[docker] Dockerfile improvements and script fixes (#586)

- Add a docker build action
- Derive `repo_dir` using `script_dir` instead of running a `git` command.
This will allow using the scripts when the repo is downloaded as a `.zip`
- Change `script/generate_cmake.py` to default to python3 specifically

Author: lmnotran

.dockerignore

@@ -1,3 +1,3 @@
 .git
-build/
+**/build/
 third_party/silabs/

.github/workflows/docker.yml

@@ -0,0 +1,101 @@
+#
+#  Copyright (c) 2023, The OpenThread Authors.
+#  All rights reserved.
+#
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are met:
+#  1. Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#  2. Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in the
+#     documentation and/or other materials provided with the distribution.
+#  3. Neither the name of the copyright holder nor the
+#     names of its contributors may be used to endorse or promote products
+#     derived from this software without specific prior written permission.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#  POSSIBILITY OF SUCH DAMAGE.
+#
+
+name: Docker
+
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - 'main'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
+  cancel-in-progress: true
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  buildx:
+    name: buildx
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      with:
+        submodules: true
+
+    - name: Prepare
+      id: prepare
+      run: |
+        DOCKER_IMAGE=siliconlabsinc/ot-efr32-dev
+        DOCKER_FILE=Dockerfile
+        DOCKER_PLATFORMS=linux/amd64
+        VERSION=latest
+
+        TAGS="--tag ${DOCKER_IMAGE}:${VERSION}"
+
+        echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
+        echo "version=${VERSION}" >> $GITHUB_OUTPUT
+        echo "buildx_args=--platform ${DOCKER_PLATFORMS} \
+          --build-arg OT_GIT_REF=${{ github.sha }} \
+          --build-arg VERSION=${VERSION} \
+          --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
+          --build-arg VCS_REF=${GITHUB_SHA::8} \
+          ${TAGS} --file ${DOCKER_FILE} ." >> $GITHUB_OUTPUT
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+
+    - name: Docker Buildx (build)
+      run: |
+        docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }}
+
+    - name: Login to DockerHub
+      if: success() && github.repository == 'SiliconLabs/ot-efr32' && github.event_name != 'pull_request'
+      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Docker Buildx (push)
+      if: success() && github.repository == 'SiliconLabs/ot-efr32' && github.event_name != 'pull_request'
+      run: |
+        docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }}
+
+    - name: Inspect Image
+      if: always() && github.repository == 'SiliconLabs/ot-efr32' && github.event_name != 'pull_request'
+      run: |
+        docker buildx imagetools inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }}

Dockerfile

@@ -1,17 +1,34 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 ENV TZ="America/New_York"
 ENV repo_dir="/ot-efr32"
+WORKDIR ${repo_dir}
 
 # Install packages
 RUN apt-get update && \
-      apt-get -y install sudo tzdata && \
-      rm -rf /var/lib/apt/lists/*
+      apt-get -y install --no-install-recommends \
+      sudo \
+      tzdata \
+      && rm -rf /var/lib/apt/lists/*
 
 # Copy scripts
-RUN mkdir -p ${repo_dir}/third_party/silabs/slc
-COPY ./script ${repo_dir}/script
-COPY ./openthread/script ${repo_dir}/openthread/script
+COPY ./openthread/script ./openthread/script
+COPY  ./script/bootstrap \
+      ./script/bootstrap_silabs \
+      ./script/
+COPY ./requirements.txt .
 
-# bootstrap
-RUN ./ot-efr32/script/bootstrap
+# Bootstrap
+RUN ./script/bootstrap packages && rm -rf /var/lib/apt/lists/*
+
+ENV SLC_INSTALL_DIR=/opt/slc_cli
+RUN mkdir ${SLC_INSTALL_DIR} && \
+      ./script/bootstrap silabs
+
+RUN ./script/bootstrap openthread && rm -rf /var/lib/apt/lists/*
+
+# Clone repo for convenience
+ARG REPO_URL="https://github.com/openthread/ot-efr32"
+WORKDIR /
+RUN rm -rf ${repo_dir} && git clone ${REPO_URL} ${repo_dir}
+WORKDIR ${repo_dir}

script/bootstrap

@@ -38,7 +38,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # ==============================================================================
 
@@ -54,7 +54,8 @@ install_packages_apt()
         python3-setuptools \
         python3-pip \
         git-lfs \
-        unzip
+        unzip \
+        wget
 }
 
 install_packages_opkg()
@@ -83,7 +84,7 @@ install_packages_source()
 
 install_packages_pip3()
 {
-    pip3 install -U -r "${repo_dir}/requirements.txt"
+    pip3 install --no-cache-dir --upgrade -r "${repo_dir}/requirements.txt"
 }
 
 install_packages()
@@ -122,6 +123,8 @@ main()
         install_packages
         do_bootstrap_openthread
         do_bootstrap_silabs
+    elif [ "$1" == 'packages' ]; then
+        install_packages
     elif [ "$1" == 'openthread' ]; then
         do_bootstrap_openthread
     elif [ "$1" == 'python' ]; then

script/bootstrap_silabs

@@ -38,7 +38,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # ==============================================================================
 
@@ -55,10 +55,11 @@ install_slc_cli()
     fi
 
     local zip_url="https://www.silabs.com/documents/login/software/slc_cli_${os_type}.zip"
+    mkdir -p "${SLC_INSTALL_DIR}"
     pushd "${SLC_INSTALL_DIR}"
     local zip_path="./slc_cli.zip"
     wget "${zip_url}" -O "${zip_path}"
-    unzip -q -o "${zip_path}" -d "$(dirname ${zip_path})"
+    unzip -q -o "${zip_path}" -d "$(dirname ${zip_path})" && rm "${zip_path}"
     popd
 }
 

script/build

@@ -36,7 +36,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # shellcheck source=script/efr32-definitions
 source "${repo_dir}/script/efr32-definitions"

script/build_example_apps

@@ -38,7 +38,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # shellcheck source=script/efr32-definitions
 source "${repo_dir}/script/efr32-definitions"

script/efr32-definitions

@@ -36,7 +36,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 sdk_dir="${repo_dir}/third_party/silabs/gecko_sdk"
 
 efr32_device_regex=""

script/generate

@@ -38,7 +38,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 sdk_dir="${repo_dir}/third_party/silabs/gecko_sdk"
 
 # shellcheck source=script/slc_cli

script/generate_cmake.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 #
 #  Copyright (c) 2023, The OpenThread Authors.
 #  All rights reserved.

script/make-pretty

@@ -64,7 +64,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 OT_BUILD_JOBS=$(getconf _NPROCESSORS_ONLN)
 readonly OT_BUILD_JOBS

script/slc_cli

@@ -36,7 +36,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # slc-cli installation dir
 [ -n "${SLC_INSTALL_DIR-}" ] || SLC_INSTALL_DIR="${repo_dir}/slc"

script/test

@@ -38,7 +38,7 @@ else
     script_path="$0"
 fi
 script_dir="$(realpath "$(dirname "${script_path}")")"
-repo_dir="$(git -C "${script_dir}" rev-parse --show-toplevel)"
+repo_dir="$(dirname "${script_dir}")"
 
 # shellcheck source=script/efr32-definitions
 source "${repo_dir}/script/efr32-definitions"