cbs228
diff --git a/‎.github/container/README.md‎
Lines changed: 14 additions & 5 deletions b/‎.github/container/README.md‎
Lines changed: 14 additions & 5 deletions
diff --git a/‎.github/container/aarch64-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions b/‎.github/container/aarch64-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/container/armv7-unknown-linux-gnueabihf/Dockerfile‎
Lines changed: 3 additions & 0 deletions b/‎.github/container/armv7-unknown-linux-gnueabihf/Dockerfile‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/container/build.sh‎
Lines changed: 19 additions & 10 deletions b/‎.github/container/build.sh‎
Lines changed: 19 additions & 10 deletions
diff --git a/‎.github/container/i686-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions b/‎.github/container/i686-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/container/rust/Dockerfile‎
Lines changed: 4 additions & 4 deletions b/‎.github/container/rust/Dockerfile‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎…t/rootfiles/usr/local/bin/qemu-run-maybe‎ ‎…/container/rust/rootfiles/qemu-run-maybe‎.github/container/rust/rootfiles/usr/local/bin/qemu-run-maybe renamed to .github/container/rust/rootfiles/qemu-run-maybe
Lines changed: 14 additions & 2 deletions b/‎…t/rootfiles/usr/local/bin/qemu-run-maybe‎ ‎…/container/rust/rootfiles/qemu-run-maybe‎.github/container/rust/rootfiles/usr/local/bin/qemu-run-maybe renamed to .github/container/rust/rootfiles/qemu-run-maybe
Lines changed: 14 additions & 2 deletions
diff --git a/‎.github/container/x86_64-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions b/‎.github/container/x86_64-unknown-linux-gnu/Dockerfile‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/container.yml‎
Lines changed: 23 additions & 0 deletions b/‎.github/workflows/container.yml‎
Lines changed: 23 additions & 0 deletions
@@ -23,20 +23,29 @@ Instead of using cross-rs, we create our own environment that includes all of th
 
 to build it. The build instructions are heavily influenced by the cross-rs project but do not depend on it.
 
-You can use any of these containers offline to build samedec. Define the following volumes:
+You can use any of these containers offline to build samedec. See the [`local-ci.sh`](../local-ci.sh) script for a working demonstration that includes:
+
+* A single `cargo vendor` download for all dependencies for all platforms
+* Source code linting
+* Documentation completeness checks
+* Multi-platform cross-compiling
+* Multi-platform testing in qemu
+* Artifact generation
+
+Or you can run it yourself. The containers require the following volumes:
 
 * `/src`: the repository root of a Rust project
-* `/install`: destination for binaries installed with `cargo install`
-* `/src/target` (**optional**): a build directory.
-* `/cargohome` (**optional**): a persistent `$CARGO_HOME` directory
+* `/install` (**optional**): destination for binaries installed with `cargo install`
+* `/src/target` (**optional**): a reusable build directory
+* `/cargo` (**optional**): a persistent `$CARGO_HOME`
 
 Example:
 
 ```bash
 mkdir -p out/aarch64-unknown-linux-gnu
 
 podman run \
-  --security-opt label=disable \
+  --security-opt=label=disable \
   --userns=keep-id:uid=1001,gid=1001 \
   --rm -it \
   --volume .:/src:ro \
 
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
@@ -18,13 +18,13 @@ usage() {
 Usage: $0 [--push]
 
 Build container images for the CI environment. To select
-a particular container platform tool like podman, set
+a particular container platform tool like buildah, set
 
-    BUILDER=podman
+    BUILDER=buildah
 
 Prior to pushing, make sure to
 
-    podman login "$CONTAINER_PREFIX"
+    buildah login "$CONTAINER_PREFIX"
 
 or equivalent.
 EOF
@@ -45,7 +45,7 @@ container_builder() {
     command -v "${BUILDER}"
   else
     {
-      command -v podman || \
+      command -v buildah || \
       command -v docker
     } 2>/dev/null || {
       echo >&2 "FATAL: container platform tools not found"
@@ -67,16 +67,17 @@ buildcontainer() {
   # Run the $BUILDER to build a container image. Some standardized
   # arguments are passed to every build.
 
-  if [[ $BUILDER =~ podman$ ]]; then
+  if [[ $BUILDER =~ buildah$ ]]; then
     run "$BUILDER" build \
-      --build-arg SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
+      --identity-label=false \
+      --build-arg=SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
       --timestamp "$SOURCE_DATE_EPOCH" \
       ${NO_CACHE:+--no-cache} \
       "$@"
   else
     # docker mode; 100% untested
     run "$BUILDER" buildx build \
-      --build-arg SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
+      --build-arg=SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
 			--output type=docker,rewrite-timestamp=true \
       ${NO_CACHE:+--no-cache} \
       "$@"
@@ -109,7 +110,8 @@ pushall() {
 
   local tag
   for tag in "$@"; do
-    run "$BUILDER" push "${prefix}:${tag}"
+    run "$BUILDER" push --retry 3 "${prefix}:${tag}"
+    sleep 2
   done
 }
 
@@ -144,14 +146,18 @@ selfdir="$(dirname "$(realpath -e "${0?}")")"
 SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(git log -1 --pretty=%ct -- "$selfdir" || date +%s)}"
 export SOURCE_DATE_EPOCH
 
+# set git revision
+SOURCE_REV="$(git log -1 --format='%H' -- "$selfdir" || echo "nogit")"
+
 # tag with "latest" and SOURCE_DATE_EPOCH
 CONTAINER_TAGS=("latest" "$(date --date '@'"$SOURCE_DATE_EPOCH" +'%Y-%m-%d')")
 
 # build the base image
 base_tag="$(container_name base):${CONTAINER_TAGS[0]}"
 
 buildcontainer \
-  --build-arg DEBIAN_TAG="$DEBIAN_TAG" \
+  --build-arg=DEBIAN_TAG="$DEBIAN_TAG" \
+  --pull=missing \
   --tag "$base_tag" \
   "${selfdir?}/base"
 
@@ -160,7 +166,8 @@ rust_tag="$(container_name rust):${CONTAINER_TAGS[0]}"
 
 buildcontainer \
   --from "$base_tag" \
-  --build-arg RUST_VERSIONS="${RUST_VERSIONS[*]}" \
+  --pull=false \
+  --build-arg=RUST_VERSIONS="${RUST_VERSIONS[*]}" \
   --tag "$rust_tag" \
   "${selfdir?}/rust"
 
@@ -173,6 +180,8 @@ for containerdir in "${selfdir?}/"*-*-*; do
 
   buildcontainer \
     --from "$rust_tag" \
+    --pull=false \
+    --build-arg=SOURCE_REV="$SOURCE_REV" \
     --tag "${cur_tag}" \
     "${containerdir}"
 done
 
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
@@ -37,7 +37,9 @@ ENV PATH=/install/bin:/usr/local/cargo/bin:$PATH \
 
 # Instructions adapted from official Docker image
 # <https://github.com/rust-lang/docker-rust/blob/master/Dockerfile-slim.template>
-RUN set -eux; \
+RUN --mount=type=bind,src=./rootfiles,dst=/rootfiles,ro \
+    set -eux; \
+    install --mode=0755 -t /usr/local/bin /rootfiles/qemu-run-maybe; \
     export CARGO_HOME=/usr/local/cargo; \
     [ -n "${RUSTUP_URL:-}" ] || RUSTUP_URL="https://static.rust-lang.org/rustup/archive/${RUSTUP_VERSION}/${RUSTUP_ARCH}/rustup-init"; \
     curl -O -sSf "$RUSTUP_URL"; \
@@ -51,9 +53,7 @@ RUN set -eux; \
     rustc --version; \
     rustup set auto-self-update disable; \
     echo "$RUST_VERSIONS" | xargs rustup toolchain add --profile minimal; \
+    rustup component add --toolchain "$default_rust" rustfmt; \
     (umask 022 && echo "$RUSTUP_ARCH" >/etc/rust-native-arch)
 
-# Install scripts
-COPY rootfiles /
-
 LABEL org.opencontainers.image.description="A pinned Rust toolchain with rustup."
@@ -14,8 +14,12 @@ if [ ! -x "$program" ]; then
   program="$(command -v "$program")"
 fi
 
+# determine platform-native triple by reading a file we
+# wrote at install time
+NATIVE_ARCH="$(cat /etc/rust-native-arch)"
+
 case "${CARGO_BUILD_TARGET:-}" in
-  ("$(cat /etc/rust-native-arch)")
+  ("${NATIVE_ARCH?no native architecture saved in /etc/rust-native-arch}")
     # the build target is the native architecture
     exec "$program" "$@"
     ;;
@@ -26,7 +30,15 @@ case "${CARGO_BUILD_TARGET:-}" in
     exec qemu-arm -- "$program" "$@"
     ;;
   (i686-unknown-linux-*)
-    exec qemu-i386 -- "$program" "$@"
+    case "$NATIVE_ARCH" in
+      (x86_64-unknown-linux-*)
+        # x86_64 can run i686 without emulation
+        exec "$program" "$@"
+        ;;
+      (*)
+        exec qemu-i386 -- "$program" "$@"
+        ;;
+    esac
     ;;
   (x86_64-unknown-linux-*)
     exec qemu-x86_64 -- "$program" "$@"
 
@@ -32,4 +32,7 @@ ENV CARGO_BUILD_TARGET="$RUST_TARGET" \
 
 USER builder
 
+ARG SOURCE_REV=nogit
+
 LABEL org.opencontainers.image.description="A Debian-based Rust cross-compiling environment."
+LABEL org.opencontainers.image.revision="$SOURCE_REV"
@@ -0,0 +1,23 @@
+# See ./.github/container/README.md
+
+name: Rebuild CI containers
+
+on: workflow_dispatch
+
+jobs:
+  build:
+    name: Build container images
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Log in to Github Container Registry
+      run: buildah login ghcr.io/cbs228 --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build all containers
+      run: ./.github/container/build.sh --push