AlexIndustrial/mesa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ece0d4f998d14b196dff2244fc7c97c12a7d3518
mesa/.gitlab-ci/container/fdo_cntr_export.sh
Guilherme Gallo ece0d4f998 ci: Fix for GitLab 18.2.2 upgrade 
Now the `subject` from S3 id_token JWT refers to the target project when
we are in an MR pipeline, due to this patch [1].
So, let's use workflow variables to help us define where the S3 paths
should be pointing at.

[1] 7e9f329e8f

Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Suggested-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/36832>
2025-08-18 23:01:15 -03:00

82 lines
2.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# This script exports the container image to a rootfs tarball and uploads it to
# S3.
#
# Usage:
#
# ./fdo_cntr_export.sh <container-image-url>
#
# The container image URL is the URL of the container image to export. It can be
# a local path or a remote URL.
# Example:
# ./fdo_cntr_export.sh registry.freedesktop.org/mesa/mesa/debian/x86_64_test-android:tag
# When changing this file, you need to bump the following
# .gitlab-ci/image-tags.yml tags:
# DEBIAN_TEST_ANDROID_TAG
# DEBIAN_TEST_GL_TAG
# DEBIAN_TEST_VIDEO_TAG
# DEBIAN_TEST_VK_TAG
set -eux -o pipefail
: "${CONTAINER:=$1}"
IMAGE_URL="${CONTAINER}"
readonly IMAGE_URL
container=$(buildah from "$IMAGE_URL")
readonly container
readonly ROOTFSTAR=lava-rootfs.tar.zst
touch "$ROOTFSTAR"
buildah copy "$container" ".gitlab-ci/container/setup-rootfs.sh" /root/setup-rootfs.sh
# Using --isolation chroot to ensure proper execution in CI/CD environments
buildah run --isolation chroot "$container" -- /root/setup-rootfs.sh
buildah_export() {
# Mount the volume
mountpoint=$(buildah mount "$1")
if [ ! -d "$mountpoint" ]; then
echo "Mount point not found: $mountpoint" >/dev/stderr
exit 1
fi
# These components will be provided via LAVA overlays,
# so remove them from the core rootfs
rm -rf "${mountpoint}/android-cts"
rm -rf "${mountpoint}/cuttlefish"
rm -rf "${mountpoint}/fluster/resources"
rm -rf "${mountpoint}/vkd3d-proton-tests"
rm -rf "${mountpoint}/vkd3d-proton-wine64"
# Compress to zstd
ZSTD_CLEVEL=10 tar -C "$mountpoint" -I zstd -cf "$2" .
}
# When hacking on it locally, the script might not be executed as root.
# In CI it's always root.
if (($(id -u) != 0)); then
# Run unshare for rootless envs
buildah unshare -- bash -c "$(declare -f buildah_export); buildah_export '$container' '$ROOTFSTAR'"
else
# Run directly
buildah_export "$container" "$ROOTFSTAR"
fi
# Unmount the container
buildah umount "$container"
# Remove the container
buildah rm "$container"
# Upload the rootfs tarball to S3.
# The URL format matches the registry format, making it easier to match this URL later.
curl --fail --retry-connrefused --retry 4 --retry-delay 30 \
--header "Authorization: Bearer $(cat "${S3_JWT_FILE}")" \
-X PUT --form file=@"$ROOTFSTAR" \
"https://${S3_HOST}/${S3_KERNEL_BUCKET}/${S3_PROJECT_PATH}/${CI_JOB_NAME}:${FDO_DISTRIBUTION_TAG}"
Reference in New Issue View Git Blame Copy Permalink