From 3b168b486406e405059358577634e44fc1f32ddd Mon Sep 17 00:00:00 2001
From: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
Date: Wed, 20 Apr 2022 18:24:42 -0400
Subject: [PATCH] [CI] Remove clone step (#7594)

This fixes a critical bug in our AFL++ test environment where the base-images were not built using the PR.
---
 .../functions/build_and_push_test_images.py   | 29 +++++++++++-------
 infra/build/functions/build_lib.py            | 30 ++++++++++++-------
 infra/build/functions/trial_build/Dockerfile  |  5 ++--
 3 files changed, 41 insertions(+), 23 deletions(-)

diff --git a/infra/build/functions/build_and_push_test_images.py b/infra/build/functions/build_and_push_test_images.py
index 8fdcae52f..d7b926136 100755
--- a/infra/build/functions/build_and_push_test_images.py
+++ b/infra/build/functions/build_and_push_test_images.py
@@ -23,16 +23,16 @@ import os
 import subprocess
 import sys
 
-import oauth2client.client
+import yaml
 
 import base_images
 import build_lib
-import trial_build
 
 CLOUD_PROJECT = 'oss-fuzz-base'
 TAG_PREFIX = f'gcr.io/{CLOUD_PROJECT}/'
 INFRA_DIR = os.path.dirname(os.path.dirname(os.path.dirname(__file__)))
 IMAGES_DIR = os.path.join(INFRA_DIR, 'base-images')
+OSS_FUZZ_ROOT = os.path.dirname(INFRA_DIR)
 
 
 def push_image(tag):
@@ -69,7 +69,7 @@ def build_image(image, tags, cache_from_tag):
 
 def gcb_build_and_push_images(test_image_suffix):
   """Build and push test versions of base images using GCB."""
-  steps = [build_lib.get_git_clone_step()]
+  steps = []
   test_images = []
   for base_image in base_images.BASE_IMAGES:
     image_name = TAG_PREFIX + base_image
@@ -78,16 +78,23 @@ def gcb_build_and_push_images(test_image_suffix):
     directory = os.path.join('infra', 'base-images', base_image)
     step = build_lib.get_docker_build_step([image_name, test_image_name],
                                            directory,
-                                           buildkit_cache_image=test_image_name)
+                                           buildkit_cache_image=test_image_name,
+                                           src_root='.')
     steps.append(step)
 
   overrides = {'images': test_images}
-  credentials = oauth2client.client.GoogleCredentials.get_application_default()
-  build_id = build_lib.run_build(steps, credentials, base_images.BASE_PROJECT,
-                                 base_images.TIMEOUT, overrides,
-                                 ['trial-build'])
-  return trial_build.wait_on_builds({'base-images': build_id}, credentials,
-                                    CLOUD_PROJECT)
+  build_body = build_lib.get_build_body(steps, base_images.TIMEOUT, overrides,
+                                        ['trial-build'])
+  yaml_file = os.path.join(OSS_FUZZ_ROOT, 'cloudbuild.yaml')
+  with open(yaml_file, 'w') as yaml_file_handle:
+    yaml.dump(build_body, yaml_file_handle)
+
+  subprocess.run([
+      'gcloud', 'builds', 'submit', '--project=oss-fuzz-base',
+      f'--config={yaml_file}'
+  ],
+                 cwd=OSS_FUZZ_ROOT,
+                 check=True)
 
 
 def build_and_push_images(test_image_suffix):
@@ -118,7 +125,7 @@ def build_and_push_images(test_image_suffix):
 
 
 def main():
-  """"Builds base-images tags them with "-testing" suffix (in addition to normal
+  """Builds base-images tags them with "-testing" suffix (in addition to normal
   tag) and pushes testing suffixed images to docker registry."""
   test_image_suffix = sys.argv[1]
   logging.basicConfig(level=logging.DEBUG)
diff --git a/infra/build/functions/build_lib.py b/infra/build/functions/build_lib.py
index 05b1248f8..0962053a4 100644
--- a/infra/build/functions/build_lib.py
+++ b/infra/build/functions/build_lib.py
@@ -319,10 +319,13 @@ def get_git_clone_step(repo_url='https://github.com/google/oss-fuzz.git',
   return clone_step
 
 
-def get_docker_build_step(image_names, directory, buildkit_cache_image=None):
+def get_docker_build_step(image_names,
+                          directory,
+                          buildkit_cache_image=None,
+                          src_root='oss-fuzz'):
   """Returns the docker build step."""
   assert len(image_names) >= 1
-  directory = os.path.join('oss-fuzz', directory)
+  directory = os.path.join(src_root, directory)
   args = ['build']
   for image_name in image_names:
     args.extend(['--tag', image_name])
@@ -394,14 +397,8 @@ def get_gcb_url(build_id, cloud_project='oss-fuzz'):
           f'?project={cloud_project}')
 
 
-def run_build(  # pylint: disable=too-many-arguments
-    steps,
-    credentials,
-    cloud_project,
-    timeout,
-    body_overrides=None,
-    tags=None):
-  """Runs the build."""
+def get_build_body(steps, timeout, body_overrides, tags):
+  """Helper function to create a build from |steps|."""
   if 'GCB_OPTIONS' in os.environ:
     options = yaml.safe_load(os.environ['GCB_OPTIONS'])
   else:
@@ -419,6 +416,19 @@ def run_build(  # pylint: disable=too-many-arguments
     body_overrides = {}
   for key, value in body_overrides.items():
     build_body[key] = value
+  return build_body
+
+
+def run_build(  # pylint: disable=too-many-arguments
+    steps,
+    credentials,
+    cloud_project,
+    timeout,
+    body_overrides=None,
+    tags=None):
+  """Runs the build."""
+
+  build_body = get_build_body(steps, timeout, body_overrides, tags)
 
   cloudbuild = cloud_build('cloudbuild',
                            'v1',
diff --git a/infra/build/functions/trial_build/Dockerfile b/infra/build/functions/trial_build/Dockerfile
index ccddddc1d..71eb76ff2 100644
--- a/infra/build/functions/trial_build/Dockerfile
+++ b/infra/build/functions/trial_build/Dockerfile
@@ -14,9 +14,10 @@
 #
 ################################################################################
 
-FROM gcr.io/oss-fuzz-base/base-runner
+FROM gcr.io/cloud-builders/gcloud
 
-COPY ${OSS_FUZZ_ROOT} /opt/oss-fuzz
+RUN apt-get update && apt-get install python3-pip -y
+COPY . /opt/oss-fuzz
 RUN pip install -r /opt/oss-fuzz/infra/build/functions/requirements.txt
 
 WORKDIR /opt/oss-fuzz/infra/build/functions/