From 18b8cb2a28b2c87150c75f80290caaab84725303 Mon Sep 17 00:00:00 2001 From: D Hoyt Date: Wed, 11 Feb 2026 13:52:31 -0500 Subject: [PATCH 1/2] Add: Dockerfiles for Packages Build Configs for https://github.com/orgs/InternationalColorConsortium/packages?repo_name=iccDEV --- Dockerfile | 320 +++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile.nixos | 132 +++++++++++++++++++ 2 files changed, 452 insertions(+) create mode 100644 Dockerfile create mode 100644 Dockerfile.nixos diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..6d24fc24d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,320 @@ +############################################################### +# Copyright (c) 2025-2026 International Color Consortium. +# All rights reserved. +# https://color.org +# +# Intent: iccDEV ci-docker-build +# +# Last Updated: 2026-02-11 18:46:30 UTC by David Hoyt +# +############################################################### + + +# ========================= +# 1) BUILD STAGE +# ========================= +FROM ubuntu:26.04 AS builder +ENV DEBIAN_FRONTEND=noninteractive + +LABEL org.opencontainers.image.title="iccDEV Build Container" \ + org.opencontainers.image.description="Container v2.0.0.82" \ + org.opencontainers.image.licenses="BSD-3-Clause" \ + org.opencontainers.image.vendor="International Color Consortium" \ + org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" \ + org.opencontainers.image.url="https://github.com/InternationalColorConsortium/iccDEV" \ + org.opencontainers.image.documentation="https://github.com/InternationalColorConsortium/iccDEV/tree/master/docs" \ + org.opencontainers.image.version="latest" + +# ------------------------------------------------------------ +# Locale (required for deterministic CLI + CI) +# ------------------------------------------------------------ +RUN apt-get update && \ + apt-get install -y --no-install-recommends locales && \ + locale-gen en_US.UTF-8 && \ + rm -rf /var/lib/apt/lists/* +ENV LANG=en_US.UTF-8 +ENV LC_ALL=en_US.UTF-8 + +# ------------------------------------------------------------ +# Runtime dependencies (no compilers, no headers) +# ------------------------------------------------------------ +# Build toolchain + dev dependencies +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential wget \ + cmake \ + make \ + ninja-build \ + git \ + curl \ + wget \ + ca-certificates \ + pkg-config \ + ccache \ + gdb nano \ + clang-18 \ + clang-tools-18 \ + lldb-18 \ + llvm-18 \ + llvm-18-dev \ + libclang-18-dev \ + libxml2-dev \ + nlohmann-json3-dev \ + libtiff6 \ + libgtk-3-dev \ + libgdk-pixbuf-xlib-2.0-0 \ + libcurl4-openssl-dev \ + libglu1-mesa-dev \ + libnotify-dev \ + libjpeg-dev \ + libpng-dev \ + zlib1g-dev \ + libsecret-1-dev \ + libx11-dev \ + libxext-dev \ + libxtst-dev \ + libclang-rt-18-dev \ + && rm -rf /var/lib/apt/lists/* + +# ------------------------------------------------------------ +# Build iccDEV using Clang-18 with full sanitizer propagation +# ------------------------------------------------------------ +ENV CC=/usr/bin/clang-18 +ENV CXX=/usr/bin/clang++-18 + +RUN git clone https://github.com/InternationalColorConsortium/iccDEV.git /opt/iccdev \ + && cd /opt/iccdev \ + && sed -i '/find_package(wxWidgets COMPONENTS core base REQUIRED)/,/endif()/ s/^/# /' Build/Cmake/CMakeLists.txt \ + && cd Build \ + && cmake \ + -DCMAKE_INSTALL_PREFIX=/opt/iccdev/install \ + -DCMAKE_BUILD_TYPE=Debug \ + -DCMAKE_C_COMPILER=/usr/bin/clang-18 \ + -DCMAKE_CXX_COMPILER=/usr/bin/clang++-18 \ + -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY \ + -DCMAKE_TRY_COMPILE_C_FLAGS="" \ + -DCMAKE_TRY_COMPILE_CXX_FLAGS="" \ + -DCMAKE_TRY_COMPILE_LINKER_FLAGS="" \ + -DTIFF_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libtiff.so \ + -DTIFF_INCLUDE_DIR=/usr/include \ + -DZLIB_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libz.so \ + -DZLIB_INCLUDE_DIR=/usr/include \ + -DPNG_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libpng.so \ + -DPNG_PNG_INCLUDE_DIR=/usr/include \ + -DJPEG_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libjpeg.so \ + -DJPEG_INCLUDE_DIR=/usr/include \ + -DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -fno-omit-frame-pointer" \ + -DCMAKE_CXX_FLAGS="-g -fsanitize=address,undefined -fno-omit-frame-pointer -Wall" \ + -DCMAKE_EXE_LINKER_FLAGS="" \ + -DCMAKE_SHARED_LINKER_FLAGS="" \ + ../Build/Cmake \ + && make -j"$(nproc)" \ + && rm -rf /opt/iccdev/.git + +# Install runtime script +RUN cat >/opt/iccdev/run-tests.sh <<'EOF' +#!/bin/sh +set -eu +set -o pipefail +cd Testing +echo "=== Updating PATH ===" +for d in ../Build/Tools/*; do + [ -d "$d" ] && export PATH="$(realpath "$d"):$PATH" +done + sh CreateAllProfiles.sh + sh RunTests.sh + cd HDR + sh mkprofiles.sh + cd .. + pwd + cd CalcTest + sh checkInvalidProfiles.sh + cd .. + pwd + cd mcs + pwd + sh updateprev.sh + sh updateprevWithBkgd.sh + cd .. + find . -iname "*.icc" | wc -l +echo "========= INSIDE STUB EXIT =========" +EOF + +RUN chmod +x /opt/iccdev/run-tests.sh + +# ------------------------------------------------------------ +# Build-time security scrub: remove possible secrets/tokens/keys +# ------------------------------------------------------------ +RUN rm -rf /root/.ssh || true \ + && rm -rf /root/.gnupg || true \ + && rm -rf /root/.git || true \ + && rm -rf /root/.config || true \ + && find /opt/iccdev -type f -name "*.asc" -delete || true \ + && find /opt/iccdev -type f -name "*id_rsa*" -delete || true \ + && find /opt/iccdev -type f -name "*.pem" -delete || true \ + && find /opt/iccdev -type f -name "*.key" -delete || true \ + && find /opt/iccdev -type f -name "*token*" -delete || true + +# ------------------------------------------------------------ +# Default python alias +# ------------------------------------------------------------ +RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10 + +RUN rm -rf /root/.ssh /root/.gnupg /root/.config /root/.gitconfig || true \ + && rm -rf /opt/iccdev/.git || true \ + && find /opt/iccdev -type f \( \ + -name "*.asc" -o \ + -name "*id_rsa*" -o \ + -name "*.pem" -o \ + -name "*.key" -o \ + -name "*token*" \ + \) -delete || true + +RUN git config --system user.email "" \ + && git config --system user.name "" \ + && git config --system credential.helper "" + +############################################################### +# 2) RUNTIME STAGE +############################################################### +FROM ubuntu:26.04 AS runtime +ENV DEBIAN_FRONTEND=noninteractive + +# ------------------------------------------------------------ +# Locale (match builder deterministically) +# ------------------------------------------------------------ +RUN apt-get update && \ + apt-get install -y --no-install-recommends locales && \ + locale-gen en_US.UTF-8 && \ + rm -rf /var/lib/apt/lists/* + +ENV LANG=en_US.UTF-8 +ENV LC_ALL=en_US.UTF-8 + +# ------------------------------------------------------------ +# Install CA certificates (needed for git HTTPS) +# ------------------------------------------------------------ +RUN apt-get update && \ + apt-get install -y --no-install-recommends ca-certificates && \ + update-ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +# ------------------------------------------------------------ +# Pull artifacts from builder +# ------------------------------------------------------------ +COPY --from=builder /usr /usr +COPY --from=builder /usr/local /usr/local +COPY --from=builder /opt/iccdev /opt/iccdev + +# ------------------------------------------------------------ +# Runtime user +# ------------------------------------------------------------ +RUN groupadd -r iccdev \ + && useradd -r -g iccdev -d /opt/iccdev -s /bin/bash iccdev \ + && chown -R iccdev:iccdev /opt/iccdev + +# ------------------------------------------------------------ +# Collect iccdev executable directories +# ------------------------------------------------------------ +RUN find /opt/iccdev/Build/Tools -type f -perm -111 -printf '%h\n' \ + | sort -u | paste -sd: - \ + > /opt/iccdev/toolpaths.txt + +# ------------------------------------------------------------ +# Collect ONLY llvm-21 binary paths +# (avoid llvm-18 or llvm-19 directories if image contains them) +# ------------------------------------------------------------ +RUN if [ -d /usr/lib/llvm-21 ]; then \ + echo "/usr/lib/llvm-21/bin" > /opt/iccdev/llvm-paths.txt; \ + else \ + find /usr/lib -maxdepth 1 -type d -name 'llvm-21' -printf '%p/bin\n' \ + > /opt/iccdev/llvm-paths.txt; \ + fi + +# ------------------------------------------------------------ +# Deterministic PATH script for login shells +# ------------------------------------------------------------ +RUN TOOLPATHS="$(cat /opt/iccdev/toolpaths.txt)" \ + && LLVMPATHS="$(cat /opt/iccdev/llvm-paths.txt)" \ + && printf 'export PATH=%s:%s:$PATH\n' "$TOOLPATHS" "$LLVMPATHS" \ + > /etc/profile.d/00-iccdev-path.sh \ + && chmod 644 /etc/profile.d/00-iccdev-path.sh + +# ------------------------------------------------------------ +# Make ALL bash shells load /etc/profile.d scripts +# ------------------------------------------------------------ +RUN echo 'for f in /etc/profile.d/*.sh; do [ -r "$f" ] && . "$f"; done' \ + >> /etc/bash.bashrc + +# ------------------------------------------------------------ +# Default PATH for non-login shells +# ------------------------------------------------------------ +RUN TOOLPATHS="$(cat /opt/iccdev/toolpaths.txt)" \ + && LLVMPATHS="$(cat /opt/iccdev/llvm-paths.txt)" \ + && printf 'PATH=%s:%s:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n' \ + "$TOOLPATHS" "$LLVMPATHS" \ + > /etc/environment + +# ------------------------------------------------------------ +# Build-time verification that iccToXml is operational +# ------------------------------------------------------------ +RUN iccToXml || true + +# ------------------------------------------------------------ +# Deterministic banner (corrected to v2.0.0.76) +# ------------------------------------------------------------ +RUN { \ + echo "echo \"\""; \ + echo "echo \"============================================================\""; \ + echo "echo \"==== International Color Consortium | https://color.org ====\""; \ + echo "echo \"==== iccDEV Build Container v2.0.0.82 Built for Docker ====\""; \ + echo "echo \"============================================================\""; \ + echo "echo \"\""; \ + echo "echo \"The Libraries & Tools are on PATH\""; \ + echo "echo \"\""; \ + echo "echo \"=====================================================\""; \ + echo "echo \"Example Use:\""; \ + echo "echo \"iccToXml Testing/sRGB_v4_ICC_preference.icc Testing/sRGB_v4_ICC_preference.xml\""; \ + echo "iccToXml Testing/sRGB_v4_ICC_preference.icc Testing/sRGB_v4_ICC_preference.xml; [ \$? -ne 0 ] && echo \"\""; \ + echo "echo \"\""; \ + echo "echo \"The Testing directory contains ICC profiles.\""; \ + echo "echo \"\""; \ + echo "echo \"To create all the profiles run these 2 commands:\""; \ + echo "echo \"-----\""; \ + echo "echo \"cd Testing\""; \ + echo "echo \"bash CreateAllProfiles.sh\""; \ + echo "echo \"-----\""; \ + echo "echo \"The Expected Output:\""; \ + echo "echo \"ICC files: 204\""; \ + echo "echo \"\""; \ + echo "echo \"=== Thank you for using iccDEV Build Container v2.0.0.81 ====\""; \ + echo "echo \"\""; \ +} > /etc/profile.d/iccdev-banner.sh \ + && chmod 644 /etc/profile.d/iccdev-banner.sh + +# ------------------------------------------------------------ +# Deterministic prompt for all shells +# ------------------------------------------------------------ +RUN printf 'export PS1="iccdev@build:\$(pwd)$ "\n' \ + > /etc/profile.d/10-iccdev-prompt.sh \ + && chmod 644 /etc/profile.d/10-iccdev-prompt.sh + +USER iccdev +WORKDIR /opt/iccdev + +RUN printf 'export PS1="iccdev@build:\$(pwd)$ "\n' >> ~/.bashrc + +############################################################### +# 3) DEBUG-ASAN FINAL IMAGE (public runtime) +############################################################### +FROM runtime AS debug-asan + +LABEL org.opencontainers.image.title="iccDEV Build Container" \ + org.opencontainers.image.description="iccDEV Build Container v2.0.0.82" \ + org.opencontainers.image.licenses="BSD-3-Clause" \ + org.opencontainers.image.vendor="International Color Consortium" \ + org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" + +# CMD ["bash", "-l"] +CMD ["/opt/iccdev/run-tests.sh"] + diff --git a/Dockerfile.nixos b/Dockerfile.nixos new file mode 100644 index 000000000..a7d7864da --- /dev/null +++ b/Dockerfile.nixos @@ -0,0 +1,132 @@ +############################################################### +# Copyright (c) 2025-2026 International Color Consortium. +# All rights reserved. +# https://color.org +# +# Dockerfile for iccDEV Build Container using NixOS +# Based on nixos/nix Docker image +# +# Last Updated: 2026-02-09 23:50:57 UTC by David Hoyt +# +# Build command: +# docker build -f Dockerfile.nixos -t iccdev-nixos:latest . +# +# Run command: +# docker run -it --rm iccdev-nixos:latest +# +# Testing with volume mount: +# docker run -it --rm -v /path/to/icc/files:/data iccdev-nixos:latest +# +############################################################### + +# Use official NixOS Docker image +FROM nixos/nix:latest + +LABEL org.opencontainers.image.title="iccDEV Build Container (NixOS)" \ + org.opencontainers.image.description="iccDEV built with Nix package manager" \ + org.opencontainers.image.licenses="BSD-3-Clause" \ + org.opencontainers.image.vendor="International Color Consortium" \ + org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" \ + org.opencontainers.image.url="https://github.com/InternationalColorConsortium/iccDEV" \ + org.opencontainers.image.documentation="https://github.com/InternationalColorConsortium/iccDEV/tree/master/docs" + +# Set working directory +WORKDIR /workspace + +# Clone iccDEV repository and build using nix-shell +# Build from HEAD with all dependencies including wxWidgets +RUN nix-shell -p git cmake gcc gnumake pkg-config libxml2 libtiff libjpeg libpng nlohmann_json zlib wxGTK32 --run ' \ + export NIX_LDFLAGS="-ltiff $NIX_LDFLAGS" && \ + git clone https://github.com/InternationalColorConsortium/iccDEV.git /workspace/iccDEV && \ + cd /workspace/iccDEV && \ + echo "=== Building iccDEV from HEAD ===" && \ + git log -1 --oneline && \ + cd Build && \ + cmake Cmake && \ + make -j$(nproc) && \ + echo "=== Build Complete ===" && \ + echo "Built tools:" && \ + find ./Tools -name "icc*" -type f -executable | wc -l && \ + echo "Built libraries:" && \ + find . -name "*.so*" -o -name "*.a" | grep -E "IccProf|IccXML" | wc -l \ + ' + +# Set PATH to include all built tools +ENV PATH="/workspace/iccDEV/Build/Tools/IccApplyNamedCmm:\ +/workspace/iccDEV/Build/Tools/IccApplyProfiles:\ +/workspace/iccDEV/Build/Tools/IccApplySearch:\ +/workspace/iccDEV/Build/Tools/IccApplyToLink:\ +/workspace/iccDEV/Build/Tools/IccDumpProfile:\ +/workspace/iccDEV/Build/Tools/IccFromCube:\ +/workspace/iccDEV/Build/Tools/IccFromXml:\ +/workspace/iccDEV/Build/Tools/IccJpegDump:\ +/workspace/iccDEV/Build/Tools/IccPngDump:\ +/workspace/iccDEV/Build/Tools/IccRoundTrip:\ +/workspace/iccDEV/Build/Tools/IccSpecSepToTiff:\ +/workspace/iccDEV/Build/Tools/IccTiffDump:\ +/workspace/iccDEV/Build/Tools/IccToXml:\ +/workspace/iccDEV/Build/Tools/IccV5DspObsToV4Dsp:\ +/workspace/iccDEV/Build/Tools/wxProfileDump:\ +${PATH}" + +# Set library path +ENV LD_LIBRARY_PATH="/workspace/iccDEV/Build/IccProfLib:/workspace/iccDEV/Build/IccXML" + +# Set working directory to iccDEV +WORKDIR /workspace/iccDEV + +# Create welcome script in workspace +RUN cat > /workspace/welcome.sh << 'EOF' +#!/usr/bin/env sh +echo "" +echo "============================================================" +echo "==== International Color Consortium | https://color.org ====" +echo "==== iccDEV Build Container (NixOS) ========================" +echo "============================================================" +echo "" +echo "All iccDEV tools are available on PATH:" +echo "" +echo "Command-line tools (14):" +echo " - iccApplyNamedCmm - iccFromXml" +echo " - iccApplyProfiles - iccJpegDump" +echo " - iccApplySearch - iccPngDump" +echo " - iccApplyToLink - iccRoundTrip" +echo " - iccDumpProfile - iccSpecSepToTiff" +echo " - iccFromCube - iccTiffDump" +echo " - iccToXml - iccV5DspObsToV4Dsp" +echo "" +echo "GUI tool (1):" +echo " - iccDumpProfileGui" +echo "" +echo "iccDEV Libraries (in /workspace/iccDEV/Build):" +echo "" +echo "Shared Libraries (.so):" +echo " - IccProfLib/libIccProfLib2.so.2.3.1.4" +echo " - IccXML/libIccXML2.so.2.3.1.4" +echo "" +echo "Static Libraries (.a):" +echo " - IccProfLib/libIccProfLib2-static.a" +echo " - IccXML/libIccXML2-static.a" +echo "" +echo "Example usage:" +echo " iccDumpProfile Testing/sRGB_v4_ICC_preference.icc ALL" +echo " iccToXml Testing/sRGB_v4_ICC_preference.icc output.xml" +echo "" +echo "Testing directory: /workspace/iccDEV/Testing" +echo "Build directory: /workspace/iccDEV/Build" +echo "" +echo "To list all tools and libraries:" +echo " find Build/Tools -type f -executable -name 'icc*'" +echo " find Build -name 'libIcc*.so*' -o -name 'libIcc*.a'" +echo "" +echo "To run all tests:" +echo " cd Testing && sh CreateAllProfiles.sh" +echo "" +echo "================================================" +echo "" +EOF + +RUN chmod +x /workspace/welcome.sh + +# Default command: show welcome and start interactive shell +CMD ["sh", "-c", "/workspace/welcome.sh && exec sh"] From 0683c821417dc2c03f8ae6fcb4004e7ac5f42731 Mon Sep 17 00:00:00 2001 From: D Hoyt Date: Wed, 11 Feb 2026 14:10:35 -0500 Subject: [PATCH 2/2] Modify: ci-docker-latest to Release Build Type Modify: ci-docker-latest to Release Build Type --- .github/workflows/ci-docker-latest.yml | 145 ++++++++++++ Dockerfile | 304 ++----------------------- 2 files changed, 167 insertions(+), 282 deletions(-) create mode 100644 .github/workflows/ci-docker-latest.yml diff --git a/.github/workflows/ci-docker-latest.yml b/.github/workflows/ci-docker-latest.yml new file mode 100644 index 000000000..163a662fb --- /dev/null +++ b/.github/workflows/ci-docker-latest.yml @@ -0,0 +1,145 @@ +############################################################### +# +# Copyright (c) 2025-2026 International Color Consortium. +# All rights reserved. +# https://color.org +# +# +# Intent: ci-docker-latest +# +# Last Updated: 2026-02-12 00:04:23 UTC by David Hoyt +# Update Branch Info +# +# +# +# +# +# +############################################################### +# Intent: Build and publish iccDEV Docker container Release +############################################################### + +name: ci-docker-latest + +permissions: + contents: read + packages: write + +on: + workflow_dispatch: + push: + branches: [master, dockerfile] + paths: + - 'Dockerfile' + - '.github/workflows/ci-docker-latest.yml' + +jobs: + build: + name: "Build iccDEV Docker" + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + with: + images: ghcr.io/${{ github.repository_owner }}/iccdev-latest + tags: | + type=sha + type=raw,value=latest,enable={{is_default_branch}} + - name: Log in to GHCR + if: github.event_name != 'pull_request' + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@601a80b39c9405e50806ae38af30926f9d957c47 # v6.19.1 + with: + context: . + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: mode=max + sbom: true + + - name: Build local test image + run: docker build -f Dockerfile -t iccdev-test:latest . + + - name: Verify tools + shell: bash + run: | + set -euo pipefail + TOOL_COUNT=$(docker run --rm iccdev-test:latest bash -c \ + 'find /opt/iccdev/Build/Tools -type f -executable | wc -l') + echo "Tools built: $TOOL_COUNT" + if [ "$TOOL_COUNT" -lt 12 ]; then + echo "::error::Expected at least 12 tools, found $TOOL_COUNT" + exit 1 + fi + MISSING=$(docker run --rm iccdev-test:latest bash -c \ + 'ldd /opt/iccdev/Build/Tools/IccToXml/iccToXml 2>&1 | grep -c "not found" || true') + if [ "$MISSING" != "0" ]; then + echo "::error::Missing runtime shared libraries" + docker run --rm iccdev-test:latest bash -c \ + 'ldd /opt/iccdev/Build/Tools/IccToXml/iccToXml 2>&1 | grep "not found"' + exit 1 + fi + echo "### Build Results" >> "$GITHUB_STEP_SUMMARY" + echo "- Tools: $TOOL_COUNT" >> "$GITHUB_STEP_SUMMARY" + echo "- Runtime deps: All resolved ✅" >> "$GITHUB_STEP_SUMMARY" + echo '```' >> "$GITHUB_STEP_SUMMARY" + docker run --rm iccdev-test:latest bash -c \ + 'find /opt/iccdev/Build/Tools -type f -executable -exec basename {} \; | sort' \ + >> "$GITHUB_STEP_SUMMARY" + echo '```' >> "$GITHUB_STEP_SUMMARY" + - name: Test tool execution + shell: bash + run: | + set -euo pipefail + FAILURES=0 + echo "### Tool Tests" >> "$GITHUB_STEP_SUMMARY" + for tool in iccToXml iccFromXml iccDumpProfile iccRoundTrip; do + OUT=$(docker run --rm iccdev-test:latest "$tool" 2>&1 || true) + if echo "$OUT" | grep -qiE "Usage:|IccProfLib"; then + echo "✅ $tool" >> "$GITHUB_STEP_SUMMARY" + else + echo "::error::Tool test failed: $tool" + echo "❌ $tool" >> "$GITHUB_STEP_SUMMARY" + FAILURES=$((FAILURES + 1)) + fi + done + if [ "$FAILURES" -gt 0 ]; then + echo "::error::$FAILURES tool test(s) failed" + exit 1 + fi + - name: Test iccToXml profile conversion + shell: bash + run: | + set -euo pipefail + echo "### iccToXml Profile Conversion" >> "$GITHUB_STEP_SUMMARY" + docker run --rm iccdev-test:latest bash -c ' + set -euo pipefail + cd /opt/iccdev + iccToXml Testing/sRGB_v4_ICC_preference.icc /tmp/sRGB_v4.xml + test -s /tmp/sRGB_v4.xml || { echo "ERROR: output XML is empty"; exit 1; } + ls -lh /tmp/sRGB_v4.xml + echo "=== First 20 lines of XML output ===" + head -20 /tmp/sRGB_v4.xml + ' 2>&1 | tee /tmp/iccToXml-output.txt + echo '```' >> "$GITHUB_STEP_SUMMARY" + cat /tmp/iccToXml-output.txt >> "$GITHUB_STEP_SUMMARY" + echo '```' >> "$GITHUB_STEP_SUMMARY" + - name: Cleanup + if: always() + run: docker rmi iccdev-test:latest || true diff --git a/Dockerfile b/Dockerfile index 6d24fc24d..fa17fc761 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,316 +5,56 @@ # # Intent: iccDEV ci-docker-build # -# Last Updated: 2026-02-11 18:46:30 UTC by David Hoyt +# Last Updated: 2026-02-12 00:14:22 UTC by David Hoyt # ############################################################### - -# ========================= -# 1) BUILD STAGE -# ========================= FROM ubuntu:26.04 AS builder ENV DEBIAN_FRONTEND=noninteractive -LABEL org.opencontainers.image.title="iccDEV Build Container" \ - org.opencontainers.image.description="Container v2.0.0.82" \ - org.opencontainers.image.licenses="BSD-3-Clause" \ - org.opencontainers.image.vendor="International Color Consortium" \ - org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" \ - org.opencontainers.image.url="https://github.com/InternationalColorConsortium/iccDEV" \ - org.opencontainers.image.documentation="https://github.com/InternationalColorConsortium/iccDEV/tree/master/docs" \ - org.opencontainers.image.version="latest" - -# ------------------------------------------------------------ -# Locale (required for deterministic CLI + CI) -# ------------------------------------------------------------ -RUN apt-get update && \ - apt-get install -y --no-install-recommends locales && \ - locale-gen en_US.UTF-8 && \ - rm -rf /var/lib/apt/lists/* -ENV LANG=en_US.UTF-8 -ENV LC_ALL=en_US.UTF-8 - -# ------------------------------------------------------------ -# Runtime dependencies (no compilers, no headers) -# ------------------------------------------------------------ -# Build toolchain + dev dependencies RUN apt-get update \ && apt-get install -y --no-install-recommends \ - build-essential wget \ - cmake \ - make \ - ninja-build \ - git \ - curl \ - wget \ - ca-certificates \ - pkg-config \ - ccache \ - gdb nano \ - clang-18 \ - clang-tools-18 \ - lldb-18 \ - llvm-18 \ - llvm-18-dev \ - libclang-18-dev \ - libxml2-dev \ - nlohmann-json3-dev \ - libtiff6 \ - libgtk-3-dev \ - libgdk-pixbuf-xlib-2.0-0 \ - libcurl4-openssl-dev \ - libglu1-mesa-dev \ - libnotify-dev \ - libjpeg-dev \ - libpng-dev \ - zlib1g-dev \ - libsecret-1-dev \ - libx11-dev \ - libxext-dev \ - libxtst-dev \ - libclang-rt-18-dev \ + build-essential cmake make git ca-certificates \ + libxml2-dev nlohmann-json3-dev \ + libtiff-dev libjpeg-dev libpng-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* -# ------------------------------------------------------------ -# Build iccDEV using Clang-18 with full sanitizer propagation -# ------------------------------------------------------------ -ENV CC=/usr/bin/clang-18 -ENV CXX=/usr/bin/clang++-18 - -RUN git clone https://github.com/InternationalColorConsortium/iccDEV.git /opt/iccdev \ +RUN git clone --depth 1 https://github.com/InternationalColorConsortium/iccDEV.git /opt/iccdev \ && cd /opt/iccdev \ && sed -i '/find_package(wxWidgets COMPONENTS core base REQUIRED)/,/endif()/ s/^/# /' Build/Cmake/CMakeLists.txt \ && cd Build \ - && cmake \ - -DCMAKE_INSTALL_PREFIX=/opt/iccdev/install \ - -DCMAKE_BUILD_TYPE=Debug \ - -DCMAKE_C_COMPILER=/usr/bin/clang-18 \ - -DCMAKE_CXX_COMPILER=/usr/bin/clang++-18 \ - -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY \ - -DCMAKE_TRY_COMPILE_C_FLAGS="" \ - -DCMAKE_TRY_COMPILE_CXX_FLAGS="" \ - -DCMAKE_TRY_COMPILE_LINKER_FLAGS="" \ - -DTIFF_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libtiff.so \ - -DTIFF_INCLUDE_DIR=/usr/include \ - -DZLIB_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libz.so \ - -DZLIB_INCLUDE_DIR=/usr/include \ - -DPNG_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libpng.so \ - -DPNG_PNG_INCLUDE_DIR=/usr/include \ - -DJPEG_LIBRARY=/usr/lib/$(dpkg-architecture -q DEB_HOST_MULTIARCH)/libjpeg.so \ - -DJPEG_INCLUDE_DIR=/usr/include \ - -DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -fno-omit-frame-pointer" \ - -DCMAKE_CXX_FLAGS="-g -fsanitize=address,undefined -fno-omit-frame-pointer -Wall" \ - -DCMAKE_EXE_LINKER_FLAGS="" \ - -DCMAKE_SHARED_LINKER_FLAGS="" \ - ../Build/Cmake \ + && cmake -DCMAKE_BUILD_TYPE=Release Cmake \ && make -j"$(nproc)" \ && rm -rf /opt/iccdev/.git -# Install runtime script -RUN cat >/opt/iccdev/run-tests.sh <<'EOF' -#!/bin/sh -set -eu -set -o pipefail -cd Testing -echo "=== Updating PATH ===" -for d in ../Build/Tools/*; do - [ -d "$d" ] && export PATH="$(realpath "$d"):$PATH" -done - sh CreateAllProfiles.sh - sh RunTests.sh - cd HDR - sh mkprofiles.sh - cd .. - pwd - cd CalcTest - sh checkInvalidProfiles.sh - cd .. - pwd - cd mcs - pwd - sh updateprev.sh - sh updateprevWithBkgd.sh - cd .. - find . -iname "*.icc" | wc -l -echo "========= INSIDE STUB EXIT =========" -EOF - -RUN chmod +x /opt/iccdev/run-tests.sh - -# ------------------------------------------------------------ -# Build-time security scrub: remove possible secrets/tokens/keys -# ------------------------------------------------------------ -RUN rm -rf /root/.ssh || true \ - && rm -rf /root/.gnupg || true \ - && rm -rf /root/.git || true \ - && rm -rf /root/.config || true \ - && find /opt/iccdev -type f -name "*.asc" -delete || true \ - && find /opt/iccdev -type f -name "*id_rsa*" -delete || true \ - && find /opt/iccdev -type f -name "*.pem" -delete || true \ - && find /opt/iccdev -type f -name "*.key" -delete || true \ - && find /opt/iccdev -type f -name "*token*" -delete || true +RUN echo "=== Libraries ===" \ + && ls -lh /opt/iccdev/Build/IccProfLib/libIccProfLib2* \ + && ls -lh /opt/iccdev/Build/IccXML/libIccXML2* \ + && echo "=== Tools ===" \ + && find /opt/iccdev/Build/Tools -type f -executable | sort -# ------------------------------------------------------------ -# Default python alias -# ------------------------------------------------------------ -RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10 - -RUN rm -rf /root/.ssh /root/.gnupg /root/.config /root/.gitconfig || true \ - && rm -rf /opt/iccdev/.git || true \ - && find /opt/iccdev -type f \( \ - -name "*.asc" -o \ - -name "*id_rsa*" -o \ - -name "*.pem" -o \ - -name "*.key" -o \ - -name "*token*" \ - \) -delete || true - -RUN git config --system user.email "" \ - && git config --system user.name "" \ - && git config --system credential.helper "" - -############################################################### -# 2) RUNTIME STAGE -############################################################### -FROM ubuntu:26.04 AS runtime +FROM ubuntu:26.04 ENV DEBIAN_FRONTEND=noninteractive -# ------------------------------------------------------------ -# Locale (match builder deterministically) -# ------------------------------------------------------------ -RUN apt-get update && \ - apt-get install -y --no-install-recommends locales && \ - locale-gen en_US.UTF-8 && \ - rm -rf /var/lib/apt/lists/* - -ENV LANG=en_US.UTF-8 -ENV LC_ALL=en_US.UTF-8 +LABEL org.opencontainers.image.title="iccDEV Build Container" \ + org.opencontainers.image.description="Container v2.0.0.82" \ + org.opencontainers.image.licenses="BSD-3-Clause" \ + org.opencontainers.image.vendor="International Color Consortium" \ + org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" -# ------------------------------------------------------------ -# Install CA certificates (needed for git HTTPS) -# ------------------------------------------------------------ -RUN apt-get update && \ - apt-get install -y --no-install-recommends ca-certificates && \ - update-ca-certificates && \ - rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends \ + libxml2-16 libtiff6 libjpeg8 libpng16-16t64 zlib1g \ + && rm -rf /var/lib/apt/lists/* -# ------------------------------------------------------------ -# Pull artifacts from builder -# ------------------------------------------------------------ -COPY --from=builder /usr /usr -COPY --from=builder /usr/local /usr/local COPY --from=builder /opt/iccdev /opt/iccdev -# ------------------------------------------------------------ -# Runtime user -# ------------------------------------------------------------ RUN groupadd -r iccdev \ && useradd -r -g iccdev -d /opt/iccdev -s /bin/bash iccdev \ && chown -R iccdev:iccdev /opt/iccdev -# ------------------------------------------------------------ -# Collect iccdev executable directories -# ------------------------------------------------------------ -RUN find /opt/iccdev/Build/Tools -type f -perm -111 -printf '%h\n' \ - | sort -u | paste -sd: - \ - > /opt/iccdev/toolpaths.txt - -# ------------------------------------------------------------ -# Collect ONLY llvm-21 binary paths -# (avoid llvm-18 or llvm-19 directories if image contains them) -# ------------------------------------------------------------ -RUN if [ -d /usr/lib/llvm-21 ]; then \ - echo "/usr/lib/llvm-21/bin" > /opt/iccdev/llvm-paths.txt; \ - else \ - find /usr/lib -maxdepth 1 -type d -name 'llvm-21' -printf '%p/bin\n' \ - > /opt/iccdev/llvm-paths.txt; \ - fi - -# ------------------------------------------------------------ -# Deterministic PATH script for login shells -# ------------------------------------------------------------ -RUN TOOLPATHS="$(cat /opt/iccdev/toolpaths.txt)" \ - && LLVMPATHS="$(cat /opt/iccdev/llvm-paths.txt)" \ - && printf 'export PATH=%s:%s:$PATH\n' "$TOOLPATHS" "$LLVMPATHS" \ - > /etc/profile.d/00-iccdev-path.sh \ - && chmod 644 /etc/profile.d/00-iccdev-path.sh - -# ------------------------------------------------------------ -# Make ALL bash shells load /etc/profile.d scripts -# ------------------------------------------------------------ -RUN echo 'for f in /etc/profile.d/*.sh; do [ -r "$f" ] && . "$f"; done' \ - >> /etc/bash.bashrc - -# ------------------------------------------------------------ -# Default PATH for non-login shells -# ------------------------------------------------------------ -RUN TOOLPATHS="$(cat /opt/iccdev/toolpaths.txt)" \ - && LLVMPATHS="$(cat /opt/iccdev/llvm-paths.txt)" \ - && printf 'PATH=%s:%s:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n' \ - "$TOOLPATHS" "$LLVMPATHS" \ - > /etc/environment - -# ------------------------------------------------------------ -# Build-time verification that iccToXml is operational -# ------------------------------------------------------------ -RUN iccToXml || true - -# ------------------------------------------------------------ -# Deterministic banner (corrected to v2.0.0.76) -# ------------------------------------------------------------ -RUN { \ - echo "echo \"\""; \ - echo "echo \"============================================================\""; \ - echo "echo \"==== International Color Consortium | https://color.org ====\""; \ - echo "echo \"==== iccDEV Build Container v2.0.0.82 Built for Docker ====\""; \ - echo "echo \"============================================================\""; \ - echo "echo \"\""; \ - echo "echo \"The Libraries & Tools are on PATH\""; \ - echo "echo \"\""; \ - echo "echo \"=====================================================\""; \ - echo "echo \"Example Use:\""; \ - echo "echo \"iccToXml Testing/sRGB_v4_ICC_preference.icc Testing/sRGB_v4_ICC_preference.xml\""; \ - echo "iccToXml Testing/sRGB_v4_ICC_preference.icc Testing/sRGB_v4_ICC_preference.xml; [ \$? -ne 0 ] && echo \"\""; \ - echo "echo \"\""; \ - echo "echo \"The Testing directory contains ICC profiles.\""; \ - echo "echo \"\""; \ - echo "echo \"To create all the profiles run these 2 commands:\""; \ - echo "echo \"-----\""; \ - echo "echo \"cd Testing\""; \ - echo "echo \"bash CreateAllProfiles.sh\""; \ - echo "echo \"-----\""; \ - echo "echo \"The Expected Output:\""; \ - echo "echo \"ICC files: 204\""; \ - echo "echo \"\""; \ - echo "echo \"=== Thank you for using iccDEV Build Container v2.0.0.81 ====\""; \ - echo "echo \"\""; \ -} > /etc/profile.d/iccdev-banner.sh \ - && chmod 644 /etc/profile.d/iccdev-banner.sh - -# ------------------------------------------------------------ -# Deterministic prompt for all shells -# ------------------------------------------------------------ -RUN printf 'export PS1="iccdev@build:\$(pwd)$ "\n' \ - > /etc/profile.d/10-iccdev-prompt.sh \ - && chmod 644 /etc/profile.d/10-iccdev-prompt.sh +ENV PATH="/opt/iccdev/Build/Tools/IccToXml:/opt/iccdev/Build/Tools/IccFromXml:/opt/iccdev/Build/Tools/IccDumpProfile:/opt/iccdev/Build/Tools/IccApplyNamedCmm:/opt/iccdev/Build/Tools/IccRoundTrip:/opt/iccdev/Build/Tools/IccFromCube:/opt/iccdev/Build/Tools/IccApplyProfiles:/opt/iccdev/Build/Tools/IccApplySearch:/opt/iccdev/Build/Tools/IccApplyToLink:/opt/iccdev/Build/Tools/IccPngDump:/opt/iccdev/Build/Tools/IccSpecSepToTiff:/opt/iccdev/Build/Tools/IccTiffDump:/opt/iccdev/Build/Tools/IccV5DspObsToV4Dsp:${PATH}" USER iccdev WORKDIR /opt/iccdev -RUN printf 'export PS1="iccdev@build:\$(pwd)$ "\n' >> ~/.bashrc - -############################################################### -# 3) DEBUG-ASAN FINAL IMAGE (public runtime) -############################################################### -FROM runtime AS debug-asan - -LABEL org.opencontainers.image.title="iccDEV Build Container" \ - org.opencontainers.image.description="iccDEV Build Container v2.0.0.82" \ - org.opencontainers.image.licenses="BSD-3-Clause" \ - org.opencontainers.image.vendor="International Color Consortium" \ - org.opencontainers.image.source="https://github.com/InternationalColorConsortium/iccDEV" - -# CMD ["bash", "-l"] -CMD ["/opt/iccdev/run-tests.sh"] - +CMD ["bash"] \ No newline at end of file