Split out bazel builder and gerrit base image

There is a bunch of duplication which needs to be redone almost never.
Split those into their own images so we can run them once and reuse them.

Change-Id: I923d4bff96dae75eb52a1c271fa52d5ae79933a0

.zuul.yaml

@@ -223,6 +223,8 @@
           tags:
             - 2.15
     files: &gerrit_files_2_15
+      - docker/bazel/.*
+      - docker/gerrit/base/.*
       - docker/gerrit/bazel/.*
       - playbooks/zuul/gerrit/.*
 
@@ -281,6 +283,8 @@
       gerrit_additional_plugins:
         - codemirror-editor
     files: &gerrit_files_2_16
+      - docker/bazel/.*
+      - docker/gerrit/base/.*
       - docker/gerrit/bazel/.*
       - playbooks/zuul/gerrit/.*
 
@@ -351,6 +355,8 @@
         - plugin-manager
         - webhooks
     files: &gerrit_files_3_0
+      - docker/bazel/.*
+      - docker/gerrit/base/.*
       - docker/gerrit/bazel/.*
       - playbooks/zuul/gerrit/.*
 
@@ -421,6 +427,58 @@
     vars: *python-base_vars
     files: *python-base_files
 
+# bazel jobs
+- job:
+    name: system-config-build-image-bazel
+    description: Build a bazel image.
+    parent: system-config-build-image
+    vars: &bazel_vars
+      docker_images:
+        - context: docker/bazel
+          repository: opendevorg/bazel
+    files: &bazel_files
+      - docker/bazel/.*
+
+- job:
+    name: system-config-upload-image-bazel
+    description: Build and upload a bazel image.
+    parent: system-config-upload-image
+    vars: *bazel_vars
+    files: *bazel_files
+
+- job:
+    name: system-config-promote-image-bazel
+    description: Promote a previously published bazel image to latest.
+    parent: system-config-promote-image
+    vars: *bazel_vars
+    files: *bazel_files
+
+# gerrit-base jobs
+- job:
+    name: system-config-build-image-gerrit-base
+    description: Build a gerrit-base image.
+    parent: system-config-build-image
+    vars: &gerrit-base_vars
+      docker_images:
+        - context: docker/gerrit/base
+          repository: opendevorg/gerrit-base
+    files: &gerrit-base_files
+      - docker/gerrit-base/.*
+
+- job:
+    name: system-config-upload-image-gerrit-base
+    description: Build and upload a gerrit-base image.
+    parent: system-config-upload-image
+    vars: *gerrit-base_vars
+    files: *gerrit-base_files
+
+- job:
+    name: system-config-promote-image-gerrit-base
+    description: Promote a previously published gerrit-base image to latest.
+    parent: system-config-promote-image
+    vars: *gerrit-base_vars
+    files: *gerrit-base_files
+
 # Role integration jobs.  These test the top-level generic roles/*
 # under Zuul.  The range of platforms should be the same as those for
 # openstack-zuul-jobs.
@@ -920,13 +978,30 @@
                 soft: true
         - system-config-run-zuul-preview
         - system-config-run-letsencrypt
+        - system-config-build-image-bazel
         - system-config-build-image-jinja-init
         - system-config-build-image-gitea-init
         - system-config-build-image-gitea
+        - system-config-build-image-gerrit-base
         - system-config-build-image-gerrit-2.13
-        - system-config-build-image-gerrit-2.15
-        - system-config-build-image-gerrit-2.16
-        - system-config-build-image-gerrit-3.0
+        - system-config-build-image-gerrit-2.15:
+            dependencies:
+              - name: system-config-build-image-bazel
+                soft: true
+              - name: system-config-build-image-gerrit-base
+                soft: true
+        - system-config-build-image-gerrit-2.16:
+            dependencies:
+              - name: system-config-build-image-bazel
+                soft: true
+              - name: system-config-build-image-gerrit-base
+                soft: true
+        - system-config-build-image-gerrit-3.0:
+            dependencies:
+              - name: system-config-build-image-bazel
+                soft: true
+              - name: system-config-build-image-gerrit-base
+                soft: true
         - system-config-build-image-haproxy-statsd
         - system-config-build-image-python-base
         - system-config-build-image-python-builder
@@ -951,25 +1026,59 @@
                 soft: true
         - system-config-run-zuul-preview
         - system-config-run-letsencrypt
+        - system-config-upload-image-bazel
         - system-config-upload-image-jinja-init
         - system-config-upload-image-gitea-init
         - system-config-upload-image-gitea
+        - system-config-upload-image-gerrit-base
         - system-config-upload-image-gerrit-2.13
-        - system-config-upload-image-gerrit-2.15
-        - system-config-upload-image-gerrit-2.16
-        - system-config-upload-image-gerrit-3.0
+        - system-config-upload-image-gerrit-2.15:
+            dependencies:
+              - name: system-config-upload-image-bazel
+                soft: true
+              - name: system-config-upload-image-gerrit-base
+                soft: true
+        - system-config-upload-image-gerrit-2.16:
+            dependencies:
+              - name: system-config-upload-image-bazel
+                soft: true
+              - name: system-config-upload-image-gerrit-base
+                soft: true
+        - system-config-upload-image-gerrit-3.0:
+            dependencies:
+              - name: system-config-upload-image-bazel
+                soft: true
+              - name: system-config-upload-image-gerrit-base
+                soft: true
         - system-config-upload-image-haproxy-statsd
         - system-config-upload-image-python-base
         - system-config-upload-image-python-builder
     promote:
       jobs:
+        - system-config-promote-image-bazel
         - system-config-promote-image-jinja-init
         - system-config-promote-image-gitea-init
         - system-config-promote-image-gitea
+        - system-config-promote-image-gerrit-base
         - system-config-promote-image-gerrit-2.13
-        - system-config-promote-image-gerrit-2.15
-        - system-config-promote-image-gerrit-2.16
-        - system-config-promote-image-gerrit-3.0
+        - system-config-promote-image-gerrit-2.15:
+            dependencies:
+              - name: system-config-promote-image-bazel
+                soft: true
+              - name: system-config-promote-image-gerrit-base
+                soft: true
+        - system-config-promote-image-gerrit-2.16:
+            dependencies:
+              - name: system-config-promote-image-bazel
+                soft: true
+              - name: system-config-promote-image-gerrit-base
+                soft: true
+        - system-config-promote-image-gerrit-3.0:
+            dependencies:
+              - name: system-config-promote-image-bazel
+                soft: true
+              - name: system-config-promote-image-gerrit-base
+                soft: true
         - system-config-promote-image-haproxy-statsd
         - system-config-promote-image-python-base
         - system-config-promote-image-python-builder

docker/bazel/Dockerfile

@@ -0,0 +1,31 @@
+# Copyright (c) 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM l.gcr.io/google/bazel:0.27.1 as bazel
+
+# The bazel image comes with bazel only runnable by root for some weird reason.
+# The bower build in gerrit does not work as root.
+# Fix the bazel image.
+RUN groupadd builder && \
+  useradd builder --home-dir /usr/src --create-home -g builder
+RUN chown -R builder /usr/src /usr/local/lib/bazel \
+  && chmod +x /usr/local/lib/bazel
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - \
+  && apt-get update \
+  && apt-get install -y nodejs
+
+USER builder
+WORKDIR /usr/src

docker/gerrit/base/Dockerfile

@@ -0,0 +1,49 @@
+# Copyright (c) 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM openjdk:8
+
+RUN apt-get update \
+  && apt-get install -y dumb-init \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# 3000 is what the existing opendev gerrit2 user is
+RUN addgroup gerrit --gid 3000 --system \
+  && adduser \
+    --system \
+    --uid 3000 \
+    --home /var/gerrit \
+    --shell /bin/bash \
+    --ingroup gerrit \
+    gerrit
+
+USER gerrit
+RUN mkdir /var/gerrit/bin
+
+# Allow incoming traffic
+EXPOSE 29418 8080
+
+VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit
+
+RUN ln -s /var/log/gerrit /var/gerrit/logs
+
+# container.javaOptions
+# Also include container.heapLimit - but with -Xmx prefixing it
+ENV JAVA_OPTIONS ""
+
+# Ulimits should be set on command line or in docker-compose.yaml
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"]

docker/gerrit/bazel/Dockerfile

@@ -13,24 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM l.gcr.io/google/bazel:0.27.1 as bazel
-
-# The bazel image comes with bazel only runnable by root for some weird reason.
-# The bower build in gerrit does not work as root.
-# Fix the bazel image.
-RUN groupadd builder && \
-  useradd builder --home-dir /usr/src --create-home -g builder
-RUN chown -R builder /usr/src /usr/local/lib/bazel \
-  && chmod +x /usr/local/lib/bazel
-
-RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - \
-  && apt-get update \
-  && apt-get install -y nodejs
-
-USER builder
-WORKDIR /usr/src
-
-FROM bazel as builder
+FROM opendevorg/bazel as builder
 
 USER builder
 COPY . /usr/src
@@ -38,38 +21,6 @@ COPY . /usr/src
 ARG BAZEL_OPTS
 RUN cd /usr/src && bash build-gerrit.sh
 
-FROM openjdk:8
+FROM opendevorg/gerrit-base
 
-RUN apt-get update \
-  && apt-get install -y dumb-init \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/*
-
-# 3000 is what the existing opendev gerrit2 user is
-RUN addgroup gerrit --gid 3000 --system \
-  && adduser \
-    --system \
-    --uid 3000 \
-    --home /var/gerrit \
-    --shell /bin/bash \
-    --ingroup gerrit \
-    gerrit
-
-USER gerrit
-RUN mkdir /var/gerrit/bin
 COPY --from=builder /usr/src/bazel-bin/release.war /var/gerrit/bin/gerrit.war
-
-# Allow incoming traffic
-EXPOSE 29418 8080
-
-VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit
-
-RUN ln -s /var/log/gerrit /var/gerrit/logs
-
-# container.javaOptions
-# Also include container.heapLimit - but with -Xmx prefixing it
-ENV JAVA_OPTIONS ""
-
-# Ulimits should be set on command line or in docker-compose.yaml
-ENTRYPOINT ["/usr/bin/dumb-init", "--"]
-CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"]