mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 07:28:10 +00:00
ci: cleanup Dockerfile
This commit is contained in:
parent
fee1578dab
commit
82fdf7e03d
110
ci/Dockerfile
110
ci/Dockerfile
@ -1,39 +1,65 @@
|
|||||||
# initialize from the image
|
# initialize from the image
|
||||||
|
|
||||||
FROM python:3.7.3
|
FROM debian:10
|
||||||
|
|
||||||
ARG TOOLCHAIN_FLAVOR=linux
|
ARG TOOLCHAIN_FLAVOR=linux
|
||||||
ENV TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR
|
ENV TOOLCHAIN_FLAVOR=${TOOLCHAIN_FLAVOR}
|
||||||
|
|
||||||
|
ARG FULLDEPS_TESTING=0
|
||||||
|
ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}
|
||||||
|
|
||||||
# install build tools and dependencies
|
# install build tools and dependencies
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y \
|
RUN apt-get update && apt-get install -y \
|
||||||
build-essential wget git libsodium-dev graphviz \
|
build-essential \
|
||||||
valgrind check libssl-dev libusb-1.0-0-dev libudev-dev zlib1g-dev \
|
check \
|
||||||
libsdl2-dev libsdl2-image-dev
|
clang-format \
|
||||||
|
git \
|
||||||
|
graphviz \
|
||||||
|
libjpeg-dev \
|
||||||
|
libsdl2-dev \
|
||||||
|
libsdl2-image-dev \
|
||||||
|
libsodium-dev \
|
||||||
|
libssl-dev \
|
||||||
|
libudev-dev \
|
||||||
|
libusb-1.0-0-dev \
|
||||||
|
valgrind \
|
||||||
|
wget \
|
||||||
|
zlib1g-dev
|
||||||
|
|
||||||
# install clang-format 6 from backports
|
# install python 3.7.3 + pip from the image
|
||||||
RUN echo "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list
|
|
||||||
RUN apt-get update && apt-get install -t stretch-backports -y clang-format-6.0
|
|
||||||
RUN ln -s clang-format-6.0 /usr/bin/clang-format
|
|
||||||
|
|
||||||
# TODO are all apt packages actually needed?
|
RUN apt-get install -y \
|
||||||
|
python3-dev \
|
||||||
|
python3-pip
|
||||||
|
|
||||||
# Install Python 3.5 from Debian
|
# install other python versions from their sources
|
||||||
RUN apt-get install -y python3.5-dev
|
|
||||||
|
|
||||||
# Install Python 3.6 and 3.8 from source, assuming we have 3.7 from the docker image
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
RUN wget --no-verbose https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
|
export PYTHON35VER="3.5.7" ; \
|
||||||
RUN tar zxf Python-3.6.9.tgz
|
wget --no-verbose https://www.python.org/ftp/python/${PYTHON35VER}/Python-${PYTHON35VER}.tgz ; \
|
||||||
RUN cd Python-3.6.9/ && ./configure && make && make install
|
tar zxf Python-${PYTHON35VER}.tgz ; \
|
||||||
|
cd Python-${PYTHON35VER}/ && ./configure && make && make install ; \
|
||||||
|
fi
|
||||||
|
|
||||||
RUN wget --no-verbose https://www.python.org/ftp/python/3.8.0/Python-3.8.0b3.tgz
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
RUN tar zxf Python-3.8.0b3.tgz
|
export PYTHON36VER="3.6.9" ; \
|
||||||
RUN cd Python-3.8.0b3/ && ./configure && make && make install
|
wget --no-verbose https://www.python.org/ftp/python/${PYTHON36VER}/Python-${PYTHON36VER}.tgz ; \
|
||||||
|
tar zxf Python-${PYTHON36VER}.tgz ; \
|
||||||
|
cd Python-${PYTHON36VER}/ && ./configure && make && make install ; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
|
export PYTHON38VER="3.8.0" ; \
|
||||||
|
export PYTHONSUBVER="b3"; \
|
||||||
|
wget --no-verbose https://www.python.org/ftp/python/${PYTHON38VER}/Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
|
||||||
|
tar zxf Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
|
||||||
|
cd Python-${PYTHON38VER}${PYTHONSUBVER}/ && ./configure && make && make install ; \
|
||||||
|
fi
|
||||||
|
|
||||||
# install dependencies from toolchain source build
|
# install dependencies from toolchain source build
|
||||||
|
|
||||||
RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \
|
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
|
||||||
apt-get install -y autoconf autogen bison dejagnu \
|
apt-get install -y autoconf autogen bison dejagnu \
|
||||||
flex flip gawk git gperf gzip nsis \
|
flex flip gawk git gperf gzip nsis \
|
||||||
openssh-client p7zip-full perl python-dev \
|
openssh-client p7zip-full perl python-dev \
|
||||||
@ -43,24 +69,22 @@ RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \
|
|||||||
|
|
||||||
# download toolchain
|
# download toolchain
|
||||||
|
|
||||||
ENV TOOLCHAIN_SHORTVER=8-2018q4
|
ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-8-2019-q3-update
|
||||||
ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-8-2018-q4-major
|
ENV TOOLCHAIN_SUBDIR="8-2019q3/RC1.1"
|
||||||
ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/$TOOLCHAIN_SHORTVER/$TOOLCHAIN_LONGVER-$TOOLCHAIN_FLAVOR.tar.bz2
|
ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/${TOOLCHAIN_SUBDIR}/${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
|
||||||
ENV TOOLCHAIN_HASH_linux=fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52
|
ENV TOOLCHAIN_HASH_linux=b50b02b0a16e5aad8620e9d7c31110ef285c1dde28980b1a9448b764d77d8f92
|
||||||
ENV TOOLCHAIN_HASH_src=bc228325dbbfaf643f2ee5d19e01d8b1873fcb9c31781b5e1355d40a68704ce7
|
ENV TOOLCHAIN_HASH_src=e8a8ddfec47601f2d83f1d80c0600f198476f227102121c8d6a5a781d0c2eeef
|
||||||
|
|
||||||
# extract toolchain
|
# extract toolchain
|
||||||
|
|
||||||
RUN cd /opt && wget --no-verbose $TOOLCHAIN_URL
|
RUN cd /opt && wget --no-verbose ${TOOLCHAIN_URL}
|
||||||
|
RUN cd /opt && echo "${TOOLCHAIN_HASH_linux} ${TOOLCHAIN_LONGVER}-linux.tar.bz2\n${TOOLCHAIN_HASH_src} ${TOOLCHAIN_LONGVER}-src.tar.bz2" | sha256sum -c --ignore-missing
|
||||||
RUN cd /opt && echo "$TOOLCHAIN_HASH_linux $TOOLCHAIN_LONGVER-linux.tar.bz2\n$TOOLCHAIN_HASH_src $TOOLCHAIN_LONGVER-src.tar.bz2" | sha256sum -c --ignore-missing
|
RUN cd /opt && tar xfj ${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
|
||||||
|
|
||||||
RUN cd /opt && tar xfj $TOOLCHAIN_LONGVER-$TOOLCHAIN_FLAVOR.tar.bz2
|
|
||||||
|
|
||||||
# build toolchain (if required)
|
# build toolchain (if required)
|
||||||
|
|
||||||
RUN if [ "$TOOLCHAIN_FLAVOR" = "src" ]; then \
|
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
|
||||||
pushd /opt/$TOOLCHAIN_LONGVER ; \
|
pushd /opt/${TOOLCHAIN_LONGVER} ; \
|
||||||
./install-sources.sh --skip_steps=mingw32 ; \
|
./install-sources.sh --skip_steps=mingw32 ; \
|
||||||
./build-prerequisites.sh --skip_steps=mingw32 ; \
|
./build-prerequisites.sh --skip_steps=mingw32 ; \
|
||||||
./build-toolchain.sh --skip_steps=mingw32,manual ; \
|
./build-toolchain.sh --skip_steps=mingw32,manual ; \
|
||||||
@ -76,14 +100,14 @@ RUN echo "${PROTOBUF_HASH} protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" | sha256
|
|||||||
|
|
||||||
# setup toolchain
|
# setup toolchain
|
||||||
|
|
||||||
ENV PATH=/opt/$TOOLCHAIN_LONGVER/bin:$PATH
|
ENV PATH=/opt/${TOOLCHAIN_LONGVER}/bin:${PATH}
|
||||||
|
|
||||||
ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
|
ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
|
||||||
|
|
||||||
# use zipfile module to extract files world-readable
|
ENV PYTHON=python3
|
||||||
ENV PYTHON=python
|
|
||||||
|
|
||||||
RUN $PYTHON -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
|
# use zipfile module to extract files world-readable
|
||||||
|
RUN ${PYTHON} -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
|
||||||
|
|
||||||
ENV WORKON_HOME=/tmp/.venvs
|
ENV WORKON_HOME=/tmp/.venvs
|
||||||
|
|
||||||
@ -93,14 +117,16 @@ ENV TREZOR_MONERO_TESTS_SHA256SUM=140a16b3d6105b5e8e88a93b451e9600a36ed23928ea3c
|
|||||||
ENV TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.14.1.0-tests-u14.04-01/trezor_tests"
|
ENV TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.14.1.0-tests-u14.04-01/trezor_tests"
|
||||||
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
|
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
|
||||||
|
|
||||||
RUN wget --no-verbose "$TREZOR_MONERO_TESTS_URL" -O "$TREZOR_MONERO_TESTS_PATH" \
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
&& chmod +x "$TREZOR_MONERO_TESTS_PATH"
|
wget --no-verbose "${TREZOR_MONERO_TESTS_URL}" -O "${TREZOR_MONERO_TESTS_PATH}" ; \
|
||||||
RUN echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c
|
chmod +x "${TREZOR_MONERO_TESTS_PATH}" ; \
|
||||||
|
echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c ; \
|
||||||
|
fi
|
||||||
|
|
||||||
# install python dependencies
|
# install python dependencies
|
||||||
|
|
||||||
RUN pip install pipenv
|
RUN ${PYTHON} -m pip install pipenv
|
||||||
|
|
||||||
RUN $PYTHON --version
|
RUN ${PYTHON} --version
|
||||||
RUN pip --version
|
RUN ${PYTHON} -m pip --version
|
||||||
RUN pipenv --version
|
RUN pipenv --version
|
||||||
|
@ -11,6 +11,6 @@ environment:
|
|||||||
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
|
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
|
||||||
script:
|
script:
|
||||||
- docker pull $CONTAINER_NAME:latest || true
|
- docker pull $CONTAINER_NAME:latest || true
|
||||||
- docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest ci/
|
- docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/
|
||||||
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
|
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
|
||||||
- docker push $CONTAINER_NAME:latest
|
- docker push $CONTAINER_NAME:latest
|
||||||
|
@ -48,7 +48,6 @@ test crypto:
|
|||||||
- cd crypto
|
- cd crypto
|
||||||
- ./tests/aestst
|
- ./tests/aestst
|
||||||
- ./tests/test_check
|
- ./tests/test_check
|
||||||
- CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./tests/test_check
|
|
||||||
- ./tests/test_openssl 1000
|
- ./tests/test_openssl 1000
|
||||||
- ITERS=10 pipenv run pytest tests
|
- ITERS=10 pipenv run pytest tests
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user