rework Docker image build system

Author: kkaefer

.circleci/config.yml

@@ -1,105 +1,20 @@
 version: 2
 
-workflows:
-  version: 2
-  default:
-    jobs:
-      - start:
-          type: approval
-      - base:
-          requires:
-            - start
-      - linux:
-          requires:
-            - base
-      - linux-clang-3.8-libcxx:
-          requires:
-            - linux
-      - linux-clang-3.9:
-          requires:
-            - linux
-      - linux-clang-4:
-          requires:
-            - linux
-      - linux-clang-5:
-          requires:
-            - linux
-      - linux-gcc-4.9:
-          requires:
-            - linux
-      - linux-gcc-5:
-          requires:
-            - linux
-      - linux-gcc-5-qt-4:
-          requires:
-            - linux-gcc-5
-      - linux-gcc-5-qt-5.9:
-          requires:
-            - linux-gcc-5
-      - linux-gcc-6:
-          requires:
-            - linux
-      - linux-gcc-7:
-          requires:
-            - linux
-      - java:
-          requires:
-            - base
-      - android-ndk-r18:
-          requires:
-            - java
-
-defaults: &defaults
-  working_directory: /app
-  docker:
-    - image: docker:17.10.0-ce-git
-  steps:
-    - checkout
-    - setup_remote_docker:
-        version: 17.10.0-ce # Some older versions don't support ARG before FROM in Dockerfiles
-    - run:
-        name: Log in to Docker Hub
-        command: docker login -u mbgl -p ${DOCKER_PASS}
-    - run:
-        name: Revision ID
-        command: echo "Building revision ${CIRCLE_SHA1:0:10}"
-    - run:
-        name: Build image
-        command: docker build -t mbgl/${CIRCLE_SHA1:0:10}:${CIRCLE_STAGE} --build-arg REV=${CIRCLE_SHA1:0:10} ${CIRCLE_STAGE}
-        no_output_timeout: 30m
-    - run:
-        name: Push image
-        command: docker push mbgl/${CIRCLE_SHA1:0:10}:${CIRCLE_STAGE}
-
-
 jobs:
-  base:
-    <<: *defaults
-
-  linux:
-    <<: *defaults
-  linux-clang-3.8-libcxx:
-    <<: *defaults
-  linux-clang-3.9:
-    <<: *defaults
-  linux-clang-4:
-    <<: *defaults
-  linux-clang-5:
-    <<: *defaults
-  linux-gcc-4.9:
-    <<: *defaults
-  linux-gcc-5:
-    <<: *defaults
-  linux-gcc-5-qt-4:
-    <<: *defaults
-  linux-gcc-5-qt-5.9:
-    <<: *defaults
-  linux-gcc-6:
-    <<: *defaults
-  linux-gcc-7:
-    <<: *defaults
-
-  java:
-    <<: *defaults
-  android-ndk-r18:
-    <<: *defaults
+  build:
+    working_directory: /app
+    docker:
+      - image: docker:18.05.0-ce-git
+    steps:
+      - checkout
+      - run:
+          name: Install dependencies
+          command: apk add --no-progress bash
+      - setup_remote_docker:
+          version: 18.05.0-ce
+      - run:
+          name: Log in to Docker Hub
+          command: docker login -u mbgl -p ${DOCKER_PASS}
+      - run:
+          name: Build Docker images
+          command: scripts/build.sh

README.md

@@ -1,45 +1,23 @@
 This repository contains Docker files for running [Mapbox GL](https://github.com/mapbox/mapbox-gl-native) integration tests on [CircleCI](https://circleci.com/gh/mapbox/mapbox-gl-native).
 
-
-
 ### Guidelines
 
-* ⚠️ **Never overwrite published tags.** Instead, we use a revision system, using a Docker Hub repository for every set of images. The name of the repository is the 10 first characters of the Git SHA.
-* **Anchor images in hierarchy.** We use a hierarchy of images so that shared components (e.g. curl/zip/node) are only contained in one layer. CircleCI caches images, and using a shared base image means that we'll have to download fewer images from Docker Hub. See the hierarchy below.
+* ⚠️ **Never overwrite published tags.** Instead, we use a revision system, using a Docker Hub repository for every set of images. The name of the repository is the name of the image, and the versions is the first 10 bytes of the Git SHA.
 * **Do not delete old images from Docker Hub**. Retaining old images on Docker Hub means that we can still build older branches.
 * **Reduce ephemeral/temporary data** by combining multiple commands into one `RUN` command. Unfortunately, Circle CI doesn't support `--squash`, so we'll have to make sure that we're not creating unused files. E.g. when you run `apt-get update`, also run `rm -rf /var/lib/apt/lists/*` in the same step to remove the repository metadata.
 
-
-
-### Hierarchy
-
-* **ubuntu:16.04** (~130MB)
-  * **base**:  curl/zip/node/python/pip (~800MB)
-    * **linux**: build tools, OpenGL header + runtime (~190MB)
-      * **linux-clang-3.9** (~390MB)
-      * **linux-clang-4** (~470MB)
-      * **linux-gcc-4.9** (~100MB)
-      * **linux-gcc-5** (0 MB)
-      * **linux-gcc-6** (~500MB)
-      * ... (other compilers)
-    * **java**: Java runtime, JDK, Google Cloud SDK (~330MB)
-      * **android-ndk-r16**: Android NDK r16 (~2.35GB)
-      * ... (other NDK images)
-
-
-
 ### Adding a new image
 
-When you want to add a new image, e.g. a new compiler version or a new Android NDK version, duplicate or rename an existing folder, and change the `Dockerfile` in it to suite your needs. There's no need to keep previous versions of e.g. the Android NDK around. Legacy branches of mapbox-gl-native will use legacy Docker images that contain the legacy NDKs.
+When you want to add a new image, e.g. a new compiler version or a new Android NDK version, duplicate an existing file in the `images` directory, annd change it to suit your needs. There's usually no need to keep previous versions of e.g. the Android NDK around. Legacy branches of mapbox-gl-native will use legacy Docker images that contain the legacy NDKs.
 
 ### Workflow
 
-Whenever an image in the hierarchy changes, we're completely rebuilding the entire image hierarchy to benefit from Circle's Docker image caching. Builds are triggered when you start a **pull request**. However, builds are paused, and you'll have to manually click on the Resume button on Circle CI to start building. We do this to prevent building images too frequently, or when merging changes to master.
+To trigger a build, include `[docker:imagename]` in the commit message and push to Github. Only the most recent commit of a branch will be built.
 
 Every set of images has a "Revision ID", which is based on the first 10 characters of the Git SHA. You can also see this ID by looking into the "Revision ID" step on any Circle CI build in the workflow.
 
-When the workflow you're building **fails**, please remove the associated repository from Docker Hub to prevent heaps of unused Docker images piling up.
+When the workflow you're building **fails**, please remove images that you generated but don't need anymore from Docker Hub to prevent heaps of unused Docker images piling up.
 
-Once a set of images completes building, it's time to update mapbox-gl-native. To do so, create a pull request that changes the Revision ID to the new one. If it succeeds, it's time "merge" the pull request in this repository that changed the image files. Instead of creating merge commits or merges via the GitHub UI, please do a fast-forward merge by switching to the master branch and running `git merge --ff-only <branchname>`. This allows use to remain a 1:1 relation between the Docker image Revision IDs and the Commit SHAs in this repository.
+### Local development
 
-To reduce the number of image updates, and thus the number of images we have to keep on Docker Hub, we'll collect a few changes, merging everything into one branch before merging it to master.
+To speed up local development, you can run `scripts/apt-proxy.sh` to launch a local APT proxy that caches package downloads. Then run `./build.sh <imagename>` to build the image locally.

base/Dockerfile

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+set -eu
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+PUSH=false
+ID="${CIRCLE_SHA1:-latest}"
+
+function usage {
+    echo "Usage: $0 [args] <image>"
+    echo ""
+    echo "Arguments:"
+    echo "    -p, --push       Pushes the resulting image to Docker Hub (only for builds with an ID)"
+    echo "    -i, --id         Specifies the ID of the image. Defaults to \`${CIRCLE_SHA1:-latest}\`"
+    exit 1
+}
+
+declare -a ARGS
+while [ $# -gt 0 ]; do
+    case "$1" in
+        -p|--push)
+            PUSH=true
+            shift
+            ;;
+        -i|--id)
+            if [ -z "${2:-}" ]; then
+                echo -e "\033[31m$1 is missing an argument\033[0m\n"
+                usage
+            fi
+            ID="${2}"
+            shift
+            shift
+            ;;
+        -*)
+            echo "Unknown argument $1"
+            usage
+            ;;
+        *)
+            ARGS+=("$1")
+            shift
+            ;;
+    esac
+done
+if [ ${#ARGS[@]} -ne 0 ]; then
+    set -- "${ARGS[@]}"
+fi
+
+if [ -z "${1:-}" ]; then
+    usage
+fi
+IMAGE="$1"
+
+if [ ! -r "images/$IMAGE" ]; then
+    echo "Can't find image $IMAGE"
+    exit 1
+fi
+
+if [ $PUSH = true ] && [ "$ID" == "latest" ]; then
+    echo -e "\033[31mCan't push images without a named ID. Try setting CIRCLE_SHA1 to the commit sha\033[0m\n"
+    usage
+fi
+
+# Add HTTP proxy for local testing if there is an apt-proxy running
+# Run scripts/apt-proxy.sh locally to start.
+PREFIX=
+if nc -z localhost 3142 2>/dev/null; then
+    PREFIX=$'\n''RUN echo "Acquire::http { Proxy \\"http://host.docker.internal:3142\\"; };" >> /etc/apt/apt.conf.d/01proxy'
+fi
+
+# Add prefix to the Docker file and pipe it into stdin
+sed -e '/^FROM /a\'"$PREFIX" "images/$IMAGE" | docker build -t "mbgl/$IMAGE:${ID:0:10}" images -f -
+
+if [ $PUSH = true ]; then
+    docker tag "mbgl/$IMAGE:${ID:0:10}" "mbgl/$IMAGE:latest"
+    docker push "mbgl/$IMAGE:${ID:0:10}"
+    docker push "mbgl/$IMAGE:latest"
+fi

base/libsysconfcpus.so

@@ -0,0 +1,45 @@
+FROM ubuntu:xenial-20181005
+ENV DEBIAN_FRONTEND="noninteractive"
+
+# Add base filesystems
+ADD filesystem/libsysconfcpus.tar.gz \
+    filesystem/apt-google-cloud-sdk.tar.gz \
+    /
+
+# libsysconfcpus.so can be used to alter the number of CPUs reported by the system
+ENV LD_PRELOAD=/usr/lib/libsysconfcpus.so
+
+# Add apt keys
+RUN set -eu \
+ && (find /tmp/*.gpg | xargs -n1 apt-key add) \
+ && rm /tmp/*.gpg
+
+# Install base packages
+RUN set -eu \
+ && apt-get update \
+ && apt-get -y install git curl make python zip unzip ccache openjdk-8-jdk-headless \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install Google Cloud SDK
+RUN set -eu \
+ && apt-get update \
+ && apt-get -y install google-cloud-sdk \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install awscli
+RUN set -eu \
+ && (curl https://bootstrap.pypa.io/get-pip.py | python) \
+ && pip install awscli
+
+# Install Node.js
+# Check https://nodejs.org/en/download/releases/ for releases
+ENV NVM_DIR="/root/.nvm" \
+    PATH="/root/.nvm/versions/node/v10.13.0/bin:$PATH"
+RUN set -e \
+ && git -c advice.detachedHead=false clone https://github.com/creationix/nvm.git -b v0.33.11 --depth=1 "$NVM_DIR" \
+ && . "$NVM_DIR/nvm.sh" \
+ && nvm install v10.13.0
+
+ENV ANDROID_NDK_HOME=/android/sdk/ndk-bundle \
+    ANDROID_HOME=/android/sdk \
+    GRADLE_OPTS=-Dorg.gradle.daemon=false

base/nodesource-v8.list

@@ -1,44 +1,36 @@
-ARG REV=latest
-FROM mbgl/${REV}:java
-
-ENV ANDROID_NDK_HOME=/android/sdk/ndk-bundle \
-    ANDROID_HOME=/android/sdk \
-    GRADLE_OPTS=-Dorg.gradle.daemon=false
-
-# --------------------------------------------------------------------------------------------------
-# Install Android SDK
+FROM mbgl/android-base
 
 WORKDIR /android/sdk
 
+# Install Android SDK
 # Use most recent version from https://developer.android.com/studio/index.html#command-tools
 # and update the checksum.
 RUN set -eu \
  && curl -L --retry 3 https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip -o tools.zip \
  && (echo "92ffee5a1d98d856634e8b71132e8a95d96c83a63fde1099be3d86df3106def9  tools.zip" | sha256sum -c) \
  && unzip -q tools.zip && rm tools.zip
 
-# --------------------------------------------------------------------------------------------------
 # Install Android NDK
-
 # Use desired version from https://developer.android.com/ndk/downloads/index.html
 # and update the checksum.
 RUN set -eu \
- && curl -L --retry 3 https://dl.google.com/android/repository/android-ndk-r18-linux-x86_64.zip -o ndk.zip \
- && (echo "2ac2e8e1ef73ed551cac3a1479bb28bd49369212  ndk.zip" | sha1sum -c) \
+ && curl -L --retry 3 https://dl.google.com/android/repository/android-ndk-r17c-linux-x86_64.zip -o ndk.zip \
+ && (echo "12cacc70c3fd2f40574015631c00f41fb8a39048  ndk.zip" | sha1sum -c) \
  && unzip -q ndk.zip && rm ndk.zip && mv android-ndk-r* ndk-bundle
 
-# --------------------------------------------------------------------------------------------------
 # Install dependencies and build tools
 
 RUN set -eu \
  && mkdir -p "${ANDROID_HOME}/licenses" \
  && echo "d56f5187479451eabf01fb78af6dfcb131a6481e" > "${ANDROID_HOME}/licenses/android-sdk-license" \
  && tools/bin/sdkmanager \
         "platform-tools" \
+        "platforms;android-26" \
+        "build-tools;26.0.3" \
         "platforms;android-27" \
         "build-tools;27.0.3" \
         "platforms;android-28" \
-        "build-tools;28.0.3" \
+        "build-tools;28.0.2" \
         "extras;android;m2repository" \
         "patcher;v4" \
         "extras;google;m2repository" \