Pablo Vigo Mas authored 1 year ago and Ritesh Raj Sarraf committed 1 year ago

The SSH server on the Aurora system, operating on port 22, is consistently under probing attempts by attackers.
Enhancing security on the server can be achieved by transitioning to port 7711.
The pipeline is now configured to use the new SSH port of the Aurora server.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

By default Gitlab will use the artifacts of all the previous stages,
causing the archive created at the pack stage to include unneeded
files. This creates confusion and increases the size of the tarball.

To overcome this issue, specify which are the artifacts we are interested.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

In order to be able to use the same build id as in the rest of the images,
get it from the environment. This variable is set by orchestrator to be
shared by all the images in the same build.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Update binutils.patch to disable additional file operations.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

In order to make the tweaks more readable and maintainable move them from
sed commands to patch file.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Drop code that is not useful any more.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Drop non required builddeps to avoid dependency issues.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Apertis v2022dev3 only supports python3 so adapt scripts to use it.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Bullseye and thus v2022 ship with GCC 10.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The `upload.sh` script uses `etc/os-release` to figure out what is the
current Apertis release channel (for instance, v2021) and computes the
upload destination accordingly.

Unfortunately it is currently set up to run in a Ubuntu 16.06 Xenial
container, which means that uploads end up in places like
`/srv/images/public/daily/xenial/20201215.173/toolchain/`.

Switch the container image so that things work correctly.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The default timeout has been set to 2h in the project settings, but only
the libc jobs really need more than the standard 1h.

Set the non-standard timeout only the jobs that really need it so we can
later drop the custom setting.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Automatically derive the upload destination folder from the release
channel of the Docker container rather than hardcoding it so we put the
artifacts in the right place without any extra maintenance burden.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Also make it easier to customize.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The package-builder image is a multi-gigabytes image with a bunch of random
packages pre-installed. It originated as a replacement for the specially
configured Jenkins workers used in the past to build a very restricted set of
packages and it is specifically tailored to ship all their build-dep out of the
box as the Jenkins jobs ran as unprivileged users so they could not install
them on their own.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

We generate logs that exceed the GitLab limits, so we also capture them
as artifacts. However, so far we didn't capture errors, which turn out
to be quite important when debugging issues.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 5 years ago and Peter Senna Tschudin committed 5 years ago

Rather than building gcc, binutils, gdb and libc in a single, sequential
job, build them in separate, parallel jobs.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 5 years ago and Peter Senna Tschudin committed 5 years ago

Move common stuff to `before_script:` and `after_script:` to make it
easier to split each step into its own job.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 5 years ago and Peter Senna Tschudin committed 5 years ago

To secure repeatability, check out a specific commit from the
glibc_version_header repository. Ideally we'd like to check out a tagged
release, but the only release at the moment is 0.1 and is quite
outdated, so let's pick the current master.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 5 years ago and Peter Senna Tschudin committed 5 years ago

Prepare for splitting each step of the build in multiple stages by
lifting the code of the global script in the pipeline defintion itself
to be able to refactor it later.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The GitLab CI pipeline uses one of the existing Docker images and
then installs the needed extra packages on its own.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

We've been using the GitLab CI pipeline since a while and the Jenkins
job was never instantiated.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Do not repeat the instructions for each architecture, but use templates to be
instantiated for each architecture.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Emanuele Aina authored 5 years ago and Andrej Shadura committed 5 years ago

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
[add export keyword so that the variable is actually set]
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Emanuele Aina authored 5 years ago and Andrej Shadura committed 5 years ago

We're now on GitLab 12.x and we can use file variables rather than bend
backwards to store the SSH key in a plain variable.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

It's going to fail otherwise.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Capturing the logs to a file makes thinks more difficult to understand when
looking at the CI:

* messages on stdout are not shown and there's no way to understand the
  current progress
* stderr messages get printed without their stdout context

Unfortunately we exceed the output limit so GitLab truncates the logs.

To minimize trouble, print as much as possible and also capture stderr.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>