Pipeline and scripts for custom node 18 build (with glibc 2.17)

.buildkite/pipeline-kibana.yml

@@ -0,0 +1,38 @@
+env:
+  TARGET_VERSION: 18.16.1
+  RE2_VERSION: 1.17.7
+
+steps:
+  - label: Build node.js 18 with glibc 2.17 for x64
+    command:
+      - scripts/create_build_images.sh
+      - scripts/build_nodejs.sh
+      - scripts/upload_nodejs_artifacts.sh
+      - scripts/build_re2.sh
+      - scripts/upload_re2_artifacts.sh
+    env:
+      ARCH: amd64
+    agents:
+      queue: c2-16
+    timeout_in_minutes: 300 # 5 hrs
+
+  - label: Build node.js 18 with glibc 2.17 for arm64
+    command:
+      - scripts/create_build_images.sh
+      - scripts/build_nodejs.sh
+      - scripts/upload_nodejs_artifacts.sh
+      - scripts/build_re2.sh
+      - scripts/upload_re2_artifacts.sh
+    env:
+      ARCH: arm64
+    agents:
+      # queue: macos-arm # disabled while the git cloning doesn't work
+      queue: c2-60 # cross-compiling takes a while
+    timeout_in_minutes: 720 # 12 hrs
+
+  - wait
+
+  - label: Fix SHASUMS256.txt with newly built files' hashes
+    command: scripts/replace_sha_hashes.sh
+    agents:
+      queue: kibana-default

.buildkite/pipeline.yml

@@ -1,17 +1,3 @@
-agents:
-  provider: aws
-  instanceType: m6g.xlarge
-  imagePrefix: drivah-ubuntu-2204-aarch64
-
 steps:
-  - label: ":buildah: Building Container Images for ARM64"
-    branches: "*"
-    command: |
-      buildah --version
-      drivah build --changed-since=main ./containers/arm64
-
-  # - label: ":buildah: Building Container Images for AMD64"
-  #   branches: "*"
-  #   command: |
-  #     buildah --version
-  #     drivah build --changed-since=main ./.buildkite/containers/amd64
+  - command: echo "OK"
+    label: Blank command, placeholder

.gitignore

@@ -1,4 +1,5 @@
 .vscode
 .idea
 
-workdir
+workdir/
+workdir_re2/

README.md

@@ -1,2 +1,47 @@
 # kibana-custom-nodejs-builds
-Contains configuration and sources to build node.js for custom platforms
+Contains configuration and sources to build node.js
+
+The main usecase right now is building `node.js@18+` with `glibc@2.17`, which is required for some older platforms. (More context: https://github.com/nodejs/unofficial-builds/pull/69)
+
+## Running locally
+You can run most scripts locally on Mac/Linux. You'll need a few of the build/infra tools:
+ - Docker
+ - node.js
+ - gsutil (`brew install google-cloud-sdk`)
+
+Export some env variables required for the builds
+```sh
+  export ARCH="arm64"
+  export TARGET_VERSION="18.16.1"
+  export RE2_VERSION="1.17.7"
+```
+
+Then run individual scripts locally:
+```sh
+  ./scripts/create_build_images.sh
+  ./scripts/build_nodejs.sh
+```
+
+## Docker image for node.js builds
+One of the main components we need to create in this step is a docker image for an environment that's set up for building `node.js`.
+
+The bits for this component are in the [build-image-config](./build-image-config/) folder.
+
+The docker image uses mounted directories as working directories, as well as outputting the artifacts in these directories.
+
+
+## Scripts for running the builds
+Most of the buildkite logic is sheltered in the [scripts](./scripts/) directory.
+
+
+
+## Context
+During development, we found some more information that can be helpful as context, should anyone find this repo again
+
+ - This repository is only needed until
+   - centos:7 / RHEL7 is supported by Elastic, and we ship node.js with Kibana
+   - the unofficial-builds repo accepts a linux/arm64 build (https://github.com/nodejs/unofficial-builds/pull/83)
+ - The created Docker images needn't be pushed
+   - they can be used once for the build, then rebuilt in case we need to run it again
+ - I decided to remove the `VARIATION` attribute on the node.js:
+   - build would result in the variation showing up in the file and folder names, making the logistics more difficult, if we want to keep this mostly transparent for Kibana

build-image-config/Dockerfile

@@ -0,0 +1,31 @@
+FROM centos:7
+
+ARG GROUP_ID=1000
+ARG USER_ID=1000
+
+RUN groupadd --force --gid $GROUP_ID node
+RUN adduser --gid $GROUP_ID --uid $USER_ID node
+
+RUN ulimit -n 1024 \
+    && yum install -y epel-release \
+    && yum install -y centos-release-scl-rh \
+    && yum upgrade -y \
+    && yum install -y \
+         git \
+         curl \
+         make \
+         python2 \
+         python3 \
+         ccache \
+         xz-utils \
+         devtoolset-9 \
+         glibc-devel
+
+COPY --chown=node:node entrypoint.sh /home/node/entrypoint.sh
+COPY --chown=node:node re2_entrypoint.sh /home/node/re2_entrypoint.sh
+
+USER node
+
+VOLUME /home/node/workdir
+
+ENTRYPOINT [ "/home/node/entrypoint.sh" ]

build-image-config/entrypoint.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+release_url_base="$1"
+full_version="$2"
+config_flags=${3:-""} #"--without-dtrace --without-npm --without-etw"
+
+if [[ $(arch) == x86_64 ]]; then
+  architecture="x64";
+else
+  architecture="arm64"
+fi
+
+ls -la  "/home/node/workdir/src"
+ls -la  "/home/node/workdir/src/node-${full_version}"
+
+cd "/home/node/workdir/src/node-${full_version}"
+
+# Compile from source
+export CCACHE_DIR="/home/node/workdir/.ccache-${architecture}"
+export CC="ccache gcc"
+export CXX="ccache g++"
+
+. /opt/rh/devtoolset-9/enable
+
+make -j"$(getconf _NPROCESSORS_ONLN)" binary V= \
+  DESTCPU="$architecture" \
+  ARCH="$architecture" \
+  DISTTYPE="release" \
+  RELEASE_URLBASE="$release_url_base" \
+  CONFIG_FLAGS="$config_flags"
+
+mkdir -p /home/node/workdir/dist/
+chmod a+w /home/node/workdir/dist
+mv node-*.tar.?z /home/node/workdir/dist/
+chmod a+rwx /home/node/workdir/dist/*

build-image-config/re2_entrypoint.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+re2_full_version="$1"
+node_full_version="$2"
+node_download_base_url="$3"
+
+if [[ $(arch) == x86_64 ]]; then
+  architecture="x64";
+else
+  architecture="arm64"
+fi
+
+cd /home/node/workdir
+mkdir -p dist/
+mkdir -p src/
+
+## Download and unpack Node.js binary if needed.
+node_folder_name="node-${node_full_version}-linux-${architecture}"
+npm_binary="/home/node/workdir/${node_folder_name}/bin/npm"
+if [ ! -f "$npm_binary" ]; then
+    if [ ! -f "/home/node/workdir/$node_folder_name.tar.xz" ]; then
+        curl -fsSLO --compressed "${node_download_base_url}/${node_folder_name}.tar.xz"
+    fi
+
+    tar -xf "/home/node/workdir/${node_folder_name}.tar.xz"
+fi
+
+cd src
+
+## Download re2 source if needed.
+re2_source_folder="/home/node/workdir/src/node-re2-${re2_full_version}"
+if [ ! -d "$re2_source_folder" ]; then
+    git clone --recurse-submodules --depth 1 --branch $re2_full_version https://github.com/uhop/node-re2.git "${re2_source_folder}"
+fi
+
+cd "$re2_source_folder"
+export PATH="/home/node/workdir/${node_folder_name}/bin:$PATH"
+export DEVELOPMENT_SKIP_GETTING_ASSET=true
+
+export CCACHE_DIR="/home/node/workdir/.ccache-re2-${architecture}"
+export CC="ccache gcc"
+export CXX="ccache g++"
+
+. /opt/rh/devtoolset-9/enable
+
+$npm_binary i --unsafe-perm=true
+$npm_binary run build --if-present
+$npm_binary test
+
+mkdir -p /home/node/workdir/dist/
+chmod a+w /home/node/workdir/dist
+cp "${re2_source_folder}/build/Release/re2.node" "/home/node/workdir/dist/linux-${architecture}-108"
+gzip -f "/home/node/workdir/dist/linux-${architecture}-108"
+chmod a+rwx /home/node/workdir/dist/*

scripts/build_nodejs.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+set -euo pipefail
+
+source ./scripts/common.sh
+
+# TARGET_VERSION provided in env
+# ARCH provided in env
+assert_correct_arch $ARCH
+
+TARGET_NODE_VERSION="v$TARGET_VERSION"
+BUILD_IMAGE_NAME=$(get_build_image_name)
+TARGET_PLATFORM="linux/$ARCH"
+RELEASE_URL_BASE="https://unofficial-builds.nodejs.org/download/release/"
+
+echo "Running node.js build in folder: `pwd`"
+
+echo '--- Downloading node source'
+retry 5 15 curl --create-dirs --output-dir ./workdir/src -fsSLO --compressed \
+  https://nodejs.org/download/release/$TARGET_NODE_VERSION/node-$TARGET_NODE_VERSION.tar.xz
+tar -xf ./workdir/src/node-$TARGET_NODE_VERSION.tar.xz -C ./workdir/src
+chmod -R a+rwx ./workdir/
+
+
+echo "--- Buidling node for $TARGET_PLATFORM"
+docker run --rm -it --platform $TARGET_PLATFORM \
+  -v ./workdir:/home/node/workdir:Z \
+  $BUILD_IMAGE_NAME \
+  $RELEASE_URL_BASE \
+  $TARGET_NODE_VERSION

scripts/build_re2.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+source ./scripts/common.sh
+
+# TARGET_VERSION provided in env
+# ARCH provided in env
+assert_correct_arch $ARCH
+
+BUILD_IMAGE_NAME=$(get_build_image_name)
+RE2_FULL_VERSION=${RE2_VERSION:-1.17.7} # $1
+NODE_FULL_VERSION="v$TARGET_VERSION" # $2
+NODE_DOWNLOAD_BASE_URL="https://storage.googleapis.com/kibana-custom-node-artifacts/node-glibc-217/dist/v$TARGET_VERSION"
+TARGET_PLATFORM="linux/$ARCH"
+
+echo "--- Building RE2 for $TARGET_PLATFORM"
+mkdir -p ./workdir_re2/
+chmod -R a+rwx ./workdir_re2/
+docker run --rm -it --platform $TARGET_PLATFORM --entrypoint /home/node/re2_entrypoint.sh \
+  -v ./workdir_re2:/home/node/workdir \
+  $BUILD_IMAGE_NAME \
+  $RE2_FULL_VERSION \
+  $NODE_FULL_VERSION \
+  $NODE_DOWNLOAD_BASE_URL

scripts/common.sh

@@ -0,0 +1,70 @@
+
+function assert_correct_arch() {
+  ARCH=$1
+
+  if [[ "$ARCH" == "arm64" || "$ARCH" == "amd64" ]]; then
+    # we're good, supported architecture
+    echo "Building for architecture: $ARCH"
+  else
+    echo "ARCH (=$ARCH) env variable is not one of: arm64, amd64"
+    exit 1
+  fi
+}
+
+function get_build_image_name() {
+  NODE_VERSION=${1:-$TARGET_VERSION}
+  PLATFORM=${2:-$ARCH}
+
+  echo "docker.elastic.co/elastic/nodejs-custom:$NODE_VERSION-$PLATFORM"
+}
+
+function retry() {
+  local retries=$1; shift
+  local delay=$1; shift
+  local attempts=1
+
+  until "$@"; do
+    retry_exit_status=$?
+    echo "Exited with $retry_exit_status" >&2
+    if (( retries == "0" )); then
+      return $retry_exit_status
+    elif (( attempts == retries )); then
+      echo "Failed $attempts retries" >&2
+      return $retry_exit_status
+    else
+      echo "Retrying $((retries - attempts)) more times..." >&2
+      attempts=$((attempts + 1))
+      sleep "$delay"
+    fi
+  done
+}
+
+function replace_shasums_in_folder() {
+  local working_directory=$1
+
+  cd $working_directory
+
+  # Check if SHASUMS256.txt file exists
+  if [ ! -f "./SHASUMS256.txt" ]; then
+    echo "SHASUMS256.txt file does not exist in folder: $working_directory"
+    exit 1
+  fi
+
+  # Loop through files in folder
+  for file in *; do
+    if [ "$file" != "SHASUMS256.txt" ] && [ -f "$file" ]; then
+      # Calculate SHA256 hash
+      new_sha256=$(shasum -a 256 "$file" | cut -d' ' -f1)
+      # Replace hashes in SHASUMS256.txt
+      node -e """
+        lines = fs.readFileSync('SHASUMS256.txt').toString().split('\n')
+        output = lines.map(l => l.endsWith('$file') ? '$new_sha256  $file' : l)
+        fs.writeFileSync('SHASUMS256.txt', output.join('\n'))
+      """
+    fi
+  done
+
+  echo "`pwd`/SHASUMS256.txt updated"
+
+  cd -
+}