The current Dockerfile builds the full toolchain from scratch on every run: apt cross-compilation packages, debos compiled from Go source, zeekstd compiled from Rust source, bmaptool from pip. The Rust compile alone takes several minutes. None of that changes between commits to this repo - only the build scripts do.
Split into two stages (multibuild) :
FROM debian:trixie AS toolchain
ENV DEBIAN_FRONTEND=noninteractive TZ=UTC
RUN dpkg --add-architecture arm64 && apt-get update && apt-get upgrade -y
RUN apt-get install -y \
git build-essential crossbuild-essential-arm64 bison flex parted fdisk \
python3-dev python3-libfdt python3-setuptools swig libssl-dev gnutls-dev \
python3-pyelftools qemu-user-binfmt bc imagemagick libdw-dev libelf-dev \
debhelper device-tree-compiler libssl-dev:arm64 rsync wget mmdebstrap \
systemd-container systemd-resolved pipx pigz cargo golang \
libglib2.0-dev libostree-dev fakemachine
RUN go install -v github.com/go-debos/debos/cmd/debos@latest \
&& install -m 755 ~/go/bin/debos /usr/local/bin
RUN cargo install --git https://github.com/rorosen/zeekstd.git --tag v0.4.4-cli zeekstd_cli \
&& install -m 755 ~/.cargo/bin/zeekstd /usr/local/bin/
RUN pipx install --global git+https://github.com/flipperdevices/bmaptool.git@flipper-devel
RUN apt-get clean && rm -rf /var/lib/apt/lists/* ~/.cargo ~/go
# ---
FROM toolchain
ENV IMG_OUT=/artifacts/images UBOOT_OUT=/artifacts/u-boot LINUX_OUT=/artifacts/linux
WORKDIR /flipperone-linux-build-scripts
RUN git clone --depth=1 https://github.com/flipperdevices/flipperone-linux-build-scripts .
ENTRYPOINT ./build-uboot.sh && ./build-kernel-mainline.sh && ./build-kernel-bsp.sh && ./build-images.sh
The toolchain image gets pushed to the registry by CI and reused until the apt list or a tool version changes. The build image (FROM toolchain) is cheap to rebuild - just a fresh git clone. On CI this means the multi-minute Rust + Go compile only runs when toolchain deps change, not on every commit.
The current Dockerfile builds the full toolchain from scratch on every run:
aptcross-compilation packages,deboscompiled from Go source,zeekstdcompiled from Rust source,bmaptoolfrompip. The Rust compile alone takes several minutes. None of that changes between commits to this repo - only the build scripts do.Split into two stages (multibuild) :
The toolchain image gets pushed to the registry by CI and reused until the apt list or a tool version changes. The build image (
FROM toolchain) is cheap to rebuild - just a freshgit clone. On CI this means the multi-minute Rust + Go compile only runs when toolchain deps change, not on every commit.