diff --git a/.zuul.yaml b/.zuul.yaml index ba2e566c1e..8ddd0ae120 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -187,14 +187,17 @@ override-checkout: stable-2.15 vars: &gerrit_vars docker_images: - - context: docker/gerrit - target: gerrit + - context: docker/gerrit/2.15 repository: opendevorg/gerrit path: /home/zuul/src/gerrit.googlesource.com/gerrit tags: - 2.15 - build_args: - - BAZEL_OPTS="--local_resources=4096,2.0,1.0" + # The 2.13 image doesn't build from source, but from existing war file + - context: docker/gerrit/2.13 + repository: opendevorg/gerrit + path: /home/zuul/src/opendev.org/opendev/system-config + tags: + - 2.13 files: &gerrit_files - docker/gerrit/.* - playbooks/zuul/gerrit/.* diff --git a/docker/gerrit/2.13/Dockerfile b/docker/gerrit/2.13/Dockerfile new file mode 100644 index 0000000000..9d588976aa --- /dev/null +++ b/docker/gerrit/2.13/Dockerfile @@ -0,0 +1,66 @@ +# Copyright (c) 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM openjdk:8 + +# It's not 100% clear that unzip and libmysql-java are needed +RUN apt-get update \ + && apt-get install -y dumb-init wget unzip libmysql-java \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# 3000 is what the existing opendev gerrit2 user is +RUN addgroup gerrit --gid 3000 --system \ + && adduser \ + --uid 3000 \ + --system \ + --home /var/gerrit \ + --shell /bin/bash \ + --ingroup gerrit \ + gerrit + +USER gerrit + +# Download the gerrit war +RUN mkdir /var/gerrit/bin && \ + wget https://tarballs.openstack.org/gerrit/gerrit-v2.13.12.11.1707fec.war -O /var/gerrit/bin/gerrit.war + +# Install plugins +RUN mkdir /var/gerrit/plugins && \ + wget https://tarballs.openstack.org/ci/gerrit/plugins/javamelody/javamelody-v2.13.3.e4233d6.jar -O /var/gerrit/plugins/javamelody.jar && \ + wget https://tarballs.openstack.org/ci/gerrit/plugins/its-storyboard/its-storyboard-805f9ac.jar -O /var/gerrit/plugins/its-storyboard.jar + +# Force gerrit to use bouncycastle for security things. +# Also use the distro-provided mysql-connector. +RUN mkdir /var/gerrit/lib && \ + unzip -jo /var/gerrit/bin/gerrit.war WEB-INF/plugins/* -d /var/gerrit/plugins && \ + wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar -O /var/gerrit/lib/bcprov-1.52.jar && \ + wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar -O /var/gerrit/lib/bcpkix-1.52.jar && \ + ln -s /usr/share/java/mysql-connector-java.jar /var/gerrit/lib/mysql-connector-java.jar + +# Allow incoming traffic +EXPOSE 29418 8080 + +VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit + +RUN ln -s /var/log/gerrit /var/gerrit/logs + +# container.javaOptions +# Also include container.heapLimit - but with -Xmx prefixing it +ENV JAVA_OPTIONS "" + +# Ulimits should be set on command line or in docker-compose.yaml +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"] diff --git a/docker/gerrit/2.15/Dockerfile b/docker/gerrit/2.15/Dockerfile new file mode 100644 index 0000000000..580772a27c --- /dev/null +++ b/docker/gerrit/2.15/Dockerfile @@ -0,0 +1,85 @@ +# Copyright (c) 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM l.gcr.io/google/bazel:0.26.1 as bazel + +# The bazel image comes with bazel only runnable by root for some weird reason. +# The bower build in gerrit does not work as root. +# Fix the bazel image. +RUN groupadd builder && \ + useradd builder --home-dir /usr/src --create-home -g builder +RUN chown -R builder /usr/src /usr/local/lib/bazel \ + && chmod +x /usr/local/lib/bazel + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - \ + && apt-get update \ + && apt-get install -y nodejs + +USER builder +WORKDIR /usr/src + +FROM bazel as builder + +USER builder +COPY . /usr/src + +ARG BAZEL_OPTS +RUN cd /usr/src \ + && bazel build release \ + --local_ram_resources=4096 \ + --local_cpu_resources=1 \ + --host_force_python=PY3 \ + --incompatible_string_join_requires_strings=false \ + --host_javabase=@local_jdk//:jdk \ + --javabase=@local_jdk//:jdk \ + --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \ + --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \ + ${BAZEL_OPTS} + +FROM openjdk:8 + +RUN apt-get update \ + && apt-get install -y dumb-init \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# 3000 is what the existing opendev gerrit2 user is +RUN addgroup gerrit --gid 3000 --system \ + && adduser \ + --system \ + --uid 3000 \ + --home /var/gerrit \ + --shell /bin/bash \ + --ingroup gerrit \ + gerrit + +USER gerrit +RUN mkdir /var/gerrit/bin +COPY --from=builder /usr/src/bazel-bin/release.war /var/gerrit/bin/gerrit.war + +# Allow incoming traffic +EXPOSE 29418 8080 + +VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit + +RUN ln -s /var/log/gerrit /var/gerrit/logs + +# container.javaOptions +# Also include container.heapLimit - but with -Xmx prefixing it +ENV JAVA_OPTIONS "" + +# Ulimits should be set on command line or in docker-compose.yaml +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"] diff --git a/docker/gerrit/Dockerfile b/docker/gerrit/Dockerfile deleted file mode 100644 index ce94e845ab..0000000000 --- a/docker/gerrit/Dockerfile +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (c) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM openjdk:8 as builder - -RUN groupadd builder && \ - useradd builder --home-dir /usr/src --create-home -g builder -RUN \ - echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \ - && curl -sL https://bazel.build/bazel-release.pub.gpg | apt-key add - \ - && curl -sL https://deb.nodesource.com/setup_8.x | bash - \ - && apt-get update \ - && apt-get install -y bazel nodejs build-essential zip unzip python maven - -COPY . /usr/src -RUN chown -R builder /usr/src - -USER builder -ARG BAZEL_OPTS -RUN cd /usr/src && bazel build release ${BAZEL_OPTS} && mv bazel-bin/release.war gerrit.war - -FROM openjdk:8 - -RUN apt-get update \ - && apt-get install -y dumb-init \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN addgroup gerrit --system \ - && adduser \ - --system \ - --home /var/gerrit \ - --shell /bin/bash \ - --ingroup gerrit \ - gerrit - -USER gerrit -RUN mkdir /var/gerrit/bin -COPY --from=builder /usr/src/gerrit.war /var/gerrit/bin/gerrit.war - -# Allow incoming traffic -EXPOSE 29418 8080 - -VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /etc/gerrit /var/log/gerrit - -RUN ln -s /var/log/gerrit /var/gerrit/logs && \ - ln -s /etc/gerrit /var/gerrit/config - -ENTRYPOINT ["/usr/bin/dumb-init", "--"] -CMD ["/usr/bin/java", "-jar", "/var/gerrit/bin/gerrit.war"]