Closed github-actions[bot] closed 1 year ago
romain-hunault
commented
1 year ago @uazo we are able to build cromite in ~25mn on our infra (x64 and arm64): https://gitlab.e.foundation/e/os/cromite/-/pipelines/313827
It signs APKs with public Chromium keys.
We can setup mirroring repository, in order to build any modification pushed on cromite main branch.
uazo
commented
1 year ago We can setup mirroring repository, in order to build any modification pushed on cromite main branch.
And yes, that would be useful to me! Let me have time to understand what you have done
uazo
commented
1 year ago We can setup mirroring repository
may I, may I?
can I make a different proposal, set us up differently? That is, a repo with just the build tools, no source code.
I explain: I would prefer no merge at all during build (which is a bit opaque) versus a simpler, more obvious modification of the tools only needed for the build in gitlab. if there is a need we could identify what is needed for me to set for you or I could add support for it. for example: i don't know why you want to compile without cfi, but cromite has cfi active in the android build, it's a guarantee for me because of any bugs I might introduce that would be obvious and so it's a guarantee for the users.
it is my understanding that you build a docker image and then run the script build.sh inside the container, correct? if so, that's pretty much what I do.
can we try directly with an image of mine (es. uazo/cromite-build:115.0.5790.136-3f31d6687df2166ab2ea589f526486296ea83d47) ?
romain-hunault
commented
1 year ago @uazo thanks for your feedback.
That is, a repo with just the build tools, no source code.
What do you mean exactly?
it is my understanding that you build a docker image and then run the script build.sh inside the container, correct?
It is correct!
can we try directly with an image of mine (es. uazo/cromite-build:115.0.5790.136-3f31d6687df2166ab2ea589f526486296ea83d47) ?
It is possible... it the DockerFile is shared on the project. We use only docker images built on the same pipeline, to know what will run on our servers.
uazo
commented
1 year ago OR splitting source code and build system, which would allow mirroring your project directly?
exactly. this way it is easier to see from the history the changes made only related to the build support.
it the DockerFile is shared on the project.
all dockerfiles are public (https://github.com/uazo/cromite/tree/master/tools/images)
We use only docker images built on the same pipeline,
Which I guess is a caution on your part rather than an impossibility in general, and that is correct.
But what if you were able to remove the network (docker --network none) from the image that makes the build and remove support for docker in the container?
I'm basically asking if you would like to check out all the infrastructure that I've already created, including the use of sysbox, whether it is compatible with your security rules.
uazo
commented
1 year ago next version https://github.com/uazo/cromite/issues/150
romain-hunault
commented
1 year ago @uazo we will explore the usage of the docker image, and splitting cromite source code and build system project, in our next sprint starting mid-August.
commit: https://github.com/uazo/cromite/commit/3f31d6687df2166ab2ea589f526486296ea83d47 builder: https://github.com/uazo/cromite/actions/runs/5643434758 release: https://github.com/uazo/cromite/releases/tag/v115.0.5790.136-3f31d6687df2166ab2ea589f526486296ea83d47 docker image: uazo/cromite-build:115.0.5790.136-3f31d6687df2166ab2ea589f526486296ea83d47
changes: