Automated Snap Package build processes without the Build Service

Automated Snap
Package build processes
without the Build Service
Dani Llewellyn (diddledani) she/her

09/11/2022 Dani Llewellyn 2
My Background
●
Linux user since ~1997-8
●
Web, Desktop, and Server dev/admin experience
●
Windows, macOS, and Linux
●
Single System Image Beowulf-style clustering ~2001-5 (OpenMosix)
●
Ran Gentoo for a decade learning a LOT
●
Learned high-availability techniques via tools like CoroSync and Pacemaker
●
Have since forgotten it all 😛
●
Used Docker and containerisation since Docker first appeared
●
Advocate for automated build and testing wherever possible
●
Primary contributions to Snaps/Snapcraft, WSL2, and Ubuntu Mate
●
Featured multiple times on the Ubuntu.com Blog
●
Ubuntu Member February 2018
●
Ubuntu Membership Board September 2018-present
●
Microsoft MVP primarily for WSL-related community work

My Background continued: Snaps
●
Author and maintainer of many snaps:
●
Including the very popular GNU Image Manipulation Program and
Audacity snaps (over 300k users each)
●
Core member of Snapcrafters project
●
Trusted snap packaging expert (granted a star in the Snap Store)
●
Worked with Microsoft to bring PowerShell Core to the Snap Store
●
Regular attendee of Snapcraft Summits
●
Constantly in contact with Ubuntu Desktop/Snapcraft/Snapd/Snap
Store teams

Building Snap Packages

The Build Service
●
Provided by Canonical
●
Powered by launchpad.net build farm
●
The same farm used for Ubuntu itself
●
Accessed via snapcraft.io
●
Tightly integrated with you Snap Package admin pages on snapcraft.io
●
Builds for all Snap Package architectures (amd64, i386, arm64, armhf, ppc64, s390x,
riscv64)
●
All builds publicly visible
●
Source code is exposed publicly via launchpad.net while building
●
No ability to add, and protect, secrets to build environment
●
Requires source code hosted on GitHub

CI/CD platforms
●
Most hosted services require OCI containers (Docker)
●
Often single architecture (amd64, i386)
●
Able to have private builds
●
Some services allow self-hosted runners
●
Source code may be completely private
●
Docker containers and Systemd (required to get snapd
operational) are problematic

What if...?
●
What if we could build our Snaps on a CI/CD platform of our
choice...
●
...With full support of Systemd+Snapd to allow full
functionality of Snapcraft...
●
...And for Intel/AMD and ARM (with potential for PPC64,
s390x, and riscv64 too)…
●
Wouldn’t that be great?

Perhaps we can!

We need an OCI image
●
Must run Systemd
●
And be available for all architectures
●
Can run in a fully automated fashion
●
With variants for every Base Snap (core, core18, core20, and
core22)
●
…

Oh, I think I know of one!
●
https://hub.docker.com/r/diddledani/snapcraft

So how do we use this?

Running manually on your workstation
●
On Ubuntu, ensure you have Docker installed
●
Must not be the Snap Package of Docker due to AppArmor issues!
●
Next, ensure you have foreign architectures supported:
●
Ideally you should use the latest qemu-user-static so it is best to set up qemu-user-static
via docker:
docker run --privileged --rm tonistiigi/binfmt --install all
docker run --rm -it --privileged -v $PWD:/data -w /data diddledan/snapcraft:core22
●
Now, in your project folder, run the container (here it is assumed your snap is using the
core22 base snap):
●
Unfortunately, the --privileged flag is required while running in Docker
●
This prevents using some CI/CD providers, but not all – GitHub Actions and GitLab CI are
definitely supported!

Demo time!
●
Let’s see my OCI image build a Snap Package via Docker

Running in CD/CD services: GitHub Actions
●
I maintain a GitHub Action in the Actions Marketplace
https://github.com/marketplace/actions/snapcraft-multiarch-build
●
The simplest usage – via a workflow YAML file:
name: build snap package
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: diddlesnaps/snapcraft-multiarch-action@v1
id: snapcraft
- uses: actions/upload-artifact@v2
with:
name: snap
path: ${{ steps.snapcraft.outputs.snap }}
●
You can also use snapcore/action-publish@v1
to upload to the store - See instructions at
https://github.com/snapcore/action-publish
- uses: snapcore/action-publish@v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.STORE_LOGIN }}
with:
snap: ${{ steps.build.outputs.snap }}
release: edge

Multiple architectures on GitHub Actions
●
Add strategy under build:
jobs:
build:
strategy:
matrix:
# Set to your desired list of
# architectures to build for
Architecture:
- i386
- amd64
- arm64
- armhf
- ppc64el
- s390x
- uses: diddlesnaps/snapcraft-
multiarch-action@v1
with:
architecture: $
{{ matrix.architecture }}
●
Next, amend the step that uses
my snapcraft-muiltiarch-action
to specify the architecture
based on the matrix to the left:

GitHub Demo
Building a snap in GitHub Actions for AMD64
and ARM64 on a pull request

That’s it for GitHub Actions

What about GitLab CI?
●
I have a similarly reusable GitLab CI workflow for you to consume at
https://gitlab.com/diddledani/snapcraft-multiarch-gitlab-ci
●
For building with your source code hosted on GitLab.com your .gitlab-ci.yml can look like this:
●
For source code on a self-hosted GitLab instance, amend the include:
include:
- project: diddledani/snapcraft-multiarch-gitlab-ci
ref: main
file: /snapcraft.yml
build-snap:
extends: [ .snapcraft ]
include:
- remote: 'https://gitlab.com/diddledani/snapcraft-multiarch-gitlab-ci/-/raw/main/snapcraft.yml'

Multiple architectures on GitLab CI, too?
●
Yes it does!
●
In both instances we
replace the build-snap
definition with the
definitions for each of our
architectures
amd64:
extends: [ .snapcraft, .amd64 ]
i386:
extends: [ .snapcraft, .i386 ]
arm64:
extends: [ .snapcraft, .arm64 ]
armhf:
extends: [ .snapcraft, .armhf ]
ppc64el:
extends: [ .snapcraft, .ppc64el ]

GitLab Demo
Building a snap in GitLab CI for AMD64 and
ARM64 on a pull request

Uploading to the store with GitLab CI
●
Add a “file” variable to your GitLab project’s CI config page with the content of
exported.txt after running (replace $PACKAGE_NAME with your package’s name):
publish-snap:
extends: [ .publish-snap ]
variables:
RELEASE_CHANNEL: edge
only:
branches: [ main ]
snapcraft export-login
--snaps=$PACKAGE_NAME
--acls package_access,package_push,package_update,package_release
exported.txt
●
Add the following to your .gitlab-ci.yml file and commit to your repo. This
will mimic the behaviour of the Build Service provided on snapcraft.io by
building the main branch and pushing it to the edge channel within the store:

Acknowledgements
●
Martin Wimpress (@m_wimpress), Alan Pope (@popey), both alumni, and Igor (of the
Snap Advocacy team)
●
For recognising my capability and enthusiasm for the Snap Packaging world
●
For inviting me to Snapcraft Summits to share my knowledge and expertise
●
For encouraging me to get deeper into the Ubuntu Community, such as applying for Ubuntu Membership
●
Ubuntu Desktop Team, Snapcraft Team, and Snapd Team all at Canonical
●
For being receptive to my contributions and constantly encouraging my continued involvement
●
Sarah Dickinson (@dickinsonsarah7) formally head of Canonical PR
●
For featuring my thoughts about Snaps and other Canonical projects in multiple blog posts on Ubuntu.com
●
Heather Ellsworth (Ubuntu Desktop team; @linux_flower) and Monica Madon (former Ubuntu
Community Respresentative; @communiteatime)
●
For being excellent friends and providing constant encouragement and moral support, especially while I'm
trying to find work that is suitable for my talents

Where to find me
●
https://snapcraft.ninja/
●
Ubuntu Discourse (diddledani)
●
Snapcraft Forum (diddledani)
●
https://github.com/diddlesnaps
●
https://github.com/diddledani
●
https://github.com/UbuntuAccomplishments
●
Twitter (@diddledani)
●
Mastodon (@diddledani@mastodon.lol)
●
Also: I’m currently looking for work 😉

Automated Snap Package build processes without the Build Service

More Related Content

Similar to Automated Snap Package build processes without the Build Service (20)

Recently uploaded (20)

Automated Snap Package build processes without the Build Service