Added step in docker build to get sftp cached deps packages

Requires either GH env var ssh private key or mystiko (password-store repo) Ticket: ENT-10419 Changelog: none
cfengine · Aug 9, 2023 · 2d1c362 · 2d1c362
1 parent e1b4975
commit 2d1c362
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/ci/docker-build-package.sh b/ci/docker-build-package.sh
@@ -8,14 +8,41 @@ COMPUTED_ROOT=$(readlink -e $(dirname "$0")/../../)
 NTECH_ROOT=${NTECH_ROOT:-$COMPUTED_ROOT}
 
 name=cfengine-build-package
+label=PACKAGES_HUB_x86_64_linux_ubuntu_20
+export JOB_BASE_NAME=label=$label
 # todo, check the image against the Dockerfile for up-to-date ness?
 docker build -t $name -f "${NTECH_ROOT}/buildscripts/ci/Dockerfile-$name" . || true
 # todo, check if already running and up-to-date?
-docker run -d --privileged -v ${NTECH_ROOT}:/data --name $name $name || true
+# send in JOB_BASE_NAME to enable use of retrieved or generated deps cache
+docker run -d --env JOB_BASE_NAME --privileged -v "${NTECH_ROOT}":/data --name $name $name || true
 
 # copy local caches to docker container
 mkdir -p "${NTECH_ROOT}/packages"
 mkdir -p "${NTECH_ROOT}/cache"
+
+# pre-seed cache from sftp buildcache if possible
+# requires either environment var with private key or mystiko+pass
+eval $(ssh-agent -s)
+if [ -n "$GH_ACTIONS_SSH_KEY_BUILD_ARTIFACTS_CACHE" ]; then
+  echo "$GH_ACTIONS_SSH_KEY_BUILD_ARTIFACTS_CACHE" | ssh-add -
+else
+  if ! pass mystiko/developers/CFEngine/jenkins/sftp-cache.sec | ssh-add -; then
+    echo "Need the ssh private key for build artifacts cache, neither env var nor mystiko was available."
+    exit 1
+  fi
+fi
+# first, clean up any lingering revision file previously generated, if you are changing deps locally and iterating this is important
+[ -f "${NTECH_ROOT}/buildscripts/deps-packaging/revision" ] && rm "${NTECH_ROOT}/buildscripts/deps-packaging/revision"
+cd "${NTECH_ROOT}/buildscripts/deps-packaging"
+# see buildscripts/build-scripts/autogen for a similar workaround to ensure it stays 7 on bootstrap-oslo-dc jobs
+git config --add core.abbrev 7 # hack to match smaller commit sha on bootstrap-oslo-dc (debian-9)
+revision=$(git log --pretty='format:%h' -1 -- .)
+cd - # back to previous directory
+PKGS_DIR="${NTECH_ROOT}/cache/buildscripts_cache/pkgs/${label}"
+mkdir -p "${PKGS_DIR}"
+echo -e "cd /export/sftp_dirs_cache/${label}\n get -Ra *${revision}* ${PKGS_DIR}" | \
+ sftp -oPubkeyAcceptedKeyTypes=+ssh-rsa -b - [email protected]
+
 # ending with /. in srcpath copies contents to destpath
 docker cp "${NTECH_ROOT}/cache/." $name:/root/.cache