From b91b0b082e53236c86e9e685dceb6566ecd0328d Mon Sep 17 00:00:00 2001
From: Huy Do <huydhn@gmail.com>
Date: Thu, 13 Jul 2023 18:56:15 -0700
Subject: [PATCH] Add base Docker image for Linux CI jobs

---
 .ci/docker/README.md                |  1 +
 .ci/docker/build.sh                 | 20 +++++++++++
 .ci/docker/common/install_base.sh   | 36 +++++++++++++++++++
 .ci/docker/common/install_clang.sh  | 41 +++++++++++++++++++++
 .ci/docker/common/install_user.sh   | 19 ++++++++++
 .ci/docker/ubuntu/Dockerfile        | 22 ++++++++++++
 .github/workflows/docker-builds.yml | 55 +++++++++++++++++++++++++++++
 7 files changed, 194 insertions(+)
 create mode 100644 .ci/docker/README.md
 create mode 100755 .ci/docker/build.sh
 create mode 100755 .ci/docker/common/install_base.sh
 create mode 100755 .ci/docker/common/install_clang.sh
 create mode 100644 .ci/docker/common/install_user.sh
 create mode 100644 .ci/docker/ubuntu/Dockerfile
 create mode 100644 .github/workflows/docker-builds.yml

diff --git a/.ci/docker/README.md b/.ci/docker/README.md
new file mode 100644
index 00000000000..1333ed77b7e
--- /dev/null
+++ b/.ci/docker/README.md
@@ -0,0 +1 @@
+TODO
diff --git a/.ci/docker/build.sh b/.ci/docker/build.sh
new file mode 100755
index 00000000000..e6b73ea8880
--- /dev/null
+++ b/.ci/docker/build.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -ex
+
+IMAGE_NAME="$1"
+shift
+
+OS="ubuntu"
+OS_VERSION=22.04
+CLANG_VERSION=12
+
+docker build \
+  --no-cache \
+  --progress=plain \
+  --build-arg "IMAGE_NAME=${IMAGE_NAME}" \
+  --build-arg "OS_VERSION=${OS_VERSION}" \
+  --build-arg "CLANG_VERSION=${CLANG_VERSION}" \
+  -f "${OS}"/Dockerfile \
+  "$@" \
+  .
diff --git a/.ci/docker/common/install_base.sh b/.ci/docker/common/install_base.sh
new file mode 100755
index 00000000000..34e4d383585
--- /dev/null
+++ b/.ci/docker/common/install_base.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -ex
+
+install_ubuntu() {
+  apt-get update
+
+  apt-get install -y --no-install-recommends \
+    build-essential \
+    ca-certificates \
+    curl \
+    git \
+    wget \
+    sudo \
+    vim \
+    jq \
+    vim \
+    unzip \
+    gdb
+
+  # Cleanup package manager
+  apt-get autoclean && apt-get clean
+  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+}
+
+# Install base packages depending on the base OS
+ID=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"')
+case "$ID" in
+  ubuntu)
+    install_ubuntu
+    ;;
+  *)
+    echo "Unable to determine OS..."
+    exit 1
+    ;;
+esac
diff --git a/.ci/docker/common/install_clang.sh b/.ci/docker/common/install_clang.sh
new file mode 100755
index 00000000000..d5f3f1a54c1
--- /dev/null
+++ b/.ci/docker/common/install_clang.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -ex
+
+install_ubuntu() {
+  apt-get update
+
+  apt-get install -y --no-install-recommends clang-"$CLANG_VERSION"
+  apt-get install -y --no-install-recommends llvm-"$CLANG_VERSION"
+
+  # Use update-alternatives to make this version the default
+  update-alternatives --install /usr/bin/clang clang /usr/bin/clang-"$CLANG_VERSION" 50
+  update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-"$CLANG_VERSION" 50
+  # Override cc/c++ to clang as well
+  update-alternatives --install /usr/bin/cc cc /usr/bin/clang 50
+  update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++ 50
+
+  # CLANG's packaging is a little messed up (the runtime libs aren't
+  # added into the linker path), so give it a little help
+  CLANG_LIB=("/usr/lib/llvm-$CLANG_VERSION/lib/clang/"*"/lib/linux")
+  echo "$CLANG_LIB" > /etc/ld.so.conf.d/clang.conf
+  ldconfig
+
+  # Cleanup package manager
+  apt-get autoclean && apt-get clean
+  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+}
+
+if [ -n "$CLANG_VERSION" ]; then
+  # Install base packages depending on the base OS
+  ID=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"')
+  case "$ID" in
+    ubuntu)
+      install_ubuntu
+      ;;
+    *)
+      echo "Unable to determine OS..."
+      exit 1
+      ;;
+  esac
+fi
diff --git a/.ci/docker/common/install_user.sh b/.ci/docker/common/install_user.sh
new file mode 100644
index 00000000000..112c89a64df
--- /dev/null
+++ b/.ci/docker/common/install_user.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -ex
+
+# Same as ec2-user
+echo "ci-user:x:1000:1000::/var/lib/ci-user:" >> /etc/passwd
+echo "ci-user:x:1000:" >> /etc/group
+# Needed on Focal or newer
+echo "ci-user:*:19110:0:99999:7:::" >> /etc/shadow
+
+# Create $HOME
+mkdir -p /var/lib/ci-user
+chown ci-user:ci-user /var/lib/ci-user
+
+# Allow sudo
+echo 'ci-user ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ci-user
+
+# Test that sudo works
+$SUDO -u ci-user $SUDO -v
diff --git a/.ci/docker/ubuntu/Dockerfile b/.ci/docker/ubuntu/Dockerfile
new file mode 100644
index 00000000000..f803b577e9f
--- /dev/null
+++ b/.ci/docker/ubuntu/Dockerfile
@@ -0,0 +1,22 @@
+ARG OS_VERSION
+
+FROM ubuntu:${OS_VERSION}
+
+ARG OS_VERSION
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install common dependencies
+COPY ./common/install_base.sh install_base.sh
+RUN bash ./install_base.sh && rm install_base.sh
+
+# Install clang
+COPY ./common/install_clang.sh install_clang.sh
+RUN bash ./install_clang.sh && rm install_clang.sh
+
+# Setup user
+COPY ./common/install_user.sh install_user.sh
+RUN bash ./install_user.sh && rm install_user.sh
+
+USER ci-user
+CMD ["bash"]
diff --git a/.github/workflows/docker-builds.yml b/.github/workflows/docker-builds.yml
new file mode 100644
index 00000000000..440c81f69ff
--- /dev/null
+++ b/.github/workflows/docker-builds.yml
@@ -0,0 +1,55 @@
+name: docker-builds
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - .ci/docker/**
+      - .github/workflows/docker-builds.yml
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: 1 3 * * 3
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.event_name == 'workflow_dispatch' }}
+  cancel-in-progress: true
+
+env:
+  ALPINE_IMAGE: 308535385114.dkr.ecr.us-east-1.amazonaws.com/tool/alpine
+  AWS_DEFAULT_REGION: us-east-1
+
+jobs:
+  docker-build:
+    runs-on: [self-hosted, linux.2xlarge]
+    timeout-minutes: 240
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - docker-image-name: executorch-ubuntu-22.04-clang12
+    env:
+      DOCKER_IMAGE_BASE: 308535385114.dkr.ecr.us-east-1.amazonaws.com/pytorch/${{ matrix.docker-image-name }}
+    steps:
+      - name: Clean workspace
+        shell: bash
+        run: |
+          echo "${GITHUB_WORKSPACE}"
+          sudo rm -rf "${GITHUB_WORKSPACE}"
+          mkdir "${GITHUB_WORKSPACE}"
+
+      - name: Checkout Executorch
+        uses: actions/checkout@v3
+
+      - name: Setup Linux
+        uses: pytorch/test-infra/.github/actions/setup-linux@main
+
+      # TODO: Move calculate Docker image to test-infra as a shareable GHA
+      - name: Build docker image
+        id: build-docker-image
+        shell: bash
+        env:
+          DOCKER_IMAGE_NAME: ${{ matrix.docker-image-name }}
+        run: |
+          .ci/docker/build.sh