Merge pull request #1034 from justincormack/test-container

Build test container from a Docker container

alpine/base/mksh/Dockerfile

@@ -16,10 +16,6 @@ ENV VERSION=mksh-R54
 RUN curl -O -sSL https://github.com/MirBSD/mksh/archive/$VERSION.tar.gz
 RUN zcat $VERSION.tar.gz | tar xvf -
 
-WORKDIR mksh-$VERSION
-
 ENV LDFLAGS=-static
 
-RUN sh ./Build.sh
-RUN strip mksh
-RUN install -c -s -o root -g bin -m 555 mksh /bin/mksh
+RUN cd mksh-$VERSION && sh ./Build.sh && strip mksh && install -c -s -o root -g bin -m 555 mksh /bin/mksh

alpine/base/test/.gitignore

@@ -0,0 +1,3 @@
+etc/ssl
+bin/mksh
+bin/sh

alpine/base/test/Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+COPY . ./
+CMD ["/bin/sh", "/bin/test.sh"]

alpine/base/test/Makefile

@@ -0,0 +1,60 @@
+# Tag b784b685b2c39b9bed4d58a989d06d8f0281b87c
+MKSH_IMAGE=mobylinux/mksh@sha256:b3ca9febef294d002894b91e0ce0f794235db73a3024be3cae16d34022913de3
+MKSH_BINARY=bin/mksh
+SH_BINARY=bin/sh
+
+# Tag: 41e4b91c9a619e46f76ce2d024067c09b62f07b4
+CACERT_IMAGE=mobylinux/ca-certificates@sha256:6ca2dca9cfb8534a55f3a17f8797943527db5bbac08c98a5c9a4836250f4c548
+CACERT_FILE=etc/ssl/certs/ca-certificates.crt
+
+TEST_SCRIPT=bin/test.sh
+MOBY_WHALE=etc/moby
+
+.PHONY: tag push clean container
+default: push
+
+$(MKSH_BINARY):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(MKSH_IMAGE) tar cf - $@ | tar xf -
+
+$(SH_BINARY): $(MKSH_BINARY)
+	mv $(MKSH_BINARY) $(SH_BINARY)
+
+$(CACERT_FILE):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(CACERT_IMAGE) tar cf - $@ | tar xf -
+
+# Tag: alpine:3.5
+SHA_IMAGE=alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
+
+IMAGE=test
+
+DIRS=dev proc sys
+$(DIRS):
+	mkdir -p $@
+
+DEPS=$(DIRS) $(SH_BINARY) $(CACERT_FILE) $(TEST_SCRIPT) $(MOBY_WHALE)
+
+container: Dockerfile $(DEPS)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+
+hash: Dockerfile $(DEPS)
+	find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
+
+push: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash container
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -rf hash $(DIRS) $(MKSH_BINARY) etc/ssl
+
+.DELETE_ON_ERROR:

alpine/test/.gitignore

@@ -1,4 +1,2 @@
-ca-certificates.crt
-mksh
 rootfs
 config.json

alpine/test/Dockerfile

@@ -1,13 +0,0 @@
-FROM alpine:3.5
-
-COPY test.sh mksh /tmp/bin/
-COPY ca-certificates.crt /tmp/etc/ssl/certs/ca-certificates.crt
-COPY moby /tmp/etc/
-
-WORKDIR /tmp
-
-RUN printf 'FROM scratch\nCOPY . ./\nENTRYPOINT ["/bin/sh", "-c"]\nCMD ["/bin/test.sh"]' > Dockerfile
-
-RUN mv bin/mksh bin/sh
-
-CMD ["tar", "cf", "-", "."]

alpine/test/Makefile

@@ -1,38 +1,20 @@
-# Tag 48a34c44de78a7607b8b03e54efffc8ede461342
-MKSH_IMAGE=mobylinux/mksh@sha256:b9ca6f8ec3d7855db91162555128429030e0ebc950881c1f09015c40d9e875d2
-MKSH_FILE=mksh
-MKSH_PATH=/bin
-
-# Tag: 41e4b91c9a619e46f76ce2d024067c09b62f07b4
-CACERT_IMAGE=mobylinux/ca-certificates@sha256:6ca2dca9cfb8534a55f3a17f8797943527db5bbac08c98a5c9a4836250f4c548
-CACERT_FILE=ca-certificates.crt
-CACERT_PATH=/etc/ssl/certs
+# Tag: 6479aea36e0c3d177297cc936db5cbf93ece467c
+TEST_IMAGE=mobylinux/test@sha256:5425a613bfbb9563d122c21a4a5377cc4cf836a5b201accfecf596a13c8dc607
 
 default: config.json
 
-BASE=alpine:3.5
+EXCLUDE=--exclude .dockerenv --exclude Dockerfile \
+	--exclude dev/console --exclude dev/pts --exclude dev/shm \
+	--exclude etc/hostname --exclude etc/hosts --exclude etc/mtab --exclude etc/resolv.conf
 
-$(MKSH_FILE):
-	docker run --rm --net=none $(MKSH_IMAGE) tar cf - -C $(MKSH_PATH) $(MKSH_FILE) | tar xf -
-
-$(CACERT_FILE):
-	docker run --rm --net=none $(CACERT_IMAGE) tar cf - -C $(CACERT_PATH) $(CACERT_FILE) | tar xf -
-
-config.json: Dockerfile test.sh moby $(MKSH_FILE) $(CACERT_FILE)
+config.json:
 	mkdir -p rootfs
-	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
-	BUILD=$$( tar cf - $^ | docker build -q - ) && \
-	[ -n "$$BUILD" ] && \
-	echo "Built $$BUILD" && \
-	IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \
-	[ -n "$$IMAGE" ] && \
-	echo "Built $$IMAGE" && \
-	CONTAINER=$$( docker create $$IMAGE /dev/null ) && \
+	CONTAINER=$$( docker create $(TEST_IMAGE) /dev/null ) && \
 	docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \
 	docker rm $$CONTAINER && \
-	../containers/riddler.sh --cap-drop all --cap-add SYS_ADMIN -e HOME=/tmp -u 0:0 -v /var/tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /etc/resolv.conf:/etc/resolv.conf:ro --net host --read-only $$IMAGE /bin/test.sh >$@
+	../containers/riddler.sh --cap-drop all --cap-add SYS_ADMIN -e HOME=/tmp -v /tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /etc/resolv.conf:/etc/resolv.conf:ro --net host --read-only $(TEST_IMAGE) /bin/sh /bin/test.sh >$@
 
 clean:
-	rm -rf rootfs config.json $(MKSH_FILE) $(CACERT_FILE)
+	rm -rf rootfs config.json
 
 .DELETE_ON_ERROR: