From 5f7b82009f52fdfb00c4ac420a14e8a569c088d4 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 13 Oct 2022 12:14:17 -0400 Subject: [PATCH 1/5] add redhat 9 build and package --- .../redhat-9/Dockerfile | 34 ++++++++++++++ .../redhat-9/entrypoint.sh | 44 +++++++++++++++++++ .github/workflows/cpack.yml | 13 ++++-- 3 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 .github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile create mode 100755 .github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile new file mode 100644 index 00000000..02c87711 --- /dev/null +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile @@ -0,0 +1,34 @@ +FROM quay.io/rockylinux/rockylinux:9 + +LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" + +USER root +WORKDIR /root/ + +ENV PATH="/usr/local/:${PATH}" +ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 +ENV TZ=UTC + +RUN dnf install -y \ + "@Development Tools" \ + cmake \ + dnf-plugins-core \ + iproute \ + python3 \ + systemd-devel \ + zlib-devel \ + systemd-rpm-macros \ + cmake-rpm-macros \ + openssl-devel \ + libatomic \ + && dnf config-manager --set-enabled crb \ + && dnf install -y \ + doxygen \ + graphviz \ + git \ + && dnf clean all + + +WORKDIR /github/workspace +COPY ./entrypoint.sh /root/ +ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh new file mode 100755 index 00000000..6d69dc22 --- /dev/null +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# +# RedHat 9 +# + +set -euo pipefail + +# these commands must be in the entrypoint so they are run after workspace is mounted on Docker workdir +echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" +echo "INFO: WORKDIR=${PWD}" +echo "INFO: $(git --version)" + +# workspace dir for each build env is added to "safe" dirs in global config e.g. +# ~/.gitconfig so both runner and builder containers trust these dirs +# owned by different UIDs from that of Git's EUID. This is made necessary +# by newly-enforced directory boundaries in Git v2.35.2 +# ref: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ +for SAFE in \ + /github/workspace \ + /__w/ziti-tunnel-sdk-c/ziti-tunnel-sdk-c \ + /mnt ; do + git config --global --add safe.directory ${SAFE} +done + +cmake -E make_directory ./build +( + cmake \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DBUILD_DIST_PACKAGES=ON \ + -DUSE_OPENSSL=ON \ + -S . \ + -B ./build + cmake \ + --build ./build \ + --target package \ + --verbose +) + +if (( ${#} )); then + echo "INFO: running ziti-edge-tunnel" + set -x + ./build/programs/ziti-edge-tunnel/ziti-edge-tunnel ${@} +fi diff --git a/.github/workflows/cpack.yml b/.github/workflows/cpack.yml index 12d641e1..ee7f236f 100644 --- a/.github/workflows/cpack.yml +++ b/.github/workflows/cpack.yml @@ -58,6 +58,11 @@ jobs: release_name: ${{ null }} type: rpm container: docker.io/library/rockylinux:8 + - name: redhat + version: "9" + release_name: ${{ null }} + type: rpm + container: docker.io/library/rockylinux:9 exclude: - distro: name: ubuntu @@ -86,7 +91,7 @@ jobs: steps: # only focal-20.04 has >= 2.18, which is required by actions/checkout to clone # which enables cmake version discovery - - name: install Modern Git in runner container if Ubuntu + - name: install contemporary Git in runner container if Ubuntu if: ${{ matrix.distro.name == 'ubuntu' }} run: | apt -y update @@ -96,14 +101,14 @@ jobs: apt -y install git git --version - - name: install Modern Git in runner container if RedHat 8 - if: ${{ matrix.distro.name == 'redhat' && matrix.distro.version == '8' }} + - name: install contemporary Git in runner container if RedHat 8 or 9 + if: ${{ matrix.distro.name == 'redhat' && (matrix.distro.version == '8' || matrix.distro.version == '9') }} run: | dnf -y update dnf -y install git git --version - - name: install Modern Git in runner container if RedHat 7 + - name: install contemporary Git in runner container if RedHat 7 if: ${{ matrix.distro.name == 'redhat' && matrix.distro.version == '7' }} run: | yum -y update From d0c5eff2be16225f38ea7731c34e6a5159a87110 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 28 Mar 2023 14:53:12 -0400 Subject: [PATCH 2/5] update the RedHat9 builder image to use pinned CMake --- .../redhat-9/Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile index 02c87711..8c4d4647 100644 --- a/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile @@ -1,6 +1,10 @@ -FROM quay.io/rockylinux/rockylinux:9 +ARG CMAKE_VERSION="3.22.3" -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +FROM rockylinux:9 + +ARG CMAKE_VERSION + +LABEL org.opencontainers.image.authors="support@netfoundry.io" USER root WORKDIR /root/ @@ -28,7 +32,10 @@ RUN dnf install -y \ git \ && dnf clean all - +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh + WORKDIR /github/workspace COPY ./entrypoint.sh /root/ ENTRYPOINT [ "/root/entrypoint.sh" ] From 7ca2671607d8edebd11bcdc1ce0d9cb50a86ca62 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 8 Jun 2023 16:46:09 -0400 Subject: [PATCH 3/5] adapt RH9 build to VCPKG --- .../redhat-9/Dockerfile | 15 ++++++++-- .../redhat-9/entrypoint.sh | 30 +++++++++++++------ 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile index 8c4d4647..bb42556f 100644 --- a/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile @@ -1,4 +1,4 @@ -ARG CMAKE_VERSION="3.22.3" +ARG CMAKE_VERSION="3.26.3" FROM rockylinux:9 @@ -15,7 +15,6 @@ ENV TZ=UTC RUN dnf install -y \ "@Development Tools" \ - cmake \ dnf-plugins-core \ iproute \ python3 \ @@ -30,12 +29,24 @@ RUN dnf install -y \ doxygen \ graphviz \ git \ + ninja-build \ && dnf clean all RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ && (bash cmake.sh --skip-license --prefix=/usr/local) \ && rm cmake.sh +ENV GIT_CONFIG_GLOBAL="/tmp/ziti-builder-gitconfig" + +ENV VCPKG_ROOT=/usr/local/vcpkg +# this must be set on arm. see https://learn.microsoft.com/en-us/vcpkg/users/config-environment#vcpkg_force_system_binaries +ENV VCPKG_FORCE_SYSTEM_BINARIES=yes + +RUN cd /usr/local \ + && git clone --branch 2023.04.15 https://github.com/microsoft/vcpkg \ + && ./vcpkg/bootstrap-vcpkg.sh -disableMetrics \ + && chmod -R ugo+rwX /usr/local/vcpkg + WORKDIR /github/workspace COPY ./entrypoint.sh /root/ ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh index 6d69dc22..1f397eca 100755 --- a/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh @@ -10,6 +10,20 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set cmake preset, +# else use ci-linux-x64 (which actually just uses native/host tools - e.g. not cross compile) +if [ ${#} -ge 1 ]; then + cmake_preset="${1}" +else + cmake_preset="ci-linux-x64" +fi + +if [ ${#} -ge 2 ]; then + cmake_config="${2}" +else + cmake_config="Release" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,23 +36,21 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done -cmake -E make_directory ./build ( + [[ -d ./build ]] && rm -r ./build + cmake -E make_directory ./build + # allow unset for scl_source scripts + set +u cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + --preset "${cmake_preset}" \ + -DCMAKE_BUILD_TYPE="${cmake_config}" \ -DBUILD_DIST_PACKAGES=ON \ -DUSE_OPENSSL=ON \ -S . \ -B ./build cmake \ --build ./build \ + --config "${cmake_config}" \ --target package \ --verbose ) - -if (( ${#} )); then - echo "INFO: running ziti-edge-tunnel" - set -x - ./build/programs/ziti-edge-tunnel/ziti-edge-tunnel ${@} -fi From d78d3416158e0a9407592fa46cba84fa99c88f7c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 8 Jun 2023 16:53:37 -0400 Subject: [PATCH 4/5] stop redundantly triggering CI build for every push --- .github/workflows/cmake.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index a1532c10..1fab2fa4 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -1,12 +1,9 @@ name: CI build on: - push: - branches: [ '**' ] - pull_request: branches: [ main ] - + workflow_dispatch: workflow_call: jobs: From a06f1810cc6c3596fed8eccc9db391a03c7acae3 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 12 Jun 2023 11:49:01 -0400 Subject: [PATCH 5/5] stop setting USE_OPENSSL --- .../openziti-tunnel-build-action/redhat-8/entrypoint.sh | 1 - .../openziti-tunnel-build-action/redhat-9/entrypoint.sh | 1 - docker/linux-cross-build.sh | 9 --------- docker/linux-native-build.sh | 7 ------- scripts/openwrt-build.sh | 2 +- 5 files changed, 1 insertion(+), 19 deletions(-) diff --git a/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh index 7f65a523..e4bdfd04 100755 --- a/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh @@ -47,7 +47,6 @@ cmake -E make_directory ./build --preset "${cmake_preset}" \ -DCMAKE_BUILD_TYPE="${cmake_config}" \ -DBUILD_DIST_PACKAGES=ON \ - -DUSE_OPENSSL=ON \ -S . \ -B ./build source scl_source enable gcc-toolset-10 \ diff --git a/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh index 1f397eca..e435407f 100755 --- a/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh @@ -45,7 +45,6 @@ done --preset "${cmake_preset}" \ -DCMAKE_BUILD_TYPE="${cmake_config}" \ -DBUILD_DIST_PACKAGES=ON \ - -DUSE_OPENSSL=ON \ -S . \ -B ./build cmake \ diff --git a/docker/linux-cross-build.sh b/docker/linux-cross-build.sh index a69805e8..e96789e9 100755 --- a/docker/linux-cross-build.sh +++ b/docker/linux-cross-build.sh @@ -8,7 +8,6 @@ set -x DIRNAME=$(dirname $0) REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives -: ${USE_OPENSSL:="OFF"} : ${TARGET:="bundle"} : ${BUILD_DIST_PACKAGES:="OFF"} : ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} @@ -16,12 +15,7 @@ REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this scrip if (( ${#} )); then for OPT in ${*}; do case $OPT in - --openssl) - USE_OPENSSL="ON" - shift - ;; --package) - USE_OPENSSL="ON" TARGET="package" BUILD_DIST_PACKAGES="ON" shift @@ -50,7 +44,6 @@ for ARCH in ${JOBS[@]}; do amd64) { cmake \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ - -DUSE_OPENSSL=${USE_OPENSSL} \ -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ @@ -64,7 +57,6 @@ for ARCH in ${JOBS[@]}; do arm64) { cmake \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm64.cmake \ - -DUSE_OPENSSL=${USE_OPENSSL} \ -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ @@ -78,7 +70,6 @@ for ARCH in ${JOBS[@]}; do arm) { cmake \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm.cmake \ - -DUSE_OPENSSL=${USE_OPENSSL} \ -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ diff --git a/docker/linux-native-build.sh b/docker/linux-native-build.sh index dfbb04eb..6b5352f4 100755 --- a/docker/linux-native-build.sh +++ b/docker/linux-native-build.sh @@ -8,7 +8,6 @@ set -x DIRNAME=$(dirname $0) REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives -: ${USE_OPENSSL:="OFF"} : ${TARGET:="bundle"} : ${BUILD_DIST_PACKAGES:="OFF"} : ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} @@ -16,12 +15,7 @@ REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this scrip if (( ${#} )); then for OPT in ${*}; do case $OPT in - --openssl) - USE_OPENSSL="ON" - shift - ;; --package) - USE_OPENSSL="ON" TARGET="package" BUILD_DIST_PACKAGES="ON" shift @@ -41,7 +35,6 @@ mkdir ${CMAKE_BUILD_DIR} cmake \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ - -DUSE_OPENSSL=${USE_OPENSSL} \ -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ diff --git a/scripts/openwrt-build.sh b/scripts/openwrt-build.sh index f007a42a..511fd49d 100755 --- a/scripts/openwrt-build.sh +++ b/scripts/openwrt-build.sh @@ -90,7 +90,7 @@ if [ -x /usr/bin/ninja ]; then fi if [ -f "$target_dir/usr/include/openssl/opensslv.h" ]; then - CMAKE_OPTS="$CMAKE_OPTS -DUSE_OPENSSL=on" + CMAKE_OPTS="$CMAKE_OPTS" fi if [ -f "$target_dir/usr/include/sodium.h" ]; then