Bug 1644046 - Get Sonatype nexus with fetch task rather than when building android-build image. r=froydnj

This brings the `android-build` image very close to other build images, paving the way for it to be folded in completely. It also makes us more resilient in the face of upstream service interruptions. Differential Revision: https://phabricator.services.mozilla.com/D78945
2025-01-26 06:38:36 +00:00 · 2020-06-15 16:29:30 +00:00 · 2020-06-15 16:29:30 +00:00 · 571c7fd42e
commit 571c7fd42e
parent 23a7f13ad7
6 changed files with 29 additions and 46 deletions
--- a/build/docs/toolchains.rst
+++ b/build/docs/toolchains.rst
@ -69,19 +69,16 @@ don't need to fetch additional Maven dependencies at build time.
 redistributed publicly.)

 Archiving the Gradle executable is straight-forward, but archiving a
-local Maven repository is not.  Therefore a special Task Cluster
-Docker image and toolchain job exist for producing the required
-archives.  The Docker image definition is rooted in
-``taskcluster/docker/android-build``.  The Task Cluster toolchain job
-is named `android-gradle-dependencies`.  The job runs in a container
-based on the custom Docker image and spawns a Sonatype Nexus proxying
-Maven repository process in the background.  The job builds Firefox
-for Android using Gradle and the in-tree Gradle configuration rooted
-at ``build.gradle``.  The spawned proxying Maven repository downloads
-external dependencies and collects them.  After the Gradle build
-completes, the job archives the Gradle version used to build, and the
-downloaded Maven repository, and exposes them as Task Cluster
-artifacts.
+local Maven repository is not.  Therefore a toolchain job exists for
+producing the required archives, `android-gradle-dependencies`.  The
+job runs in a container based on a custom Docker image and spawns a
+Sonatype Nexus proxying Maven repository process in the background.
+The job builds Firefox for Android using Gradle and the in-tree Gradle
+configuration rooted at ``build.gradle``.  The spawned proxying Maven
+repository downloads external dependencies and collects them.  After
+the Gradle build completes, the job archives the Gradle version used
+to build, and the downloaded Maven repository, and exposes them as
+Task Cluster artifacts.

 To update the version of Gradle in the archive produced, update
 ``gradle/wrapper/gradle-wrapper.properties``.  Be sure to also update
@ -94,8 +91,8 @@ locally, push a fresh build to try.  The `android-gradle-dependencies`
 toolchain should run automatically, fetching your new dependencies and
 wiring them into the appropriate try build jobs.

-To update the version of Sonatype Nexus, update `NEXUS_VERSION` in the
-`android-build` Docker image.
+To update the version of Sonatype Nexus, update the `sonatype-nexus`
+`fetch` task definition.

 To modify the Sonatype Nexus configuration, typically to proxy a new
 remote Maven repository, modify
--- a/taskcluster/ci/fetch/toolchains.yml
+++ b/taskcluster/ci/fetch/toolchains.yml
@ -488,3 +488,14 @@ codeql-2.0.3:
        sha256: 094ff1ffc7211e8222c148e375fdd53b58bd4c0fe20875d9d7abf2a5e6c341a5
        size: 473738719
        artifact-name: codeql.zip
+
+sonatype-nexus:
+    description: Sonatype Nexus Maven repository service
+    fetch:
+        type: static-url
+        url: https://download.sonatype.com/nexus/oss/nexus-2.12.0-01-bundle.tar.gz
+        sha256: bf3c02ef9cdea0e854e0feba85d74f79215db04b692aebbaea37e4caf83c7fcc
+        size: 71971402
+        artifact-name: sonatype-nexus.tar.zst
+        strip-components: 1
+        add-prefix: sonatype-nexus/
--- a/taskcluster/ci/toolchain/android.yml
+++ b/taskcluster/ci/toolchain/android.yml
@ -76,6 +76,8 @@ linux64-android-gradle-dependencies:
        toolchain-artifact: public/build/android-gradle-dependencies.tar.zst
        toolchain-alias: android-gradle-dependencies
    fetches:
+        fetch:
+            - sonatype-nexus
        toolchain:
            # Aliases aren't allowed for toolchains depending on toolchains.
            - linux64-android-sdk-linux-repack
--- a/taskcluster/docker/android-build/Dockerfile
+++ b/taskcluster/docker/android-build/Dockerfile
@ -48,41 +48,11 @@ COPY topsrcdir/taskcluster/docker/recipes/xvfb.sh /builds/worker/scripts/xvfb.sh
 COPY topsrcdir/taskcluster/docker/recipes/prepare_openjdk.sh /tmp/prepare_openjdk.sh
 RUN /tmp/prepare_openjdk.sh && rm /tmp/prepare_openjdk.sh

-# Reset user/workdir from parent image so we can install software.
-WORKDIR /
-USER root
-
-# Install Sonatype Nexus.  Cribbed directly from
-# https://github.com/sonatype/docker-nexus/blob/fffd2c61b2368292040910c055cf690c8e76a272/oss/Dockerfile.
-
 # Observe missing --no-install-recommends, in order to install glib2.0/gconf/etc.
 RUN apt-get install \
      libgconf-2-4 \
      libgnome2-0 \
      openjdk-8-jdk-headless

-ENV NEXUS_VERSION=2.12.0-01 \
-    NEXUS_SHA1SUM=1a9aaad8414baffe0a2fd46eed1f41b85f4049e6 \
-    NEXUS_WORK=/builds/worker/workspace/nexus
-
-RUN mkdir -p /opt/sonatype/nexus
-
-WORKDIR /tmp
-RUN curl --fail --silent --location --retry 3 \
-    https://download.sonatype.com/nexus/oss/nexus-${NEXUS_VERSION}-bundle.tar.gz \
-    -o /tmp/nexus-${NEXUS_VERSION}-bundle.tar.gz
-
-# Observe the two spaces below.  Seriously.
-RUN echo "${NEXUS_SHA1SUM}  nexus-${NEXUS_VERSION}-bundle.tar.gz" > nexus-${NEXUS_VERSION}-bundle.tar.gz.sha1
-RUN sha1sum --check nexus-${NEXUS_VERSION}-bundle.tar.gz.sha1
-
-RUN tar zxf nexus-${NEXUS_VERSION}-bundle.tar.gz \
-  && mv /tmp/nexus-${NEXUS_VERSION}/* /opt/sonatype/nexus/ \
-  && rm -rf /tmp/nexus-${NEXUS_VERSION} \
-  && rm -rf /tmp/nexus-${NEXUS_VERSION}-bundle.tar.gz
-
-# So that we don't have to RUN_AS_USER=root.
-RUN chown -R worker:worker /opt/sonatype
-
 # Back to the workdir, matching desktop-build.
 WORKDIR /builds/worker
--- a/taskcluster/scripts/misc/android-gradle-dependencies/after.sh
+++ b/taskcluster/scripts/misc/android-gradle-dependencies/after.sh
@ -12,6 +12,7 @@ set -v
 pushd $WORKSPACE
 mkdir -p android-gradle-dependencies /builds/worker/artifacts

+# NEXUS_WORK is exported by `before.sh`.
 cp -R ${NEXUS_WORK}/storage/jcenter android-gradle-dependencies
 cp -R ${NEXUS_WORK}/storage/google android-gradle-dependencies
 cp -R ${NEXUS_WORK}/storage/gradle-plugins android-gradle-dependencies
--- a/taskcluster/scripts/misc/android-gradle-dependencies/before.sh
+++ b/taskcluster/scripts/misc/android-gradle-dependencies/before.sh
@ -8,10 +8,12 @@ echo "running as" $(id)

 set -v

+# Export NEXUS_WORK so that `after.sh` can use it.
+export NEXUS_WORK=/builds/worker/workspace/sonatype-nexus-work
 mkdir -p ${NEXUS_WORK}/conf
 cp /builds/worker/workspace/build/src/taskcluster/scripts/misc/android-gradle-dependencies/nexus.xml ${NEXUS_WORK}/conf/nexus.xml

-RUN_AS_USER=worker /opt/sonatype/nexus/bin/nexus restart
+RUN_AS_USER=worker $MOZ_FETCHES_DIR/sonatype-nexus/bin/nexus restart

 # Wait "a while" for Nexus to actually start.  Don't fail if this fails.
 wget --quiet --retry-connrefused --waitretry=2 --tries=100 \