create an osc container for package maintenance

Author: dcermak

src/bci_build/package/__init__.py

@@ -1422,6 +1422,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 from .appcontainers import MARIADB_CLIENT_CONTAINERS  # noqa: E402
 from .appcontainers import MARIADB_CONTAINERS  # noqa: E402
 from .appcontainers import NGINX_CONTAINERS  # noqa: E402
+from .appcontainers import OSC_CONTAINER  # noqa: E402
 from .appcontainers import PCP_CONTAINERS  # noqa: E402
 from .appcontainers import POSTGRES_CONTAINERS  # noqa: E402
 from .appcontainers import PROMETHEUS_CONTAINERS  # noqa: E402
@@ -1488,6 +1489,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
         GITEA_RUNNER_CONTAINER,
         *TOMCAT_CONTAINERS,
         *GCC_CONTAINERS,
+        OSC_CONTAINER,
     )
 }
 

src/bci_build/package/appcontainers.py

@@ -18,6 +18,7 @@
 from bci_build.package import SupportLevel
 from bci_build.package import _build_tag_prefix
 from bci_build.package import generate_disk_size_constraints
+from bci_build.package.basecontainers import _get_os_container_package_names
 
 _PCP_FILES = {}
 for filename in (
@@ -808,3 +809,74 @@ def _get_nginx_kwargs(os_version: OsVersion):
     )
     for tomcat_major, os_version in product(_TOMCAT_VERSIONS, ALL_BASE_OS_VERSIONS)
 ]
+
+_BASE_PODMAN_OSC_CMD = (
+    "podman run --rm -it "
+    + r"-v \$HOME/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z "
+    + r"-v \$HOME/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z"
+)
+
+OSC_CONTAINER = ApplicationStackContainer(
+    name="osc",
+    pretty_name="Packaging",
+    package_name="packaging-image",
+    os_version=OsVersion.TUMBLEWEED,
+    is_latest=True,
+    version_in_uid=False,
+    version="%%osc_version%%",
+    replacements_via_service=[
+        Replacement(regex_in_build_description="%%osc_version%%", package_name="osc")
+    ],
+    extra_files={
+        "entrypoint.sh": (Path(__file__).parent / "osc" / "entrypoint.sh").read_bytes()
+    },
+    extra_labels={
+        "run": f"{_BASE_PODMAN_OSC_CMD} IMAGE",
+        "runcwd": f"{_BASE_PODMAN_OSC_CMD} -v .:/root/osc-workdir:z IMAGE",
+    },
+    package_list=[
+        "osc",
+        "obs-service-appimage",
+        "obs-service-cargo",
+        "obs-service-cdi_containers_meta",
+        "obs-service-compose_kiwi_description",
+        "obs-service-docker_label_helper",
+        "obs-service-download_assets",
+        "obs-service-download_files",
+        "obs-service-download_url",
+        "obs-service-extract_file",
+        "obs-service-format_spec_file",
+        "obs-service-go_modules",
+        "obs-service-kiwi_label_helper",
+        "obs-service-kiwi_metainfo_helper",
+        "obs-service-kubevirt_containers_meta",
+        "obs-service-node_modules",
+        "obs-service-obs_scm",
+        "cpio",
+        "obs-service-product_converter",
+        "obs-service-recompress",
+        "obs-service-refresh_patches",
+        "obs-service-replace_using_env",
+        "obs-service-replace_using_package_version",
+        "obs-service-set_version",
+        "obs-service-snapcraft",
+        "obs-service-source_validator",
+        "obs-service-tar",
+        "obs-service-tar_scm",
+        "obs-service-verify_file",
+        *_get_os_container_package_names(OsVersion.TUMBLEWEED),
+        "git",
+        "openssh-common",
+        "openssh-clients",
+    ],
+    cmd=["/bin/bash"],
+    custom_end="""WORKDIR /root/osc-workdir
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+""",
+    entrypoint=["/usr/local/bin/entrypoint.sh"],
+    volumes=[
+        # default location of the build root & package cache
+        "/var/tmp"
+    ],
+)

src/bci_build/package/osc/README.md.j2

@@ -0,0 +1,61 @@
+# Packaging Container
+
+This is the openSUSE packaging container image, it includes all the necessary
+software to create and modify packages on the [Open Build
+Service](https://build.opensuse.org/) using
+[osc](https://github.com/openSUSE/osc/).
+
+
+## How to use this container image
+
+This container image is intended for interactive usage with your `.oscrc` and
+the osc cookiejar mounted into the container:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:rw,z \
+      {{ image.reference }}
+```
+
+The above command launches an interactive shell where your local osc config will
+be used. You can then proceed to checkout packages, perform modifications and
+send submissions to OBS.
+
+To work on an already checked out package, mount the current working directory
+as well:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \
+      -v .:/root/osc-workdir:z \
+      {{ image.reference }}
+```
+
+### Connecting to build.suse.de
+
+build.suse.de uses a ssh based authentication and thus requires additional
+resources to be available in the container:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \
+      -v /etc/ssl/ca-bundle.pem:/etc/ssl/ca-bundle.pem:ro,z \
+      -v $SSH_AUTH_SOCK:/run/user/0/ssh-agent.socket:z \
+      -e SSH_AUTH_SOCK=/var/run/user/0/ssh-agent.socket:z \
+      -v "$PWD":/root/osc-workdir:z \
+      {{ image.reference }}
+```
+
+
+## Limitations
+
+- It is currently not possible to build packages in a container.
+
+
+## Volumes
+
+The container image is preconfigured to put `/var/tmp` into a volume. This
+directory is used by `osc` to store the buildroot and the package cache.

src/bci_build/package/osc/entrypoint.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [[ ! -e /root/.config/osc/oscrc ]]; then
+    cat << EOF
+This container is expected to be launched with your oscrc mounted to
+/root/.config/osc/oscrc
+
+Please consult the README or the label 'run' for the full invocation.
+EOF
+fi
+
+if [[ "-h --help -v --verbose -q --quiet --debug --debugger --post-mortem --traceback -H --http-debug --http-full-debug -A --apiurl --config --setopt --no-keyring add addchannels addcontainers addremove ar aggregatepac api branch getpac bco branchco browse build wipe shell chroot buildconfig buildhistory buildhist buildinfo buildlog buildlogtail blt bl cat less blame changedevelrequest changedevelreq cr checkconstraints checkout co clean cleanassets ca clone comment commit checkin ci config copypac create-pbuild-config cpc createincident createrequest creq delete remove del rm deleterequest deletereq droprequest dropreq dr dependson detachbranch develproject dp bsdevelproject diff di ldiff linkdiff distributions dists downloadassets da enablechannels enablechannel fork getbinaries help importsrcpkg info init jobhistory jobhist linkpac linktobranch list LL lL ll ls localbuildlog lbl lock log maintainer bugowner maintenancerequest mr mbranch maintained sm meta mkpac mv my patchinfo pdiff prdiff projdiff projectdiff prjresults pr pull pull_request rdelete rdiff rebuild rebuildpac release releaserequest remotebuildlog remotebuildlogtail rbuildlogtail rblt rbuildlog rbl repairlink repairwc repo repositories platforms repos repourls request review rq requestmaintainership reqbs reqms reqmaintainership requestbugownership reqbugownership resolved restartbuild abortbuild results r revert rpmlintlog lint rpmlint rremove search bse se sendsysrq service setdevelproject sdp setlinkrev showlinked signkey staging status st submitrequest submitpac submitreq sr token triggerreason tr undelete unlock update up updatepacmetafromspec updatepkgmetafromspec metafromspec vc version whatdependson whois user who wipebinaries unpublish workerinfo" =~ (^|[[:space:]])$1($|[[:space:]]) ]]; then
+    # looks like the user is executing the container as the osc command
+    osc "$@"
+else
+    exec "$@"
+fi