[CI] modify dockerfile to build with test user

f14c6246 · Przemyslaw Kaminski · 1670cc4a · f14c6246 · f14c6246
Verified Commit f14c6246 authored Aug 01, 2025 by Przemyslaw Kaminski
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 37 deletions

.gitlab-ci.yml .gitlab-ci.yml +17 -17

Dockerfile devops/docker/Dockerfile +21 -20

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 # Optimising CI speed by using tips from https://blog.nimbleways.com/let-s-make-faster-gitlab-ci-cd-pipelines/
-image: cgenie/gargantext:9.6.6
+image: cgenie/gargantext:9.6.6-with-test-user
 variables:
  STACK_ROOT: "${CI_PROJECT_DIR}/.stack-root"
@@ -17,32 +17,32 @@ stages:
  - bench
  - test
-stack:
+cabal:
-  stage: stack
+  stage: cabal
  cache:
-    key: stack.yaml
+    key: cabal.project
    paths:
-      - .stack-root/
+      - dist-newstyle/
-      - .stack-work/
+      - .cabal/
+    policy: pull-push
  script:
-    - echo "Building the project from '$CI_PROJECT_DIR'"
    - git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache
    - git config --global --add safe.directory '*'
-    - nix-shell --run "stack build --no-terminal --fast --dry-run"
+    - nix-shell --run "./bin/update-project-dependencies && cabal --store-dir=$STORE_DIR v2-build all --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'"
  allow_failure: false
-cabal:
+stack:
-  stage: cabal
+  stage: stack
  cache:
-    key: cabal.project
+    key: stack.yaml
    paths:
-      - dist-newstyle/
+      - .stack-root/
-      - .cabal/
+      - .stack-work/
-    policy: pull-push
  script:
+    - echo "Building the project from '$CI_PROJECT_DIR'"
    - git config --global --add safe.directory $XDG_CACHE_HOME/nix/tarball-cache
    - git config --global --add safe.directory '*'
-    - nix-shell --run "./bin/update-project-dependencies $STORE_DIR && cabal --store-dir=$STORE_DIR v2-build all --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'"
+    - nix-shell --run "stack build --no-terminal --fast --dry-run"
  allow_failure: false
 bench:
@@ -98,8 +98,8 @@ test:
      # Fix
      # opening lock file '/nix/var/nix/db/big-lock': Permission denied
      # when starting CoreNLP
-      chmod -R 777 /nix
+      # chmod -R 777 /nix
-      chmod 666 /nix/var/nix/db/big-lock
+      # chmod 666 /nix/var/nix/db/big-lock
      nix-shell --run "chown -R test:test /root/.config/ && su -m test -c \"export PATH=$PATH:$TEST_NIX_PATH && export TMPDIR=$TEST_TMPDIR && cd /builds/gargantext/haskell-gargantext; $CABAL --store-dir=$STORE_DIR v2-test --test-show-details=streaming --verbose=2 --flags 'test-crypto no-phylo-debug-logs' --ghc-options='-O0 -fclear-plugins'\""

--- a/devops/docker/Dockerfile
+++ b/devops/docker/Dockerfile
 FROM ubuntu:noble
-## NOTA BENE: In order for this to be built successfully, you have to run ./devops/coreNLP/build.sh first.
 ARG DEBIAN_FRONTEND=noninteractive
 ENV TZ=Europe/Rome
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-ENV USER=root
-ENV SHELL /bin/bash
-ENV PATH=/root/.nix-profile/bin:$PATH
-ENV PATH=/root/.local/bin:$PATH
 RUN apt-get update && \
    apt-get install --no-install-recommends -y \
@@ -27,22 +20,31 @@ RUN apt-get update && \
      #zlib1g-dev \
      unzip && \
    apt-get clean && rm -rf /var/lib/apt/lists/* && \
-    mkdir -m 0755 /nix && groupadd -r nixbld && chown root /nix && \
-    for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(command -v nologin)" "nixbld$n"; done && \
    gpg --batch --keyserver keys.openpgp.org     --recv-keys 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C && \
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys FE5AB6C91FEA597C3B31180B73EDE9E8CFBAEF01
+RUN locale-gen en_US.UTF-8
+RUN useradd -m test
+ENV USER=test
+ENV SHELL=/bin/bash
+ENV PATH=/home/test/.nix-profile/bin:$PATH
+ENV PATH=/home/test/.local/bin:$PATH
+RUN mkdir -m 0777 /nix && chown test /nix && \
+    mkdir -p "/builds/gargantext/" && chmod 777 -R "/builds/gargantext"
+USER test
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN set -o pipefail && \
+RUN bash <(curl --proto '=https' --tlsv1.2 -L https://releases.nixos.org/nix/nix-2.30.2/install) --no-daemon && \
-    locale-gen en_US.UTF-8 && \
+    #chown root -R /nix && \
-    bash <(curl -L https://releases.nixos.org/nix/nix-2.29.1/install) --no-daemon && \
+    mkdir -vp "$HOME/.config/nix" && \
-    chown root -R /nix && \
+    echo "experimental-features = nix-command flakes" >> $HOME/.config/nix/nix.conf
-    . "$HOME/.nix-profile/etc/profile.d/nix.sh" && \
-    mkdir -vp "$HOME/.config/nix" && echo "experimental-features = nix-command flakes" >> $HOME/.config/nix/nix.conf && \
+WORKDIR /nix-ci-build
-    # prefetch corenlp
-    nix build 'git+https://gitlab.iscpif.fr/gargantext/corenlp-nix.git' && \
+# prefetch corenlp
-    mkdir -p "/builds/gargantext/" && chmod 777 -R "/builds/gargantext" && \
+RUN nix build 'git+https://gitlab.iscpif.fr/gargantext/corenlp-nix.git' && \
    echo "source $HOME/.nix-profile/etc/profile.d/nix.sh" >> "$HOME/.bashrc" && \
    echo `which nix-env` && \
    . $HOME/.bashrc && nix-env --version
@@ -50,8 +52,7 @@ RUN set -o pipefail && \
 # We want to cache nix artifacts in the Dockerfile to improve CI speed
 COPY ./shell.nix /nix-ci-build/
 COPY ./nix       /nix-ci-build/
-RUN set -o pipefail && \
+RUN nix-build shell.nix
-    pushd /nix-ci-build/ && nix-build shell.nix && popd
 WORKDIR "/builds/gargantext/"