From 85a39a5859704db260281b92ef38fa909e5b5026 Mon Sep 17 00:00:00 2001
From: Pietro Abate <pietro.abate@nomadic-labs.com>
Date: Thu, 12 Jun 2025 11:29:31 +0200
Subject: [PATCH] images: add rpm base images

---
 .gitlab/ci/pipelines/base_images.yml  | 59 +++++++++++++++++++++++++++
 ci/bin/base_images.ml                 | 46 +++++++++++++++++++--
 images/base-images/Dockerfile.rpm     | 20 +++++++++
 images/scripts/configure_rpm_proxy.sh | 49 ++++++++++++++++++++++
 scripts/ci/build-base-images.sh       |  2 +-
 5 files changed, 171 insertions(+), 5 deletions(-)
 create mode 100644 images/base-images/Dockerfile.rpm
 create mode 100755 images/scripts/configure_rpm_proxy.sh

diff --git a/.gitlab/ci/pipelines/base_images.yml b/.gitlab/ci/pipelines/base_images.yml
index 8f88a44f90cb..8d0514e0f1d1 100644
--- a/.gitlab/ci/pipelines/base_images.yml
+++ b/.gitlab/ci/pipelines/base_images.yml
@@ -42,6 +42,7 @@ oc.base-images.debian:
   variables:
     DOCKER_VERSION: 24.0.7
     DISTRIBUTION: debian
+    IMAGE_PATH: debian
   retry:
     max: 2
     when:
@@ -70,6 +71,7 @@ oc.base-images.ubuntu:
   variables:
     DOCKER_VERSION: 24.0.7
     DISTRIBUTION: ubuntu
+    IMAGE_PATH: ubuntu
   retry:
     max: 2
     when:
@@ -80,3 +82,60 @@ oc.base-images.ubuntu:
     - RELEASE:
       - noble
       - jammy
+
+oc.base-images.fedora:
+  image: ${GCP_REGISTRY}/tezos/docker-images/ci-docker:v1.13.0
+  stage: images
+  tags:
+  - gcp_very_high_cpu
+  dependencies: []
+  timeout: 60 minutes
+  before_script:
+  - . ./scripts/ci/datadog_send_job_info.sh
+  - ./scripts/ci/docker_initialize.sh
+  script:
+  - scripts/ci/build-base-images.sh images/base-images/Dockerfile.rpm
+  services:
+  - docker:${DOCKER_VERSION}-dind
+  variables:
+    DOCKER_VERSION: 24.0.7
+    DISTRIBUTION: fedora
+    IMAGE_PATH: fedora
+  retry:
+    max: 2
+    when:
+    - stuck_or_timeout_failure
+    - runner_system_failure
+  parallel:
+    matrix:
+    - RELEASE:
+      - "39"
+      - "42"
+
+oc.base-images.rockylinux:
+  image: ${GCP_REGISTRY}/tezos/docker-images/ci-docker:v1.13.0
+  stage: images
+  tags:
+  - gcp_very_high_cpu
+  dependencies: []
+  timeout: 60 minutes
+  before_script:
+  - . ./scripts/ci/datadog_send_job_info.sh
+  - ./scripts/ci/docker_initialize.sh
+  script:
+  - scripts/ci/build-base-images.sh images/base-images/Dockerfile.rpm
+  services:
+  - docker:${DOCKER_VERSION}-dind
+  variables:
+    DOCKER_VERSION: 24.0.7
+    DISTRIBUTION: rockylinux
+    IMAGE_PATH: rockylinux/rockylinux
+  retry:
+    max: 2
+    when:
+    - stuck_or_timeout_failure
+    - runner_system_failure
+  parallel:
+    matrix:
+    - RELEASE:
+      - "9.6"
diff --git a/ci/bin/base_images.ml b/ci/bin/base_images.ml
index b6058d1fd0f2..432b2a829719 100644
--- a/ci/bin/base_images.ml
+++ b/ci/bin/base_images.ml
@@ -13,18 +13,32 @@ let debian_matrix = [[("RELEASE", ["unstable"; "bookworm"])]]
 
 let ubuntu_matrix = [[("RELEASE", ["noble"; "jammy"])]]
 
+let rockylinux_matrix = [[("RELEASE", ["9.6"])]]
+
+let fedora_matrix = [[("RELEASE", ["39"; "42"])]]
+
 let jobs =
-  let make_job_base_images ~__POS__ ~name ~matrix ~distribution =
+  let make_job_base_images ~__POS__ ~name ~matrix ~distribution ?image_path
+      dockerfile =
+    let script =
+      Printf.sprintf "scripts/ci/build-base-images.sh %s" dockerfile
+    in
+    let variables =
+      if Option.is_none image_path then
+        [("DISTRIBUTION", distribution); ("IMAGE_PATH", distribution)]
+      else
+        [("DISTRIBUTION", distribution); ("IMAGE_PATH", Option.get image_path)]
+    in
     job_docker_authenticated
       ~__POS__
       ~name
       ~stage:Stages.images
-      ~variables:[("DISTRIBUTION", distribution)]
+      ~variables
       ~parallel:(Matrix matrix)
       ~retry:
         {max = 2; when_ = [Stuck_or_timeout_failure; Runner_system_failure]}
       ~tag:Gcp_very_high_cpu
-      ["scripts/ci/build-base-images.sh images/base-images/Dockerfile.debian"]
+      [script]
   in
   let job_debian_based_images =
     make_job_base_images
@@ -32,6 +46,7 @@ let jobs =
       ~name:"oc.base-images.debian"
       ~distribution:"debian"
       ~matrix:debian_matrix
+      "images/base-images/Dockerfile.debian"
   in
   let job_ubuntu_based_images =
     make_job_base_images
@@ -39,8 +54,31 @@ let jobs =
       ~name:"oc.base-images.ubuntu"
       ~distribution:"ubuntu"
       ~matrix:ubuntu_matrix
+      "images/base-images/Dockerfile.debian"
+  in
+  let job_fedora_based_images =
+    make_job_base_images
+      ~__POS__
+      ~name:"oc.base-images.fedora"
+      ~distribution:"fedora"
+      ~matrix:fedora_matrix
+      "images/base-images/Dockerfile.rpm"
+  in
+  let job_rockylinux_based_images =
+    make_job_base_images
+      ~__POS__
+      ~name:"oc.base-images.rockylinux"
+      ~distribution:"rockylinux"
+      ~image_path:"rockylinux/rockylinux"
+      ~matrix:rockylinux_matrix
+      "images/base-images/Dockerfile.rpm"
   in
-  [job_debian_based_images; job_ubuntu_based_images]
+  [
+    job_debian_based_images;
+    job_ubuntu_based_images;
+    job_fedora_based_images;
+    job_rockylinux_based_images;
+  ]
 
 let child_pipeline =
   Pipeline.register_child
diff --git a/images/base-images/Dockerfile.rpm b/images/base-images/Dockerfile.rpm
new file mode 100644
index 000000000000..f734a1b4cde0
--- /dev/null
+++ b/images/base-images/Dockerfile.rpm
@@ -0,0 +1,20 @@
+ARG IMAGE=invalid
+# The image with proper version is set as ARG
+#hadolint ignore=DL3006
+FROM $IMAGE
+
+ENV TZ=Etc/UTC
+
+# Setup proxy
+ARG APT_PROXY
+ENV APT_PROXY=${APT_PROXY:-false}
+
+COPY images/scripts/configure_rpm_proxy.sh \
+     images/scripts/install_datadog_static.sh \
+     /tmp/
+
+#hadolint ignore=DL3041
+RUN /tmp/configure_rpm_proxy.sh && \
+    dnf -y update && \
+    dnf clean all && \
+    /tmp/install_datadog_static.sh
diff --git a/images/scripts/configure_rpm_proxy.sh b/images/scripts/configure_rpm_proxy.sh
new file mode 100755
index 000000000000..33e53f4f9e59
--- /dev/null
+++ b/images/scripts/configure_rpm_proxy.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -eu
+
+if [ "$APT_PROXY" != false ]; then
+  # shellcheck disable=SC1091
+  . /etc/os-release
+  ARCH=$(uname -m)
+  OS_ID=$ID
+  OS_VERSION=$VERSION_ID
+
+  case "$OS_ID" in
+  "fedora")
+
+    echo "zchunk=false" >> /etc/dnf/dnf.conf
+    for file in /etc/yum.repos.d/fedora*.repo; do
+      sed -i \
+        -e 's|^metalink=|#metalink=|' \
+        -e "s|^#baseurl=http://download.example.*|baseurl=http://dl.fedoraproject.org/pub/fedora/linux/updates/$OS_VERSION/Everything/$ARCH/|" \
+        -e "s|^baseurl=.*|baseurl=http://dl.fedoraproject.org/pub/fedora/linux/updates/$OS_VERSION/Everything/$ARCH/|" \
+        -e "/^baseurl=/a proxy=$APT_PROXY" \
+        -e '/^\[.*\]/a metadata_types=rpm-md' \
+        "$file"
+    done
+    ;;
+
+  "rockylinux" | "rocky")
+
+    for file in /etc/yum.repos.d/rocky-*.repo; do
+      sed -i \
+        -e 's|^mirrorlist=|#mirrorlist=|' \
+        -e 's|^#baseurl=http://|baseurl=http://|' \
+        -e "/^baseurl=/a proxy=$APT_PROXY" \
+        "$file"
+    done
+    ;;
+
+  *)
+    echo "rpm distribution not supported"
+    exit 1
+    ;;
+  esac
+
+  dnf makecache
+
+else
+  echo "APT_PROXY not set"
+  exit 1
+fi
diff --git a/scripts/ci/build-base-images.sh b/scripts/ci/build-base-images.sh
index 56209edb822f..44d56af93770 100755
--- a/scripts/ci/build-base-images.sh
+++ b/scripts/ci/build-base-images.sh
@@ -33,7 +33,7 @@ docker buildx build --push \
   --cache-from="type=registry,mode=max,compression=zstd,ref=${protected_gcp}" \
   --build-arg=BUILDKIT_INLINE_CACHE=1 \
   --secret "id=npm_token,src=/tmp/npm_token.txt" \
-  --build-arg IMAGE="$DISTRIBUTION:$RELEASE" \
+  --build-arg IMAGE="$IMAGE_PATH:$RELEASE" \
   --build-arg APT_PROXY="${APT_PROXY_DEB:-}" \
   --build-arg NPM_REGISTRY_DOMAIN="${NPM_REGISTRY_DOMAIN:-}" \
   --build-arg NPM_REGISTRY="${NPM_REGISTRY:-}" \
-- 
GitLab