build/ci: replace build container with nix
Change-Id: Ie304e50bef9a7d19aa57d5d0e63e6f1e574941ea
Reviewed-on: https://review.monogon.dev/c/monogon/+/2185
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI
diff --git a/build/ci/Dockerfile b/build/ci/Dockerfile
deleted file mode 100644
index 460b31d..0000000
--- a/build/ci/Dockerfile
+++ /dev/null
@@ -1,43 +0,0 @@
-FROM docker.io/fedora:37@sha256:3487c98481d1bba7e769cf7bcecd6343c2d383fdd6bed34ec541b6b23ef07664
-
-RUN dnf -y upgrade && \
- dnf -y install --setopt=tsflags=nodocs \
- java-11-openjdk-headless \
- dotnet-runtime-6.0 \
- jq \
- tini \
- patch \
- golang && \
- dnf clean all
-
-# (java-11-openjdk-headless and tini are required for the Jenkins CI agent)
-# (dotnet-runtime-5.0 and jq are required for the GitHub Actions runner)
-# (golang is required for us to build bazelisk - see below)
-
-# Install gcloud tooling
-RUN curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-424.0.0-linux-x86_64.tar.gz && \
- tar -xf google-cloud-cli-424.0.0-linux-x86_64.tar.gz && \
- mv google-cloud-sdk /opt/ && \
- /opt/google-cloud-sdk/install.sh
-
-ENV PATH="/opt/google-cloud-sdk/bin:${PATH}"
-
-# Create CI build user. It is used by CI infrastructure to run build agents as.
-# The newly created user will have a UID of 500, and a corresponding CI group
-# of GID 500 will be created as well. This UID:GID pair's numeric values are
-# relied on by the CI infrastructure and must not change without coordination.
-RUN set -e -x ;\
- useradd -u 500 -U -m -d /home/ci ci
-
-# Use a shared Go module cache for gazelle
-# https://github.com/bazelbuild/bazel-gazelle/pull/535
-ENV GO_REPOSITORY_USE_HOST_CACHE=1
-
-USER ci
-
-# Install Bazelisk. We do not have to pin a checksum since Go automatically
-# relies on its built-in transparency log for pinning.
-RUN go install github.com/bazelbuild/bazelisk@v1.15.0
-ENV PATH="/home/ci/go/bin:${PATH}"
-
-WORKDIR /work
diff --git a/build/ci/README.md b/build/ci/README.md
index 7eda3d6..625b1c9 100644
--- a/build/ci/README.md
+++ b/build/ci/README.md
@@ -10,22 +10,6 @@
should serve as a public reference that explains how that part works and how it
integrates with `//build/ci/...` and the project as a whole.
-Builder Image & Container
--------------------------
-
-`//build/ci/Dockerfile` describes a 'builder image'. This image contains a
-stable, Fedora-based build environment in which all Monogon components should
-be built. The Jenkins based CI uses the Builder image as a base to run Jenkins agents.
-
-A Monogon SE developer runs `//build/ci/build_ci_image`, which builds the
-Builder Image and pushes it to a container registry. Then, in another
-repository, that image is used as a base to overlay a Jenkins agent on top,
-and then used to run all Jenkins actions.
-
-The build image contains only basic dependencies that are required to bootstrap
-the sandbox sysroot and run the CI agents. All other build-time dependencies
-are managed by Bazel via [third_party/sandboxroot](../../third_party/sandboxroot).
-
CI usage
--------
diff --git a/build/ci/build_ci_image.sh b/build/ci/build_ci_image.sh
deleted file mode 100755
index e097ba6..0000000
--- a/build/ci/build_ci_image.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-IMAGE=gcr.io/monogon-infra/monogon-builder:$(date +%s)
-
-docker build -t "$IMAGE" .
-gcloud docker --authorize-only
-docker push "$IMAGE"
diff --git a/build/ci/jenkins-presubmit.groovy b/build/ci/jenkins-presubmit.groovy
index d5ad565..4df1116 100644
--- a/build/ci/jenkins-presubmit.groovy
+++ b/build/ci/jenkins-presubmit.groovy
@@ -21,10 +21,10 @@
gerritCheck checks: ['jenkins:test': 'RUNNING'], message: "Running on ${env.NODE_NAME}"
echo "Gerrit change: ${GERRIT_CHANGE_URL}"
sh "git clean -fdx -e '/bazel-*'"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk test //..."
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_arm64 //metropolis/cli/metroctl"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //metropolis/cli/metroctl"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk test --config dbg //..."
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel test //..."
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_arm64 //metropolis/cli/metroctl"
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //metropolis/cli/metroctl"
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel test --config dbg //..."
}
post {
success {
@@ -47,9 +47,9 @@
gerritCheck checks: ['jenkins:gazelle': 'RUNNING'], message: "Running on ${env.NODE_NAME}"
echo "Gerrit change: ${GERRIT_CHANGE_URL}"
sh "git clean -fdx -e '/bazel-*'"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk run //:gazelle-update-repos"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk run //:gazelle -- update"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk run //:go -- mod tidy"
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:gazelle-update-repos"
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:gazelle -- update"
+ sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:go -- mod tidy"
script {
def diff = sh script: "git status --porcelain", returnStdout: true