Merge remote-tracking branch 'debuerreotype-vicamo/for-upstream/build…

…-eoled-ubuntu-suites'
vicamo · May 9, 2024 · f3c4d63 · f3c4d63
2 parents 7bc4865 + 2034c8a
commit f3c4d63
Show file tree

Hide file tree

Showing 5 changed files with 173 additions and 86 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -29,48 +29,97 @@ jobs:
             exit 1
           fi
 
+  image:
+    runs-on: ubuntu-latest
+    outputs:
+      metadata: ${{ steps.build.outputs.metadata }}
+    steps:
+      - name: Checkout Debuerreotype
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: v0.12.0
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: '.'
+          outputs: type=docker,dest=/tmp/debuerreotype.tar
+          tags: local/debuerreotype:latest
+
+      - name: Upload debuerreotype image tarball
+        uses: actions/upload-artifact@v4
+        with:
+          name: debuerreotype
+          path: /tmp/debuerreotype.tar
+
   test:
+    needs:
+      - image
     strategy:
       matrix:
         include:
-          - { SUITE: stable,    CODENAME: jessie,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 2dfa65652d6666e1f496886a2a9b3852bd43c1df55babe7009e8dbfe4a66ba69 }
-          - { SUITE: jessie,    CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 2dfa65652d6666e1f496886a2a9b3852bd43c1df55babe7009e8dbfe4a66ba69 }
-          - { SUITE: testing,   CODENAME: stretch, TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: f6a94df0a2eccdec7cabf576e009b639f6d011c7db62744cbc9f11b4067b5568 }
-          - { SUITE: stretch,   CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: f6a94df0a2eccdec7cabf576e009b639f6d011c7db62744cbc9f11b4067b5568 }
-          - { SUITE: unstable,  CODENAME: sid,     TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 87f46eeb98d44ff5742d87112d9cc45e51dbb1204d60cb4136b51f0edfce061f }
-          - { SUITE: sid,       CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 87f46eeb98d44ff5742d87112d9cc45e51dbb1204d60cb4136b51f0edfce061f }
-          - { SUITE: oldstable, CODENAME: wheezy,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: d19b91beb77aa6d32dbf45681a8510916d70ec74d2f499ee5559fc96ada025a1 }
-          - { SUITE: wheezy,    CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: d19b91beb77aa6d32dbf45681a8510916d70ec74d2f499ee5559fc96ada025a1 }
+          - { SUITE: stable,    CODENAME: jessie,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 6bec1ad527391127159338d2e82e7bcd5d29dc95d766d6aa374f3b3e850b9d76 }
+          - { SUITE: jessie,    CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 6bec1ad527391127159338d2e82e7bcd5d29dc95d766d6aa374f3b3e850b9d76 }
+          - { SUITE: testing,   CODENAME: stretch, TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 6dac0c6f25953747754421d258351e19ba06b2a9cf5076fa9b0bad470cba2992 }
+          - { SUITE: stretch,   CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 6dac0c6f25953747754421d258351e19ba06b2a9cf5076fa9b0bad470cba2992 }
+          - { SUITE: unstable,  CODENAME: sid,     TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 8d0e577a6bf851507bb9621c638c12b3e8ee0408519d33a51af41771fd30a8bc }
+          - { SUITE: sid,       CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 8d0e577a6bf851507bb9621c638c12b3e8ee0408519d33a51af41771fd30a8bc }
+          - { SUITE: oldstable, CODENAME: wheezy,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 03f69a953780cf00e4d948e510316a8c921c3cab3b29ca8875a66ba167ce8685 }
+          - { SUITE: wheezy,    CODENAME: "",      TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 03f69a953780cf00e4d948e510316a8c921c3cab3b29ca8875a66ba167ce8685 }
 
           # EOL suites testing
-          - { SUITE: eol, CODENAME: etch,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 893d436a060f2536f70efbdfd2e2952cf311eada558f858e6190c80b323b783e }
-          - { SUITE: eol, CODENAME: lenny, TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: c263084bc482b1538512eb091095dd30cf55a6873b989aeee9d4e148f2f3fafa }
+          - { SUITE: eol, CODENAME: etch,  TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 5d423f735b56944fe114a4d7e09defe68cc2f038c03e1a317fa2b22094cf4add }
+          - { SUITE: eol, CODENAME: lenny, TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 7ed0cc3787708dc4e18eb2b0c145942e153dd0b5fd7dbc6a5a0bc0f797424d00 }
           - { SUITE: eol, CODENAME: woody, ARCH: i386, TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: f80833896e141fbfebf8c91e79da2ccca1bdeb8f8ecc4e05dd33531c32857e0f }
-          - { SUITE: eol, CODENAME: jessie, TIMESTAMP: "2021-03-01T00:00:00Z", SHA256: 45c5553e989a8d42106029ec6f5e042bf48b29e08bf50e414f99f04c33b10fe9 }
+          - { SUITE: eol, CODENAME: jessie, TIMESTAMP: "2021-03-01T00:00:00Z", SHA256: 0fbf1bcba51788e82abeee22c722937fcdccb7691acbe9a006b5e2e1e9269ced }
 
           # deb822 / usr-is-merged testing
-          - { SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: 2ed537b8dc200640aa1596fdd1abb6cade2d1c924ac13ab1d9f4c937e0a13d59 }
-          - { SUITE: bookworm, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: b505752c6c9e862f77fa947270e9047541f0ccaee6302fa3935322671df436e9 }
-          - { SUITE: bullseye, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: cd39823e09ebc57cc3e6d4d57faa24ea6ddfab60f0519165a26f101ea94f13a0 }
+          - { SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: 356fcc802434e62f0fc119564ed1e8928e8dd214ba5d60ebe6c21ad90114e030 }
+          - { SUITE: bookworm, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: 3d987ea3627beb48477a938869b6533afa85b7a3523a1dc85adab47ce2b7ebc3 }
+          - { SUITE: bullseye, CODENAME: "", TIMESTAMP: "2022-09-30T00:00:00Z", SHA256: 34b966f822739d7e60084ab2510be0c517630e664331a6778d63f102830e0b92 }
 
           # qemu-debootstrap testing
-          - { ARCH: arm64,   SUITE: jessie,   CODENAME: "", TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: 45b3c398b472ff45399cc6cc633005f48d2359d0df8d905022d37a29434420cf }
-          - { ARCH: sh4,     SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-02-01T00:00:00Z", SHA256: 4eeb5e0581b85da5cd686daa390c059674e301a69b2be47d532686652baf98c4 }
-          - { ARCH: riscv64, SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-02-01T00:00:00Z", SHA256: 4f871585ea9888fe3330269eb2258c31f01aade35c0b3007f7755e9551845e4f }
+          - { ARCH: arm64,   SUITE: jessie,   CODENAME: "", TIMESTAMP: "2017-01-01T00:00:00Z", SHA256: e46787693f59f29613ebea25d89e52c51f5744a4917ff65d98791d0fe7ffb8a3 }
+          - { ARCH: sh4,     SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-02-01T00:00:00Z", SHA256: 4e1a8ab49496787a18f65d4c591b9b2548fa9f2b35b62d95ade194209b16c011 }
+          - { ARCH: riscv64, SUITE: unstable, CODENAME: "", TIMESTAMP: "2022-02-01T00:00:00Z", SHA256: da9282e5f748c3b8bb52eb13b31e5d72f31dcb14af95d41f30fc03660590230e }
 
           # a few entries for "today" to try and catch issues like https://github.com/debuerreotype/debuerreotype/issues/41 sooner
           - { SUITE: unstable,  CODENAME: "", TIMESTAMP: "today 00:00:00", SHA256: "" }
           - { SUITE: stable,    CODENAME: "", TIMESTAMP: "today 00:00:00", SHA256: "" }
           - { SUITE: oldstable, CODENAME: "", TIMESTAMP: "today 00:00:00", SHA256: "" }
 
+          - { DISTRO: ubuntu, SUITE: eol, CODENAME: breezy }
+          - { DISTRO: ubuntu, SUITE: eol, CODENAME: gutsy }
           - { DISTRO: ubuntu, SUITE: bionic }
+          - { DISTRO: ubuntu, SUITE: eol, CODENAME: cosmic, ARCH: armhf }
           - { DISTRO: ubuntu, SUITE: focal }
+          - { DISTRO: ubuntu, SUITE: focal, ARCH: i386 }
+          - { DISTRO: ubuntu, SUITE: jammy }
+          - { DISTRO: ubuntu, SUITE: noble }
       fail-fast: false
     name: Test ${{ matrix.DISTRO && format('{0} ', matrix.DISTRO) }}${{ matrix.SUITE }}${{ matrix.CODENAME && format(' ({0})', matrix.CODENAME) }}${{ matrix.ARCH && format(' [{0}]', matrix.ARCH) }}${{ matrix.TIMESTAMP && format(' at {0}', matrix.TIMESTAMP) }}
     runs-on: ubuntu-20.04
     env: ${{ matrix }}
     steps:
       - uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: v0.12.0
+      - name: Download debuerreotype image tarball
+        uses: actions/download-artifact@v4
+        with:
+          name: debuerreotype
+          path: /tmp
+      - name: Load debuerreotype image
+        run: docker load --input /tmp/debuerreotype.tar
+
       - name: Prepare Environment
         run: |
           sudo apt-get update -qq
@@ -80,5 +129,7 @@ jobs:
           ~/phe/hack-my-builds.sh
           rm -rf ~/phe
       - name: Build
+        env:
+          IMAGE: ${{ fromJSON(needs.image.outputs.metadata)['image.name'] }}
         run: |
           "./.validate-${DISTRO:-debian}.sh"
diff --git a/.validate-debian.sh b/.validate-debian.sh
@@ -21,13 +21,20 @@ if [ -n "${ARCH:-}" ]; then
 fi
 buildArgs+=( validate "$SUITE" "@$epoch" )
 
+dockerRunArgs=()
+if [ -z "${IMAGE}" ]; then
+	dockerRunArgs+=(--pull)
+else
+	dockerRunArgs+=(--no-build --image "${IMAGE}")
+fi
+
 checkFile="validate/$serial/${ARCH:-amd64}/${CODENAME:-$SUITE}/rootfs.tar.xz"
 mkdir -p validate
 
 set -x
 
 ./scripts/debuerreotype-version
-./docker-run.sh --pull ./examples/debian.sh "${buildArgs[@]}"
+./docker-run.sh "${dockerRunArgs[@]}" ./examples/debian.sh "${buildArgs[@]}"
 
 real="$(sha256sum "$checkFile" | cut -d' ' -f1)"
 [ -z "$SHA256" ] || [ "$SHA256" = "$real" ]
diff --git a/.validate-ubuntu.sh b/.validate-ubuntu.sh
@@ -1,24 +1,26 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-dockerImage="$(./.docker-image.sh)"
-dockerImage+='-ubuntu'
-{
-	cat Dockerfile - <<-'EODF'
-		RUN set -eux; \
-# https://bugs.debian.org/929165 :(
-# http://snapshot.debian.org/package/ubuntu-keyring/
-# http://snapshot.debian.org/package/ubuntu-keyring/2020.06.17.1-1/
-			wget -O ubuntu-keyring.deb 'http://snapshot.debian.org/archive/debian/20210307T083530Z/pool/main/u/ubuntu-keyring/ubuntu-keyring_2020.06.17.1-1_all.deb'; \
-			echo 'c2d8c4a9be6244bbea80c2e0e7624cbd3a2006a2 *ubuntu-keyring.deb' | sha1sum --strict --check -; \
-			apt-get install -y --no-install-recommends ./ubuntu-keyring.deb; \
-			rm ubuntu-keyring.deb
-	EODF
-} | docker build --pull --tag "$dockerImage" --file - .
+buildArgs=()
+if [ "$SUITE" = 'eol' ]; then
+	buildArgs+=( '--eol' )
+	SUITE="$CODENAME"
+fi
+if [ -n "${ARCH:-}" ]; then
+	buildArgs+=( "--arch=${ARCH}" )
+fi
+buildArgs+=( validate "$SUITE" )
+
+dockerRunArgs=()
+if [ -z "${IMAGE}" ]; then
+	dockerRunArgs+=(--pull)
+else
+	dockerRunArgs+=(--no-build --image "${IMAGE}")
+fi
 
 mkdir -p validate
 
 set -x
 
 ./scripts/debuerreotype-version
-./docker-run.sh --image="$dockerImage" --no-build ./examples/ubuntu.sh validate "$SUITE"
+./docker-run.sh "${dockerRunArgs[@]}" ./examples/ubuntu.sh "${buildArgs[@]}"
diff --git a/Dockerfile b/Dockerfile
@@ -9,13 +9,18 @@
 #   debootstrap --variant=minbase bullseye /tmp/docker-rootfs
 #   tar -cC /tmp/docker-rootfs . | docker import - debian:bullseye-slim
 # (or your own favorite set of "debootstrap" commands to create a base image for building this one FROM)
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		debian-ports-archive-keyring \
 		debootstrap \
+# https://github.com/debuerreotype/debuerreotype/issues/100
+# https://tracker.debian.org/pkg/distro-info-data
+# http://snapshot.debian.org/package/distro-info-data/
+# http://snapshot.debian.org/package/distro-info-data/0.58/
+		distro-info-data \
 		wget ca-certificates \
 		xz-utils \
 		\
@@ -27,16 +32,14 @@ RUN set -eux; \
 ENV WGETRC /.wgetrc
 RUN echo 'hsts=0' >> "$WGETRC"
 
-# https://github.com/debuerreotype/debuerreotype/issues/100
-# https://tracker.debian.org/pkg/distro-info-data
-# http://snapshot.debian.org/package/distro-info-data/
-# http://snapshot.debian.org/package/distro-info-data/0.58/
+# https://bugs.debian.org/929165 :(
+# http://snapshot.debian.org/package/ubuntu-keyring/
+# http://snapshot.debian.org/package/ubuntu-keyring/2020.06.17.1-1/
 RUN set -eux; \
-	wget -O distro-info-data.deb 'http://snapshot.debian.org/archive/debian/20230429T210410Z/pool/main/d/distro-info-data/distro-info-data_0.58_all.deb'; \
-	echo '95dcdf68159f5fd64b678fa17c0f88f86389eb04 *distro-info-data.deb' | sha1sum --strict --check -; \
-	apt-get install -y ./distro-info-data.deb; \
-	rm distro-info-data.deb; \
-	[ -s /usr/share/distro-info/debian.csv ]
+	wget -O ubuntu-keyring.deb 'http://snapshot.debian.org/archive/debian/20210307T083530Z/pool/main/u/ubuntu-keyring/ubuntu-keyring_2020.06.17.1-1_all.deb'; \
+	echo 'c2d8c4a9be6244bbea80c2e0e7624cbd3a2006a2 *ubuntu-keyring.deb' | sha1sum --strict --check -; \
+	apt-get install -y --no-install-recommends ./ubuntu-keyring.deb; \
+	rm ubuntu-keyring.deb
 
 RUN set -eux; \
 	apt-get update; \
@@ -49,33 +52,7 @@ RUN set -eux; \
 	wget -O debootstrap-download-main.patch 'https://people.debian.org/~tianon/debootstrap-mr-63--download_main.patch'; \
 	echo 'ceae8f508a9b49236fa4519a44a584e6c774aa0e4446eb1551f3b69874a4cde5 *debootstrap-download-main.patch' | sha256sum --strict --check -; \
 	patch --input=debootstrap-download-main.patch /usr/share/debootstrap/functions; \
-	rm debootstrap-download-main.patch; \
-	\
-# https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/76
-	if ! grep EXCLUDE_DEPENDENCY /usr/sbin/debootstrap; then \
-		wget -O debootstrap-exclude-usrmerge.patch 'https://people.debian.org/~tianon/debootstrap-mr-76--exclude-usrmerge.patch'; \
-		echo '4aae49edcd562d8f38bcbc00b26ae485f4e65dd36bd4a250a16cdb912398df7e *debootstrap-exclude-usrmerge.patch' | sha256sum --strict --check -; \
-		sed -ri \
-			-e 's!([ab])/debootstrap!\1/usr/sbin/debootstrap!g' \
-			-e 's!([ab])/scripts/debian-common!\1/usr/share/debootstrap/scripts/debian-common!g' \
-			debootstrap-exclude-usrmerge.patch \
-		; \
-		patch -p1 --input="$PWD/debootstrap-exclude-usrmerge.patch" --directory=/; \
-		rm debootstrap-exclude-usrmerge.patch; \
-	fi; \
-	\
-# https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/81
-	if ! grep EXCLUDE_DEPENDENCY /usr/share/debootstrap/functions; then \
-		wget -O debootstrap-exclude-usrmerge-harder.patch 'https://people.debian.org/~tianon/debootstrap-mr-81--exclude-usrmerge-harder.patch'; \
-		echo 'ed65c633dd3128405193eef92355a27a3302dc0c558adf956f04af4500a004c9 *debootstrap-exclude-usrmerge-harder.patch' | sha256sum --strict --check -; \
-		sed -ri \
-			-e 's!([ab])/debootstrap!\1/usr/sbin/debootstrap!g' \
-			-e 's!([ab])/functions!\1/usr/share/debootstrap/functions!g' \
-			debootstrap-exclude-usrmerge-harder.patch \
-		; \
-		patch -p1 --input="$PWD/debootstrap-exclude-usrmerge-harder.patch" --directory=/; \
-		rm debootstrap-exclude-usrmerge-harder.patch; \
-	fi
+	rm debootstrap-download-main.patch
 
 # see ".dockerignore"
 COPY . /opt/debuerreotype