ci: cleanup Dockerfile

5 years ago · 82fdf7e03d
parent fee1578dab
commit 82fdf7e03d
3 changed files with 72 additions and 47 deletions
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@ -1,39 +1,65 @@
 # initialize from the image

-FROM python:3.7.3
+FROM debian:10

 ARG TOOLCHAIN_FLAVOR=linux
-ENV TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR
+ENV TOOLCHAIN_FLAVOR=${TOOLCHAIN_FLAVOR}
+
+ARG FULLDEPS_TESTING=0
+ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}

 # install build tools and dependencies

 RUN apt-get update && apt-get install -y \
-    build-essential wget git libsodium-dev graphviz \
-    valgrind check libssl-dev libusb-1.0-0-dev libudev-dev zlib1g-dev \
-    libsdl2-dev libsdl2-image-dev
-
-# install clang-format 6 from backports
-RUN echo "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list
-RUN apt-get update && apt-get install -t stretch-backports -y clang-format-6.0
-RUN ln -s clang-format-6.0 /usr/bin/clang-format
-
-# TODO are all apt packages actually needed?
-
-# Install Python 3.5 from Debian
-RUN apt-get install -y python3.5-dev
+        build-essential \
+        check \
+        clang-format \
+        git \
+        graphviz \
+        libjpeg-dev \
+        libsdl2-dev \
+        libsdl2-image-dev \
+        libsodium-dev \
+        libssl-dev \
+        libudev-dev \
+        libusb-1.0-0-dev \
+        valgrind \
+        wget \
+        zlib1g-dev
+
+# install python 3.7.3 + pip from the image
+
+RUN apt-get install -y \
+    python3-dev \
+    python3-pip
+
+# install other python versions from their sources
+
+RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
+        export PYTHON35VER="3.5.7" ; \
+        wget --no-verbose https://www.python.org/ftp/python/${PYTHON35VER}/Python-${PYTHON35VER}.tgz ; \
+        tar zxf Python-${PYTHON35VER}.tgz ; \
+        cd Python-${PYTHON35VER}/ && ./configure && make && make install ; \
+    fi

-# Install Python 3.6 and 3.8 from source, assuming we have 3.7 from the docker image
-RUN wget --no-verbose https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
-RUN tar zxf Python-3.6.9.tgz
-RUN cd Python-3.6.9/ && ./configure && make && make install
+RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
+        export PYTHON36VER="3.6.9" ; \
+        wget --no-verbose https://www.python.org/ftp/python/${PYTHON36VER}/Python-${PYTHON36VER}.tgz ; \
+        tar zxf Python-${PYTHON36VER}.tgz ; \
+        cd Python-${PYTHON36VER}/ && ./configure && make && make install ; \
+    fi

-RUN wget --no-verbose https://www.python.org/ftp/python/3.8.0/Python-3.8.0b3.tgz
-RUN tar zxf Python-3.8.0b3.tgz
-RUN cd Python-3.8.0b3/ && ./configure && make && make install
+RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
+        export PYTHON38VER="3.8.0" ; \
+        export PYTHONSUBVER="b3"; \
+        wget --no-verbose https://www.python.org/ftp/python/${PYTHON38VER}/Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
+        tar zxf Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
+        cd Python-${PYTHON38VER}${PYTHONSUBVER}/ && ./configure && make && make install ; \
+    fi

 # install dependencies from toolchain source build

-RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \
+RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
        apt-get install -y autoconf autogen bison dejagnu \
                           flex flip gawk git gperf gzip nsis \
                           openssh-client p7zip-full perl python-dev \
@ -43,24 +69,22 @@ RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \

 # download toolchain

-ENV TOOLCHAIN_SHORTVER=8-2018q4
-ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-8-2018-q4-major
-ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/$TOOLCHAIN_SHORTVER/$TOOLCHAIN_LONGVER-$TOOLCHAIN_FLAVOR.tar.bz2
-ENV TOOLCHAIN_HASH_linux=fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52
-ENV TOOLCHAIN_HASH_src=bc228325dbbfaf643f2ee5d19e01d8b1873fcb9c31781b5e1355d40a68704ce7
+ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-8-2019-q3-update
+ENV TOOLCHAIN_SUBDIR="8-2019q3/RC1.1"
+ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/${TOOLCHAIN_SUBDIR}/${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
+ENV TOOLCHAIN_HASH_linux=b50b02b0a16e5aad8620e9d7c31110ef285c1dde28980b1a9448b764d77d8f92
+ENV TOOLCHAIN_HASH_src=e8a8ddfec47601f2d83f1d80c0600f198476f227102121c8d6a5a781d0c2eeef

 # extract toolchain

-RUN cd /opt && wget --no-verbose $TOOLCHAIN_URL
-
-RUN cd /opt && echo "$TOOLCHAIN_HASH_linux $TOOLCHAIN_LONGVER-linux.tar.bz2\n$TOOLCHAIN_HASH_src $TOOLCHAIN_LONGVER-src.tar.bz2" | sha256sum -c --ignore-missing
-
-RUN cd /opt && tar xfj $TOOLCHAIN_LONGVER-$TOOLCHAIN_FLAVOR.tar.bz2
+RUN cd /opt && wget --no-verbose ${TOOLCHAIN_URL}
+RUN cd /opt && echo "${TOOLCHAIN_HASH_linux} ${TOOLCHAIN_LONGVER}-linux.tar.bz2\n${TOOLCHAIN_HASH_src} ${TOOLCHAIN_LONGVER}-src.tar.bz2" | sha256sum -c --ignore-missing
+RUN cd /opt && tar xfj ${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2

 # build toolchain (if required)

-RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \
-        pushd /opt/$TOOLCHAIN_LONGVER ; \
+RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
+        pushd /opt/${TOOLCHAIN_LONGVER} ; \
        ./install-sources.sh --skip_steps=mingw32 ; \
        ./build-prerequisites.sh --skip_steps=mingw32 ; \
        ./build-toolchain.sh --skip_steps=mingw32,manual ; \
@ -76,14 +100,14 @@ RUN echo "${PROTOBUF_HASH} protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" | sha256

 # setup toolchain

-ENV PATH=/opt/$TOOLCHAIN_LONGVER/bin:$PATH
+ENV PATH=/opt/${TOOLCHAIN_LONGVER}/bin:${PATH}

 ENV LC_ALL=C.UTF-8 LANG=C.UTF-8

-# use zipfile module to extract files world-readable
-ENV PYTHON=python
+ENV PYTHON=python3

-RUN $PYTHON -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
+# use zipfile module to extract files world-readable
+RUN ${PYTHON} -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc

 ENV WORKON_HOME=/tmp/.venvs

@ -93,14 +117,16 @@ ENV TREZOR_MONERO_TESTS_SHA256SUM=140a16b3d6105b5e8e88a93b451e9600a36ed23928ea3c
 ENV TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.14.1.0-tests-u14.04-01/trezor_tests"
 ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"

-RUN wget --no-verbose "$TREZOR_MONERO_TESTS_URL" -O "$TREZOR_MONERO_TESTS_PATH" \
-    && chmod +x "$TREZOR_MONERO_TESTS_PATH"
-RUN echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c
+RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
+        wget --no-verbose "${TREZOR_MONERO_TESTS_URL}" -O "${TREZOR_MONERO_TESTS_PATH}" ; \
+        chmod +x "${TREZOR_MONERO_TESTS_PATH}" ; \
+        echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c ; \
+    fi

 # install python dependencies

-RUN pip install pipenv
+RUN ${PYTHON} -m pip install pipenv

-RUN $PYTHON --version
-RUN pip --version
+RUN ${PYTHON} --version
+RUN ${PYTHON} -m pip --version
 RUN pipenv --version
--- a/ci/environment.yml
+++ b/ci/environment.yml
@ -11,6 +11,6 @@ environment:
    - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
  script:
    - docker pull $CONTAINER_NAME:latest || true
-    - docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest ci/
+    - docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/
    - docker push $CONTAINER_NAME:$CI_COMMIT_SHA
    - docker push $CONTAINER_NAME:latest
--- a/ci/test.yml
+++ b/ci/test.yml
@ -48,7 +48,6 @@ test crypto:
    - cd crypto
    - ./tests/aestst
    - ./tests/test_check
-    - CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./tests/test_check
    - ./tests/test_openssl 1000
    - ITERS=10 pipenv run pytest tests