From 0399da8ec0252f0a4023d578b1d1f4485c614399 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Tue, 14 Oct 2025 19:34:36 +0000 Subject: [PATCH 1/5] copy cf to the install directory chromium dev Signed-off-by: Javan Lacerda --- docker/chromium/base/immutable/dev/Dockerfile | 8 ++++---- docker/immutable-cloudbuild.yaml | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docker/chromium/base/immutable/dev/Dockerfile b/docker/chromium/base/immutable/dev/Dockerfile index 6eabf9c7f7..2ed0a76e2f 100644 --- a/docker/chromium/base/immutable/dev/Dockerfile +++ b/docker/chromium/base/immutable/dev/Dockerfile @@ -17,10 +17,10 @@ ENV IMMUTABLE_IMAGE=true ARG CLUSTERFUZZ_SOURCE_DIR -COPY ${CLUSTERFUZZ_SOURCE_DIR} /data/clusterfuzz +COPY ${CLUSTERFUZZ_SOURCE_DIR} ${INSTALL_DIRECTORY} -RUN cd /data/clusterfuzz && bash local/install_deps.bash +RUN cd ${INSTALL_DIRECTORY}/clusterfuzz && bash local/install_deps.bash -COPY ${CLUSTERFUZZ_SOURCE_DIR}/clusterfuzz-config/configs/chrome-development /data/clusterfuzz/src/appengine/config +COPY ${CLUSTERFUZZ_SOURCE_DIR}/clusterfuzz-config/configs/chrome-development ${INSTALL_DIRECTORY}/clusterfuzz/src/appengine/config -RUN rm -rf /data/clusterfuzz/clusterfuzz-config +RUN rm -rf ${INSTALL_DIRECTORY}/clusterfuzz/clusterfuzz-config diff --git a/docker/immutable-cloudbuild.yaml b/docker/immutable-cloudbuild.yaml index 2823321bfa..77e6556137 100644 --- a/docker/immutable-cloudbuild.yaml +++ b/docker/immutable-cloudbuild.yaml @@ -52,6 +52,7 @@ steps: git clone https://github.com/google/clusterfuzz.git cd clusterfuzz git checkout "${_CLUSTERFUZZ_REVISION}" + cp -r /workspace/clusterfuzz-config . else echo "☑️ _CLUSTERFUZZ_REVISION is not set. Using the latest commit." fi From b7c4fcea5078b1bd6cd4d790540766341acb9f72 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Wed, 15 Oct 2025 12:21:29 +0000 Subject: [PATCH 2/5] copy clusterfuzz immutable Signed-off-by: Javan Lacerda --- docker/base/setup_clusterfuzz.sh | 1 + docker/chromium/base/immutable/dev/Dockerfile | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docker/base/setup_clusterfuzz.sh b/docker/base/setup_clusterfuzz.sh index ec67c0f041..935af78715 100644 --- a/docker/base/setup_clusterfuzz.sh +++ b/docker/base/setup_clusterfuzz.sh @@ -28,6 +28,7 @@ fi if [[ "$IMMUTABLE_IMAGE" == "true" ]]; then echo "Not downloading Clusterfuzz source code as it is an immutable image" + cp -r /data/clusterfuzz $INSTALL_DIRECTORY/. else CLUSTERFUZZ_FILE=clusterfuzz_package.zip # When $LOCAL_SRC is set, use source zip on mounted volume for local testing. diff --git a/docker/chromium/base/immutable/dev/Dockerfile b/docker/chromium/base/immutable/dev/Dockerfile index 2ed0a76e2f..6eabf9c7f7 100644 --- a/docker/chromium/base/immutable/dev/Dockerfile +++ b/docker/chromium/base/immutable/dev/Dockerfile @@ -17,10 +17,10 @@ ENV IMMUTABLE_IMAGE=true ARG CLUSTERFUZZ_SOURCE_DIR -COPY ${CLUSTERFUZZ_SOURCE_DIR} ${INSTALL_DIRECTORY} +COPY ${CLUSTERFUZZ_SOURCE_DIR} /data/clusterfuzz -RUN cd ${INSTALL_DIRECTORY}/clusterfuzz && bash local/install_deps.bash +RUN cd /data/clusterfuzz && bash local/install_deps.bash -COPY ${CLUSTERFUZZ_SOURCE_DIR}/clusterfuzz-config/configs/chrome-development ${INSTALL_DIRECTORY}/clusterfuzz/src/appengine/config +COPY ${CLUSTERFUZZ_SOURCE_DIR}/clusterfuzz-config/configs/chrome-development /data/clusterfuzz/src/appengine/config -RUN rm -rf ${INSTALL_DIRECTORY}/clusterfuzz/clusterfuzz-config +RUN rm -rf /data/clusterfuzz/clusterfuzz-config From b403e3e4b9bb53444fd0240394e9f425ba9f82c2 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Wed, 15 Oct 2025 14:53:31 +0000 Subject: [PATCH 3/5] disable update source for immutable Signed-off-by: Javan Lacerda --- src/clusterfuzz/_internal/system/environment.py | 4 ++++ src/python/bot/startup/run.py | 3 +++ 2 files changed, 7 insertions(+) diff --git a/src/clusterfuzz/_internal/system/environment.py b/src/clusterfuzz/_internal/system/environment.py index 6618a01190..6b37b66297 100644 --- a/src/clusterfuzz/_internal/system/environment.py +++ b/src/clusterfuzz/_internal/system/environment.py @@ -1195,6 +1195,10 @@ def is_tworker(): return get_value('TWORKER', False) +def is_immutable_instance(): + return get_value('IMMUTABLE_IMAGE', False) + + def update_task_enabled() -> bool: """ It uses the GCE VM metadata server `update_task_enabled` flag. diff --git a/src/python/bot/startup/run.py b/src/python/bot/startup/run.py index 0cd1a07cc2..7e031b0734 100644 --- a/src/python/bot/startup/run.py +++ b/src/python/bot/startup/run.py @@ -173,6 +173,9 @@ def stop_android_heartbeat(): def update_source_code_if_needed(): """Update source code if needed.""" + if environment.is_immutable_instance(): + logs.info("This is an immutable image, not updating source code.") + return try: # Update the bot source, if there's a newer version. newer_source_revision = update_task.get_newer_source_revision() From f08334b6a8a22a1841e904bfeb6d1faf2075f431 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Wed, 15 Oct 2025 18:49:22 +0000 Subject: [PATCH 4/5] fix manifest path Signed-off-by: Javan Lacerda --- docker/build-immutable.sh | 4 ++-- docker/immutable-cloudbuild.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/build-immutable.sh b/docker/build-immutable.sh index d91ea2414b..ddbf17a323 100755 --- a/docker/build-immutable.sh +++ b/docker/build-immutable.sh @@ -50,9 +50,9 @@ rm -rf src/appengine/config # Loop through each image name in the IMAGES array. for image_name in "${IMAGES[@]}"; do - # Read the ClusterFuzz revision from the revision.txt file. This is used to + # Read the ClusterFuzz revision from the clusterfuzz-source.manifest file. This is used to # tag the Docker images. - CURRENT_CLUSTERFUZZ_REVISION="$(cat /workspace/revision.txt)" + CURRENT_CLUSTERFUZZ_REVISION="$(cat src/appengine/resources/clusterfuzz-source.manifest)" # Determine the directory containing the Dockerfile and related build context. project_dir=docker/${image_name#gcr.io/clusterfuzz-images/} diff --git a/docker/immutable-cloudbuild.yaml b/docker/immutable-cloudbuild.yaml index 77e6556137..66fb17c51a 100644 --- a/docker/immutable-cloudbuild.yaml +++ b/docker/immutable-cloudbuild.yaml @@ -75,11 +75,11 @@ steps: # Using the builder service account as the user RAW_USER=$(gcloud auth list --filter=status:ACTIVE --format="value(account)") - USER=$(echo "$$RAW_USER" | cut -d'@' -f1) + USER=$(echo "$$RAW_USER" | cut -d'@' -f1 | sed 's/-compute//') REVISION="$${TIMESTAMP}-$${CF_SHA}-$${USER}-$${CF_CONFIG_SHA}-prod" echo "Computed revision: $${REVISION}" - echo "$${REVISION}" > /workspace/revision.txt + echo "$${REVISION}" > src/appengine/resources/clusterfuzz-source.manifest - id: build immutable image name: gcr.io/cloud-builders/docker From 9bb63c012030facd3869f463e6ac4b1e61e2ebc7 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Thu, 16 Oct 2025 19:12:06 +0000 Subject: [PATCH 5/5] perform symlink isntead cp Signed-off-by: Javan Lacerda --- docker/base/setup_clusterfuzz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/base/setup_clusterfuzz.sh b/docker/base/setup_clusterfuzz.sh index 935af78715..96a770ac8d 100644 --- a/docker/base/setup_clusterfuzz.sh +++ b/docker/base/setup_clusterfuzz.sh @@ -28,7 +28,7 @@ fi if [[ "$IMMUTABLE_IMAGE" == "true" ]]; then echo "Not downloading Clusterfuzz source code as it is an immutable image" - cp -r /data/clusterfuzz $INSTALL_DIRECTORY/. + ln -s /data/clusterfuzz $INSTALL_DIRECTORY/ else CLUSTERFUZZ_FILE=clusterfuzz_package.zip # When $LOCAL_SRC is set, use source zip on mounted volume for local testing.