-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
177 lines (167 loc) · 7.36 KB
/
Dockerfile
File metadata and controls
177 lines (167 loc) · 7.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Dockerfile.rolling - Multi-version Rust image for 6-month rolling window
#
# This image contains all stable Rust versions from the last 6 months,
# plus beta and nightly. It enables digest-pinned immutable builds while
# supporting automatic version fallback for older MSRVs.
#
# The 6-month window is calculated automatically based on the current stable
# Rust version. Rust releases every ~6 weeks, so 6 months = ~4 releases.
# We include 4 prior versions plus current stable (5 total stable versions).
#
# Published as:
# jerusdp/ci-rust:rolling-6mo
# jerusdp/ci-rust:rolling-6mo-wasi
#
# Usage:
# docker build -f Dockerfile.rolling -t jerusdp/ci-rust:rolling-6mo --target final .
# docker build -f Dockerfile.rolling -t jerusdp/ci-rust:rolling-6mo-wasi --target wasi .
FROM docker.io/library/rust:1.94.0@sha256:0e6da0c8f06f25e9591f21c0f741cd4ff1086e271c3330f29f6e4e95869c7843 AS binaries
# renovate: datasource=crate depName=wasmtime-cli packageName=wasmtime-cli versioning=semver-coerced
# renovate: datasource=crate depName=cargo-audit packageName=cargo-audit versioning=semver-coerced
ENV CARGO_AUDIT_VERSION=0.22.1
# renovate: datasource=crate depName=cargo-fuzz packageName=cargo-fuzz versioning=semver-coerced
ENV CARGO_FUZZ_VERSION=0.13.1
# renovate: datasource=crate depName=cargo-llvm-cov packageName=cargo-llvm-cov versioning=semver-coerced
ENV CARGO_LLVM_COV_VERSION=0.8.4
# renovate: datasource=crate depName=cargo-release packageName=cargo-release versioning=semver-coerced
ENV CARGO_RELEASE_VERSION=1.1.1
# renovate: datasource=crate depName=circleci-junit-fix packageName=circleci-junit-fix versioning=semver-coerced
ENV CIRCLECI_JUNIT_FIX_VERSION=0.2.3
# renovate: datasource=crate depName=cull-gmail packageName=cull-gmail versioning=semver-coerced
ENV CULL_GMAIL_VERSION=0.1.4
# renovate: datasource=crate depName=gen-changelog packageName=gen-changelog versioning=semver-coerced
ENV GEN_CHANGELOG_VERSION=0.1.7
# renovate: datasource=crate depName=gen-orb-mcp packageName=gen-orb-mcp versioning=semver-coerced
ENV GEN_ORB_MCP_VERSION=0.1.0
# renovate: datasource=crate depName=kdeets packageName=kdeets versioning=semver-coerced
ENV KDEETS_VERSION=0.1.29
# renovate: datasource=crate depName=nextsv packageName=nextsv versioning=semver-coerced
ENV NEXTSV_VERSION=0.19.29
# renovate: datasource=crate depName=pcu packageName=pcu versioning=semver-coerced
ENV PCU_VERSION=0.6.12
# renovate: datasource=crate depName=rsign2 packageName=rsign2 versioning=semver-coerced
ENV RSIGN2_VERSION=0.6.6
# renovate: datasource=crate depName=wasm-pack packageName=wasm-pack versioning=semver-coerced
ENV WASMPACK_VERSION=0.14.0
# renovate: datasource=crate depName=wasmtime-cli packageName=wasmtime-cli versioning=semver-coerced
ENV WASMTIME_VERSION=42.0.1
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN set -eux;
RUN apt-get update; \
apt-get install -y --no-install-recommends \
build-essential \
curl \
libssl-dev \
pkg-config \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN \
curl \
--proto '=https' \
--tlsv1.2 \
-sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
RUN \
cargo binstall cargo-audit --version "${CARGO_AUDIT_VERSION}" --no-confirm; \
cargo binstall --locked --version 1.0.95 cargo-expand --no-confirm; \
cargo binstall cargo-fuzz --version "${CARGO_FUZZ_VERSION}" --no-confirm; \
cargo binstall cargo-llvm-cov --version "${CARGO_LLVM_COV_VERSION}" --no-confirm; \
cargo binstall cargo-nextest --no-confirm; \
cargo binstall cargo-release --version "${CARGO_RELEASE_VERSION}" --no-confirm; \
cargo binstall circleci-junit-fix --locked --version "${CIRCLECI_JUNIT_FIX_VERSION}" --no-confirm; \
cargo binstall cull-gmail --version "${CULL_GMAIL_VERSION}" --no-confirm; \
cargo binstall gen-changelog --version "${GEN_CHANGELOG_VERSION}" --no-confirm; \
cargo binstall gen-orb-mcp --version "${GEN_ORB_MCP_VERSION}" --no-confirm; \
cargo binstall kdeets --version "${KDEETS_VERSION}" --no-confirm; \
cargo binstall nextsv --version "${NEXTSV_VERSION}" --no-confirm; \
cargo binstall pcu --version "${PCU_VERSION}" --no-confirm; \
cargo binstall rsign2 --version "${RSIGN2_VERSION}" --no-confirm; \
cargo binstall wasm-pack --version "${WASMPACK_VERSION}" --no-confirm; \
cargo binstall wasmtime-cli --version "${WASMTIME_VERSION}" --no-confirm;
FROM docker.io/library/rust:1.94.0@sha256:0e6da0c8f06f25e9591f21c0f741cd4ff1086e271c3330f29f6e4e95869c7843 AS base
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
adduser \
curl \
git \
jq \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& adduser circleci
COPY --from=binaries $CARGO_HOME/bin/cull-gmail $CARGO_HOME/bin/
USER circleci
WORKDIR /home/circleci/project
FROM base AS final
USER root
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
build-essential \
gpg \
gpg-agent \
libssl-dev \
llvm \
openssh-client \
pkg-config \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=binaries $CARGO_HOME/bin/cargo-release \
$CARGO_HOME/bin/cargo-audit \
$CARGO_HOME/bin/cargo-expand \
$CARGO_HOME/bin/cargo-fuzz \
$CARGO_HOME/bin/cargo-llvm-cov \
$CARGO_HOME/bin/cargo-nextest \
$CARGO_HOME/bin/gen-changelog \
$CARGO_HOME/bin/gen-orb-mcp \
$CARGO_HOME/bin/kdeets \
$CARGO_HOME/bin/nextsv \
$CARGO_HOME/bin/pcu \
$CARGO_HOME/bin/rsign \
$CARGO_HOME/bin/circleci-junit-fix $CARGO_HOME/bin/
# Install standard toolchains with all components
RUN rustup component add clippy rustfmt llvm-tools; \
rustup toolchain install stable --component clippy --component rustfmt; \
rustup toolchain install nightly --component clippy --component rustfmt --component miri --component rust-src; \
rustup toolchain install beta --component clippy --component rustfmt
# Calculate and install rolling 6-month Rust versions
#
# Strategy:
# - Detect current stable version from rustc
# - Calculate oldest version in 6-month window (current minor - 4)
# - Install all versions from oldest to current
#
# Rust releases every ~6 weeks, so 6 months ≈ 4 releases back
# We install versions: (current - 4) through (current - 1)
# Current stable is already installed from base image
#
# The calculated versions are saved to ROLLING_RUST_VERSIONS env var
# for runtime detection by the select_rust_version command
COPY calculate-rolling-versions.sh /tmp/
RUN chmod +x /tmp/calculate-rolling-versions.sh && \
/tmp/calculate-rolling-versions.sh && \
rm /tmp/calculate-rolling-versions.sh
USER circleci
WORKDIR /home/circleci/project
FROM final AS wasi
USER root
COPY --from=binaries $CARGO_HOME/bin/wasmtime \
$CARGO_HOME/bin/wasm-pack $CARGO_HOME/bin/
# Install WASI targets for all toolchains
# Note: wasm32-wasip1 is the modern target name (Rust 1.78+)
# wasm32-wasi is the legacy target name (older Rust versions)
COPY install-wasi-targets.sh /tmp/
RUN chmod +x /tmp/install-wasi-targets.sh && \
/tmp/install-wasi-targets.sh && \
rm /tmp/install-wasi-targets.sh
USER circleci
WORKDIR /home/circleci/project
FROM wasi AS test
USER root
WORKDIR /project
COPY test-rolling.sh test.sh
RUN chmod a+x test.sh
# For rolling image, we validate all versions are installed
ENV ROLLING_IMAGE=true
USER circleci
ENTRYPOINT [ "/project/test.sh" ]