Ubuntu (Nix) container removed (#1827)
**EDIT**: Based on the iteration here, I realized that I could in fact
install Nix in single-user mode as part of the `setup` phase of
`bazelci.py`, meaning that a container preloaded with Nix isn't
necessary. Oops 😅
Ubuntu (Nix) container explicitly creates a `buildkite` user to match
the user mapped in when run by BuildKite and Nix is updated to run in
multi-user (daemon) mode via an `ENTRYPOINT` script.
Verified with `docker run -it --rm -u 997:997
gcr.io/bazel-public/ubuntu2204-nix python3` followed by `import certifi`
to validate Python still works, and then `docker run --rm -u 997:997
gcr.io/bazel-public/ubuntu2204-nix /bin/sh -e -c $'cd ~/\n git clone
https://github.com/ConsumingChaos/rules_rust.git\n cd rules_rust\n git
checkout wasm32_cc_info\n cd examples/nix_cross_compiling\n
CARGO_BAZEL_REPIN=true bazel build //:nix_cross_compiling'` to verify
the actual Bazel example target builds.
The `CARGO_BAZEL_REPIN=true` shouldn't be part of the normal run (I
don't think...), but that's something to be fixed in `rules_rust` and
not an issue with the container thankfully 😅
diff --git a/buildkite/bazelci.py b/buildkite/bazelci.py
index e0b7ece..c212601 100755
--- a/buildkite/bazelci.py
+++ b/buildkite/bazelci.py
@@ -482,13 +482,6 @@
"docker-image": f"gcr.io/{DOCKER_REGISTRY_PREFIX}/fedora39-java17",
"python": "python3",
},
- "ubuntu2204-nix": {
- "name": "Ubuntu (Nix)",
- "emoji-name": ":nix:",
- "publish_binary": [],
- "docker-image": f"gcr.io/{DOCKER_REGISTRY_PREFIX}/ubuntu2204-nix",
- "python": "python3",
- },
"macos": {
"name": "macOS (OpenJDK 11, Xcode)",
"emoji-name": ":darwin: (OpenJDK 11, Xcode)",
@@ -1493,7 +1486,7 @@
# or the requested version is not installed.
if xcode_version not in supported_versions:
xcode_version = supported_versions[0]
-
+
if not wanted_xcode_version or wanted_xcode_version == xcode_version:
print_collapsed_group(":xcode: Activating Xcode {}...".format(xcode_version))
else:
diff --git a/buildkite/docker/build.sh b/buildkite/docker/build.sh
index 6320054..812ef4c 100755
--- a/buildkite/docker/build.sh
+++ b/buildkite/docker/build.sh
@@ -27,7 +27,6 @@
docker build -f ubuntu2004/Dockerfile --target ubuntu2004-java11 -t "gcr.io/$PREFIX/ubuntu2004-java11" ubuntu2004 &
docker build -f ubuntu2204/Dockerfile --target ubuntu2204-java17 -t "gcr.io/$PREFIX/ubuntu2204-java17" ubuntu2204 &
docker build -f fedora39/Dockerfile --target fedora39-java17 -t "gcr.io/$PREFIX/fedora39-java17" fedora39 &
-docker build -f ubuntu2204-nix/Dockerfile -t "gcr.io/$PREFIX/ubuntu2204-nix" ubuntu2204-nix &
wait
docker build -f centos7/Dockerfile --target centos7-java8 -t "gcr.io/$PREFIX/centos7-java8" centos7
diff --git a/buildkite/docker/push.sh b/buildkite/docker/push.sh
index 174270f..83d0aa9 100755
--- a/buildkite/docker/push.sh
+++ b/buildkite/docker/push.sh
@@ -32,5 +32,4 @@
docker push "gcr.io/$PREFIX/ubuntu2204-bazel-java17" &
docker push "gcr.io/$PREFIX/fedora39-java17" &
docker push "gcr.io/$PREFIX/fedora39-bazel-java17" &
-docker push "gcr.io/$PREFIX/ubuntu2204-nix" &
wait
diff --git a/buildkite/docker/ubuntu2204-nix/Dockerfile b/buildkite/docker/ubuntu2204-nix/Dockerfile
deleted file mode 100644
index d2397f5..0000000
--- a/buildkite/docker/ubuntu2204-nix/Dockerfile
+++ /dev/null
@@ -1,77 +0,0 @@
-FROM ubuntu:22.04
-
-ENV DEBIAN_FRONTEND="noninteractive"
-ENV LANG "C.UTF-8"
-ENV LANGUAGE "C.UTF-8"
-ENV LC_ALL "C.UTF-8"
-
-# Install Nix on Ubuntu and enable Nix Flakes and new commands.
-# (https://github.com/odyslam/ddapptools/blob/e255c2dd48222bf82d881e48f58a6000fcb9f1f7/docker/Dockerfile)
-# ENV values reverse-engineered from `/root/.nix-profile/etc/profile.d/nix.sh` after Nix is installed, so
-# we don't need to worry about every shell `source`ing it.
-# Global read+execute (aka read directory) permission added to `/root` so that injected UIDs still work.
-RUN apt-get update && apt-get install --no-install-recommends -y locales curl xz-utils vim ca-certificates && apt-get clean && rm -rf /var/lib/apt/lists/* \
- && mkdir -m 0755 /nix && groupadd --gid 30000 nixbld && chown root /nix \
- && for n in $(seq 1 10); do useradd --comment "Nix build user $n" --home-dir /var/empty --gid nixbld --groups nixbld --no-create-home --no-user-group --uid $((30000 + $n)) --shell "$(command -v nologin)" "nixbld$n"; done
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN (curl -L https://nixos.org/nix/install | bash) && \
- mkdir -p /etc/nix && \
- echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf && \
- chmod +xr /root
-ENV USER="root"
-ENV NIX_PROFILES="/nix/var/nix/profiles/default /root/.nix-profile"
-ENV NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
-ENV PATH="/root/.nix-profile/bin:$PATH"
-
-### Install packages required by Bazel and its tests.
-### All Python dependencies of `bazelci.py`.
-### Everything from `defaultShellUtils` (https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/build-managers/bazel/bazel_6/default.nix)
-### NOTE 1: Some packages get implicitly pulled in, so conflicts are resolved with `--priority 1` annotations.
-### NOTE 2: `bash` is specifically replaced by `bashInteractive` as the former is rarely what's actually wanted.
-RUN nix profile install \
- nixpkgs#bashInteractive \
- nixpkgs#bazel-buildtools \
- nixpkgs#bazelisk \
- nixpkgs#coreutils \
- nixpkgs#diffutils \
- nixpkgs#dnsutils \
- nixpkgs#ed \
- nixpkgs#expect \
- nixpkgs#file \
- nixpkgs#findutils \
- nixpkgs#gawk \
- nixpkgs#git --priority 1 \
- nixpkgs#glibc \
- nixpkgs#gnugrep \
- nixpkgs#gnupatch \
- nixpkgs#gnupg \
- nixpkgs#gnused \
- nixpkgs#gnutar \
- nixpkgs#google-cloud-sdk \
- nixpkgs#gzip --priority 1 \
- nixpkgs#iproute2 \
- nixpkgs#iputils \
- nixpkgs#jdk17_headless \
- nixpkgs#lcov \
- nixpkgs#netcat \
- nixpkgs#nix --priority 1 \
- nixpkgs#openssl \
- nixpkgs#python310 \
- nixpkgs#python310Packages.certifi \
- nixpkgs#python310Packages.charset-normalizer \
- nixpkgs#python310Packages.idna \
- nixpkgs#python310Packages.pip \
- nixpkgs#python310Packages.pyyaml \
- nixpkgs#python310Packages.requests \
- nixpkgs#python310Packages.setuptools \
- nixpkgs#python310Packages.six \
- nixpkgs#python310Packages.urllib3 \
- nixpkgs#python310Packages.wheel \
- nixpkgs#sudo \
- nixpkgs#unzip \
- nixpkgs#unzip \
- nixpkgs#which --priority 1 \
- nixpkgs#zip \
- nixpkgs#zlib && \
- ln -s /root/.nix-profile/bin/bazelisk /bin/bazel
-ENV PYTHONPATH="/root/.nix-profile/lib/python3.10/site-packages"
