configure git for various usage
 git config --global user.email "gstreamer@gstreamer.net"
 git config --global user.name "Gstbuild Runner"
 
-bash ./ci/docker/fedora/install-deps.sh
-
 bash ./ci/scripts/install-rust.sh
 
 bash ./ci/docker/fedora/virtme-fluster-setup.sh
diff --git a/ci/scripts/build-toolbox-image.sh b/ci/scripts/build-toolbox-image.sh
new file mode 100644
index 0000000000..063767e5a3
--- /dev/null
+++ b/ci/scripts/build-toolbox-image.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+# vi: sw=2 ts=4
+
+# Shameless copy of the script from gnome-shell
+# https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/main/.gitlab-ci/build-toolbox-image.sh?ref_type=heads
+
+set -e
+
+die() {
+  echo "$@" >&2
+  exit 1
+}
+
+check_image_base() {
+  local base=$(
+    skopeo inspect docker://$TOOLBOX_IMAGE 2>/dev/null |
+    jq -r '.Labels["org.opencontainers.image.base.name"]')
+  [[ "$base" == "$BASE_CI_IMAGE" ]]
+}
+
+build_container() {
+  echo Building $TOOLBOX_IMAGE from $BASE_CI_IMAGE
+
+  export BUILDAH_ISOLATION=chroot
+  export BUILDAH_FORMAT=docker
+
+  local build_cntr=$(buildah from $BASE_CI_IMAGE)
+  local build_mnt=$(buildah mount $build_cntr)
+
+  [[ -n "$build_mnt" && -n "$build_cntr" ]] || die "Failed to mount the container"
+
+  # Copy pasted from github
+  # https://github.com/containers/toolbox/blob/main/images/fedora/f39/extra-packages
+  local extra_packages=(
+    bash-completion
+    bc
+    bzip2
+    cracklib-dicts
+    diffutils
+    dnf-plugins-core
+    findutils
+    flatpak-spawn
+    fpaste
+    gawk-all-langpacks
+    git
+    glibc-gconv-extra
+    gnupg2
+    gnupg2-smime
+    gvfs-client
+    hostname
+    iproute
+    iputils
+    keyutils
+    krb5-libs
+    less
+    lsof
+    man-db
+    man-pages
+    mesa-dri-drivers
+    mesa-vulkan-drivers
+    mtr
+    nano-default-editor
+    nss-mdns
+    openssh-clients
+    passwd
+    pigz
+    procps-ng
+    psmisc
+    rsync
+    shadow-utils
+    sudo
+    tcpdump
+    "time"
+    traceroute
+    tree
+    unzip
+    util-linux
+    vte-profile
+    vulkan-loader
+    wget
+    which
+    whois
+    words
+    xorg-x11-xauth
+    xz
+    zip
+  )
+  local our_extra_packages=(
+    gdb
+    ripgrep
+    fish
+    zsh
+  )
+  # local debug_packages=(
+  #   glib2
+  # )
+
+  buildah run $build_cntr dnf -y swap coreutils-single coreutils-full
+  buildah run $build_cntr dnf -y swap glibc-minimal-langpack glibc-all-langpacks
+
+  buildah run $build_cntr dnf install -y "${extra_packages[@]}"
+  buildah run $build_cntr dnf install -y "${our_extra_packages[@]}"
+  # buildah run $build_cntr dnf debuginfo-install -y "${debug_packages[@]}"
+
+  buildah run $build_cntr dnf clean all
+  buildah run $build_cntr rm -rf /var/lib/cache/dnf
+
+  # Remove the hardcoded HOME env var that ci-templates adds
+  # https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433#note_2243222
+  # Also add the OCI labels that toolbox expects, to advertize that image is compatible
+  buildah config --env HOME- \
+    --label com.github.containers.toolbox=true \
+    --label org.opencontainers.image.base.name=$BASE_CI_IMAGE \
+    $build_cntr
+
+  buildah commit $build_cntr $TOOLBOX_IMAGE
+  buildah tag $TOOLBOX_IMAGE $TOOLBOX_LATEST
+}
+
+BASE_CI_IMAGE="$1"
+TOOLBOX_BRANCH="$2"
+GST_UPSTREAM_BRANCH="$3"
+
+TOOLBOX_IMAGE="$CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:gst-toolbox-${TOOLBOX_BRANCH}"
+# push an unversioned tag to make it easier to use.
+# ex. pull foobar:toolbox-main
+TOOLBOX_LATEST="$CI_REGISTRY_IMAGE/$FDO_REPO_SUFFIX:gst-toolbox-${GST_UPSTREAM_BRANCH}"
+
+[[ -n "$BASE_CI_IMAGE" && -n "$TOOLBOX_BRANCH" && -n "$GST_UPSTREAM_BRANCH" ]] ||
+  die "Usage: $(basename $0) BASE_CI_IMAGE TOOLBOX TAG GST_UPSTREAM_BRANCH"
+
+[[ -n "$CI_REGISTRY" && -n "$CI_REGISTRY_USER" && -n "$CI_REGISTRY_PASSWORD" ]] ||
+  die "Insufficient information to log in."
+
+podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+
+if check_image_base; then
+  echo Image $TOOLBOX_IMAGE exists and is up to date.
+  exit 0
+fi
+
+build_container
+
+podman push "$TOOLBOX_IMAGE"
+podman push "$TOOLBOX_LATEST"
+
+echo "Create your toolbox with either of the following commands"
+echo "     $ toolbox create gst-toolbox --image $TOOLBOX_LATEST"
+echo "     $ toolbox create gst-toolbox-$TOOLBOX_BRANCH --image $TOOLBOX_IMAGE"