Use docker images with non-root user
authormrkkrp <markkarpov92@gmail.com>
Wed, 28 Feb 2018 09:33:59 +0000 (16:33 +0700)
committerBen Gamari <ben@smart-cactus.org>
Thu, 8 Mar 2018 01:50:44 +0000 (20:50 -0500)
That image creates an unprivileged user to run the test suite under.

.circleci/config.yml
.circleci/images/x86_64-linux/Dockerfile
.circleci/prepare-system.sh

index 295d803..b4a9947 100644 (file)
@@ -3,16 +3,6 @@ version: 2
 aliases:
   - &defaults
     working_directory: ~/ghc
-
-  # Make sure we have proper openssh before checkout: CircleCI git
-  # does not check the repository out properly without it and also
-  # takes 20 times longer than it should be.
-  - &precheckout
-    run:
-      name: Install OpenSSH client
-      command: |
-        apt-get update -qq
-        apt-get install -qy openssh-client
   - &prepare
     run:
       name: prepare-system
@@ -92,11 +82,10 @@ jobs:
   "validate-x86_64-linux":
     resource_class: xlarge
     docker:
-      - image: haskell:8.2
+      - image: mrkkrp/ghcci-x86_64-linux:0.0.4
     environment:
       <<: *buildenv
     steps:
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
@@ -111,12 +100,11 @@ jobs:
   "validate-x86_64-freebsd":
     resource_class: xlarge
     docker:
-      - image: tweag/toolchain-x86_64-freebsd
+      - image: mrkkrp/ghcci-x86_64-freebsd
     environment:
       TARGET: FreeBSD
       <<: *buildenv
     steps:
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
@@ -152,11 +140,10 @@ jobs:
   "validate-hadrian-x86_64-linux":
     resource_class: xlarge
     docker:
-      - image: haskell:8.2
+      - image: mrkkrp/ghcci-x86_64-linux:0.0.4
     environment:
       <<: *buildenv
     steps:
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
@@ -167,11 +154,10 @@ jobs:
   "validate-x86_64-linux-unreg":
     resource_class: xlarge
     docker:
-      - image: haskell:8.2
+      - image: mrkkrp/ghcci-x86_64-linux:0.0.4
     environment:
       <<: *buildenv
     steps:
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
@@ -183,7 +169,7 @@ jobs:
   "validate-x86_64-linux-llvm":
     resource_class: xlarge
     docker:
-      - image: haskell:8.2
+      - image: mrkkrp/ghcci-x86_64-linux:0.0.4
     environment:
       <<: *buildenv
       BUILD_FLAVOUR: perf-llvm
@@ -191,15 +177,11 @@ jobs:
       - run:
           name: Install LLVM
           command: |
-            apt-get update
-            apt-get install -y curl xz-utils
             curl http://releases.llvm.org/5.0.0/clang+llvm-5.0.0-x86_64-linux-gnu-debian8.tar.xz | tar -xJC ..
-            # See https://discuss.circleci.com/t/how-to-add-a-path-to-path-in-circle-2-0/11554/3
             echo "export PATH=`pwd`/../clang+llvm-5.0.0-x86_64-linux-gnu-debian8/bin:\$PATH" >> $BASH_ENV
       - run:
           name: Verify that llc works
           command: llc
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
@@ -212,12 +194,11 @@ jobs:
   "validate-x86_64-linux-debug":
     resource_class: xlarge
     docker:
-      - image: haskell:8.2
+      - image: mrkkrp/ghcci-x86_64-linux:0.0.4
     environment:
       BUILD_FLAVOUR: devel2
       <<: *buildenv
     steps:
-      - *precheckout
       - checkout
       - *prepare
       - *submodules
index aa8813f..d20f5ba 100644 (file)
@@ -1,3 +1,16 @@
 FROM haskell:8.2
-RUN adduser ghc --gecos 'GHC builds' --disabled-password
+
+# Make sure we have proper openssh before checkout: CircleCI git
+# does not check the repository out properly without it and also
+# takes 20 times longer than it should be.
+RUN apt-get update -qq
+RUN apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch openssh-client sudo -qq curl
+
+# Create a normal user.
+RUN adduser ghc --gecos "GHC builds" --disabled-password
+RUN echo "ghc ALL = NOPASSWD : ALL" > /etc/sudoers.d/ghc
 USER ghc
+
+WORKDIR /home/ghc/
+
+CMD ["bash"]
index 193fac9..61396c8 100755 (executable)
@@ -42,23 +42,25 @@ case "$(uname)" in
         fail "TARGET=$target not supported"
       fi
     else
-      # assuming Ubuntu
-      apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch
       cabal update
-      cabal install --reinstall hscolour --index-state=$hackage_index_state
+      cabal install --reinstall hscolour
+      sudo ln -s /home/ghc/.cabal/bin/HsColour /usr/local/bin/HsColour || true
     fi
     ;;
   Darwin)
     if [[ -n ${TARGET:-} ]]; then
       fail "uname=$(uname) not supported for cross-compilation"
     fi
-    brew install ghc cabal-install python3 ncurses gmp
+    # It looks like we already have python2 here and just installing python3
+    # does not work.
+    brew upgrade python
+    brew install ghc cabal-install ncurses gmp
     cabal update
     cabal install --reinstall alex happy haddock hscolour --index-state=$hackage_index_state
     # put them on the $PATH, don't fail if already installed
     ln -s $HOME/.cabal/bin/alex /usr/local/bin/alex || true
     ln -s $HOME/.cabal/bin/happy /usr/local/bin/happy || true
-    ln -s $HOME/.cabal/bin/hscolour /usr/local/bin/hscolour || true
+    ln -s $HOME/.cabal/bin/HsColour /usr/local/bin/HsColour || true
     ;;
   *)
     fail "uname=$(uname) not supported"