feat(build): package shared-openssl mongosh binaries MONGOSH-1224 #1293
Conversation
Adjust the build configuration, and the package build steps, to account for different package names being used in package creation. Extend the packaging and package test matrices to cover shared-openssl artifacts. This does *not* include publishing them as part of the release steps. This also addresses MONGOSH-1213 (Linux arm64 smoke tests are done inside docker now, just like x64) since it proves convenient for testing rpm/deb packages that come with extra dependencies (such as specific OpenSSL versions). Additionally, as a drive-by fix, add Linux x64 and arm64 package smoke testing for the regular (static-OpenSSL) .tgz tarballs.
| run_on: rhel83-fips | ||
| tasks: | ||
| - name: e2e_tests_linux_x64 | ||
| - name: e2e_tests_linux_x64_openssl11 |
There was a problem hiding this comment.
This doesn’t (shouldn’t?) yet test mongosh in FIPS mode, it’s only that the OS itself is set up to support FIPS.
| sourceFilePath: path.resolve(TMP_DIR, 'manpage', MANPAGE_NAME), | ||
| packagedFilePath: MANPAGE_NAME, | ||
| }, | ||
| metadata: { |
There was a problem hiding this comment.
This may need to be restructured a bit for actually releasing these artifacts, but for now this works.
| ADD ${artifact_url} /tmp | ||
| ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules | ||
| RUN dnf update -y | ||
| # epel-release so that openssl3 is installable |
There was a problem hiding this comment.
I considered just adding this to the regular Rocky Linux 8 Dockerfile, but decided against it since it’s nice to actually know that no special packages are required for install the static-openssl mongosh on the base system.
| RUN yum install -y /tmp/*mongosh-*.x86_64.rpm | ||
| RUN dnf repolist | ||
| RUN dnf install -y man | ||
| RUN dnf install -y /tmp/*mongosh*.rpm |
There was a problem hiding this comment.
Just to align with the other Dockerfiles for distros that have dnf
There was a problem hiding this comment.
nice, had no idea this was happening
| - name: pkg_test_docker_debian11_deb | ||
| - name: pkg_test_docker_ubuntu18_04_deb | ||
| - name: pkg_test_docker_ubuntu20_04_deb | ||
| <% for (const { distributionBuildVariants, executableOsId } of EXECUTABLE_PKG_INFO) { |
There was a problem hiding this comment.
I was wondering, is there a way to move this heavy logic outside of yaml? Seems hard to understand the code here and also a bit intimidating to change.
If we are using something like lodash.template or similar I'd prefer something like this with more helpers:
<% for ( const dockerfile of getSmokeTestDockerfiles(EXECUTABLE_PKG_INFO)) { %>
- name: pkg_test_<%= asTaskName('pkg_test', dockerfile) %>
<% } %>
There was a problem hiding this comment.
Mh yeah, we could look into using lodash.template at some point, and we can also add helper functions for simplifying this.
It’s definitely easier not to outsource everything from the YAML here though; it has been very helpful to have a single source of truth for how our CI jobs are defined.
There was a problem hiding this comment.
Yeah, that's a good point, I mainly find it hard to parse, probably just having helpers to make the code "lighter" would be enough.
There was a problem hiding this comment.
It absolutely is hard to parse! I don’t want to act like it isn’t :)
I’ll definitely think about it, for now my main goal here is getting everything to work tbh
Adjust the build configuration, and the package build steps,
to account for different package names being used in package
creation.
Extend the packaging and package test matrices to cover
shared-openssl artifacts. This does not include publishing
them as part of the release steps.
This also addresses MONGOSH-1213 (Linux arm64 smoke tests
are done inside docker now, just like x64) since it proves
convenient for testing rpm/deb packages that come with
extra dependencies (such as specific OpenSSL versions).
Additionally, as a drive-by fix, add Linux x64 and arm64
package smoke testing for the regular (static-OpenSSL)
.tgz tarballs.