From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6526858154773315584
X-Received: by 10.223.175.42 with SMTP id z39mr566548wrc.21.1519994627538;
        Fri, 02 Mar 2018 04:43:47 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.28.152.137 with SMTP id a131ls271132wme.2.gmail; Fri, 02 Mar
 2018 04:43:46 -0800 (PST)
X-Google-Smtp-Source: AG47ELvsq2mX8aXTC64nQNBvMDvdHY+iuGz9QU48I3NDzw+SRnVwG7eoo0nKcrBlhb/VqwnqtHlU
X-Received: by 10.28.235.8 with SMTP id j8mr142378wmh.22.1519994626929;
        Fri, 02 Mar 2018 04:43:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519994626; cv=none;
        d=google.com; s=arc-20160816;
        b=IdYXWcd/xm6fw+Q1owkPfcsjFis+qDKe77e+TfSYjOdtGrpZ2WjBIKp251WtGct7LP
         nja3A5ATB31ZSuHKeDVZmNjkK5nQhWKwbVpM/uvb/VX767vxZXL/vxiYEVESe7VxW2TE
         twWUiGiV2ZQwp/BZWLMsO5aSfLeUFTpWkVxX9rDo2XtfKuVuDq+B4erC8hdqzAPFQPTi
         kv4D5473W7dvlNld5d6q7YBTblXT1cME0zl+3g2aTKmel5i9M6TrTuZuWuTZp5crjSAy
         qY23G0SA7tUNEY33qmpqOwMoSiGcqxCWG/M2fi1zxSjWHIiXMvmHZPUDrutn6voQfSSu
         QH7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject
         :arc-authentication-results;
        bh=QVtLp9RsX1vCL3XCTKz40r1CWhmpfthBNH2sATxkUgA=;
        b=P3zOSZ2zWUcaee8y+8AgZIP/anX7b7qkXLb7jItcGfEiIyUzG0zN8Vj4S/K2wWYjKO
         L9QG5AZK5kIuc+r2jFLA0V7sc794oMCVU01D3Wukx2M91DrPkZzpWVJ14oV4RpiXrQqx
         5L6wYxuYJRDpahMCxoOzGrbYcXT0Q425vHt5/4QUSMPXdn6R2nVGS5cata5mv4MGAxG5
         N2BKpoC96BA9qMgzVDcD61RCNplYS0brliDBdrcReCyM8CCEI4mm84o3UOQFiXc8iHgg
         em2OJ8BftzaS3rtj6kwzRzgpxhjomL+U+MZs9LFcFt39wq07Z+Gm1ht4iD34mbFyxGPm
         7xEg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id a72si38843wme.1.2018.03.02.04.43.46
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 02 Mar 2018 04:43:46 -0800 (PST)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id w22ChkRJ006636
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 2 Mar 2018 13:43:46 +0100
Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged))
	by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id w22Chkjs011014;
	Fri, 2 Mar 2018 13:43:46 +0100
Subject: Re: [RFC][PATCH] ci: Build in kas docker image
To: Alexander Smirnov <asmirnov@ilbers.de>,
        isar-users <isar-users@googlegroups.com>
References: <b38a417c-70c6-edd2-fef3-f03531f49ff8@siemens.com>
 <c1e925a5-ffca-fd5c-349b-0c36bb2533ef@ilbers.de>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <fe8abc55-5e25-c32e-5e6f-a57fbf073e60@siemens.com>
Date: Fri, 2 Mar 2018 13:43:45 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <c1e925a5-ffca-fd5c-349b-0c36bb2533ef@ilbers.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: qCghUK+FojqW

On 2018-03-02 13:37, Alexander Smirnov wrote:
> On 02/26/2018 04:43 PM, Jan Kiszka wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> This models a gitlab CI build via the kas-isar docker image. That image
>> provides a stable execution environment, resolving all currently
>> required host-side dependencies for us.
>>
>> Change the build stage to run the CI tests directly, instead of falling
>> back to the - by now - incompatible ci_build.sh script.
>>
>> Drop artifact deployment from the public CI setup for now. They were
>> incomplete anyway, and they should be accompanied with an expiry date if
>> they should be reintroduced.
>>
> 
> What is the way for me to test this change?

Set up a runner with special privileges for the docker containers,
namely "--cap-add=SYS_ADMIN --cap-add=MKNOD --privileged --device
$(/sbin/losetup -f)". Should be

      docker_privileged: True
      docker_cap_add: [ "MKNOD","SYS_ADMIN" ]
      docker_devices: [ "$(/sbin/losetup -f)" ]

in the CI runner syntax. We are currently playing with this, but the
whole thing still needs VM encapsulation per job because, well, it runs
with super-foo. Can send you the code.siemens.com links offlist if you
are interested.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux