ci: Increase ephemeral data storage

Building the container image now fails with only 10 GiB of space...

README.md

@@ -1,62 +0,0 @@
-# Aimee OS Build Container Images
-
-Prerequisites:
-
-* `buildah`
-
-
-## Gentoo Stage 3 Image
-
-This image is used to bootstrap the base layer for Aimee OS build images.  To
-build it, use the `gentoo-stage3.sh` build script.  This script takes a single
-(optional) positional argument: the name of a Gentoo stage 3 tarball to use to
-produce the container image.  If none is specified, the latest
-`stage3-amd64-nomultilib-openrc` tarball is downloaded and used.
-
-```sh
-sh image-build/gentoo-stage3.sh
-```
-
-
-## Base Image
-
-The Aimee OS base build image is a minimal environment based on Gentoo.  It
-includes Portage and a basic build toolchain.  Building it requires a Stage 3
-image to bootstrap the environment.  By default,
-_aimee-os.org/gentoo/stage3-amd64-nomultilib-openrc:latest_ is used, but an
-alternative image can be specified using the `-b`/`--base` argument to the
-`base.sh` script.
-
-```sh
-sh image-build/base.sh
-```
-
-
-## Crossdev Image
-
-This image includes a cross-compilation toolchain, generated by _crossdev_.  It
-is built using the `cross.sh` script.  This script takes a `-t`/`--target`
-argument, which specifies the toolchain to generate.  The default is
-`aarch64-unknown-linux-gnu`.  This image is layered on top of the base image,
-which can be specified using the `-b`/`--base` argument.  By default,
-_aimee-os.org/build/base:latest_ is used.
-
-```sh
-sh image-build/cross.sh
-```
-
-## Build Image
-
-The top-level image is based on the Crossdev image, and includes additional
-tools for building an Aimee OS project.  It is built using the `build.sh` script.
-As with the Crossdev image build script, this script accepts `-t`/`--target`
-and `-b`/`--build` arguments, which specify the cross-compilation toolchain and
-base image later, respectively.
-
-```sh
-sh image-build/build.sh
-```
-
-This image is "squashed," meaning it consists of only a single layer.  The Base
-and Crossdev image layers are merged into the final layer when the image is
-built.  This reduces the final size of the image.

build.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 SELF=$(readlink -f "$0")
-SRCDIR=${SELF%/*/*}
+SRCDIR=${SELF%/*}
 . "${SRCDIR}"/lib/common.sh
 
 target=aarch64-unknown-linux-gnu
@@ -20,6 +20,7 @@ while [ $# -gt 0 ]; do
         exit 2
         ;;
     esac
+    shift
 done
 
 if [ -z "${base-}" ]; then
@@ -31,5 +32,5 @@ set -e
 cid=$(buildah from "${base}")
 buildah add "${cid}" portage /etc/portage
 buildah_run_script "${cid}" "${SRCDIR}"/lib/sync.sh
-buildah_run_script "${cid}" "${SRCDIR}"/lib/tools.sh
+buildah_run_script "${cid}" "${SRCDIR}"/tools.sh
 buildah commit --rm --squash "${cid}" "aimee-os.org/build/build-${target}"

ci/Jenkinsfile

@@ -8,27 +8,19 @@ pipeline {
     }
 
     stages {
-        stage('Gentoo Stage 3') {
+        stage('Prepare') {
             steps {
-                sh 'sh -e image-build/gentoo-stage3.sh'
-            }
-        }
-
-        stage('Base') {
-            steps {
-                sh 'sh -e image-build/base.sh'
-            }
-        }
-
-        stage('Cross') {
-            steps {
-                sh 'sh -e image-build/cross.sh'
+                container('jnlp') {
+                    // TODO checkout lib/ branch based on $BRANCH_NAME
+                    sh 'git fetch origin lib/main:lib/main'
+                    sh 'git worktree add lib lib/main'
+                }
             }
         }
 
         stage('Build') {
             steps {
-                sh 'sh -e image-build/build.sh'
+                sh 'sh -e build.sh --base git.pyrocufflink.net/aimeeos/build/rust-cross-aarch64-unknown-linux-gnu'
             }
         }
 
@@ -49,8 +41,6 @@ pipeline {
                             git.pyrocufflink.net
                         """
                     }
-                    sh 'buildah push aimee-os.org/build/base git.pyrocufflink.net/aimeeos/build/base'
-                    sh 'buildah push aimee-os.org/build/cross-aarch64-unknown-linux-gnu git.pyrocufflink.net/aimeeos/build/cross-aarch64-unknown-linux-gnu'
                     sh 'buildah push aimee-os.org/build/build-aarch64-unknown-linux-gnu git.pyrocufflink.net/aimeeos/build/build-aarch64-unknown-linux-gnu'
                 }
             }

ci/podTemplate.yaml

@@ -7,12 +7,12 @@ spec:
     - -c
     - |
       trap 'kill $!; exit' TERM
-      rm -f ~/.config/containers/storage.conf
       sleep infinity &
       wait
     securityContext:
       runAsUser: 1000
       runAsGroup: 1000
+      readOnlyRootFilesystem: true
     resources:
       limits:
         github.com/fuse: 1
@@ -21,5 +21,31 @@ spec:
       requests:
         cpu: 6
         memory: 8G
+    volumeMounts:
+    - mountPath: /home/build
+      name: tmp
+      subPath: home
+    - mountPath: /home/build/.local/share/containers
+      name: data
+      subPath: containers
+    - mountPath: /tmp
+      name: tmp
+      subPath: tmp
+    - mountPath: /var/tmp
+      name: data
+      subPath: tmp
   tolerations:
   - key: du5t1n.me/jenkins
+  volumes:
+  - name: data
+    ephemeral:
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+          - ReadWriteOnce
+          resources:
+            requests:
+              storage: 16Gi
+  - name: tmp
+    emptyDir:
+      medium: Memory

image-build/base.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-SELF=$(readlink -f "$0")
-SRCDIR=${SELF%/*/*}
-. "${SRCDIR}"/lib/common.sh
-
-base=aimee-os.org/gentoo/stage3-amd64-nomultilib-openrc:latest
-while [ $# -gt 0 ]; do
-    case "$1" in
-    -b|--base)
-        shift
-        base="$1"
-        ;;
-    *)
-        printf 'Unknown argument: %s\n' "$1" >&2
-        exit 2
-        ;;
-    esac
-done
-
-set -e
-
-builddir=$(export TMPDIR=${TMPDIR:-${PWD}} && mktemp -d gentoo.XXXXXX)
-builddir=$(readlink -f "${builddir}")
-
-work=$(buildah from -v "${builddir}":/mnt/gentoo:rw,Z "${base}")
-buildah add "${work}" portage /etc/portage/
-buildah_run_script "${work}" "${SRCDIR}"/lib/sync.sh
-buildah_run_script "${work}" "${SRCDIR}"/lib/bootstrap.sh
-
-cid=$(buildah from scratch)
-buildah copy "${cid}" "${builddir}" /
-buildah_run_script "${cid}" "${SRCDIR}"/lib/profile.sh
-buildah config --cmd /bin/bash "${cid}"
-buildah commit --rm --squash "${cid}" aimee-os.org/build/base
-
-buildah run "${work}" find /mnt/gentoo -mindepth 1 -delete
-buildah rm "${work}"
-rmdir "${builddir}"

image-build/cross.sh

@@ -1,32 +0,0 @@
-#!/bin/sh
-
-SELF=$(readlink -f "$0")
-SRCDIR=${SELF%/*/*}
-. "${SRCDIR}"/lib/common.sh
-
-target=aarch64-unknown-linux-gnu
-base=aimee-os.org/build/base
-while [ $# -gt 0 ]; do
-    case "$1" in
-    -t|--target)
-        shift
-        target="$1"
-        ;;
-    -b|--base)
-        shift
-        base="$1"
-        ;;
-    *)
-        printf 'Unknown argument: %s\n' "$1" >&2
-        exit 2
-        ;;
-    esac
-    shift
-done
-
-set -e
-
-cid=$(buildah from "${base}")
-buildah_run_script "${cid}" "${SRCDIR}"/lib/sync.sh
-buildah_run_script "${cid}" "${SRCDIR}"/lib/crossdev.sh "${target}"
-buildah commit --rm "${cid}" aimee-os.org/build/cross-"${target}"

image-build/gentoo-stage3.sh

@@ -1,22 +0,0 @@
-#!/bin/sh
-
-SELF=$(readlink -f "$0")
-SRCDIR=${SELF%/*/*}
-
-tarball=$1
-
-set -e
-
-if [ -z "${tarball}" ]; then
-    tarball=$(sh "${SRCDIR}"/tools/fetch-stage3.sh "$@")
-fi
-stage3=${tarball%.tar.*}
-version=${stage3##*-}
-stage3=${stage3%-*}
-
-cid=$(buildah from scratch)
-buildah add "${cid}" "${tarball}"
-buildah config --cmd /bin/bash "${cid}"
-buildah commit --rm --squash "${cid}" "aimee-os.org/gentoo/${stage3}:${version}"
-buildah tag "aimee-os.org/gentoo/${stage3}:${version}" \
-    "aimee-os.org/gentoo/${stage3}:latest"

lib/bootstrap.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-set -e
-
-mkdir -p /mnt/gentoo
-
-USE=build \
-emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo sys-apps/baselayout
-
-# Portage itself only requires Python and Bash.  Actually building
-# packages requires a lot more.  These dependencies are implicit because
-# they are listed in @system.  We do not want everything from @system,
-# though, so we have to explicitly install several packages.
-#
-# At some point, we may end up with an Aimee OS profile for Portage.
-# If/when that happens, we can override @system to remove the stuff we
-# don't want, like virtual/service-manager and virtual/openssh.
-xargs emerge -kvnuUDj --rebuilt-binaries=y --root=/mnt/gentoo <<EOF
-app-arch/gzip
-dev-build/make
-net-misc/wget
-sys-apps/diffutils
-sys-apps/gawk
-sys-apps/grep
-sys-apps/portage
-sys-devel/binutils
-sys-devel/gcc
-sys-devel/patch
-EOF

lib/common.sh

@@ -1,21 +0,0 @@
-#!/bin/sh
-
-buildah_run_script() {
-    local cid script
-    cid=$1
-    shift
-    script=$(readlink -f "$1")
-    shift
-    mkdir -p binpkgs log tmp
-    buildah run \
-        --mount type=cache,target=/var/db/repos/gentoo \
-        --mount type=cache,target=/var/cache \
-        --mount type=bind,src="${PWD}"/log,target=/var/log,rw,z \
-        --mount type=bind,src="${PWD}"/tmp,target=/var/tmp,rw,z \
-        --mount type=bind,src="${PWD}"/binpkgs,target=/var/cache/binpkgs,rw,z \
-        --mount type=bind,src="${script}",target=/run/script,ro,z \
-        --tty=false \
-        -e FEATURES='-ipc-sandbox -network-sandbox -pid-sandbox' \
-        "${cid}" \
-        /run/script "$@"
-}

lib/crossdev.sh

@@ -1,52 +0,0 @@
-#!/bin/sh
-
-set -e
-
-target=$1
-
-mkdir -p /var/db/repos/crossdev/profiles /var/db/repos/crossdev/metadata
-echo crossdev > /var/db/repos/crossdev/profiles/repo_name
-echo 'masters = gentoo' > /var/db/repos/crossdev/metadata/layout.conf
-chown -R portage:portage /var/db/repos/crossdev
-mkdir -p /etc/portage/repos.conf
-cat > /etc/portage/repos.conf/crossdev.conf <<EOF
-[crossdev]
-location = /var/db/repos/crossdev
-priority = 10
-masters = gentoo
-auto-sync = no
-EOF
-
-emerge -kvnj --rebuilt-binaries=y sys-devel/crossdev
-
-crossdev --stable -t "$1"
-
-ln -s /var/db/repos/gentoo/sys-devel/rust-std /var/db/repos/crossdev/cross-${target}/
-
-mkdir -p
-    /etc/portage/env/dev-lang \
-    /etc/portage/package.accept_keywords \
-    /etc/portage/package.use \
-    && :
-printf 'cross-%s/rust-std **\n' "${target}" \
-    > /etc/portage/package.accept-keywords/rust-cross
-echo 'dev-lang/rust rust-src' \
-    > /etc/portage/package.use/rust-src
-case ${target%%-*} in
-aarch64)
-    llvm_target=AArch64
-    ;;
-arm*)
-    llvm_target=ARM
-    ;;
-*)
-    printf 'Unknown LLVM target: %s' "${target%%-*}"
-    exit 1
-    ;;
-esac
-printf '( %s:%s:%s )\n' \
-    "${llvm_target}" \
-    "${target}" \
-    "${target}" \
-    >> /etc/portage/env/dev-lang/rust
-emerge -vbknuUj cross-${target}/rust-std

lib/profile.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-arch=$(uname -m)
-case ${arch} in
-x86_64) arch=amd64 ;;
-aarch64) arch=arm64 ;;
-esac
-
-mkdir -p /etc/portage
-
-eselect profile set default/linux/"${arch}"/23.0/no-multilib

lib/sync.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-if [ ! -e /var/db/repos/gentoo/metadata ]; then
-    emerge-webrsync
-fi
-if [ "$(find /var/db/repos/gentoo/metadata -newermt '-24 hours' | wc -l)" -eq 0 ]; then
-    emaint sync
-fi

tools/fetch-stage3.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-: "${GENTOO_MIRROR:=http://mirror.leaseweb.com/gentoo}"
-URLPATH=releases/amd64/autobuilds
-GENTOO_KEY=13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
-GENTOO_KEYSERVER=hkps://keys.gentoo.org
-
-stage3="${1:-amd64-nomultilib-openrc}"
-
-set -e
-
-gpg --keyserver ${GENTOO_KEYSERVER} --recv-keys ${GENTOO_KEY}
-curl -fLO "${GENTOO_MIRROR}/${URLPATH}/latest-stage3-${stage3}.txt"
-gpg --verify "latest-stage3-${stage3}.txt"
-
-tarball=$(gpg --decrypt "latest-stage3-${stage3}.txt" | awk '$1!="#"{print $1}')
-if [ ! -f "${tarball##*/}" ]; then
-    curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}"
-fi
-if [ ! -f "${tarball##*/}.asc" ]; then
-    curl -fLO "${GENTOO_MIRROR}/${URLPATH}/${tarball}.asc"
-fi
-gpg --verify "${tarball##*/}.asc"
-echo "${tarball##*/}"