fixup! Add CI for Tor Browser

Build and publish CI container images whenever they change.

fixup! Add CI for Tor Browser
d347a3d8 · Beatriz Rizental · 38620b67 · d347a3d8 · d347a3d8 · 38620b67
Commit d347a3d8 authored Oct 29, 2024 by Beatriz Rizental
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
  - lint
+  - update-container-images
  - update-translations

 variables:
@@ -8,4 +9,5 @@ variables:

 include:
  - local: '.gitlab/ci/lint.yml'
+  - local: '.gitlab/ci/update-containers.yml'
  - local: '.gitlab/ci/update-translations.yml'
--- a/.gitlab/ci/containers/base/Containerfile
+++ b/.gitlab/ci/containers/base/Containerfile
+# This image is published in containers.torproject.org/tpo/applications/tor-browser/base
+#
+# Whenever there are changes to this file,
+# they are autopublished on merge to the tpo/applications/tor-browser repository.
+#
+# The image is updated roughly once a monce when the tor-browser repository is rebased.
+
+FROM containers.torproject.org/tpo/tpa/base-images/python:bookworm
+
+RUN apt-get update && apt-get install -y \
+        clang \
+        curl \
+        git \
+        libasound2-dev \
+        libdbus-glib-1-dev \
+        libgtk-3-dev \
+        libpango1.0-dev \
+        libpulse-dev \
+        libx11-xcb-dev \
+        libxcomposite-dev \
+        libxcursor-dev \
+        libxdamage-dev \
+        libxi-dev \
+        libxrandr-dev \
+        libxtst-dev \
+        m4 \
+        mercurial \
+        nasm \
+        pkgconf \
+        unzip \
+        xz-utils \
+        wget && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY taskcluster/docker/recipes/install-node.sh ./install-node.sh
+RUN chmod +x install-node.sh
+RUN ./install-node.sh
+RUN rm ./install-node.sh
+
+COPY taskcluster/kinds/fetch/toolchains.yml ./toolchains.yml
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(grep -oP 'rust-\K[0-9.]+(?=:)' ./toolchains.yml)
+RUN $HOME/.cargo/bin/cargo install cbindgen --version $(grep -oP 'cbindgen-\K[0-9.]+(?=:)' ./toolchains.yml)
+RUN rm ./toolchains.yml
+
+CMD ["/bin/bash"]
--- a/.gitlab/ci/docker/base/Dockerfile
+++ b/.gitlab/ci/docker/base/Dockerfile
-FROM debian:latest
-
-# Base image which includes all* dependencies checked by ./mach configure.
-#
-# * Actually not all dependencies. WASM sandboxed depencies were left out for now.
-# This installs all dependencies checked by `./mach configure --without-wasm-sandboxed-libraries`.
-#
-# # Building and publishing
-#
-# Whenever this file changes, the updated Docker image must be built and published _manually_ to
-# the tor-browser container registry (https://gitlab.torproject.org/tpo/applications/tor-browser/container_registry/185).
-#
-# This image copies a script from the taskcluster/ folder, which requires it
-# to be built from a folder which is a parent of the taskcluster/ folder.
-#
-# To build, run:
-#
-# ```bash
-# docker build \
-#   -f <PATH_TO_DOCKERFILE> \
-#   -t <REGISTRY_URL>/<IMAGE_NAME>:<IMAGE_TAG>
-#   .
-# ```
-#
-# For example, when building from the root of this repository to the main tor-browser repository
-# and assuming image name to be "base" and tag "latest" -- which is the current terminology:
-#
-# ```bash
-# docker build \
-#   -f .gitlab/ci/docker/Dockerfile \
-#   -t containers.torproject.org/tpo/applications/tor-browser/base:latest
-#   .
-# ```
-
-RUN apt-get update && apt-get install -y \
-    clang \
-    curl \
-    git \
-    libasound2-dev \
-    libdbus-glib-1-dev \
-    libgtk-3-dev \
-    libpango1.0-dev \
-    libpulse-dev \
-    libx11-xcb-dev \
-    libxcomposite-dev \
-    libxcursor-dev \
-    libxdamage-dev \
-    libxi-dev \
-    libxrandr-dev \
-    libxtst-dev \
-    m4 \
-    mercurial \
-    nasm \
-    pkg-config \
-    python3 \
-    python3-pip \
-    unzip \
-    wget
-
-COPY taskcluster/docker/recipes/install-node.sh /scripts/install-node.sh
-RUN chmod +x /scripts/install-node.sh
-RUN /scripts/install-node.sh
-
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
-RUN $HOME/.cargo/bin/cargo install cbindgen
-
-WORKDIR /app
-
-CMD ["/bin/bash"]
--- a/.gitlab/ci/update-containers.yml
+++ b/.gitlab/ci/update-containers.yml
+build-base-image:
+  stage: update-container-images
+  interruptible: true
+  image: containers.torproject.org/tpo/tpa/base-images/podman:bookworm
+  script:
+    - export TAG="${CI_REGISTRY_IMAGE}/base:latest"
+    - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - podman build --layers=false $IMAGE -t ${TAG} -f .gitlab/ci/containers/base/Containerfile .
+    - |
+      echo -e "\e[33mPushing new image to registry as ${TAG}\e[0m"
+      podman push ${TAG}
+  rules:
+    - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PROJECT_NAMESPACE == 'tpo/applications')
+      changes:
+          - '.gitlab/ci/containers/base/Containerfile'