From 861563823ccdc8251f4d76f39acff2786a4082ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Wed, 24 Apr 2024 11:19:09 +0200 Subject: [PATCH] create an osc container for package maintenance --- src/bci_build/package/__init__.py | 2 + src/bci_build/package/appcontainers.py | 72 ++++++++++++++++++ src/bci_build/package/osc/README.md.j2 | 97 +++++++++++++++++++++++++ src/bci_build/package/osc/entrypoint.sh | 17 +++++ 4 files changed, 188 insertions(+) create mode 100644 src/bci_build/package/osc/README.md.j2 create mode 100755 src/bci_build/package/osc/entrypoint.sh diff --git a/src/bci_build/package/__init__.py b/src/bci_build/package/__init__.py index 113daba08..a7300d715 100755 --- a/src/bci_build/package/__init__.py +++ b/src/bci_build/package/__init__.py @@ -1480,6 +1480,7 @@ def generate_disk_size_constraints(size_gb: int) -> str: from .appcontainers import MARIADB_CLIENT_CONTAINERS # noqa: E402 from .appcontainers import MARIADB_CONTAINERS # noqa: E402 from .appcontainers import NGINX_CONTAINERS # noqa: E402 +from .appcontainers import OSC_CONTAINER # noqa: E402 from .appcontainers import PCP_CONTAINERS # noqa: E402 from .appcontainers import POSTGRES_CONTAINERS # noqa: E402 from .appcontainers import PROMETHEUS_CONTAINERS # noqa: E402 @@ -1548,6 +1549,7 @@ def generate_disk_size_constraints(size_gb: int) -> str: *TOMCAT_CONTAINERS, *GCC_CONTAINERS, *SPACK_CONTAINERS, + OSC_CONTAINER, ) } diff --git a/src/bci_build/package/appcontainers.py b/src/bci_build/package/appcontainers.py index fd28f77f2..896200618 100644 --- a/src/bci_build/package/appcontainers.py +++ b/src/bci_build/package/appcontainers.py @@ -17,6 +17,7 @@ from bci_build.package import SupportLevel from bci_build.package import _build_tag_prefix from bci_build.package import generate_disk_size_constraints +from bci_build.package.basecontainers import _get_os_container_package_names _PCP_FILES = {} for filename in ( @@ -730,3 +731,74 @@ def _get_nginx_kwargs(os_version: OsVersion): ) for tomcat_major, os_version in product(_TOMCAT_VERSIONS, ALL_BASE_OS_VERSIONS) ] + +_BASE_PODMAN_OSC_CMD = ( + "podman run --rm -it " + + r"-v \$HOME/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z " + + r"-v \$HOME/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z" +) + +OSC_CONTAINER = ApplicationStackContainer( + name="osc", + pretty_name="Packaging", + package_name="packaging-image", + os_version=OsVersion.TUMBLEWEED, + is_latest=True, + version_in_uid=False, + version="%%osc_version%%", + replacements_via_service=[ + Replacement(regex_in_build_description="%%osc_version%%", package_name="osc") + ], + extra_files={ + "entrypoint.sh": (Path(__file__).parent / "osc" / "entrypoint.sh").read_bytes() + }, + extra_labels={ + "run": f"{_BASE_PODMAN_OSC_CMD} IMAGE", + "runcwd": f"{_BASE_PODMAN_OSC_CMD} -v .:/root/osc-workdir:z IMAGE", + }, + package_list=[ + "osc", + "obs-service-appimage", + "obs-service-cargo", + "obs-service-cdi_containers_meta", + "obs-service-compose_kiwi_description", + "obs-service-docker_label_helper", + "obs-service-download_assets", + "obs-service-download_files", + "obs-service-download_url", + "obs-service-extract_file", + "obs-service-format_spec_file", + "obs-service-go_modules", + "obs-service-kiwi_label_helper", + "obs-service-kiwi_metainfo_helper", + "obs-service-kubevirt_containers_meta", + "obs-service-node_modules", + "obs-service-obs_scm", + "cpio", + "obs-service-product_converter", + "obs-service-recompress", + "obs-service-refresh_patches", + "obs-service-replace_using_env", + "obs-service-replace_using_package_version", + "obs-service-set_version", + "obs-service-snapcraft", + "obs-service-source_validator", + "obs-service-tar", + "obs-service-tar_scm", + "obs-service-verify_file", + *_get_os_container_package_names(OsVersion.TUMBLEWEED), + "git", + "openssh-common", + "openssh-clients", + ], + cmd=["/bin/bash"], + custom_end="""WORKDIR /root/osc-workdir +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh +""", + entrypoint=["/usr/local/bin/entrypoint.sh"], + volumes=[ + # default location of the build root & package cache + "/var/tmp" + ], +) diff --git a/src/bci_build/package/osc/README.md.j2 b/src/bci_build/package/osc/README.md.j2 new file mode 100644 index 000000000..15a64d988 --- /dev/null +++ b/src/bci_build/package/osc/README.md.j2 @@ -0,0 +1,97 @@ +# OSC Packaging Container + +{% include 'badges.j2' %} + +This is the openSUSE packaging container image, it includes all the necessary +software to create and modify packages in the [Open Build +Service](https://build.opensuse.org/) using +[osc](https://github.com/openSUSE/osc/). + + +## How to use this container image + +This container image is intended for interactive usage with your `.oscrc` and +the osc cookiejar mounted into the container: + +```ShellSession +# podman run --rm -it \ + -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \ + -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:rw,z \ + {{ image.pretty_reference }} +``` + +The above command launches an interactive shell where your local osc config will +be used. You can then proceed to checkout packages, perform modifications and +send submissions to OBS. + +To work on an already checked out package, mount the current working directory: + +```ShellSession +# podman run --rm -it \ + -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \ + -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \ + -v .:/root/osc-workdir:z \ + {{ image.pretty_reference }} +``` + +The container entrypoint recognizes whether you are launching it for interactive +usage or whether you are invoking `osc` directly. For convenience, you can omit +the command `osc` in the second case. E.g.: + +```ShellSession +# podman run --rm -it \ + -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \ + -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \ + -v .:/root/osc-workdir:z \ + {{ image.pretty_reference }} ls openSUSE:Factory +``` + +The above command will automatically invoke forward the arguments to `osc` and +call `osc ls openSUSE:Factory`. + + +### Using the image labels + +The image provides two labels `run` and `runcwd` which include the full command +to run the `osc` container or run it with the local working directory mounted as +well. + +These labels can be shown via: + +```ShellSession +# podman container runlabel run --display {{ image.pretty_reference }} +# podman container runlabel runcwd --display {{ image.pretty_reference }} +``` + +Note that it is currently not yet possible to execute these labels with podman. + + +### Connecting to build.suse.de + +build.suse.de uses a ssh based authentication and thus requires additional +resources to be available in the container. Additionally, you have to provide +the internal certificate to the container as well: + +```ShellSession +# podman run --rm -it \ + -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \ + -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \ + -v /etc/ssl/ca-bundle.pem:/etc/ssl/ca-bundle.pem:ro,z \ + -v $SSH_AUTH_SOCK:/run/user/0/ssh-agent.socket:z \ + -e SSH_AUTH_SOCK=/var/run/user/0/ssh-agent.socket:z \ + -v "$PWD":/root/osc-workdir:z \ + {{ image.pretty_reference }} +``` + + +## Limitations + +- It is currently not possible to build packages in a container. + + +## Volumes + +The container image is preconfigured to put `/var/tmp` into a volume. This +directory is used by `osc` to store the buildroot and the package cache. + +{% include 'licensing_and_eula.j2' %} diff --git a/src/bci_build/package/osc/entrypoint.sh b/src/bci_build/package/osc/entrypoint.sh new file mode 100755 index 000000000..07e7bbf55 --- /dev/null +++ b/src/bci_build/package/osc/entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [[ ! -e /root/.config/osc/oscrc ]]; then + cat << EOF +This container is expected to be launched with your oscrc mounted to +/root/.config/osc/oscrc + +Please consult the README or the label 'run' for the full invocation. +EOF +fi + +if [[ "-h --help -v --verbose -q --quiet --debug --debugger --post-mortem --traceback -H --http-debug --http-full-debug -A --apiurl --config --setopt --no-keyring add addchannels addcontainers addremove ar aggregatepac api branch getpac bco branchco browse build wipe shell chroot buildconfig buildhistory buildhist buildinfo buildlog buildlogtail blt bl cat less blame changedevelrequest changedevelreq cr checkconstraints checkout co clean cleanassets ca clone comment commit checkin ci config copypac create-pbuild-config cpc createincident createrequest creq delete remove del rm deleterequest deletereq droprequest dropreq dr dependson detachbranch develproject dp bsdevelproject diff di ldiff linkdiff distributions dists downloadassets da enablechannels enablechannel fork getbinaries help importsrcpkg info init jobhistory jobhist linkpac linktobranch list LL lL ll ls localbuildlog lbl lock log maintainer bugowner maintenancerequest mr mbranch maintained sm meta mkpac mv my patchinfo pdiff prdiff projdiff projectdiff prjresults pr pull pull_request rdelete rdiff rebuild rebuildpac release releaserequest remotebuildlog remotebuildlogtail rbuildlogtail rblt rbuildlog rbl repairlink repairwc repo repositories platforms repos repourls request review rq requestmaintainership reqbs reqms reqmaintainership requestbugownership reqbugownership resolved restartbuild abortbuild results r revert rpmlintlog lint rpmlint rremove search bse se sendsysrq service setdevelproject sdp setlinkrev showlinked signkey staging status st submitrequest submitpac submitreq sr token triggerreason tr undelete unlock update up updatepacmetafromspec updatepkgmetafromspec metafromspec vc version whatdependson whois user who wipebinaries unpublish workerinfo" =~ (^|[[:space:]])$1($|[[:space:]]) ]]; then + # looks like the user is executing the container as the osc command + osc "$@" +else + exec "$@" +fi