On 24/10/2024 11:04 am, Javi Merino wrote: > Rework the container to use heredocs for readability, and use > apt-get --no-install-recommends to keep the size down. > > This reduces the size of the (uncompressed) container from 3.44GB to 1.67GB.
!! > > Signed-off-by: Javi Merino <javi.mer...@cloud.com> > --- > automation/build/debian/12-x86_64.dockerfile | 68 ++++++++++++++++++++ > automation/build/debian/bookworm.dockerfile | 57 ---------------- > automation/gitlab-ci/build.yaml | 20 +++--- > automation/gitlab-ci/test.yaml | 14 ++-- > automation/scripts/containerize | 2 +- > 5 files changed, 86 insertions(+), 75 deletions(-) > create mode 100644 automation/build/debian/12-x86_64.dockerfile > delete mode 100644 automation/build/debian/bookworm.dockerfile > > diff --git a/automation/build/debian/12-x86_64.dockerfile > b/automation/build/debian/12-x86_64.dockerfile > new file mode 100644 > index 000000000000..e0ca8b7e9c91 > --- /dev/null > +++ b/automation/build/debian/12-x86_64.dockerfile > @@ -0,0 +1,68 @@ > +# syntax=docker/dockerfile:1 > +FROM --platform=linux/amd64 debian:bookworm > +LABEL maintainer.name="The Xen Project" \ > + maintainer.email="xen-devel@lists.xenproject.org" This wants to become two LABEL lines. > + > +ENV DEBIAN_FRONTEND=noninteractive > + > +# build depends > +RUN <<EOF > +#!/bin/bash > + set -eu Doesn't this need a `useradd --create-home user` here? [Edit] Oh, no, because of the script change. In which case can you note this in the commit message and says a root container for now, until some other CI scripts can be adjusted. > + > + apt-get update apt-get -y > + DEPS=( > + # Xen > + bison > + build-essential > + checkpolicy > + clang > + flex > + > + # Tools (general) > + ca-certificates Interestingly, we've gained ca-certificates and dropped apt-transport-https. ca-certificates is a side effect of --no-install-recommends, so is fine. I recall there being a specific reason why we needed apt-transport-https, but I can't recall why exactly. Something about the LetsEncrypt Cert used by xenbits IIRC. Anthony - do you remember? > + expect Expect is only for the test phase, so should move later. > + git-core > + libnl-3-dev libnl-3-dev should be down in the #libxl section. It's only for COLO support. > + pkg-config > + wget > + # libxenguest dombuilder > + liblzma-dev > + zlib1g-dev This is also fun. In Ubuntu, I've got: libbz2-dev libzstd-dev liblzo2-dev liblzma-dev zlib1g-dev which I think is all the algorithms we support in libxenguest. Any decompressor which we don't find a suitable devel package gets the hypervisor form instead. > + # To build the documentation > + pandoc I know we had pandoc before, but I'd like to drop it. I'm intending to turn off docs generally, and do them separately in a single job that has *all* the docs build dependencies, not a misc subset that the build system happens not to complain at. I'm on the fence about the Qemu build things. It's off by default now, but the container never previously had meson/ninja so it wouldn't have built either. Perhaps leave them out until someone complains. One thing you did drop which probably wants to stay is golang. We have golang bindings for libxl which (like Ocaml) are built conditionally on finding the toolchain. ~Andrew
