[CI] modify dockerfile to build with test user

parent 1670cc4a
Pipeline #7795 failed with stages
in 19 minutes and 51 seconds
# Optimising CI speed by using tips from https://blog.nimbleways.com/let-s-make-faster-gitlab-ci-cd-pipelines/ # Optimising CI speed by using tips from https://blog.nimbleways.com/let-s-make-faster-gitlab-ci-cd-pipelines/
image: cgenie/gargantext:9.6.6 image: cgenie/gargantext:9.6.6-with-test-user
variables: variables:
STACK_ROOT: "${CI_PROJECT_DIR}/.stack-root" STACK_ROOT: "${CI_PROJECT_DIR}/.stack-root"
...@@ -17,32 +17,32 @@ stages: ...@@ -17,32 +17,32 @@ stages:
- bench - bench
- test - test
stack: cabal:
stage: stack stage: cabal
cache: cache:
key: stack.yaml key: cabal.project
paths: paths:
- .stack-root/ - dist-newstyle/
- .stack-work/ - .cabal/
policy: pull-push
script: script:
- echo "Building the project from '$CI_PROJECT_DIR'"
- git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache - git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache
- git config --global --add safe.directory '*' - git config --global --add safe.directory '*'
- nix-shell --run "stack build --no-terminal --fast --dry-run" - nix-shell --run "./bin/update-project-dependencies && cabal --store-dir=$STORE_DIR v2-build all --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'"
allow_failure: false allow_failure: false
cabal: stack:
stage: cabal stage: stack
cache: cache:
key: cabal.project key: stack.yaml
paths: paths:
- dist-newstyle/ - .stack-root/
- .cabal/ - .stack-work/
policy: pull-push
script: script:
- echo "Building the project from '$CI_PROJECT_DIR'"
- git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache - git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache
- git config --global --add safe.directory '*' - git config --global --add safe.directory '*'
- nix-shell --run "./bin/update-project-dependencies $STORE_DIR && cabal --store-dir=$STORE_DIR v2-build all --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'" - nix-shell --run "stack build --no-terminal --fast --dry-run"
allow_failure: false allow_failure: false
bench: bench:
...@@ -98,8 +98,8 @@ test: ...@@ -98,8 +98,8 @@ test:
# Fix # Fix
# opening lock file '/nix/var/nix/db/big-lock': Permission denied # opening lock file '/nix/var/nix/db/big-lock': Permission denied
# when starting CoreNLP # when starting CoreNLP
chmod -R 777 /nix # chmod -R 777 /nix
chmod 666 /nix/var/nix/db/big-lock # chmod 666 /nix/var/nix/db/big-lock
nix-shell --run "chown -R test:test /root/.config/ && su -m test -c \"export PATH=$PATH:$TEST_NIX_PATH && export TMPDIR=$TEST_TMPDIR && cd /builds/gargantext/haskell-gargantext; $CABAL --store-dir=$STORE_DIR v2-test --test-show-details=streaming --verbose=2 --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'\"" nix-shell --run "chown -R test:test /root/.config/ && su -m test -c \"export PATH=$PATH:$TEST_NIX_PATH && export TMPDIR=$TEST_TMPDIR && cd /builds/gargantext/haskell-gargantext; $CABAL --store-dir=$STORE_DIR v2-test --test-show-details=streaming --verbose=2 --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'\""
......
FROM ubuntu:noble FROM ubuntu:noble
## NOTA BENE: In order for this to be built successfully, you have to run ./devops/coreNLP/build.sh first.
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Rome ENV TZ=Europe/Rome
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
ENV USER=root
ENV SHELL /bin/bash
ENV PATH=/root/.nix-profile/bin:$PATH
ENV PATH=/root/.local/bin:$PATH
RUN apt-get update && \ RUN apt-get update && \
apt-get install --no-install-recommends -y \ apt-get install --no-install-recommends -y \
...@@ -27,22 +20,31 @@ RUN apt-get update && \ ...@@ -27,22 +20,31 @@ RUN apt-get update && \
#zlib1g-dev \ #zlib1g-dev \
unzip && \ unzip && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \ apt-get clean && rm -rf /var/lib/apt/lists/* && \
mkdir -m 0755 /nix && groupadd -r nixbld && chown root /nix && \
for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(command -v nologin)" "nixbld$n"; done && \
gpg --batch --keyserver keys.openpgp.org --recv-keys 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C && \ gpg --batch --keyserver keys.openpgp.org --recv-keys 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C && \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys FE5AB6C91FEA597C3B31180B73EDE9E8CFBAEF01 gpg --batch --keyserver keyserver.ubuntu.com --recv-keys FE5AB6C91FEA597C3B31180B73EDE9E8CFBAEF01
RUN locale-gen en_US.UTF-8
RUN useradd -m test
ENV USER=test
ENV SHELL=/bin/bash
ENV PATH=/home/test/.nix-profile/bin:$PATH
ENV PATH=/home/test/.local/bin:$PATH
RUN mkdir -m 0777 /nix && chown test /nix && \
mkdir -p "/builds/gargantext/" && chmod 777 -R "/builds/gargantext"
USER test
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN set -o pipefail && \ RUN bash <(curl --proto '=https' --tlsv1.2 -L https://releases.nixos.org/nix/nix-2.30.2/install) --no-daemon && \
locale-gen en_US.UTF-8 && \ #chown root -R /nix && \
bash <(curl -L https://releases.nixos.org/nix/nix-2.29.1/install) --no-daemon && \ mkdir -vp "$HOME/.config/nix" && \
chown root -R /nix && \ echo "experimental-features = nix-command flakes" >> $HOME/.config/nix/nix.conf
. "$HOME/.nix-profile/etc/profile.d/nix.sh" && \
mkdir -vp "$HOME/.config/nix" && echo "experimental-features = nix-command flakes" >> $HOME/.config/nix/nix.conf && \ WORKDIR /nix-ci-build
# prefetch corenlp
nix build 'git+https://gitlab.iscpif.fr/gargantext/corenlp-nix.git' && \ # prefetch corenlp
mkdir -p "/builds/gargantext/" && chmod 777 -R "/builds/gargantext" && \ RUN nix build 'git+https://gitlab.iscpif.fr/gargantext/corenlp-nix.git' && \
echo "source $HOME/.nix-profile/etc/profile.d/nix.sh" >> "$HOME/.bashrc" && \ echo "source $HOME/.nix-profile/etc/profile.d/nix.sh" >> "$HOME/.bashrc" && \
echo `which nix-env` && \ echo `which nix-env` && \
. $HOME/.bashrc && nix-env --version . $HOME/.bashrc && nix-env --version
...@@ -50,8 +52,7 @@ RUN set -o pipefail && \ ...@@ -50,8 +52,7 @@ RUN set -o pipefail && \
# We want to cache nix artifacts in the Dockerfile to improve CI speed # We want to cache nix artifacts in the Dockerfile to improve CI speed
COPY ./shell.nix /nix-ci-build/ COPY ./shell.nix /nix-ci-build/
COPY ./nix /nix-ci-build/ COPY ./nix /nix-ci-build/
RUN set -o pipefail && \ RUN nix-build shell.nix
pushd /nix-ci-build/ && nix-build shell.nix && popd
WORKDIR "/builds/gargantext/" WORKDIR "/builds/gargantext/"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment