Add azure pipelines for reproducible build (#6870)

* Add azure pipelines for reproducible build * Add always build flag for upgrade build * Fix the build version ubuntu-20.04
2021-02-25 13:44:58 +08:00 · 2021-02-25 13:44:58 +08:00 · d3040bd804
commit d3040bd804
parent 2a339faf7e
4 changed files with 265 additions and 0 deletions
--- a/.azure-pipelines/azure-pipelines-Official.yml
+++ b/.azure-pipelines/azure-pipelines-Official.yml
@ -0,0 +1,31 @@
+# Starter pipeline
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger: none
+pr: none
+
+schedules:
+- cron: "0 0 * * *"
+  displayName: Daily Build
+  branches:
+    include:
+    - 202012
+  always: true
+
+pool: sonicbld
+
+stages:
+- stage: Build
+  jobs:
+  - template: azure-pipelines-build.yml
+    parameters:
+      buildOptions: 'SONIC_CONFIG_BUILD_JOBS=1 SONIC_VERSION_CONTROL_COMPONENTS=deb,py2,py3,web'
+      postSteps:
+      - script: |
+          make freeze
+          git status files/build/versions
+          git add files/build/versions
+          git diff HEAD files/build/versions
+        displayName: "Show git diff"
--- a/.azure-pipelines/azure-pipelines-UpgrateVersion.yml
+++ b/.azure-pipelines/azure-pipelines-UpgrateVersion.yml
@ -0,0 +1,109 @@
+# Starter pipeline
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger: none
+pr: none
+
+schedules:
+- cron: "0 0 * * *"
+  displayName: Daily Build
+  branches:
+    include:
+    - 202012
+  always: true
+
+pool: sonicbld
+
+stages:
+- stage: Build
+  jobs:
+  - template: azure-pipelines-build.yml
+    parameters:
+      buildSlave: y
+- stage: UpgradeVersions
+  jobs:
+  - job: UpgradeVersions
+    pool:
+      vmImage: 'ubuntu-20.04'
+    steps:
+    - script: |
+        if [ -z "$(which gh)" ]; then
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0
+          sudo apt-add-repository https://cli.github.com/packages
+          sudo apt update
+          sudo apt install gh
+        fi
+      displayName: 'Install gh'
+    - checkout: self
+      displayName: 'Checkout code'
+    - download: current
+      patterns: '**/versions-*'
+    - script: |
+        mkdir -p target
+        default_platform=broadcom
+        artifacts=$(find $(Pipeline.Workspace) -maxdepth 1 -type d -name 'sonic-buildimage.*' | grep -v "sonic-buildimage.${default_platform}")
+        echo "artifacts$artifacts"
+        cp -r $(Pipeline.Workspace)/sonic-buildimage.${default_platform}/versions target/
+        make freeze FREEZE_VERSION_OPTIONS=-r
+        find files/build/versions 
+        for artifact in $artifacts
+        do
+          rm -rf target/versions
+          cp -r $artifact/versions target/
+          make freeze FREEZE_VERSION_OPTIONS="-a -d"
+        done
+        git diff files/build/versions
+      displayName: 'Freeze Versions'
+    - script: |
+        if [ -z "$GIT_USER" ]; then
+          echo "Skipped to send the pull request, GIT_USER not set."
+          exit 0
+        fi
+        GIT_STATUS=$(git status  --porcelain files/build/versions)
+        if [ -z "$GIT_STATUS" ]; then
+          echo "Skipped to send the pull request, no version change in files/build/versions"
+          exit 0
+        fi
+        if [ ! -d "$HOME" ]; then
+          sudo mkdir -p $HOME
+          sudo chown -R $(id -un):$(id -gn) $HOME
+        fi
+        SOURCE_BRANCH=$(Build.SourceBranch)
+        REPO_NAME=$(Build.Repository.Name)
+        [ -z "$GIT_REPO" ] && GIT_REPO=${REPO_NAME#*/}
+        BRANCH_NAME=repd/versions/${SOURCE_BRANCH#refs/heads/}
+        echo '#!/bin/bash' > git_env_password.sh
+        echo 'echo $GIT_PASSWORD' >> git_env_password.sh
+        chmod a+x git_env_password.sh
+        export GIT_ASKPASS=./git_env_password.sh
+
+        git config user.name $GIT_USER
+        git config credential.https://github.com.username $GIT_USER
+        git add files/build/versions
+        git commit -m "Update SONiC version files"
+        git checkout -b $BRANCH_NAME
+        git remote add remote https://github.com/$GIT_USER/$GIT_REPO
+        git push remote HEAD:refs/heads/$BRANCH_NAME -f
+        git branch -u remote/$BRANCH_NAME
+
+        echo $GIT_PASSWORD | gh auth login --with-token
+        TITLE="Upgrade SONiC Versions"
+        BODY="Upgrade SONiC Versions"
+        RET=0
+        if ! gh pr create -t "$TITLE" -b "$BODY" -B $(Build.SourceBranch) -R $(Build.Repository.Name) > pr.log 2>&1; then
+          if ! grep -q "already exists" pr.log; then
+            RET=1
+          fi
+        fi
+        cat pr.log
+        exit $RET
+      env:
+        GIT_USER: $(GIT_USER)
+        GIT_PASSWORD: $(GIT_PASSWORD)
+      displayName: 'Send Pull Request'
+    - publish: $(System.DefaultWorkingDirectory)/files/build/versions
+      artifact: 'sonic-buildimage.versions'
+      displayName: 'Archive SONiC versions'
+    
--- a/.azure-pipelines/azure-pipelines-build.yml
+++ b/.azure-pipelines/azure-pipelines-build.yml
@ -0,0 +1,72 @@
+parameters:
+- name: 'jobFilters'
+  type: object
+  default: ''
+- name: 'buildOptions'
+  type: string
+  default: 'SONIC_CONFIG_BUILD_JOBS=1'
+- name: 'buildSlave'
+  type: string
+  default: 'n'
+- name: 'postSteps'
+  type: stepList
+  default: []
+
+jobs:
+- template: azure-pipelines-job-groups.yml
+  parameters:
+    jobFilters: ${{ parameters.jobFilters }}
+    preSteps:
+      - script: |
+          containers=$(docker container ls | grep "sonic-slave" | awk '{ print $1 }')
+          if [ ! -z "$containers" ]; then
+            docker container kill $containers || true
+            sleep 5
+          fi
+          if [ "${{ parameters.buildSlave }}" == "y" ]; then
+            images=$(docker images 'sonic-slave-*' -a -q)
+            [ ! -z "$images" ] && docker rmi -f $images
+          fi
+          sudo rm -rf $(ls -A1)
+        displayName: 'Init'
+      - checkout: self
+        submodules: recursive
+        displayName: 'Checkout code'
+      - script: |
+          make ${{ parameters.buildOptions }} PLATFORM=$GROUP_NAME configure
+        displayName: 'Make configure'
+    postSteps:
+      - ${{ parameters.postSteps }}
+      - publish: $(System.DefaultWorkingDirectory)/target
+        artifact: 'sonic-buildimage.$(GROUP_NAME)$(GROUP_EXTNAME)'
+        displayName: "Archive sonic image"
+    jobGroups:
+      - name: vs
+        script: |
+          sudo bash -c "echo 1 > /proc/sys/vm/compact_memory"
+          make ${{ parameters.buildOptions }} target/sonic-vs.img.gz
+      - name: broadcom
+        script: |
+          make ${{ parameters.buildOptions }} target/sonic-broadcom.bin target/sonic-aboot-broadcom.swi
+      - name: barefoot
+        script: |
+          make ${{ parameters.buildOptions }} target/sonic-barefoot.bin target/sonic-aboot-barefoot.swi
+      - name: centec
+        script: |
+          make ${{ parameters.buildOptions }} INSTALL_DEBUG_TOOLS=y target/sonic-centec.bin
+          mv target/sonic-centec.bin target/sonic-centec-dbg.bin
+          make ${{ parameters.buildOptions }} target/sonic-centec.bin
+          make ${{ parameters.buildOptions }} ENABLE_SYNCD_RPC=y target/docker-syncd-centec-rpc.gz
+      - name: innovium
+        script: |
+          make ${{ parameters.buildOptions }} SONIC_CONFIG_BUILD_JOBS=1 target/sonic-innovium.bin
+      - name: mellanox
+        script: |
+          make ${{ parameters.buildOptions }} target/sonic-mellanox.bin
+      - name: mellanox
+        extName: _rpc
+        script: |
+          make ${{ parameters.buildOptions }} ENABLE_SYNCD_RPC=y all
+      - name: nephos
+        script: |
+          make ${{ parameters.buildOptions }} target/sonic-nephos.bin
--- a/.azure-pipelines/azure-pipelines-job-groups.yml
+++ b/.azure-pipelines/azure-pipelines-job-groups.yml
@ -0,0 +1,53 @@
+parameters:
+- name: 'preSteps'
+  type: stepList
+  default: []
+- name: "postSteps"
+  type: stepList
+  default: []
+- name: 'jobGroups'
+  type: object
+  default: []
+- name: 'jobVariables'
+  type: object
+  default: {}
+- name: 'scriptEnv'
+  type: object
+  default: ''
+- name: 'timeoutInMinutes'
+  type: 'number'
+  default: 1440
+- name: 'jobFilters'
+  type: object
+  default: ''
+
+jobs:
+- ${{ each jobGroup in parameters.jobGroups }}:
+  - ${{ if or(eq(parameters.jobFilters, ''), containsValue(parameters.jobFilters, jobGroup.name)) }}:
+    - job: ${{ replace(format('{0}{1}', jobGroup.name, jobGroup.extName), '-', '_') }}
+      ${{ each pair in jobGroup }}:
+        ${{ if not(in(pair.key, 'job', 'name', 'extName', 'variables', 'steps', 'script', 'scriptEnv')) }}:
+          ${{ pair.key }}: ${{ pair.value }}
+      ${{ if eq(jobGroup.timeoutInMinutes, '') }}:
+        timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
+      variables:
+        GROUP_NAME: ${{ jobGroup.name }}
+        GROUP_EXTNAME: '${{ jobGroup.extName }}'
+        GROUP_NAMES: ${{ join(',', parameters.jobGroups.*.name ) }}
+        ${{ if ne(jobGroup.variables, '') }}:
+          ${{ jobGroup.variables }}
+        ${{ each para in parameters.jobvariables }}:
+          ${{ if eq(jobGroup.variables[para.key], '') }}:
+            ${{ para.key }}: ${{ para.value }}
+      steps:
+      - ${{ parameters.preSteps }}
+      - ${{ if ne(jobGroup.script, '') }}:
+        - script: |
+            ${{ jobGroup.script }}
+          env:
+            ${{ if ne(parameters.scriptEnv, '') }}:
+              ${{ parameters.scriptEnv }}
+          displayName: 'JobScript'
+      - ${{ if ne(jobGroup.steps, '') }}:
+        - ${{ jobGroup.steps }}
+      - ${{ parameters.postSteps }}