[CI] Remove clone step (#7594)

This fixes a critical bug in our AFL++ test environment where the base-images were not built using the PR.
2022-04-20 18:24:42 -04:00 · 2022-04-20 18:24:42 -04:00 · 3b168b4864
parent dbdcb8fb9a
commit 3b168b4864
3 changed files with 41 additions and 23 deletions
--- a/infra/build/functions/build_and_push_test_images.py
+++ b/infra/build/functions/build_and_push_test_images.py
@ -23,16 +23,16 @@ import os
 import subprocess
 import sys

-import oauth2client.client
+import yaml

 import base_images
 import build_lib
-import trial_build

 CLOUD_PROJECT = 'oss-fuzz-base'
 TAG_PREFIX = f'gcr.io/{CLOUD_PROJECT}/'
 INFRA_DIR = os.path.dirname(os.path.dirname(os.path.dirname(__file__)))
 IMAGES_DIR = os.path.join(INFRA_DIR, 'base-images')
+OSS_FUZZ_ROOT = os.path.dirname(INFRA_DIR)


 def push_image(tag):
@ -69,7 +69,7 @@ def build_image(image, tags, cache_from_tag):

 def gcb_build_and_push_images(test_image_suffix):
  """Build and push test versions of base images using GCB."""
-  steps = [build_lib.get_git_clone_step()]
+  steps = []
  test_images = []
  for base_image in base_images.BASE_IMAGES:
    image_name = TAG_PREFIX + base_image
@ -78,16 +78,23 @@ def gcb_build_and_push_images(test_image_suffix):
    directory = os.path.join('infra', 'base-images', base_image)
    step = build_lib.get_docker_build_step([image_name, test_image_name],
                                           directory,
-                                           buildkit_cache_image=test_image_name)
+                                           buildkit_cache_image=test_image_name,
+                                           src_root='.')
    steps.append(step)

  overrides = {'images': test_images}
-  credentials = oauth2client.client.GoogleCredentials.get_application_default()
-  build_id = build_lib.run_build(steps, credentials, base_images.BASE_PROJECT,
-                                 base_images.TIMEOUT, overrides,
-                                 ['trial-build'])
-  return trial_build.wait_on_builds({'base-images': build_id}, credentials,
-                                    CLOUD_PROJECT)
+  build_body = build_lib.get_build_body(steps, base_images.TIMEOUT, overrides,
+                                        ['trial-build'])
+  yaml_file = os.path.join(OSS_FUZZ_ROOT, 'cloudbuild.yaml')
+  with open(yaml_file, 'w') as yaml_file_handle:
+    yaml.dump(build_body, yaml_file_handle)
+
+  subprocess.run([
+      'gcloud', 'builds', 'submit', '--project=oss-fuzz-base',
+      f'--config={yaml_file}'
+  ],
+                 cwd=OSS_FUZZ_ROOT,
+                 check=True)


 def build_and_push_images(test_image_suffix):
@ -118,7 +125,7 @@ def build_and_push_images(test_image_suffix):


 def main():
-  """"Builds base-images tags them with "-testing" suffix (in addition to normal
+  """Builds base-images tags them with "-testing" suffix (in addition to normal
  tag) and pushes testing suffixed images to docker registry."""
  test_image_suffix = sys.argv[1]
  logging.basicConfig(level=logging.DEBUG)
--- a/infra/build/functions/build_lib.py
+++ b/infra/build/functions/build_lib.py
@ -319,10 +319,13 @@ def get_git_clone_step(repo_url='https://github.com/google/oss-fuzz.git',
  return clone_step


-def get_docker_build_step(image_names, directory, buildkit_cache_image=None):
+def get_docker_build_step(image_names,
+                          directory,
+                          buildkit_cache_image=None,
+                          src_root='oss-fuzz'):
  """Returns the docker build step."""
  assert len(image_names) >= 1
-  directory = os.path.join('oss-fuzz', directory)
+  directory = os.path.join(src_root, directory)
  args = ['build']
  for image_name in image_names:
    args.extend(['--tag', image_name])
@ -394,14 +397,8 @@ def get_gcb_url(build_id, cloud_project='oss-fuzz'):
          f'?project={cloud_project}')


-def run_build(  # pylint: disable=too-many-arguments
-    steps,
-    credentials,
-    cloud_project,
-    timeout,
-    body_overrides=None,
-    tags=None):
-  """Runs the build."""
+def get_build_body(steps, timeout, body_overrides, tags):
+  """Helper function to create a build from |steps|."""
  if 'GCB_OPTIONS' in os.environ:
    options = yaml.safe_load(os.environ['GCB_OPTIONS'])
  else:
@ -419,6 +416,19 @@ def run_build(  # pylint: disable=too-many-arguments
    body_overrides = {}
  for key, value in body_overrides.items():
    build_body[key] = value
+  return build_body
+
+
+def run_build(  # pylint: disable=too-many-arguments
+    steps,
+    credentials,
+    cloud_project,
+    timeout,
+    body_overrides=None,
+    tags=None):
+  """Runs the build."""
+
+  build_body = get_build_body(steps, timeout, body_overrides, tags)

  cloudbuild = cloud_build('cloudbuild',
                           'v1',
--- a/infra/build/functions/trial_build/Dockerfile
+++ b/infra/build/functions/trial_build/Dockerfile
@ -14,9 +14,10 @@
 #
 ################################################################################

-FROM gcr.io/oss-fuzz-base/base-runner
+FROM gcr.io/cloud-builders/gcloud

-COPY ${OSS_FUZZ_ROOT} /opt/oss-fuzz
+RUN apt-get update && apt-get install python3-pip -y
+COPY . /opt/oss-fuzz
 RUN pip install -r /opt/oss-fuzz/infra/build/functions/requirements.txt

 WORKDIR /opt/oss-fuzz/infra/build/functions/