Dockerfile: add tsffs-dev target (#169)

Wenzel · web-flow · commit 5ff86b634c45 · 2025-08-04T02:50:14.000-07:00
diff --git a/.devcontainer.json b/.devcontainer.json
@@ -0,0 +1,23 @@
+{
+    "build": {
+        "dockerfile": "Dockerfile",
+        "target": "tsffs-dev"
+    },
+    "remoteUser": "vscode",
+    "updateRemoteUserUID": true,
+    "runArgs": [
+        "--group-add",
+        "dev"
+    ],
+    "workspaceMount": "source=${localWorkspaceFolder},target=/workspace/tsffs,type=bind",
+    "workspaceFolder": "/workspace/tsffs",
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "rust-lang.rust-analyzer",
+                "tamasfe.even-better-toml",
+                "ms-azuretools.vscode-containers"
+            ]
+        }
+    }
+}
diff --git a/.dockerignore b/.dockerignore
@@ -3,6 +3,8 @@
 **/target/
 **/*.img
 **/*.diff.craff
+.devcontainer.json
 # Don't add scripts so that builds dont have to rerun on script changes to those builds
 scripts
-target
+target
+packages
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -683,3 +683,33 @@ jobs:
         with:
           name: simics-pkg-31337-linux64
           path: packages/simics-pkg-31337-*-linux64.ispm
+
+  check_docker_image:
+    name: Check Docker Image
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: [tsffs-dev, tsffs-prod]
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          lfs: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
+
+      - name: Build ${{ matrix.target }} target
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          target: ${{ matrix.target }}
+          push: false
+          tags: tsffs:${{ matrix.target }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -2,13 +2,13 @@
 # SPDX-License-Identifier: Apache-2.0
 # hadolint global ignore=DL3041,DL3040
 
-FROM fedora:42@sha256:ee88ab8a5c8bf78687ddcecadf824767e845adc19d8cdedb56f48521eb162b43
+FROM fedora:42@sha256:ee88ab8a5c8bf78687ddcecadf824767e845adc19d8cdedb56f48521eb162b43 AS tsffs-base
 
 # Download links can be obtained from:
 # https://lemcenter.intel.com/productDownload/?Product=256660e5-a404-4390-b436-f64324d94959
-ENV PUBLIC_SIMICS_PKGS_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-linux64.ispm"
-ENV PUBLIC_SIMICS_ISPM_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-linux64.tar.gz"
-ENV PUBLIC_SIMICS_PACKAGE_VERSION_1000="6.0.185"
+ARG PUBLIC_SIMICS_PKGS_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-linux64.ispm"
+ARG PUBLIC_SIMICS_ISPM_URL="https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-linux64.tar.gz"
+ARG PUBLIC_SIMICS_PACKAGE_VERSION_1000="6.0.185"
 ENV SIMICS_BASE="/workspace/simics/simics-${PUBLIC_SIMICS_PACKAGE_VERSION_1000}/"
 # Add cargo and ispm to the path
 ENV PATH="/root/.cargo/bin:/workspace/simics/ispm:${PATH}"
@@ -124,3 +124,49 @@ RUN ispm projects /workspace/projects/example/ --create \
     ninja
 
 RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> /root/.bashrc
+
+FROM tsffs-base AS tsffs-dev
+ARG USER_UID=1000
+ARG USERNAME=vscode
+
+# To build and run the dev image:
+#   docker build --build-arg USER_UID=$(id -u) --target tsffs-dev -t tsffs:dev .
+#   docker run --rm -ti -v .:/workspace/tsffs tsffs:dev
+
+# hadolint ignore=DL3004,SC3009
+RUN <<EOF
+set -e
+# create group for developers
+groupadd dev
+# Create group and user with a home at /home/vscode
+useradd \
+      --create-home    \
+      --uid $USER_UID \
+      --user-group     \
+      --groups dev \
+      --shell /bin/bash \
+      $USERNAME        \
+ && echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME
+
+# set /workspace/simics permissions to root:dev
+chown -R root:dev /workspace/{simics,projects} && chmod -R g+w /workspace/{simics,projects}
+
+# install Rust nightly for the user
+sudo -E -u $USERNAME bash -c 'curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain none'
+
+# copy Simics ISPM config
+mkdir -p /home/$USERNAME/.config
+cp -r "/root/.config/Intel Simics Package Manager/" "/home/$USERNAME/.config/"
+chown -R $USERNAME:$USERNAME "/home/$USERNAME/.config/"
+EOF
+
+WORKDIR /workspace/tsffs
+
+FROM fedora:42@sha256:ee88ab8a5c8bf78687ddcecadf824767e845adc19d8cdedb56f48521eb162b43 AS tsffs-prod
+
+COPY --from=tsffs-base /workspace/projects /workspace/projects
+COPY --from=tsffs-base /workspace/simics /workspace/simics
+COPY --from=tsffs-base /root/.bashrc /root/.bashrc
+COPY --from=tsffs-base /root/.cargo /root/.cargo
+
+WORKDIR /workspace/projects/example
