jon.recoil.org
A fork of mtelver's day10 project
1open Dockerfile
2
3let platform = function
4 | "x86_64" | "amd64" -> "linux/amd64"
5 | "i386" | "i486" | "i586" | "i686" -> "linux/386"
6 | "aarch64" -> "linux/arm64"
7 | "armv7l" -> "linux/arm/v7"
8 | "armv6l" -> "linux/arm/v6"
9 | "ppc64le" -> "linux/ppc64le"
10 | "riscv64" -> "linux/riscv64"
11 | "s390x" -> "linux/s390x"
12 | arch -> "linux/" ^ arch
13
14let opam ~(config : Config.t) base_image =
15 let opam_arch = match config.arch with
16 | "x86_64" | "amd64" -> "x86_64"
17 | "aarch64" -> "aarch64"
18 | "armv7l" -> "armhf"
19 | "i386" | "i486" | "i586" | "i686" -> "i686"
20 | arch -> arch
21 in
22 from ~platform:(platform config.arch) ~alias:"opam-builder" base_image
23 @@ run "apt update && apt install -y curl"
24 @@ run "curl -fsSL https://github.com/ocaml/opam/releases/download/2.4.1/opam-2.4.1-%s-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam" opam_arch
25
26let opam_build ~(config : Config.t) base_image =
27 from ~platform:(platform config.arch) ~alias:"opam-build-builder" base_image
28 @@ run "apt update && apt install -y build-essential git curl unzip bubblewrap"
29 @@ copy ~from:"opam-builder" ~src:[ "/usr/local/bin/opam" ] ~dst:"/usr/local/bin/opam" ()
30 @@ run "opam init --disable-sandboxing -a --bare -y"
31 @@ run "git clone --depth 1 --branch master https://github.com/mtelvers/opam-build.git /tmp/opam-build"
32 @@ workdir "/tmp/opam-build"
33 @@ run "opam switch create . 5.3.0 --deps-only -y"
34 @@ run "opam exec -- dune build --release"
35 @@ run "install -m 755 _build/default/bin/main.exe /usr/local/bin/opam-build"
36
37let debian ~(config : Config.t) ~temp_dir _opam_repository build_log uid gid =
38 let base_image = Printf.sprintf "%s:%s" config.os_distribution config.os_version in
39 let dockerfile =
40 (opam ~config base_image) @@ (opam_build ~config base_image)
41 @@ from ~platform:(platform config.arch) base_image
42 @@ run "apt update && apt upgrade -y"
43 @@ run "apt install build-essential unzip bubblewrap git sudo curl rsync -y"
44 @@ copy ~from:"opam-builder" ~src:[ "/usr/local/bin/opam" ] ~dst:"/usr/local/bin/opam" ()
45 @@ copy ~from:"opam-build-builder" ~src:[ "/usr/local/bin/opam-build" ] ~dst:"/usr/local/bin/opam-build" ()
46 @@ run "echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections"
47 @@ run "if getent passwd %i; then userdel -r $(id -nu %i); fi" uid uid
48 @@ run "groupadd --gid %i opam" gid
49 @@ run "adduser --disabled-password --gecos '@opam' --no-create-home --uid %i --gid %i --home /home/opam opam" uid gid
50 @@ run "mkdir -p /home/opam && chown -R %i:%i /home/opam" uid gid
51 @@ run "echo 'opam ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/opam"
52 @@ run "chmod 440 /etc/sudoers.d/opam" @@ run "chown root:root /etc/sudoers.d/opam"
53 @@ copy ~chown:(string_of_int uid ^ ":" ^ string_of_int gid) ~src:[ "opam-repository" ] ~dst:"/home/opam/opam-repository" ()
54 @@ user "%i:%i" uid gid @@ workdir "/home/opam"
55 @@ run "opam init -k local -a /home/opam/opam-repository --bare --disable-sandboxing -y"
56 @@ run "opam switch create default --empty"
57 in
58 let dockerfile_path = Path.(temp_dir / "Dockerfile") in
59 let () = Os.write_to_file dockerfile_path (Dockerfile.string_of_t dockerfile) in
60 let tag = Printf.sprintf "day10-%s:%s" config.os_distribution config.os_version in
61 let build_result = Os.exec ~stdout:build_log ~stderr:build_log [ "docker"; "build"; "--network=host"; "-t"; tag; temp_dir ] in
62 match build_result with
63 | 0 ->
64 let rootfs = Path.(temp_dir / "fs") in
65 let container = Filename.basename temp_dir in
66 let () = Os.mkdir rootfs in
67 let _ = Os.sudo ~stdout:"/dev/null" [ "docker"; "create"; "--name"; container; tag ] in
68 let _ = Os.run (String.concat " " [ "sudo"; "docker"; "export"; container; "|"; "sudo"; "tar"; "-xf"; "-"; "-C"; rootfs ]) in
69 let _ = Os.sudo ~stdout:"/dev/null" [ "docker"; "rm"; container ] in
70 let _ = Os.sudo [ "sh"; "-c"; ("rm -f " ^ Path.(rootfs / "home" / "opam" / ".opam" / "repo" / "state-*.cache")) ] in
71 0
72 | build_result -> build_result