5 files changed, 154 insertions, 0 deletions
diff --git a/testing/docker/image_builder/Dockerfile b/testing/docker/image_builder/Dockerfile
new file mode 100644
index 000000000..9acbafaab
--- /dev/null
+++ b/testing/docker/image_builder/Dockerfile
@@ -0,0 +1,40 @@
+FROM ubuntu:16.04
+
+# %include testing/docker/recipes/tooltool.py
+ADD topsrcdir/testing/docker/recipes/tooltool.py /setup/tooltool.py
+
+# %include testing/docker/recipes/common.sh
+ADD topsrcdir/testing/docker/recipes/common.sh /setup/common.sh
+
+# %include testing/docker/recipes/install-mercurial.sh
+ADD topsrcdir/testing/docker/recipes/install-mercurial.sh /setup/install-mercurial.sh
+
+# %include testing/mozharness/external_tools/robustcheckout.py
+ADD topsrcdir/testing/mozharness/external_tools/robustcheckout.py /usr/local/mercurial/robustcheckout.py
+
+# %include testing/docker/recipes/run-task
+ADD topsrcdir/testing/docker/recipes/run-task /usr/local/bin/run-task
+
+# Add and run setup script
+ADD build-image.sh      /usr/local/bin/build-image.sh
+ADD setup.sh            /setup/setup.sh
+RUN bash /setup/setup.sh
+
+# Setup a workspace that won't use AUFS
+VOLUME /home/worker/workspace
+
+# Set variable normally configured at login, by the shells parent process, these
+# are taken from GNU su manual
+ENV           HOME          /home/worker
+ENV           SHELL         /bin/bash
+ENV           USER          worker
+ENV           LOGNAME       worker
+ENV           HOSTNAME      taskcluster-worker
+ENV           LC_ALL        C
+
+# Create worker user
+RUN useradd -d /home/worker -s /bin/bash -m worker
+
+# Set some sane defaults
+WORKDIR /home/worker/
+CMD     build-image.sh
diff --git a/testing/docker/image_builder/REGISTRY b/testing/docker/image_builder/REGISTRY
new file mode 100644
index 000000000..cb1e1bb48
--- /dev/null
+++ b/testing/docker/image_builder/REGISTRY
@@ -0,0 +1 @@
+taskcluster
diff --git a/testing/docker/image_builder/VERSION b/testing/docker/image_builder/VERSION
new file mode 100644
index 000000000..3eefcb9dd
--- /dev/null
+++ b/testing/docker/image_builder/VERSION
@@ -0,0 +1 @@
+1.0.0
diff --git a/testing/docker/image_builder/build-image.sh b/testing/docker/image_builder/build-image.sh
new file mode 100755
index 000000000..25e0d6a28
--- /dev/null
+++ b/testing/docker/image_builder/build-image.sh
@@ -0,0 +1,59 @@
+#!/bin/bash -vex
+
+# Set bash options to exit immediately if a pipeline exists non-zero, expand
+# print a trace of commands, and make output verbose (print shell input as it's
+# read)
+# See https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
+set -x -e -v
+
+# Prefix errors with taskcluster error prefix so that they are parsed by Treeherder
+raise_error() {
+  echo
+  echo "[taskcluster-image-build:error] $1"
+  exit 1
+}
+
+# Ensure that the PROJECT is specified so the image can be indexed
+test -n "$PROJECT"    || raise_error "PROJECT must be provided."
+test -n "$HASH"       || raise_error "Context HASH must be provided."
+test -n "$IMAGE_NAME" || raise_error "IMAGE_NAME must be provided."
+
+# Create artifact folder
+mkdir -p /home/worker/workspace/artifacts
+
+# Construct a CONTEXT_FILE
+CONTEXT_FILE=/home/worker/workspace/context.tar
+
+# Run ./mach taskcluster-build-image with --context-only to build context
+run-task \
+  --chown-recursive "/home/worker/workspace" \
+  --vcs-checkout "/home/worker/checkouts/gecko" \
+  -- \
+  /home/worker/checkouts/gecko/mach taskcluster-build-image \
+  --context-only "$CONTEXT_FILE" \
+  "$IMAGE_NAME"
+test -f "$CONTEXT_FILE" || raise_error "Context file wasn't created"
+
+# Post context tar-ball to docker daemon
+# This interacts directly with the docker remote API, see:
+# https://docs.docker.com/engine/reference/api/docker_remote_api_v1.18/
+curl -s \
+  -X POST \
+  --header 'Content-Type: application/tar' \
+  --data-binary "@$CONTEXT_FILE" \
+  --unix-socket /var/run/docker.sock "http:/build?t=$IMAGE_NAME:$HASH" \
+  | tee /tmp/docker-build.log \
+  | jq -r '.status + .progress, .stream[:-1], .error | select(. != null)'
+
+# Exit non-zero if there is error entries in the log
+if cat /tmp/docker-build.log | jq -se 'add | .error' > /dev/null; then
+  raise_error "Image build failed: `cat /tmp/docker-build.log | jq -rse 'add | .error'`";
+fi
+
+# Get image from docker daemon
+# This interacts directly with the docker remote API, see:
+# https://docs.docker.com/engine/reference/api/docker_remote_api_v1.18/
+curl -s \
+  -X GET \
+  --unix-socket /var/run/docker.sock "http:/images/$IMAGE_NAME:$HASH/get" \
+  | zstd -3 -c -o /home/worker/workspace/artifacts/image.tar.zst
diff --git a/testing/docker/image_builder/setup.sh b/testing/docker/image_builder/setup.sh
new file mode 100644
index 000000000..1a2d13503
--- /dev/null
+++ b/testing/docker/image_builder/setup.sh
@@ -0,0 +1,53 @@
+#!/bin/bash -vex
+set -v -e -x
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Update apt-get lists
+apt-get update -y
+
+# Install dependencies
+apt-get install -y \
+    curl \
+    tar \
+    jq \
+    python \
+    build-essential # Only needed for zstd installation, will be removed later
+
+# Install mercurial
+. /setup/common.sh
+. /setup/install-mercurial.sh
+
+# Install build-image.sh script
+chmod +x /usr/local/bin/build-image.sh
+chmod +x /usr/local/bin/run-task
+
+# Create workspace
+mkdir -p /home/worker/workspace
+
+# Install zstd 1.1.1
+cd /setup
+tooltool_fetch <<EOF
+[
+  {
+    "size": 734872,
+    "visibility": "public",
+    "digest": "a8817e74254f21ee5b76a21691e009ede2cdc70a78facfa453902df3e710e90e78d67f2229956d835960fd1085c33312ff273771b75f9322117d85eb35d8e695",
+    "algorithm": "sha512",
+    "filename": "zstd.tar.gz"
+  }
+]
+EOF
+cd -
+tar -xvf /setup/zstd.tar.gz -C /setup
+make -C /setup/zstd-1.1.1/programs install
+rm -rf /tmp/zstd-1.1.1/ /tmp/zstd.tar.gz
+apt-get purge -y build-essential
+
+# Purge apt-get caches to minimize image size
+apt-get auto-remove -y
+apt-get clean -y
+rm -rf /var/lib/apt/lists/
+
+# Remove this script
+rm -rf /setup/