fix: pin versions, add hadolint and remove old 20.04 image (#66)

matter-labs · Mar 4, 2024 · 2bb156a · 2bb156a
1 parent 334e980
commit 2bb156a
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 143 deletions.
diff --git a/.github/workflows/handle_llvm_runner_image.yml b/.github/workflows/handle_llvm_runner_image.yml
@@ -1,4 +1,4 @@
-name: Handle LLVM_runner docker image
+name: Build and release
 
 on:
   pull_request:
@@ -9,53 +9,22 @@ on:
       - main
 
 jobs:
-  check_changes:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      image_to_build: ${{ steps.set_output.outputs.image_to_build }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - id: determine_changes
-        uses: tj-actions/changed-files@v41
-        with:
-          files_yaml: |
-            llvm_runner:
-              - "images/llvm_runner/Dockerfile"
-            llvm_runner_jammy:
-              - "images/llvm_runner/jammy.Dockerfile"
-            both:
-              - ".github/workflows/handle_llvm_runner_image.yml"
-
-      - id: set_output
-        run: |
-          if [ "${{ steps.determine_changes.outputs.llvm_runner_any_changed }}" == "true" ]; then
-            echo "image_to_build=llvm_runner" >> "$GITHUB_OUTPUT"
-          elif [ "${{ steps.determine_changes.outputs.llvm_runner_jammy_any_changed }}" == "true" ]; then
-            echo "image_to_build=llvm_runner_jammy" >> "$GITHUB_OUTPUT"
-          elif [ "${{ steps.determine_changes.outputs.both_any_changed }}" == "true" ]; then
-            echo "image_to_build=both" >> "$GITHUB_OUTPUT"
-          else
-            echo "image_to_build=none" >> "$GITHUB_OUTPUT"
-          fi
-
   handle_image:
-    needs: check_changes
-    if: needs.check_changes.outputs.image_to_build != 'none'
-    runs-on: [matterlabs-ci-runner]
+    runs-on: matterlabs-ci-runner
     strategy:
       matrix:
-        tag_prefix: ["", "ubuntu22-llvm15-"]
+        tag_prefix: ["ubuntu22-llvm15"]
       fail-fast: false
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set outputs
-        id: set_output
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: images/llvm_runner/${{ matrix.tag_prefix }}.Dockerfile
+
+      - name: Identify short SHA
+        id: short_sha
+        run: echo "sha=$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}"
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -74,7 +43,7 @@ jobs:
         with:
           push: ${{ github.event_name == 'push' }}
           tags: |
-            matterlabs/llvm_runner:${{ matrix.tag_prefix }}${{ steps.set_output.outputs.sha_short }}
-            matterlabs/llvm_runner:${{ matrix.tag_prefix }}latest
-          file: images/llvm_runner/${{ matrix.tag_prefix == 'ubuntu22-llvm15-' && 'jammy.' || '' }}Dockerfile
+            matterlabs/llvm_runner:${{ matrix.tag_prefix }}-${{ steps.short_sha.outputs.sha }}
+            matterlabs/llvm_runner:${{ matrix.tag_prefix }}-latest
+          file: images/llvm_runner/${{ matrix.tag_prefix }}.Dockerfile
           platforms: 'linux/amd64,linux/arm64,linux/arm64/v8'
diff --git a/images/llvm_runner/Dockerfile b/images/llvm_runner/Dockerfile
diff --git a/images/llvm_runner/jammy.Dockerfile b/images/llvm_runner/jammy.Dockerfile
diff --git a/images/llvm_runner/ubuntu22-llvm15.Dockerfile b/images/llvm_runner/ubuntu22-llvm15.Dockerfile
@@ -0,0 +1,72 @@
+FROM ubuntu:22.04
+
+# Correctly handle errors with pipe commands
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Use defaults from apt
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install required apt packages
+RUN apt-get update && \
+    apt-get install --yes --no-install-recommends \
+    bash=5.1* \
+    git=1:2.34.* \
+    openssl=3.0.* \
+    curl=7.81.* \
+    libssl-dev=3.0.* \
+    sudo=1.9.* \
+    cmake=3.22.* \
+    ninja-build=1.10* \
+    libpq-dev=14.* \
+    pkg-config=0.29* \
+    jq=1.6* \
+    openssh-client=1:8* \
+    build-essential=12.9* \
+    libncurses5=6.3* \
+    xz-utils=5.2* \
+    wget=1.21* \
+    gnupg=2.2* \
+    musl-tools=1.2* \
+    valgrind=1:3.18* \
+    clang-15=1:15.0.* \
+    lld-15=1:15.0.* \
+    clang-tidy-15=1:15.0.* \
+    libboost-dev=1.74* \
+    libboost-filesystem-dev=1.74* \
+    libboost-test-dev=1.74* \
+    libboost-system-dev=1.74* \
+    libboost-program-options-dev=1.74* \
+    libboost-regex-dev=1.74* \
+    libboost-thread-dev=1.74* \
+    libboost-random-dev=1.74* \
+    libcvc4-dev=1.8* \
+    libcln-dev=1.3* \
+    gcc-9=9.* \
+    g++-9=9.* \
+    software-properties-common=0.99.* \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python 3.12
+RUN add-apt-repository ppa:deadsnakes/ppa && \
+    apt-get install --yes --no-install-recommends \
+        python3.12=3.12* \
+        python3.12-dev=3.12* \
+        python3.12-distutils=3.12* \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set gcc-9 as default for old compiler builds
+RUN update-alternatives --install \
+    /usr/bin/gcc gcc /usr/bin/gcc-9 60 --slave /usr/bin/g++ g++ /usr/bin/g++-9 && \
+    update-alternatives --config gcc
+
+# Install Rust
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
+
+# Set required environment variables
+ENV RUSTUP_HOME=/usr/local/rustup \
+    CARGO_HOME=/usr/local/cargo \
+    CARGO_NET_GIT_FETCH_WITH_CLI=true \
+    PATH=/usr/lib/llvm-15/bin:/usr/local/cargo/bin:${PATH} \
+    LD_LIBRARY_PATH=/usr/lib/llvm-15/lib:${LD_LIBRARY_PATH} \
+    LLVM_VERSION=15 \
+    CI_RUNNING=true