From 41e6ff7eec53a965151dbe730e5d48d276d04679 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 20:45:39 +0200 Subject: [PATCH 01/19] chore: reduce COPY's and wget's --- .devcontainer/cpp/Dockerfile | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index b3cf7785..4b6da22a 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -14,22 +14,21 @@ HEALTHCHECK NONE SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# Include the Cisco Umbrella PKI Root +ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ + https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/ciscoumbrellaroot.pem + # Install the base system with all tool dependencies -COPY .devcontainer/cpp/apt-requirements-base.json /tmp/apt-requirements-base.json # hadolint ignore=DL3008 -RUN apt-get update && apt-get install -y --no-install-recommends jq \ +RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ - && rm /tmp/apt-requirements-base.json \ - && rm -rf /var/lib/apt/lists/* - -# Include the Cisco Umbrella PKI Root -RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \ - && update-ca-certificates + && update-ca-certificates \ + && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* # Install some tools via pip to get more recent versions -COPY .devcontainer/cpp/requirements.txt /tmp/requirements.txt -RUN python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ - && rm -rf /tmp/requirements.txt +RUN --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ + python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt # Set default environment options for CMake and ccache ENV CMAKE_GENERATOR="Ninja" @@ -38,9 +37,9 @@ ENV CCACHE_DIR=/cache/.ccache ENV CPM_SOURCE_CACHE=/cache/.cpm-cache # Install clang toolchain and mull mutation testing framework -COPY .devcontainer/cpp/apt-requirements-clang.json /tmp/apt-requirements-clang.json # hadolint ignore=SC1091 -RUN wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ +RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ + wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ @@ -49,7 +48,7 @@ RUN wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /us && apt-get update \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ && rm /tmp/apt-requirements* \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" # Install arm-gcc toolchain From 8624c61534e04040a5fc401f7be5f3ca27f94cd7 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 20:52:17 +0200 Subject: [PATCH 02/19] chore: fix build issue --- .devcontainer/cpp/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 4b6da22a..eea0892d 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -16,7 +16,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Include the Cisco Umbrella PKI Root ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ - https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/ciscoumbrellaroot.pem + https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/ciscoumbrellaroot.pem # Install the base system with all tool dependencies # hadolint ignore=DL3008 @@ -47,7 +47,6 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \ && apt-get update \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ - && rm /tmp/apt-requirements* \ && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" From 0b2e86ff004c8498b5bffb89fd1fbfefd1bfed67 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 21:42:50 +0200 Subject: [PATCH 03/19] chore: test-drive multi-stage downloads --- .devcontainer/cpp/Dockerfile | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index eea0892d..813549f7 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,10 +1,23 @@ +ARG DOCKER_VERSION=28.2.2 + +FROM scratch as downloader-amd64 + +ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 + "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz" /docker + +FROM scratch as downloader-arm64 + +ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 + "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz" /docker + +FROM downloader-$TARGETARCH as downloader + FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 ARG BATS_VERSION=1.11.0 ARG CCACHE_VERSION=4.11 ARG CLANG_VERSION=18 ARG CPM_VERSION=0.40.2 -ARG DOCKER_VERSION=27.3.1 ARG INCLUDE_WHAT_YOU_USE_VERSION=0.22 ARG XWIN_VERSION=0.6.5 @@ -56,9 +69,7 @@ RUN mkdir /opt/gcc-arm-none-eabi \ ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" # Install docker-cli for Docker-from-Docker tools -RUN wget -qO - "https://download.docker.com/linux/static/stable/$(uname -m)/docker-${DOCKER_VERSION}.tgz" | tar xz -C /tmp \ - && mv /tmp/docker/docker /usr/local/bin/ \ - && rm -rf /tmp/docker +COPY --from=downloader /docker/docker/docker /usr/local/bin # Install bats RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ @@ -86,7 +97,7 @@ RUN --mount=type=cache,target=/root/.ccache,sharing=locked \ && CC=clang CXX=clang++ cmake -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \ && cmake --build /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build --target install \ && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \ - && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev libsqlite3-dev \ + && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \ && apt-get autoremove -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* From ca8c04b26f72c0581d240b117b628ce52690e129 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 21:45:01 +0200 Subject: [PATCH 04/19] chore: fix warnings and build error --- .devcontainer/cpp/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 813549f7..5842999b 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,16 +1,16 @@ ARG DOCKER_VERSION=28.2.2 -FROM scratch as downloader-amd64 +FROM scratch AS downloader-amd64 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 - "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz" /docker + https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /docker -FROM scratch as downloader-arm64 +FROM scratch AS downloader-arm64 ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 - "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz" /docker + https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz /docker -FROM downloader-$TARGETARCH as downloader +FROM downloader-$TARGETARCH AS downloader FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 From 620626a3235132b5716fdab7865d07aa04d20c85 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 21:48:54 +0200 Subject: [PATCH 05/19] chore: more fixing --- .devcontainer/cpp/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 5842999b..ba72da5f 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -2,13 +2,13 @@ ARG DOCKER_VERSION=28.2.2 FROM scratch AS downloader-amd64 -ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 - https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /docker +ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ + https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz FROM scratch AS downloader-arm64 -ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 - https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz /docker +ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ + https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz FROM downloader-$TARGETARCH AS downloader From 9188d3ffbc5b23f6486fecb3f289c9e9ef65b10b Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:00:05 +0200 Subject: [PATCH 06/19] chore: move extraction of archive --- .devcontainer/cpp/Dockerfile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index ba72da5f..6d2093c9 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -3,15 +3,20 @@ ARG DOCKER_VERSION=28.2.2 FROM scratch AS downloader-amd64 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ - https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz + https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /docker.tgz FROM scratch AS downloader-arm64 ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ - https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz + https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz /docker.tgz FROM downloader-$TARGETARCH AS downloader +FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor + +RUN --mount=from=downloader,target=/tmp \ + tar xzf /tmp/docker.tgz -C /tmp + FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 ARG BATS_VERSION=1.11.0 @@ -69,7 +74,7 @@ RUN mkdir /opt/gcc-arm-none-eabi \ ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" # Install docker-cli for Docker-from-Docker tools -COPY --from=downloader /docker/docker/docker /usr/local/bin +COPY --from=extractor /tmp/docker/docker /usr/local/bin # Install bats RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ From 73cfe9ac5d673cf951683be615b8a553c099e5ea Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:02:37 +0200 Subject: [PATCH 07/19] chore: fix arg reference --- .devcontainer/cpp/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 6d2093c9..678871d3 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -3,12 +3,12 @@ ARG DOCKER_VERSION=28.2.2 FROM scratch AS downloader-amd64 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ - https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /docker.tgz + https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz /docker.tgz FROM scratch AS downloader-arm64 ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ - https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz /docker.tgz + https://download.docker.com/linux/static/stable/aarch64/docker-$DOCKER_VERSION.tgz /docker.tgz FROM downloader-$TARGETARCH AS downloader From 7af10046f2bcaf48c8862751a63d21e8018c3d55 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:04:52 +0200 Subject: [PATCH 08/19] chore: re-fix arg usage --- .devcontainer/cpp/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 678871d3..60351bbc 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,11 +1,11 @@ -ARG DOCKER_VERSION=28.2.2 - FROM scratch AS downloader-amd64 +ARG DOCKER_VERSION=28.2.2 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz /docker.tgz FROM scratch AS downloader-arm64 +ARG DOCKER_VERSION=28.2.2 ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ https://download.docker.com/linux/static/stable/aarch64/docker-$DOCKER_VERSION.tgz /docker.tgz From 5114443aa65536141a48e1b64494761ae9af8e8b Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:10:14 +0200 Subject: [PATCH 09/19] chore: fix extraction --- .devcontainer/cpp/Dockerfile | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 60351bbc..1f435bab 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,21 +1,17 @@ FROM scratch AS downloader-amd64 -ARG DOCKER_VERSION=28.2.2 - ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ - https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz /docker.tgz + https://download.docker.com/linux/static/stable/x86_64/docker-28.2.2.tgz /docker.tgz FROM scratch AS downloader-arm64 -ARG DOCKER_VERSION=28.2.2 - ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ - https://download.docker.com/linux/static/stable/aarch64/docker-$DOCKER_VERSION.tgz /docker.tgz + https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgz /docker.tgz FROM downloader-$TARGETARCH AS downloader FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor -RUN --mount=from=downloader,target=/tmp \ - tar xzf /tmp/docker.tgz -C /tmp +RUN --mount=from=downloader,target=/dl \ + tar xzf /dl/docker.tgz -C /tmp FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 From c6fd52e905d6f852ce17cbd085d3e31ba457f43b Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:30:57 +0200 Subject: [PATCH 10/19] chore: squash another layer --- .devcontainer/cpp/Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 1f435bab..f53e17d3 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -33,17 +33,16 @@ ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd30 https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/ciscoumbrellaroot.pem # Install the base system with all tool dependencies +# Some tools are installed via pip to get more recent versions # hadolint ignore=DL3008 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ && update-ca-certificates \ + && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* -# Install some tools via pip to get more recent versions -RUN --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ - python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt - # Set default environment options for CMake and ccache ENV CMAKE_GENERATOR="Ninja" ENV CMAKE_EXPORT_COMPILE_COMMANDS="On" From 5831465b2916faa49408f1d7d9cd5c458602453f Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:41:23 +0200 Subject: [PATCH 11/19] chore: add checksums to gpg keys --- .devcontainer/cpp/Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index f53e17d3..b5dd5f06 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -7,6 +7,10 @@ ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364d https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgz /docker.tgz FROM downloader-$TARGETARCH AS downloader +ADD --checksum=sha256:ce6eee4130298f79b0e0f09a89f93c1bc711cd68e7e3182d37c8e96c5227e2f0 \ + https://apt.llvm.org/llvm-snapshot.gpg.key /llvm.gpg.key +ADD --checksum=sha256:db2938ce5fd422f2db7a07508452772c945135d99274004c462190c323fefcf1 \ + https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key /mull.gpg.key FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor @@ -52,8 +56,9 @@ ENV CPM_SOURCE_CACHE=/cache/.cpm-cache # Install clang toolchain and mull mutation testing framework # hadolint ignore=SC1091 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ - wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ - && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ + --mount=from=downloader,target=/keys \ + echo /keys/llvm.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ + && echo /keys/mull.gpg.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \ From f3893357db0fec8a5a301e2fd9cbec925f1822fb Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 2 Jun 2025 22:42:59 +0200 Subject: [PATCH 12/19] chore: fix line continuation --- .devcontainer/cpp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index b5dd5f06..d62980f9 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -44,7 +44,7 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ && update-ca-certificates \ - && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt + && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* # Set default environment options for CMake and ccache From eafb9d5b4fca44f135d37c1ae6fee85c7d593580 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 06:50:57 +0000 Subject: [PATCH 13/19] chore: fix an "it was late" --- .devcontainer/cpp/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index d62980f9..0de1d2f0 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + FROM scratch AS downloader-amd64 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ https://download.docker.com/linux/static/stable/x86_64/docker-28.2.2.tgz /docker.tgz @@ -57,8 +59,8 @@ ENV CPM_SOURCE_CACHE=/cache/.cpm-cache # hadolint ignore=SC1091 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ --mount=from=downloader,target=/keys \ - echo /keys/llvm.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ - && echo /keys/mull.gpg.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ + cat /keys/llvm.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ + && cat /keys/mull.gpg.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \ From 4a885828724153c634b4f5cd9728e0c26071fea4 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 07:48:15 +0000 Subject: [PATCH 14/19] chore: correct installation of certificate --- .devcontainer/cpp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 0de1d2f0..b48ed0b8 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -36,7 +36,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Include the Cisco Umbrella PKI Root ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ - https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/ciscoumbrellaroot.pem + https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/cisco-umbrella.crt # Install the base system with all tool dependencies # Some tools are installed via pip to get more recent versions From a45aba4755c5c8607305888fea741dc7c07e1e95 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:03:25 +0000 Subject: [PATCH 15/19] chore: move download of arm gcc toolchain to separate stage --- .devcontainer/cpp/Dockerfile | 28 +++++++++++++------- .devcontainer/cpp/apt-requirements-base.json | 3 +-- .devcontainer/cpp/devcontainer.json | 2 +- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index b48ed0b8..4b7cfe40 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -3,10 +3,14 @@ FROM scratch AS downloader-amd64 ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ https://download.docker.com/linux/static/stable/x86_64/docker-28.2.2.tgz /docker.tgz +ADD --checksum=sha256:62a63b981fe391a9cbad7ef51b17e49aeaa3e7b0d029b36ca1e9c3b2a9b78823 \ + https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-x86_64-arm-none-eabi.tar.xz /arm-gnu-toolchain.tar.xz FROM scratch AS downloader-arm64 ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgz /docker.tgz +ADD --checksum=sha256:87330bab085dd8749d4ed0ad633674b9dc48b237b61069e3b481abd364d0a684 \ + https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-aarch64-arm-none-eabi.tar.xz /arm-gnu-toolchain.tar.xz FROM downloader-$TARGETARCH AS downloader ADD --checksum=sha256:ce6eee4130298f79b0e0f09a89f93c1bc711cd68e7e3182d37c8e96c5227e2f0 \ @@ -16,8 +20,15 @@ ADD --checksum=sha256:db2938ce5fd422f2db7a07508452772c945135d99274004c462190c323 FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor +WORKDIR /tmp + +# hadolint ignore=DL3008 RUN --mount=from=downloader,target=/dl \ - tar xzf /dl/docker.tgz -C /tmp + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + apt-get update && apt-get install -y --no-install-recommends xz-utils \ + && tar xzf /dl/docker.tgz \ + && tar xJf /dl/arm-gnu-toolchain.tar.xz --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 @@ -43,11 +54,13 @@ ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd30 # hadolint ignore=DL3008 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends jq \ - && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ + && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | \ + xargs apt-get install -y --no-install-recommends \ && update-ca-certificates \ - && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ - && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* + && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt # Set default environment options for CMake and ccache ENV CMAKE_GENERATOR="Ninja" @@ -69,14 +82,11 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" - -# Install arm-gcc toolchain -RUN mkdir /opt/gcc-arm-none-eabi \ - && wget -qO - "https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-$(uname -m)-arm-none-eabi.tar.xz" | tar --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 -xJC /opt/gcc-arm-none-eabi ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" -# Install docker-cli for Docker-from-Docker tools +# Copy tools from the extractor stage COPY --from=extractor /tmp/docker/docker /usr/local/bin +COPY --from=extractor /tmp/arm-none-eabi /opt # Install bats RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ diff --git a/.devcontainer/cpp/apt-requirements-base.json b/.devcontainer/cpp/apt-requirements-base.json index 3fb9fe50..edc5d3dd 100644 --- a/.devcontainer/cpp/apt-requirements-base.json +++ b/.devcontainer/cpp/apt-requirements-base.json @@ -10,6 +10,5 @@ "udev": "255.4-1ubuntu8.6", "unzip": "6.0-28ubuntu4.1", "wget": "1.21.4-1ubuntu4.1", - "xsltproc": "1.1.39-0exp1ubuntu0.24.04.2", - "xz-utils": "5.6.1+really5.4.5-1ubuntu0.2" + "xsltproc": "1.1.39-0exp1ubuntu0.24.04.2" } diff --git a/.devcontainer/cpp/devcontainer.json b/.devcontainer/cpp/devcontainer.json index a4ea611c..3468aa58 100644 --- a/.devcontainer/cpp/devcontainer.json +++ b/.devcontainer/cpp/devcontainer.json @@ -6,7 +6,7 @@ "forwardPorts": [6080], "remoteEnv": { "CONTAINER_FLAVOR": "cpp", - "NODE_EXTRA_CA_CERTS": "/usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt" + "NODE_EXTRA_CA_CERTS": "/usr/local/share/ca-certificates/cisco-umbrella.crt" }, "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" From a1d0653f5a7e975c2ad90434e6b72921e3bdb0f1 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:26:03 +0000 Subject: [PATCH 16/19] chore: fix gcc-arm-none-eabi install --- .devcontainer/cpp/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 4b7cfe40..a42fe84a 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -28,7 +28,8 @@ RUN --mount=from=downloader,target=/dl \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends xz-utils \ && tar xzf /dl/docker.tgz \ - && tar xJf /dl/arm-gnu-toolchain.tar.xz --exclude='*arm-none-eabi-gdb*' --exclude='share' --strip-components=1 + && tar xJf /dl/arm-gnu-toolchain.tar.xz --exclude='*arm-none-eabi-gdb*' --exclude='share' \ + && mv arm-gnu-toolchain-*/ gcc-arm-none-eabi FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 @@ -86,7 +87,7 @@ ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" # Copy tools from the extractor stage COPY --from=extractor /tmp/docker/docker /usr/local/bin -COPY --from=extractor /tmp/arm-none-eabi /opt +COPY --from=extractor /tmp/gcc-arm-none-eabi /opt/gcc-arm-none-eabi # Install bats RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ From a448ac39fe7be0f26fef3585fae9a0d8d52af0e2 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:14:01 +0000 Subject: [PATCH 17/19] chore: hoist-up xwin as well --- .devcontainer/cpp/Dockerfile | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index a42fe84a..bd46462f 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,16 +1,27 @@ # syntax=docker/dockerfile:1 +ARG DOCKER_VERSION=28.2.2 +ARG XWIN_VERSION=0.6.5 + FROM scratch AS downloader-amd64 +ARG DOCKER_VERSION +ARG XWIN_VERSION ADD --checksum=sha256:53dc06dc3f775282ddff93b2d0974bbe6480761018c61e7a797342a9c7f14e23 \ - https://download.docker.com/linux/static/stable/x86_64/docker-28.2.2.tgz /docker.tgz + https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz /docker.tgz ADD --checksum=sha256:62a63b981fe391a9cbad7ef51b17e49aeaa3e7b0d029b36ca1e9c3b2a9b78823 \ https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-x86_64-arm-none-eabi.tar.xz /arm-gnu-toolchain.tar.xz +ADD --checksum=sha256:9fd53950b064d067f42428a69453b927656cae68dbd7f8d3f86dcb81c80dd22d \ + https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-x86_64-unknown-linux-musl.tar.gz /xwin.tar.gz FROM scratch AS downloader-arm64 +ARG DOCKER_VERSION +ARG XWIN_VERSION ADD --checksum=sha256:c9506628d1845c69230df3d87e2eedd7980caf8bd966f5e6a5d7a2364de42497 \ - https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgz /docker.tgz + https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz /docker.tgz ADD --checksum=sha256:87330bab085dd8749d4ed0ad633674b9dc48b237b61069e3b481abd364d0a684 \ https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-aarch64-arm-none-eabi.tar.xz /arm-gnu-toolchain.tar.xz +ADD --checksum=sha256:5e131007fad7c5f30d2f41090b49937fb8f16a787e5a95b4b3140e88d174dab2 \ + https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-aarch64-unknown-linux-musl.tar.gz /xwin.tar.gz FROM downloader-$TARGETARCH AS downloader ADD --checksum=sha256:ce6eee4130298f79b0e0f09a89f93c1bc711cd68e7e3182d37c8e96c5227e2f0 \ @@ -20,6 +31,8 @@ ADD --checksum=sha256:db2938ce5fd422f2db7a07508452772c945135d99274004c462190c323 FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor +ARG XWIN_VERSION + WORKDIR /tmp # hadolint ignore=DL3008 @@ -28,6 +41,7 @@ RUN --mount=from=downloader,target=/dl \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends xz-utils \ && tar xzf /dl/docker.tgz \ + && tar xzf /dl/xwin.tar.gz --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin" \ && tar xJf /dl/arm-gnu-toolchain.tar.xz --exclude='*arm-none-eabi-gdb*' --exclude='share' \ && mv arm-gnu-toolchain-*/ gcc-arm-none-eabi @@ -38,7 +52,6 @@ ARG CCACHE_VERSION=4.11 ARG CLANG_VERSION=18 ARG CPM_VERSION=0.40.2 ARG INCLUDE_WHAT_YOU_USE_VERSION=0.22 -ARG XWIN_VERSION=0.6.5 ARG DEBIAN_FRONTEND=noninteractive @@ -87,6 +100,7 @@ ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" # Copy tools from the extractor stage COPY --from=extractor /tmp/docker/docker /usr/local/bin +COPY --from=extractor /tmp/xwin /usr/local/bin/xwin COPY --from=extractor /tmp/gcc-arm-none-eabi /opt/gcc-arm-none-eabi # Install bats @@ -97,9 +111,6 @@ RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ && git -C /usr/local clone -b v0.3.0 https://github.com/bats-core/bats-support.git \ && git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git -# Install xwin -RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin" - # Compile and install additional clang tools; often necessary as binary arm64 builds are lacking, or packages are out-of-date # Install ccache from source for a recent version RUN wget -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERSION}.tar.gz | tar xz -C /tmp \ From 0e504ff2b507fa26724cb9124bffead71a31bd64 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 13:13:06 +0000 Subject: [PATCH 18/19] chore: hoist-up bats installation --- .devcontainer/cpp/Dockerfile | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index bd46462f..4c0d5a29 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -1,5 +1,6 @@ # syntax=docker/dockerfile:1 +ARG BATS_VERSION=1.12.0 ARG DOCKER_VERSION=28.2.2 ARG XWIN_VERSION=0.6.5 @@ -24,22 +25,26 @@ ADD --checksum=sha256:5e131007fad7c5f30d2f41090b49937fb8f16a787e5a95b4b3140e88d1 https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-aarch64-unknown-linux-musl.tar.gz /xwin.tar.gz FROM downloader-$TARGETARCH AS downloader +ARG BATS_VERSION ADD --checksum=sha256:ce6eee4130298f79b0e0f09a89f93c1bc711cd68e7e3182d37c8e96c5227e2f0 \ https://apt.llvm.org/llvm-snapshot.gpg.key /llvm.gpg.key ADD --checksum=sha256:db2938ce5fd422f2db7a07508452772c945135d99274004c462190c323fefcf1 \ https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key /mull.gpg.key +ADD --checksum=sha256:e36b020436228262731e3319ed013d84fcd7c4bd97a1b34dee33d170e9ae6bab \ + https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz /bats-core.tar.gz FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor ARG XWIN_VERSION -WORKDIR /tmp +WORKDIR / # hadolint ignore=DL3008 RUN --mount=from=downloader,target=/dl \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends xz-utils \ + && tar xzf /dl/bats-core.tar.gz && mv bats-core-*/ bats-core \ && tar xzf /dl/docker.tgz \ && tar xzf /dl/xwin.tar.gz --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin" \ && tar xJf /dl/arm-gnu-toolchain.tar.xz --exclude='*arm-none-eabi-gdb*' --exclude='share' \ @@ -47,7 +52,6 @@ RUN --mount=from=downloader,target=/dl \ FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 -ARG BATS_VERSION=1.11.0 ARG CCACHE_VERSION=4.11 ARG CLANG_VERSION=18 ARG CPM_VERSION=0.40.2 @@ -59,10 +63,14 @@ HEALTHCHECK NONE SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Include the Cisco Umbrella PKI Root +# Add the Cisco Umbrella PKI Root ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/cisco-umbrella.crt +# Add additional tools for bats testing framework +ADD https://github.com/bats-core/bats-support#v0.3.0 /usr/local +ADD https://github.com/bats-core/bats-assert#v2.1.0 /usr/local + # Install the base system with all tool dependencies # Some tools are installed via pip to get more recent versions # hadolint ignore=DL3008 @@ -70,11 +78,13 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=from=extractor,target=/src \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | \ xargs apt-get install -y --no-install-recommends \ && update-ca-certificates \ - && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt + && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ + && bash /src/bats-core/install.sh /usr/local # Set default environment options for CMake and ccache ENV CMAKE_GENERATOR="Ninja" @@ -99,17 +109,9 @@ ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" # Copy tools from the extractor stage -COPY --from=extractor /tmp/docker/docker /usr/local/bin -COPY --from=extractor /tmp/xwin /usr/local/bin/xwin -COPY --from=extractor /tmp/gcc-arm-none-eabi /opt/gcc-arm-none-eabi - -# Install bats -RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ - && wget -qO - https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz | tar xz -C "${batstmp}" \ - && bash "${batstmp}/bats-core-${BATS_VERSION}/install.sh" /usr/local \ - && rm -rf "${batstmp}" \ - && git -C /usr/local clone -b v0.3.0 https://github.com/bats-core/bats-support.git \ - && git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git +COPY --from=extractor /docker/docker /usr/local/bin +COPY --from=extractor /xwin /usr/local/bin/xwin +COPY --from=extractor /gcc-arm-none-eabi /opt/gcc-arm-none-eabi # Compile and install additional clang tools; often necessary as binary arm64 builds are lacking, or packages are out-of-date # Install ccache from source for a recent version From d92864ef50b529a41a1977bb569e3809db29534c Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 3 Jun 2025 13:52:25 +0000 Subject: [PATCH 19/19] chore: reduce number of layers --- .devcontainer/cpp/Dockerfile | 58 +++++++++++++++++------------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 4c0d5a29..c2fb49c7 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -32,6 +32,10 @@ ADD --checksum=sha256:db2938ce5fd422f2db7a07508452772c945135d99274004c462190c323 https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key /mull.gpg.key ADD --checksum=sha256:e36b020436228262731e3319ed013d84fcd7c4bd97a1b34dee33d170e9ae6bab \ https://github.com/bats-core/bats-core/archive/refs/tags/v${BATS_VERSION}.tar.gz /bats-core.tar.gz +ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ + https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /cisco-umbrella.crt +ADD https://github.com/bats-core/bats-support#v0.3.0 / +ADD https://github.com/bats-core/bats-assert#v2.1.0 / FROM ubuntu:24.04@sha256:6015f66923d7afbc53558d7ccffd325d43b4e249f41a6e93eef074c9505d2233 AS extractor @@ -63,55 +67,47 @@ HEALTHCHECK NONE SHELL ["/bin/bash", "-o", "pipefail", "-c"] -# Add the Cisco Umbrella PKI Root -ADD --checksum=sha256:a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb \ - https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem /usr/local/share/ca-certificates/cisco-umbrella.crt - -# Add additional tools for bats testing framework -ADD https://github.com/bats-core/bats-support#v0.3.0 /usr/local -ADD https://github.com/bats-core/bats-assert#v2.1.0 /usr/local +# Set default environment options for CMake, ccache, and CPM +# and update the PATH to include the toolchain binaries +ENV CMAKE_GENERATOR="Ninja" \ + CMAKE_EXPORT_COMPILE_COMMANDS="On" \ + CCACHE_DIR=/cache/.ccache \ + CPM_SOURCE_CACHE=/cache/.cpm-cache \ + PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin:/opt/gcc-arm-none-eabi/bin" # Install the base system with all tool dependencies # Some tools are installed via pip to get more recent versions # hadolint ignore=DL3008 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=from=downloader,target=/dl \ --mount=from=extractor,target=/src \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | \ xargs apt-get install -y --no-install-recommends \ + && cp /dl/cisco-umbrella.crt /usr/local/share/ca-certificates/cisco-umbrella.crt \ && update-ca-certificates \ && python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ - && bash /src/bats-core/install.sh /usr/local - -# Set default environment options for CMake and ccache -ENV CMAKE_GENERATOR="Ninja" -ENV CMAKE_EXPORT_COMPILE_COMMANDS="On" -ENV CCACHE_DIR=/cache/.ccache -ENV CPM_SOURCE_CACHE=/cache/.cpm-cache - -# Install clang toolchain and mull mutation testing framework -# hadolint ignore=SC1091 -RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ - --mount=from=downloader,target=/keys \ - cat /keys/llvm.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ - && cat /keys/mull.gpg.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ - && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ + # Copy and install tools from the extractor stage + && bash /src/bats-core/install.sh /usr/local \ + && cp -r /dl/bats-support /usr/local/bats-support \ + && cp -r /dl/bats-assert /usr/local/bats-assert \ + && cp /src/docker/docker /usr/local/bin \ + && cp /src/xwin /usr/local/bin/xwin \ + && cp -r /src/gcc-arm-none-eabi /opt/gcc-arm-none-eabi \ + # Install clang toolchain and mull mutation testing framework + && cat /dl/llvm.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ + && cat /dl/mull.gpg.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ + && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \ && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \ && apt-get update \ - && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ - && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* -ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" -ENV PATH="$PATH:/opt/gcc-arm-none-eabi/bin" - -# Copy tools from the extractor stage -COPY --from=extractor /docker/docker /usr/local/bin -COPY --from=extractor /xwin /usr/local/bin/xwin -COPY --from=extractor /gcc-arm-none-eabi /opt/gcc-arm-none-eabi + && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | \ + xargs apt-get install -y --no-install-recommends # Compile and install additional clang tools; often necessary as binary arm64 builds are lacking, or packages are out-of-date # Install ccache from source for a recent version