Merge branch 'buildserver-build-containerized-linux'

2 files changed, 67 insertions, 36 deletions

diff --git a/building/container-run.sh b/building/container-run.sh
index eaaa115149..ed8eedd0c1 100755
--- a/building/container-run.sh
+++ b/building/container-run.sh
@@ -52,4 +52,4 @@ exec "$CONTAINER_RUNNER" run --rm -it \
     -v "$CARGO_REGISTRY_VOLUME_NAME:/root/.cargo/registry:Z" \
     "${optional_gradle_cache_volume[@]}" \
     "${optional_android_credentials_volume[@]}" \
-    "$container_image_name" "$@"
+    "$container_image_name" bash -c "$*"
diff --git a/ci/buildserver-build.sh b/ci/buildserver-build.sh
index 38e3f70ded..f807741de5 100755
--- a/ci/buildserver-build.sh
+++ b/ci/buildserver-build.sh
@@ -63,31 +63,47 @@ upload() {
     esac
 }
 
-build_ref() {
-    ref=$1
-    tag=${2:-""}
 
-    current_hash="$(git rev-parse "$ref^{commit}")"
-    if [ -f "$LAST_BUILT_DIR/$current_hash" ]; then
-        # This commit has already been built
-        return 0
+# Run the arguments in an environment suitable for building the app. This
+# means in a container on Linux, and straight up in the local shell elsewhere.
+run_in_build_env() {
+    if [[ "$(uname -s)" == "Linux" ]]; then
+        ./building/container-run.sh linux "$@"
+    else
+        bash -c "$*"
     fi
+}
 
-    echo ""
-    echo "[#] $ref: $current_hash, building new packages."
+# Builds the app and test artifacts and move them to the passed in `artifact_dir`.
+# To cross compile pass in `target` as an environment variable
+# to this function. Must also pass `artifact_dir` to show where to move the built artifacts.
+# Pass all the build arguments as arguments to this function
+build() {
+    local target=${target:-""}
+    local build_args=("${@}")
 
+    run_in_build_env TARGETS="$target" ./build.sh "${build_args[@]}" || return 1
+    mv dist/*.{deb,rpm,exe,pkg} "$artifact_dir" || return 1
+
+    (run_in_build_env gui/scripts/build-test-executable.sh "$target" && \
+        mv "dist/app-e2e-tests-$version"* "$artifact_dir") || \
+        true
+}
+
+# Checks out the passed git reference passed to the working directory.
+# Returns an error code if the commit/tag at `ref` is not properly signed.
+checkout_ref() {
+    ref=$1
     if [[ $ref == "refs/tags/"* ]] && ! git verify-tag "$ref"; then
         echo "!!!"
         echo "[#] $ref is a tag, but it failed GPG verification!"
         echo "!!!"
-        sleep 60
-        return 0
+        return 1
     elif [[ $ref == "refs/remotes/"* ]] && ! git verify-commit "$current_hash"; then
         echo "!!!"
         echo "[#] $ref is a branch, but it failed GPG verification!"
         echo "!!!"
-        sleep 60
-        return 0
+        return 1
     fi
 
     # Clean our working dir and check out the code we want to build
@@ -96,23 +112,47 @@ build_ref() {
     git checkout "$ref"
     git submodule update
     git clean -df
+}
+
+build_ref() {
+    ref=$1
+    tag=${2:-""}
+
+    current_hash="$(git rev-parse "$ref^{commit}")"
+    if [ -f "$LAST_BUILT_DIR/$current_hash" ]; then
+        # This commit has already been built
+        return 0
+    fi
+
+    echo ""
+    echo "[#] $ref: $current_hash, building new packages."
+    echo ""
+
+    checkout_ref "$ref" || return 1
+
+    # When we build in containers, the updating of toolchains is done by updating containers.
+    if [[ "$(uname -s)" != "Linux" ]]; then
+        echo "Updating Rust toolchain..."
+        rustup update
+    fi
 
-    # Make sure we have the latest Rust and Node toolchains before the build
-    rustup update
+    # podman appends a trailing carriage return to the output. So we use `tr` to strip it
+    local version=""
+    version="$(run_in_build_env cargo run -q --bin mullvad-version | tr -d "\r" || return 1)"
 
-    version="$(cargo run -q --bin mullvad-version || return 0)"
-    artifact_dir="dist/$version"
+    local artifact_dir="dist/$version"
     mkdir -p "$artifact_dir"
 
-    BUILD_ARGS=(--optimize --sign)
+    local build_args=(--optimize --sign)
     if [[ "$(uname -s)" == "Darwin" ]]; then
-        BUILD_ARGS+=(--universal)
+        build_args+=(--universal)
     fi
-    ./build.sh "${BUILD_ARGS[@]}" || return 0
-    mv dist/*.{deb,rpm,exe,pkg} "$artifact_dir" || return 0
 
-    (gui/scripts/build-test-executable.sh && mv "dist/app-e2e-tests-$version"* "$artifact_dir") || \
-        true
+    artifact_dir=$artifact_dir build "${build_args[@]}" || return 1
+    if [[ "$(uname -s)" == "Linux" ]]; then
+        echo "Building ARM64 installers"
+        target=aarch64-unknown-linux-gnu artifact_dir=$artifact_dir build "${build_args[@]}" || return 1
+    fi
 
     case "$(uname -s)" in
         MINGW*|MSYS_NT*)
@@ -123,15 +163,6 @@ build_ref() {
                 ./target/release/mullvad-problem-report.pdb \
                 -iname "*.pdb" | tar -cJf "$artifact_dir/pdb-$version.tar.xz" -T -
             ;;
-        Linux*)
-            echo "Building ARM64 installers"
-            TARGETS=aarch64-unknown-linux-gnu ./build.sh "${BUILD_ARGS[@]}" || return 0
-            mv dist/*.{deb,rpm} "$artifact_dir" || return 0
-
-            (gui/scripts/build-test-executable.sh aarch64-unknown-linux-gnu && \
-                mv "dist/app-e2e-tests-$version"* "$artifact_dir") || \
-                true
-            ;;
     esac
 
     # If there is a tag for this commit then we append that to the produced artifacts
@@ -153,7 +184,7 @@ build_ref() {
         fi
     fi
 
-    (cd "$artifact_dir" && upload "$version") || return 0
+    (cd "$artifact_dir" && upload "$version") || return 1
     # shellcheck disable=SC2216
     yes | rm -r "$artifact_dir"
 
@@ -174,11 +205,11 @@ while true; do
     tags=( $(git tag) )
 
     for tag in "${tags[@]}"; do
-        build_ref "refs/tags/$tag" "$tag"
+        build_ref "refs/tags/$tag" "$tag" || echo "Failed to build tag $tag"
     done
 
     for branch in "${BRANCHES_TO_BUILD[@]}"; do
-        build_ref "refs/remotes/$branch"
+        build_ref "refs/remotes/$branch" || echo "Failed to build branch $tag"
     done
 
     sleep 240