1
0
mirror of https://github.com/lineageos4microg/docker-lineage-cicd synced 2024-11-09 10:09:56 +01:00
docker-lineage-cicd/Dockerfile

180 lines
6.1 KiB
Docker
Raw Permalink Normal View History

FROM ubuntu:22.04@sha256:67211c14fa74f070d27cc59d69a7fa9aeff8e28ea118ef3babc295a0428a6d21
LABEL maintainer="Nicola Corna <nicola@corna.info>"
2017-01-08 17:37:37 +01:00
# Environment variables
#######################
2017-12-19 23:25:42 +01:00
ENV MIRROR_DIR /srv/mirror
2017-01-08 17:37:37 +01:00
ENV SRC_DIR /srv/src
ENV TMP_DIR /srv/tmp
2017-01-08 17:37:37 +01:00
ENV CCACHE_DIR /srv/ccache
ENV ZIP_DIR /srv/zips
ENV LMANIFEST_DIR /srv/local_manifests
2017-05-24 22:12:56 +02:00
ENV KEYS_DIR /srv/keys
2017-10-18 17:20:32 +02:00
ENV LOGS_DIR /srv/logs
2017-10-27 08:07:37 +02:00
ENV USERSCRIPTS_DIR /srv/userscripts
2017-08-07 16:54:08 +02:00
2017-05-05 15:38:45 +02:00
ENV DEBIAN_FRONTEND noninteractive
ENV USER root
2017-01-08 17:37:37 +01:00
# Configurable environment variables
####################################
# By default we want to use CCACHE, you can disable this
# WARNING: disabling this may slow down a lot your builds!
ENV USE_CCACHE 1
2017-11-06 16:31:11 +01:00
# ccache maximum size. It should be a number followed by an optional suffix: k,
# M, G, T (decimal), Ki, Mi, Gi or Ti (binary). The default suffix is G. Use 0
# for no limit.
ENV CCACHE_SIZE 50G
# We need to specify the ccache binary since it is no longer packaged along with AOSP
ENV CCACHE_EXEC /usr/bin/ccache
# Environment for the LineageOS branches name
# See https://github.com/LineageOS/android/branches for possible options
ENV BRANCH_NAME 'lineage-16.0'
2017-01-08 17:37:37 +01:00
2017-07-30 18:13:55 +02:00
# Environment for the device list (separate by comma if more than one)
2017-01-08 17:37:37 +01:00
# eg. DEVICE_LIST=hammerhead,bullhead,angler
ENV DEVICE_LIST ''
2017-05-30 21:43:54 +02:00
# Release type string
ENV RELEASE_TYPE 'UNOFFICIAL'
2017-01-08 17:37:37 +01:00
# OTA URL that will be used inside CMUpdater
# Use this in combination with LineageOTA to make sure your device can auto-update itself from this buildbot
ENV OTA_URL ''
# User identity
ENV USER_NAME 'LineageOS Buildbot'
ENV USER_MAIL 'lineageos-buildbot@docker.host'
# Include proprietary files, downloaded automatically from github.com/TheMuppets/ and gitlab.com/the-muppets/
# Only some branches are supported
ENV INCLUDE_PROPRIETARY true
2018-02-28 21:30:18 +01:00
# Mount an overlay filesystem over the source dir to do each build on a clean source
ENV BUILD_OVERLAY false
# Clone the full LineageOS mirror (> 200 GB)
ENV LOCAL_MIRROR false
2017-01-08 17:37:37 +01:00
# If you want to preserve old ZIPs set this to 'false'
2017-08-07 16:54:08 +02:00
ENV CLEAN_OUTDIR false
2017-01-08 17:37:37 +01:00
# Change this cron rule to what fits best for you
2017-05-04 14:51:19 +02:00
# Use 'now' to start the build immediately
2017-08-07 16:54:08 +02:00
# For example, '0 10 * * *' means 'Every day at 10:00 UTC'
ENV CRONTAB_TIME 'now'
2017-01-08 17:37:37 +01:00
2018-02-28 21:30:18 +01:00
# Clean artifacts output after each build
ENV CLEAN_AFTER_BUILD true
# Provide root capabilities builtin inside the ROM (see http://lineageos.org/Update-and-Build-Prep/)
2017-08-07 16:54:08 +02:00
ENV WITH_SU false
# Provide a default JACK configuration in order to avoid out-of-memory issues
ENV ANDROID_JACK_VM_ARGS "-Dfile.encoding=UTF-8 -XX:+TieredCompilation -Xmx4G"
# Custom packages to be installed
ENV CUSTOM_PACKAGES ''
2018-03-08 07:40:01 +01:00
# Sign the builds with the keys in $KEYS_DIR
2017-05-24 22:12:56 +02:00
ENV SIGN_BUILDS false
2018-03-08 07:40:01 +01:00
# When SIGN_BUILDS = true but no keys have been provided, generate a new set with this subject
ENV KEYS_SUBJECT '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
2017-05-17 00:33:15 +02:00
# Move the resulting zips to $ZIP_DIR/$codename instead of $ZIP_DIR/
2017-08-07 16:54:08 +02:00
ENV ZIP_SUBDIR true
2017-05-17 00:33:15 +02:00
2017-10-18 17:20:32 +02:00
# Write the verbose logs to $LOGS_DIR/$codename instead of $LOGS_DIR/
ENV LOGS_SUBDIR true
# Apply the MicroG's signature spoofing patch
# Valid values are "no", "yes" (for the original MicroG's patch) and
# "restricted" (to grant the permission only to the system privileged apps).
#
# The original ("yes") patch allows user apps to gain the ability to spoof
# themselves as other apps, which can be a major security threat. Using the
# restricted patch and embedding the apps that requires it as system privileged
# apps is a much secure option. See the README.md ("Custom mode") for an
# example.
2017-05-22 10:03:05 +02:00
ENV SIGNATURE_SPOOFING "no"
# Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable)
ENV DELETE_OLD_ZIPS 0
2017-10-18 17:20:32 +02:00
# Delete old logs in $LOGS_DIR, keep only the N latest one (0 to disable)
ENV DELETE_OLD_LOGS 0
2022-01-28 19:10:55 +01:00
# build type of your builds (user|userdebug|eng)
ENV BUILD_TYPE "userdebug"
2023-06-25 03:56:35 +02:00
# we can use --depth=1 here
ENV REPO_INIT_ARGS ""
2017-10-27 08:07:37 +02:00
# You can optionally specify a USERSCRIPTS_DIR volume containing these scripts:
# * begin.sh, run at the very beginning
# * before.sh, run after the syncing and patching, before starting the builds
# * pre-build.sh, run before the build of every device
2017-10-27 08:07:37 +02:00
# * post-build.sh, run after the build of every device
# * end.sh, run at the very end
# Each script will be run in $SRC_DIR and must be owned and writeable only by
# root
2017-01-08 17:37:37 +01:00
# Create Volume entry points
############################
2017-12-19 23:25:42 +01:00
VOLUME $MIRROR_DIR
2017-01-08 17:37:37 +01:00
VOLUME $SRC_DIR
VOLUME $TMP_DIR
2017-01-08 17:37:37 +01:00
VOLUME $CCACHE_DIR
VOLUME $ZIP_DIR
VOLUME $LMANIFEST_DIR
2017-05-24 22:12:56 +02:00
VOLUME $KEYS_DIR
2017-10-18 17:20:32 +02:00
VOLUME $LOGS_DIR
2017-10-27 08:07:37 +02:00
VOLUME $USERSCRIPTS_DIR
2017-01-08 17:37:37 +01:00
# Create missing directories
############################
RUN mkdir -p $MIRROR_DIR $SRC_DIR $TMP_DIR $CCACHE_DIR $ZIP_DIR $LMANIFEST_DIR \
$KEYS_DIR $LOGS_DIR $USERSCRIPTS_DIR
2017-01-08 17:37:37 +01:00
2017-05-05 15:38:45 +02:00
# Install build dependencies
############################
RUN apt-get -qq update && \
apt-get install -y bc bison bsdmainutils build-essential ccache cgpt clang \
2022-10-14 18:23:25 +02:00
cron curl flex g++-multilib gcc-multilib git git-lfs gnupg gperf imagemagick \
2020-08-16 01:39:14 +02:00
kmod lib32ncurses5-dev lib32readline-dev lib32z1-dev liblz4-tool \
libncurses5 libncurses5-dev libsdl1.2-dev libssl-dev libxml2 \
libxml2-utils lsof lzop maven openjdk-8-jdk pngcrush procps python3 \
python-is-python3 rsync schedtool squashfs-tools wget xdelta3 xsltproc yasm zip \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
2017-01-08 17:37:37 +01:00
RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
chmod a+x /usr/local/bin/repo
# Re-enable TLSv1 and TLSv1.1 in OpenJDK 8 config
#(for cm-14.1/lineage-15.1, might be removed later)
###################################################
RUN echo "jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves" | tee -a /etc/java-8-openjdk/security/java.security
# Copy required files
#####################
COPY src/ /root/
2017-01-08 17:37:37 +01:00
2017-05-24 22:12:56 +02:00
# Set the work directory
########################
WORKDIR $SRC_DIR
# Allow redirection of stdout to docker logs
############################################
2017-05-05 15:38:45 +02:00
RUN ln -sf /proc/1/fd/1 /var/log/docker.log
2017-01-08 17:37:37 +01:00
# Set the entry point to init.sh
2017-08-07 16:54:08 +02:00
################################
ENTRYPOINT /root/init.sh