From f803e3e86638a09cf649688657379a5996f539e2 Mon Sep 17 00:00:00 2001
From: Moul <moul@moul.re>
Date: Tue, 6 Apr 2021 21:10:14 +0200
Subject: [PATCH] [ci] #388: Add images generation build automation

Introduce Dockerfiles based on latest Python available
Install silkaj and make it available to the CLI
Two steps: build, copy

Poetry and pip kinds of images builds:
- Pip for direct consumers like DeathReaper
- Poetry for developers, with git in

Manual triggered job to generate the image
Extensible job definition for future usages
Rename stage from 'publish' to 'package'

Tag images with the commit hash, the branch, and latest
Define python version variable and pass it as an ARG to the builds
---
 .gitlab-ci.yml       | 37 ++++++++++++++++++++++++++++++++++---
 release/pip-image    | 38 ++++++++++++++++++++++++++++++++++++++
 release/poetry-image | 43 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 115 insertions(+), 3 deletions(-)
 create mode 100644 release/pip-image
 create mode 100644 release/poetry-image

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7a6c0f35..36cfe5f4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,7 @@
 stages:
   - checks
   - tests
-  - publish
+  - package
   - coverage
 
 variables:
@@ -76,8 +76,39 @@ tests-3.9:
   variables:
     PYTHON_VERSION: "3.9"
 
+.image:
+  stage: package
+  tags: [docker]
+  image: docker:latest
+  services:
+    - docker:dind
+  variables:
+    PYTHON_VERSION: "3.9"
+  script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+    - docker build -t "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_SHORT_SHA" -f release/$KIND-image --build-arg PYTHON_VERS=$PYTHON_VERSION .
+    - docker push "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_SHORT_SHA"
+    - docker tag "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_BRANCH"
+    - docker push "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_BRANCH"
+    - docker tag "$CI_REGISTRY_IMAGE/$KIND:$CI_COMMIT_BRANCH" "$CI_REGISTRY_IMAGE/$KIND:latest"
+    - docker push "$CI_REGISTRY_IMAGE/$KIND:latest"
+
+image:poetry:
+  extends: .image
+  variables:
+    KIND: "poetry"
+  rules:
+    - when: manual
+
+image:pip:
+  extends: .image
+  variables:
+    KIND: "pip"
+  rules:
+    - when: manual
+
 pypi_test:
-  stage: publish
+  stage: package
   rules:
     - if: $CI_COMMIT_TAG
       when: manual
@@ -86,7 +117,7 @@ pypi_test:
     - poetry publish --build --username $PYPI_TEST_LOGIN --password $PYPI_TEST_PASSWORD --repository pypi_test
 
 pypi:
-  stage: publish
+  stage: package
   rules:
     - if: $CI_COMMIT_TAG
       when: manual
diff --git a/release/pip-image b/release/pip-image
new file mode 100644
index 00000000..f6f2c9e1
--- /dev/null
+++ b/release/pip-image
@@ -0,0 +1,38 @@
+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+ARG PYTHON_VERS
+FROM python:${PYTHON_VERS}-slim-buster AS build
+
+WORKDIR /silkaj
+
+# Copy source tree
+COPY ./ ./
+
+# Install Silkaj
+RUN pip install .
+
+# ------------------------------------------------------------------------------
+# Final Stage
+# ------------------------------------------------------------------------------
+FROM python:${PYTHON_VERS}-slim-buster
+ARG PYTHON_VERS
+
+# Create silkaj group and user
+RUN groupadd -g 1111 silkaj && \
+    useradd -d /silkaj -g silkaj -u 1111 silkaj
+
+# Install libsodium
+RUN apt update && \
+    apt install --yes libsodium23 && \
+    rm -rf /var/lib/apt/lists
+
+# Copy the build artifact from the build stage
+COPY --from=build /usr/local/bin/silkaj /usr/local/bin/silkaj
+COPY --from=build /usr/local/lib/python${PYTHON_VERS}/site-packages/ /usr/local/lib/python${PYTHON_VERS}/site-packages/
+
+# Use silkaj user
+USER silkaj
+WORKDIR /usr/local/lib/python${PYTHON_VERS}/site-packages/silkaj
+
+CMD ["/usr/local/bin/silkaj"]
diff --git a/release/poetry-image b/release/poetry-image
new file mode 100644
index 00000000..4642e2f4
--- /dev/null
+++ b/release/poetry-image
@@ -0,0 +1,43 @@
+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+ARG PYTHON_VERS
+FROM registry.duniter.org/docker/python3/poetry/${PYTHON_VERS}:latest AS build
+
+WORKDIR /silkaj
+
+# Copy source tree
+COPY ./ ./
+
+# Install Silkaj
+RUN poetry install --no-dev
+
+# ------------------------------------------------------------------------------
+# Final Stage
+# ------------------------------------------------------------------------------
+FROM registry.duniter.org/docker/python3/poetry/${PYTHON_VERS}:latest
+ARG PYTHON_VERS
+
+# Create silkaj group and user
+RUN groupadd -g 1111 silkaj && \
+    useradd -d /silkaj -g silkaj -u 1111 silkaj
+
+# Install git
+RUN apt update && \
+    apt install --yes git && \
+    rm -rf /var/lib/apt/lists
+
+# Set up alias to directly get silkaj command
+# https://stackoverflow.com/a/3638886
+RUN printf '#!/bin/bash\npoetry run silkaj "$@"' > /usr/bin/silkaj && \
+    chmod +x /usr/bin/silkaj
+
+# Copy the build artifact from the build stage
+COPY --from=build --chown=silkaj:silkaj /silkaj /silkaj
+COPY --from=build --chown=silkaj:silkaj /root/.cache/pypoetry/virtualenvs /silkaj/.cache/pypoetry/virtualenvs
+
+# Use silkaj user
+USER silkaj
+WORKDIR /silkaj
+
+CMD ["/usr/bin/silkaj"]
-- 
GitLab