Merge pull request #8965 from zmstone/0914-allow-ssh-agent-in-buildx

build: allow passing ssh agent to docker run in buildx.sh

.github/workflows/build_packages.yaml

@@ -262,7 +262,6 @@ jobs:
           --profile "${PROFILE}" \
           --pkgtype "${PACKAGE}" \
           --arch "${ARCH}" \
-          --system "${SYSTEM}" \
           --builder "ghcr.io/emqx/emqx-builder/4.4-19:${OTP}-${SYSTEM}"
     - uses: actions/upload-artifact@v1
       with:

.gitignore

@@ -60,3 +60,4 @@ erlang_ls.config
 # For direnv
 .envrc
 mix.lock
+.gitconfig.tmp

scripts/buildx.sh

@@ -20,10 +20,12 @@ help() {
     echo "--arch amd64|arm64:  Target arch to build the EMQ X package for"
     echo "--src_dir <SRC_DIR>: EMQ X source ode in this dir, default to PWD"
     echo "--builder <BUILDER>: Builder image to pull"
-    echo "--system <SYSTEM>:   The target OS system the package is being built for, ex: debian11"
-    echo "                     E.g. ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-debian10"
+    echo "                     E.g. ghcr.io/emqx/emqx-builder/4.4-19:24.1.5-3-debian11"
+    echo "--ssh:               Pass ssh agent to the builder."
+    echo "                     Also configures git in container to use ssh instead of https to clone deps"
 }
 
+USE_SSH='no'
 while [ "$#" -gt 0 ]; do
     case $1 in
     -h|--help)
@@ -50,9 +52,9 @@ while [ "$#" -gt 0 ]; do
         ARCH="$2"
         shift 2
         ;;
-    --system)
-        SYSTEM="$2"
-        shift 2
+    --ssh)
+        USE_SSH='yes'
+        shift
         ;;
     *)
       echo "WARN: Unknown arg (ignored): $1"
@@ -72,18 +74,42 @@ if [ "$PKGTYPE" != 'zip' ] && [ "$PKGTYPE" != 'pkg' ]; then
     exit 1
 fi
 
+## Although we have 'deterministic' set in 'erl_opts', and foced overriding at project level,
+## still, some of the beams might be compiled (e.g. by erlang.mk) without this flag
+## longer file path means larger beam files
+## i.e. Keep the path to work dir short!
+DOCKER_WORKDIR='/emqx'
+
 cd "${SRC_DIR:-.}"
 
-set -x
-# $SYSTEM below is used by the `relup-base-vsns.escript` to correctly
-# output the list of relup base versions.
+cat <<EOF >.gitconfig.tmp
+[core]
+    sshCommand = ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+[safe]
+    directory = $DOCKER_WORKDIR
+EOF
+
+if [ "$USE_SSH" = 'yes' ]; then
+    cat <<EOF >>.gitconfig.tmp
+[url "ssh://git@github.com/"]
+    insteadOf = https://github.com/
+EOF
+    # when passing ssh agent, we assume this command is executed locally not in ci, so add '-t' option
+    SSH_AGENT_OPTION="-t -e SSH_AUTH_SOCK=/ssh-agent -v ${SSH_AUTH_SOCK}:/ssh-agent"
+else
+    SSH_AGENT_OPTION=''
+fi
+
 docker info
 docker run --rm --privileged tonistiigi/binfmt:latest --install "${ARCH}"
+
+# shellcheck disable=SC2086
 docker run -i --rm \
-    -v "$(pwd)":/emqx \
-    --workdir /emqx \
+    -v "$(pwd)":$DOCKER_WORKDIR \
+    -v "$(pwd)/.gitconfig.tmp":/root/.gitconfig \
+    --workdir $DOCKER_WORKDIR \
     --platform="linux/$ARCH" \
     --user root \
-    -e SYSTEM="$SYSTEM" \
+    $SSH_AGENT_OPTION \
     "$BUILDER" \
-    bash -euc "git config --global --add safe.directory /emqx && chown -R root:root _build && make ${PROFILE}-${PKGTYPE} && .ci/build_packages/tests.sh $PROFILE $PKGTYPE"
+    bash -euc "mkdir -p _build && chown -R root:root _build && make ${PROFILE}-${PKGTYPE} && .ci/build_packages/tests.sh $PROFILE $PKGTYPE"

scripts/relup-base-vsns.escript

@@ -160,7 +160,7 @@ fetch_version(Vsn, VsnMap) ->
 
 filter_froms(Froms0, AvailableVersionsIndex) ->
     Froms1 =
-        case os:getenv("SYSTEM") of
+        case get_system() of
             %% we do not support relup for windows
             "windows" ->
                 [];
@@ -178,6 +178,14 @@ filter_froms(Froms0, AvailableVersionsIndex) ->
       fun(V) -> maps:get(V, AvailableVersionsIndex, false) end,
       Froms1).
 
+get_system() ->
+    case os:getenv("SYSTEM") of
+        false ->
+            string:trim(os:cmd("./scripts/get-distro.sh"));
+        System ->
+            System
+    end.
+
 %% assumes that's X.Y.Z, without pre-releases
 parse_vsn(VsnBin) ->
     {match, [Major0, Minor0, Patch0]} = re:run(VsnBin, "([0-9]+)\\.([0-9]+)\\.([0-9]+)",