Split into a slim base dockerfile.

jakkra · jakkra · commit 219bac2fae25 · 2025-12-06T23:39:47.000+01:00
diff --git a/.github/workflows/zswatch-ci-image.yml b/.github/workflows/zswatch-ci-image.yml
@@ -6,6 +6,7 @@ on:
       - main
       - zswatch_*
     paths:
+      - Dockerfile.zswatch-base
       - Dockerfile.zswatch-ci
       - Dockerfile.base
       - Dockerfile.ci
@@ -46,11 +47,11 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: ./Dockerfile.base
+          file: ./Dockerfile.zswatch-base
           push: true
           tags: |
-            ghcr.io/zswatch/ci-base:${{ github.ref_name }}
-            ghcr.io/zswatch/ci-base:latest
+            ghcr.io/zswatch/ci-base-slim:${{ github.ref_name }}
+            ghcr.io/zswatch/ci-base-slim:latest
 
       - name: Prune buildx cache
         run: docker buildx prune -af --keep-storage 5GB
@@ -65,4 +66,4 @@ jobs:
             ghcr.io/zswatch/zswatch-ci:latest
             ghcr.io/zswatch/zswatch-ci:${{ github.ref_name }}
           build-args: |
-            BASE_IMAGE=ghcr.io/zswatch/ci-base:${{ github.ref_name }}
+            BASE_IMAGE=ghcr.io/zswatch/ci-base-slim:${{ github.ref_name }}
diff --git a/Dockerfile.zswatch-base b/Dockerfile.zswatch-base
@@ -0,0 +1,122 @@
+# ZSWatch slim base image
+# Minimal tooling for nRF5340 and native_sim builds; omits extras from the upstream base.
+
+FROM ubuntu:24.04
+
+ARG USERNAME=user
+ARG UID=1000
+ARG GID=1000
+ARG PYTHON_VENV_PATH=/opt/python/venv
+ARG UBUNTU_MIRROR_ARCHIVE=archive.ubuntu.com/ubuntu
+ARG UBUNTU_MIRROR_SECURITY=security.ubuntu.com/ubuntu
+ARG UBUNTU_MIRROR_PORTS=ports.ubuntu.com/ubuntu-ports
+
+# Set default shell during Docker image build to bash
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+
+# Set non-interactive frontend for apt-get to skip any user confirmations
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install a trimmed set of APT packages
+RUN <<EOF
+	# Set up custom Ubuntu APT mirrors
+	pushd /etc/apt/sources.list.d
+	cp ubuntu.sources ubuntu.sources.bak
+	sed -i "s#archive.ubuntu.com/ubuntu#${UBUNTU_MIRROR_ARCHIVE}#" ubuntu.sources
+	sed -i "s#security.ubuntu.com/ubuntu#${UBUNTU_MIRROR_SECURITY}#" ubuntu.sources
+	sed -i "s#ports.ubuntu.com/ubuntu-ports#${UBUNTU_MIRROR_PORTS}#" ubuntu.sources
+	popd
+
+	apt-get -y update
+
+	# Core build and tooling stack
+	apt-get install --no-install-recommends -y \
+		build-essential \
+		ca-certificates \
+		ccache \
+		cmake \
+		dfu-util \
+		device-tree-compiler \
+		file \
+		gdb \
+		git \
+		gperf \
+		libffi-dev \
+		libncursesw6 \
+		libreadline8 \
+		libssl-dev \
+		libusb-1.0-0 \
+		libyaml-0-2 \
+		libsdl2-dev \
+		locales \
+		ninja-build \
+		openssh-client \
+		pkg-config \
+		python3 \
+		python3-dev \
+		python3-pip \
+		python3-setuptools \
+		python3-wheel \
+		python3-venv \
+		python-is-python3 \
+		sudo \
+		unzip \
+		wget \
+		xz-utils
+
+	apt-get autoremove --purge -y
+	apt-get clean -y
+	rm -rf /var/lib/apt/lists/*
+
+	# Restore original Ubuntu mirrors
+	pushd /etc/apt/sources.list.d
+	mv -f ubuntu.sources.bak ubuntu.sources
+	popd
+EOF
+
+# Initialise system locale
+RUN locale-gen en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
+
+# Set up Python virtual environment for Zephyr
+RUN <<EOF
+	mkdir -p ${PYTHON_VENV_PATH}
+	python3 -m venv ${PYTHON_VENV_PATH}
+	source ${PYTHON_VENV_PATH}/bin/activate
+
+	pip install --no-cache-dir --upgrade pip setuptools wheel
+	pip install --no-cache-dir \
+		-r https://raw.githubusercontent.com/zephyrproject-rtos/zephyr/main/scripts/requirements.txt \
+		-r https://raw.githubusercontent.com/zephyrproject-rtos/mcuboot/main/scripts/requirements.txt \
+		'esptool>=5.0.2' \
+		GitPython \
+		imgtool \
+		junitparser \
+		junit2html \
+		nrf-regtool~=9.0.1 \
+		numpy \
+		protobuf \
+		grpcio-tools \
+		PyGithub \
+		pylint \
+		sh \
+		statistics \
+		west
+EOF
+
+# Make Zephyr Python virtual environment available globally
+ENV PATH=${PYTHON_VENV_PATH}/bin:$PATH
+
+# Create user account
+RUN <<EOF
+	userdel -r ubuntu || true
+	groupadd -g $GID -o $USERNAME
+	useradd -u $UID -m -g $USERNAME -G plugdev $USERNAME
+	echo $USERNAME ' ALL = NOPASSWD: ALL' > /etc/sudoers.d/$USERNAME
+	chmod 0440 /etc/sudoers.d/$USERNAME
+EOF
+
+# Ensure that container runs in the 'root' user context
+USER root
diff --git a/Dockerfile.zswatch-ci b/Dockerfile.zswatch-ci
@@ -31,20 +31,23 @@ EOF
 RUN <<'EOF'
 	if [ "${HOSTTYPE}" = "x86_64" ]; then
 		# Drop 32-bit support and multilib toolchains not needed for nRF/native_sim_64
+		apt-get update -y
 		apt-get purge --auto-remove -y \
 			gcc-multilib g++-multilib \
 			libc6-dbg:i386 libfuse-dev:i386 libsdl2-dev:i386 || true
 		dpkg --remove-architecture i386 || true
 	fi
 
 	# Remove heavy debug/coverage/doc tools unused in ZSWatch CI builds
+	apt-get update -y
 	apt-get purge --auto-remove -y \
 		valgrind \
 		lcov \
 		gcovr \
 		doxygen \
 		thrift-compiler || true
 
+	apt-get update -y
 	apt-get purge --auto-remove -y \
 		libgtk2.0-0 \
 		libcairo2-dev \
