Merge pull request diffblue#560 from diffblue/smowton/feature/platform-build-script

Add platform build scripts

Author: smowton

platform-image-builder/Dockerfile

@@ -0,0 +1,12 @@
+# Copyright 2018 DiffBlue Limited. All Rights Reserved.
+ARG MODULE_TAG=latest
+FROM eu.gcr.io/diffblue-cr/deeptest-base:${MODULE_TAG} AS deeptest-master
+
+LABEL vendor="DiffBlue Ltd."
+
+RUN apt-get update
+RUN apt-get install -y cmake g++ flex bison doxygen patch python3
+
+ADD build-security-analyzer.sh /build-security-analyzer.sh
+
+ENTRYPOINT bash /build-security-analyzer.sh

platform-image-builder/README

@@ -0,0 +1,44 @@
+These scripts build the security-analyser product within the Docker container
+expected by Diffblue's platform and export a tarball suitable for building the
+security scanner platform image.
+
+Pre-requisite: the deeptest-base Docker image must be available to build
+against. If it isn't already present (try
+`docker image inspect eu.gcr.io/diffblue-cr/deeptest-base`),
+build it by:
+
+$ git clone https://github.com/diffblue/platform
+$ cd platform/docker/docker-jobs
+$ make deeptest-base
+
+Now we can make a security-analyser release tarball:
+
+$ cd $REPO_ROOT/platform-image-builder
+$ mkdir -p /tmp/output-dir # for example
+$ ./make-security-release.sh /tmp/output-dir [branch-or-commit]
+
+If 'branch-or-commit' is not specified we'll build a release tarball from the
+tip of 'develop'.
+
+Note this maps your .ssh directory onto /root/.ssh within the build container,
+so if you're prompted for a passphrase for /root/.ssh/id_rsa or similar you
+should enter the passphrase for your private key.
+
+If all goes well this will generate `/tmp/output-dir/sec-test.tar.gz`.
+See platform/docker/docker-jobs/security-analyser/README to create a final
+security docker image from this (or any other) release tarball.
+
+============
+
+Guide to components:
+
+make-security-release.sh: driver script, invoked to build a release tarball.
+
+Dockerfile: recipe for the build environment image, derived from deeptest-base
+plus some packages required to build the security product.
+
+create-builder-image.sh: creates the build environment image; invoked on demand
+by make-security-release.sh.
+
+build-security-analyzer.sh: runs inside the build environment image; builds
+and packages the security product.

platform-image-builder/build-security-analyzer.sh

@@ -0,0 +1,33 @@
+# Runs inside the security-analyzer-builder container.
+
+set -e
+
+if [ ! -d /output ]; then
+  echo "Directory /output should exist, e.g. by 'docker run ... -v /tmp/real-output-dir:/output security-analyzer-builder:latest'"
+  exit 1
+fi
+
+cd /
+git clone [email protected]:diffblue/security-scanner
+if [ $# -eq 1 ]; then git checkout $1; fi
+
+cd security-scanner
+git submodule update --init
+
+mkdir build
+cd build
+cmake .. -DCMAKE_BUILD_TYPE=Release
+make --jobs $(getconf _NPROCESSORS_ONLN)
+make install
+
+cd ..
+mkdir /tmp/release
+cp -r trace-transformer /tmp/release/trace-transformer
+cp -r dist/bin /tmp/release/bin
+mkdir /tmp/release/lib
+cp dist/lib/libboost* /tmp/release/lib/
+cp -r dist/lib/driver/*.py /tmp/release
+cp src/java-class-info/default_config.json /tmp/release
+
+cd /tmp/release
+tar cvzf /output/release.tar.gz .

platform-image-builder/create-builder-image.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t security-analyzer-builder:latest .

platform-image-builder/make-security-release.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+cd $DIR
+
+if [ $# -lt 1 ]; then
+  echo "Usage: make-security-release.sh output-directory [branch-or-commit]"
+  exit 1
+fi
+
+docker image inspect security-analyzer-builder:latest >/dev/null 2>&1 || ./create-builder-image.sh
+
+mkdir -p $1
+
+docker run -i -t -v ~/.ssh:/root/.ssh:ro -v $1:/output security-analyzer-builder:latest $2