diff options
| author | mrkkrp <markkarpov92@gmail.com> | 2018-02-28 16:33:59 +0700 |
|---|---|---|
| committer | Ben Gamari <ben@smart-cactus.org> | 2018-03-07 20:50:44 -0500 |
| commit | 648cb28f51593658176f83e8417a5b1f921f9df6 (patch) | |
| tree | 4636eb240b96887e012e4ebbdfe43540b287ca5f /.circleci | |
| parent | d9d463289fe20316cff12a8f0dbf414db678fa72 (diff) | |
| download | haskell-648cb28f51593658176f83e8417a5b1f921f9df6.tar.gz | |
Use docker images with non-root user
That image creates an unprivileged user to run the test suite under.
Diffstat (limited to '.circleci')
| -rw-r--r-- | .circleci/config.yml | 31 | ||||
| -rw-r--r-- | .circleci/images/x86_64-linux/Dockerfile | 15 | ||||
| -rwxr-xr-x | .circleci/prepare-system.sh | 12 |
3 files changed, 27 insertions, 31 deletions
diff --git a/.circleci/config.yml b/.circleci/config.yml index 295d803a6f..b4a99473c8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,16 +3,6 @@ version: 2 aliases: - &defaults working_directory: ~/ghc - - # Make sure we have proper openssh before checkout: CircleCI git - # does not check the repository out properly without it and also - # takes 20 times longer than it should be. - - &precheckout - run: - name: Install OpenSSH client - command: | - apt-get update -qq - apt-get install -qy openssh-client - &prepare run: name: prepare-system @@ -92,11 +82,10 @@ jobs: "validate-x86_64-linux": resource_class: xlarge docker: - - image: haskell:8.2 + - image: mrkkrp/ghcci-x86_64-linux:0.0.4 environment: <<: *buildenv steps: - - *precheckout - checkout - *prepare - *submodules @@ -111,12 +100,11 @@ jobs: "validate-x86_64-freebsd": resource_class: xlarge docker: - - image: tweag/toolchain-x86_64-freebsd + - image: mrkkrp/ghcci-x86_64-freebsd environment: TARGET: FreeBSD <<: *buildenv steps: - - *precheckout - checkout - *prepare - *submodules @@ -152,11 +140,10 @@ jobs: "validate-hadrian-x86_64-linux": resource_class: xlarge docker: - - image: haskell:8.2 + - image: mrkkrp/ghcci-x86_64-linux:0.0.4 environment: <<: *buildenv steps: - - *precheckout - checkout - *prepare - *submodules @@ -167,11 +154,10 @@ jobs: "validate-x86_64-linux-unreg": resource_class: xlarge docker: - - image: haskell:8.2 + - image: mrkkrp/ghcci-x86_64-linux:0.0.4 environment: <<: *buildenv steps: - - *precheckout - checkout - *prepare - *submodules @@ -183,7 +169,7 @@ jobs: "validate-x86_64-linux-llvm": resource_class: xlarge docker: - - image: haskell:8.2 + - image: mrkkrp/ghcci-x86_64-linux:0.0.4 environment: <<: *buildenv BUILD_FLAVOUR: perf-llvm @@ -191,15 +177,11 @@ jobs: - run: name: Install LLVM command: | - apt-get update - apt-get install -y curl xz-utils curl http://releases.llvm.org/5.0.0/clang+llvm-5.0.0-x86_64-linux-gnu-debian8.tar.xz | tar -xJC .. - # See https://discuss.circleci.com/t/how-to-add-a-path-to-path-in-circle-2-0/11554/3 echo "export PATH=`pwd`/../clang+llvm-5.0.0-x86_64-linux-gnu-debian8/bin:\$PATH" >> $BASH_ENV - run: name: Verify that llc works command: llc - - *precheckout - checkout - *prepare - *submodules @@ -212,12 +194,11 @@ jobs: "validate-x86_64-linux-debug": resource_class: xlarge docker: - - image: haskell:8.2 + - image: mrkkrp/ghcci-x86_64-linux:0.0.4 environment: BUILD_FLAVOUR: devel2 <<: *buildenv steps: - - *precheckout - checkout - *prepare - *submodules diff --git a/.circleci/images/x86_64-linux/Dockerfile b/.circleci/images/x86_64-linux/Dockerfile index aa8813ff56..d20f5bae9b 100644 --- a/.circleci/images/x86_64-linux/Dockerfile +++ b/.circleci/images/x86_64-linux/Dockerfile @@ -1,3 +1,16 @@ FROM haskell:8.2 -RUN adduser ghc --gecos 'GHC builds' --disabled-password + +# Make sure we have proper openssh before checkout: CircleCI git +# does not check the repository out properly without it and also +# takes 20 times longer than it should be. +RUN apt-get update -qq +RUN apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch openssh-client sudo -qq curl + +# Create a normal user. +RUN adduser ghc --gecos "GHC builds" --disabled-password +RUN echo "ghc ALL = NOPASSWD : ALL" > /etc/sudoers.d/ghc USER ghc + +WORKDIR /home/ghc/ + +CMD ["bash"] diff --git a/.circleci/prepare-system.sh b/.circleci/prepare-system.sh index 193fac9a2d..61396c8eb8 100755 --- a/.circleci/prepare-system.sh +++ b/.circleci/prepare-system.sh @@ -42,23 +42,25 @@ case "$(uname)" in fail "TARGET=$target not supported" fi else - # assuming Ubuntu - apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch cabal update - cabal install --reinstall hscolour --index-state=$hackage_index_state + cabal install --reinstall hscolour + sudo ln -s /home/ghc/.cabal/bin/HsColour /usr/local/bin/HsColour || true fi ;; Darwin) if [[ -n ${TARGET:-} ]]; then fail "uname=$(uname) not supported for cross-compilation" fi - brew install ghc cabal-install python3 ncurses gmp + # It looks like we already have python2 here and just installing python3 + # does not work. + brew upgrade python + brew install ghc cabal-install ncurses gmp cabal update cabal install --reinstall alex happy haddock hscolour --index-state=$hackage_index_state # put them on the $PATH, don't fail if already installed ln -s $HOME/.cabal/bin/alex /usr/local/bin/alex || true ln -s $HOME/.cabal/bin/happy /usr/local/bin/happy || true - ln -s $HOME/.cabal/bin/hscolour /usr/local/bin/hscolour || true + ln -s $HOME/.cabal/bin/HsColour /usr/local/bin/HsColour || true ;; *) fail "uname=$(uname) not supported" |