Merge "Build docker images of gerrit"

This commit is contained in:
Zuul 2019-07-25 21:58:06 +00:00 committed by Gerrit Code Review
commit 4b092eaed7
4 changed files with 158 additions and 66 deletions

View File

@ -187,14 +187,17 @@
override-checkout: stable-2.15
vars: &gerrit_vars
docker_images:
- context: docker/gerrit
target: gerrit
- context: docker/gerrit/2.15
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.15
build_args:
- BAZEL_OPTS="--local_resources=4096,2.0,1.0"
# The 2.13 image doesn't build from source, but from existing war file
- context: docker/gerrit/2.13
repository: opendevorg/gerrit
path: /home/zuul/src/opendev.org/opendev/system-config
tags:
- 2.13
files: &gerrit_files
- docker/gerrit/.*
- playbooks/zuul/gerrit/.*

View File

@ -0,0 +1,66 @@
# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM openjdk:8
# It's not 100% clear that unzip and libmysql-java are needed
RUN apt-get update \
&& apt-get install -y dumb-init wget unzip libmysql-java \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# 3000 is what the existing opendev gerrit2 user is
RUN addgroup gerrit --gid 3000 --system \
&& adduser \
--uid 3000 \
--system \
--home /var/gerrit \
--shell /bin/bash \
--ingroup gerrit \
gerrit
USER gerrit
# Download the gerrit war
RUN mkdir /var/gerrit/bin && \
wget https://tarballs.openstack.org/gerrit/gerrit-v2.13.12.11.1707fec.war -O /var/gerrit/bin/gerrit.war
# Install plugins
RUN mkdir /var/gerrit/plugins && \
wget https://tarballs.openstack.org/ci/gerrit/plugins/javamelody/javamelody-v2.13.3.e4233d6.jar -O /var/gerrit/plugins/javamelody.jar && \
wget https://tarballs.openstack.org/ci/gerrit/plugins/its-storyboard/its-storyboard-805f9ac.jar -O /var/gerrit/plugins/its-storyboard.jar
# Force gerrit to use bouncycastle for security things.
# Also use the distro-provided mysql-connector.
RUN mkdir /var/gerrit/lib && \
unzip -jo /var/gerrit/bin/gerrit.war WEB-INF/plugins/* -d /var/gerrit/plugins && \
wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar -O /var/gerrit/lib/bcprov-1.52.jar && \
wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar -O /var/gerrit/lib/bcpkix-1.52.jar && \
ln -s /usr/share/java/mysql-connector-java.jar /var/gerrit/lib/mysql-connector-java.jar
# Allow incoming traffic
EXPOSE 29418 8080
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit
RUN ln -s /var/log/gerrit /var/gerrit/logs
# container.javaOptions
# Also include container.heapLimit - but with -Xmx prefixing it
ENV JAVA_OPTIONS ""
# Ulimits should be set on command line or in docker-compose.yaml
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"]

View File

@ -0,0 +1,85 @@
# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM l.gcr.io/google/bazel:0.26.1 as bazel
# The bazel image comes with bazel only runnable by root for some weird reason.
# The bower build in gerrit does not work as root.
# Fix the bazel image.
RUN groupadd builder && \
useradd builder --home-dir /usr/src --create-home -g builder
RUN chown -R builder /usr/src /usr/local/lib/bazel \
&& chmod +x /usr/local/lib/bazel
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - \
&& apt-get update \
&& apt-get install -y nodejs
USER builder
WORKDIR /usr/src
FROM bazel as builder
USER builder
COPY . /usr/src
ARG BAZEL_OPTS
RUN cd /usr/src \
&& bazel build release \
--local_ram_resources=4096 \
--local_cpu_resources=1 \
--host_force_python=PY3 \
--incompatible_string_join_requires_strings=false \
--host_javabase=@local_jdk//:jdk \
--javabase=@local_jdk//:jdk \
--host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \
--java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \
${BAZEL_OPTS}
FROM openjdk:8
RUN apt-get update \
&& apt-get install -y dumb-init \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# 3000 is what the existing opendev gerrit2 user is
RUN addgroup gerrit --gid 3000 --system \
&& adduser \
--system \
--uid 3000 \
--home /var/gerrit \
--shell /bin/bash \
--ingroup gerrit \
gerrit
USER gerrit
RUN mkdir /var/gerrit/bin
COPY --from=builder /usr/src/bazel-bin/release.war /var/gerrit/bin/gerrit.war
# Allow incoming traffic
EXPOSE 29418 8080
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit
RUN ln -s /var/log/gerrit /var/gerrit/logs
# container.javaOptions
# Also include container.heapLimit - but with -Xmx prefixing it
ENV JAVA_OPTIONS ""
# Ulimits should be set on command line or in docker-compose.yaml
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"]

View File

@ -1,62 +0,0 @@
# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM openjdk:8 as builder
RUN groupadd builder && \
useradd builder --home-dir /usr/src --create-home -g builder
RUN \
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \
&& curl -sL https://bazel.build/bazel-release.pub.gpg | apt-key add - \
&& curl -sL https://deb.nodesource.com/setup_8.x | bash - \
&& apt-get update \
&& apt-get install -y bazel nodejs build-essential zip unzip python maven
COPY . /usr/src
RUN chown -R builder /usr/src
USER builder
ARG BAZEL_OPTS
RUN cd /usr/src && bazel build release ${BAZEL_OPTS} && mv bazel-bin/release.war gerrit.war
FROM openjdk:8
RUN apt-get update \
&& apt-get install -y dumb-init \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN addgroup gerrit --system \
&& adduser \
--system \
--home /var/gerrit \
--shell /bin/bash \
--ingroup gerrit \
gerrit
USER gerrit
RUN mkdir /var/gerrit/bin
COPY --from=builder /usr/src/gerrit.war /var/gerrit/bin/gerrit.war
# Allow incoming traffic
EXPOSE 29418 8080
VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /etc/gerrit /var/log/gerrit
RUN ln -s /var/log/gerrit /var/gerrit/logs && \
ln -s /etc/gerrit /var/gerrit/config
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/usr/bin/java", "-jar", "/var/gerrit/bin/gerrit.war"]