From d51f32bebde847c0adb284d2c449747c43d82543 Mon Sep 17 00:00:00 2001
From: Farshid Tavakolizadeh <farshid.tavakolizadeh@canonical.com>
Date: Wed, 15 Mar 2023 10:20:15 +0100
Subject: [PATCH] refactor(snap): Remove obsolete parts, upgrade Go, build
 nginx (#4439)

* Remove parts, layout, etc left-over from the removed kong and postgres apps
* Remove obsolete minimal build scripts
* Remove unused drop daemon script
* Remove passthroughs
* Upgrade Go from 1.18 to 1.20
* Add command to build nginx using the default process
* Bump epoch for the v2 to v3 edgex backward-incompatible upgrade

Signed-off-by: Farshid Tavakolizadeh <farshid.tavakolizadeh@canonical.com>
---
 .../build-helpers/bin/go-build-helper.sh      |  28 -----
 .../build-helpers/bin/minimal-snap-build.sh   |  36 ------
 .../runtime-helpers/bin/drop-snap-daemon.sh   |   3 -
 .../runtime-helpers/bin/perl5lib-launch.sh    |  29 -----
 snap/snapcraft.yaml                           | 111 ++----------------
 5 files changed, 13 insertions(+), 194 deletions(-)
 delete mode 100755 snap/local/build-helpers/bin/go-build-helper.sh
 delete mode 100755 snap/local/build-helpers/bin/minimal-snap-build.sh
 delete mode 100755 snap/local/runtime-helpers/bin/drop-snap-daemon.sh
 delete mode 100755 snap/local/runtime-helpers/bin/perl5lib-launch.sh

diff --git a/snap/local/build-helpers/bin/go-build-helper.sh b/snap/local/build-helpers/bin/go-build-helper.sh
deleted file mode 100755
index b308af36b7..0000000000
--- a/snap/local/build-helpers/bin/go-build-helper.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-#
-# $1 - go import path
-#
-# example usage:
-# $ gopartbootstrap github.com/edgexfoundry/edgex-go
-gopartbootstrap() 
-{
-    # first set the GOPATH to be in the current directory and in ".gopath"
-    GOPATH="$(pwd)/.gopath"
-    export GOPATH
-
-    # setup path to include both $SNAPCRAFT_STAGE/bin and $GOPATH/bin
-    # the former is for the go tools, as well as things like glide, etc.
-    # while the later is for govendor, etc. and other go tools that might need to be installed
-    export PATH="$GOPATH/bin:$PATH"
-
-    # now setup the GOPATH for this part using the import path
-    export GOIMPORTPATH="$GOPATH/src/$1"
-    mkdir -p "$GOIMPORTPATH"
-    # note that some tools such as govendor don't work well with symbolic links, so while it's unfortunate
-    # we have to copy all this it's a necessary evil at the moment...
-    # but note that we do ignore all files that start with "." with the "./*" pattern
-    cp -r ./* "$GOIMPORTPATH"
-
-    # finally go into the go import path to prepare for building
-    cd "$GOIMPORTPATH" || exit
-}
diff --git a/snap/local/build-helpers/bin/minimal-snap-build.sh b/snap/local/build-helpers/bin/minimal-snap-build.sh
deleted file mode 100755
index a39c07bfcc..0000000000
--- a/snap/local/build-helpers/bin/minimal-snap-build.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# This script is used by the LF's CI/CD build pipeline to
-# optimize the snap CI check run for pull requests. When
-# run, it essentially strips out everything (apps and
-# parts) from the snapcraft.yaml file except those required
-# to build edgex-go, as the whole idea of the CI check is to
-# catch changes to edgex-go that break the snap build.
-#
-# Note - in addition to applying this patch, the pipeline also
-# only primes the snap (e.g. `snapcraft prime`), as there's no
-# need to build the finally binary .snap file (and it won't
-# work with the patch applied). This further reduces the build
-# time.
-
-# get the 4.6.2 release of yq from github
-curl -L --output yq.tar.gz https://github.com/mikefarah/yq/releases/download/v4.6.2/yq_linux_amd64.tar.gz
-tar -xvf yq.tar.gz
-mv yq_linux_amd64 yq
-
-CURRDIR=$(pwd)
-SNAPCRAFT_YAML="$CURRDIR/snap/snapcraft.yaml"
-
-# remove first chunk of apps
-$CURRDIR/yq e -P -i 'del(.apps.consul,.apps.redis,.apps.kong-daemon,.apps.vault,.apps.vault-cli)' "$SNAPCRAFT_YAML"
-
-# remove second chunk of apps
-$CURRDIR/yq e -P -i 'del(.apps.redis-cli,.apps.consul-cli)' "$SNAPCRAFT_YAML"
-
-# remove third chunk of apps
-$CURRDIR/yq e -P -i 'del(.apps.kong,.apps.psql,.apps.psql-any,.apps.createdb)' "$SNAPCRAFT_YAML"
-
-# remove unwanted parts
-$CURRDIR/yq e -P -i 'del(.parts.snapcraft-preload,.parts.consul,.parts.redis,.parts.kong,.parts.vault)' "$SNAPCRAFT_YAML"
-
-
diff --git a/snap/local/runtime-helpers/bin/drop-snap-daemon.sh b/snap/local/runtime-helpers/bin/drop-snap-daemon.sh
deleted file mode 100755
index 8834024dca..0000000000
--- a/snap/local/runtime-helpers/bin/drop-snap-daemon.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash -e
-
-"$SNAP/usr/bin/setpriv" --clear-groups --reuid snap_daemon --regid snap_daemon -- "$@"
diff --git a/snap/local/runtime-helpers/bin/perl5lib-launch.sh b/snap/local/runtime-helpers/bin/perl5lib-launch.sh
deleted file mode 100755
index 15ecbe4acd..0000000000
--- a/snap/local/runtime-helpers/bin/perl5lib-launch.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh -e
-
-# figure out the snap architecture lib name
-case $SNAP_ARCH in
-    amd64)
-        ARCH_LIB_NAME="x86_64-linux-gnu"
-        ;;
-    arm64)
-        ARCH_LIB_NAME="aarch64-linux-gnu"
-        ;;
-    *)
-        # unsupported or unknown architecture
-        exit 1
-        ;;
-esac
-
-export ARCH_LIB_NAME
-
-# get the perl version
-PERL_VERSION=$(perl -version | grep -Po '\(v\K([^\)]*)')
-
-# perl lib paths are needed for some rocks that kong loads through luarocks dependencies
-PERL5LIB="$PERL5LIB:$SNAP/usr/lib/$ARCH_LIB_NAME/perl/$PERL_VERSION"
-PERL5LIB="$PERL5LIB:$SNAP/usr/share/perl/$PERL_VERSION"
-PERL5LIB="$PERL5LIB:$SNAP/usr/share/perl5"
-
-export PERL5LIB
-
-exec "$@"
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index a632abf582..5b47cd942f 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -6,49 +6,14 @@ adopt-info: metadata
 # Different epochs prevent refreshes between major versions of EdgeX due
 # to continued configuration changes.
 #
-# delhi: 0, edinburgh: 1, fuji: 2, geneva: 3, hanoi: 4, ireland/jakarta: 5, kamakura:6 
-epoch: 6
+# delhi: 0, edinburgh: 1, fuji: 2, geneva: 3, hanoi: 4
+# ireland/jakarta: 5, kamakura/levski:6, minnesota: 7
+epoch: 7
 
 architectures:
   - build-on: arm64
   - build-on: amd64
 
-# we need snapd2.45 for setpriv policy allowing it's usage of
-# setgroups(0,<not NUL>)
-# see https://github.com/snapcore/snapd/pull/8220 for full details
-assumes: [snapd2.45]
-
-# postgres needs to run as the snap_daemon user
-system-usernames:
-  snap_daemon: shared
-
-# Ideally snapcraft would generate this command-chain spec for the hooks
-# automatically, but that doesn't currently work, see
-# https://bugs.launchpad.net/snapd/+bug/1824255
-# In the meantime, make sure that the snapcraft-runner gets generated by
-# the apps by specifying the full adapter in at least one of the apps, and
-# manually craft the command-chain for the configure hook here to passthrough
-# to the snap.yaml
-# All of this is necessary so we can use jq and other tools from inside the
-# snap in the configure and install hooks
-# See also https://bugs.launchpad.net/snapcraft/+bug/1848381 for specifying
-# environment for hooks
-passthrough:
-  hooks:
-    configure:
-      command-chain:
-        - snap/command-chain/snapcraft-runner
-      plugs: [network]
-    install:
-      environment:
-        LC_ALL: C.UTF-8
-        LANG: C.UTF-8
-        SNAPCRAFT_PRELOAD_REDIRECT_ONLY_SHM: 1
-      command-chain:
-        - snap/command-chain/snapcraft-runner
-        - bin/snapcraft-preload
-      plugs: [network]
-
 plugs:
   # This content interface provides a mechanism for the edgexfoundry
   # snap to shared vault secret tokens in order for services in external
@@ -60,12 +25,7 @@ plugs:
     content: edgex-secretstore-token
     target: $SNAP_DATA/mount/secrets
 
-# kong runs things through luarocks and luarocks expects it's configuration to
-# be located here and we can't override this at runtime, so map what's in
-# $SNAP to the expected location
 layout:
-  /etc/luarocks:
-    bind: $SNAP/etc/luarocks
   /usr/local:
     bind: $SNAP/usr/local
   /usr/nginx:
@@ -349,55 +309,10 @@ apps:
 parts:
   static-packages:
     plugin: nil
-    # the default source for a part that doesn't specify one is ".", which
-    # then means snapcraft will scan the full git directory here and determine
-    # that if anything changed, i.e. the config-common parts with
-    # actual scripts, etc. this part also gets marked out of date too and needs
-    # rebuilding, even though this part really only depends on a stage-package
-    # to resolve this we can just specify the source of something that changes
-    # infrequently and will minimize unnecessary part re-building by snapcraft
-    source: snap/local/build-helpers
     stage-packages:
       - apg
       - curl
       - jq
-      # setpriv with snapd 2.45 + can be used to drop privileges
-      # base: core18 snaps should stage setpriv while base: core20 should stage util-linux. 
-      - util-linux
-
-  # snapcraft-preload is necessary to make postgres just use a different
-  # lockfile location in /dev/shm
-  # snapcraft-preload defines LD_PRELOAD to be a dynamic library compiled here
-  # which will redirect things like open() that are being called with absolute
-  # paths such as /dev/shm/some-dir to snap-specific, confinement supported
-  # paths like /dev/shm/$SNAP_INSTANCE_NAME.some-dir before being passed to the
-  # actual open() implementation
-  # this prevents re-compiling or patching certain applications like postgres
-  # to use snap security confinement friendly paths
-  # NOTE: if this ever breaks in really scary ways when compiling with lots of
-  # warnings, see the comment on the kong part, tldr probably some other C/C++
-  # part in the build broke snapcraft-preload by running before
-  # snapcraft-preload
-  snapcraft-preload:
-    source: https://github.com/sergiusens/snapcraft-preload.git
-    # unfortunately no tags or releases we can rely on, so just hard-code
-    # master at the time of writing for this
-    source-commit: b8ed08c01c4461e69772f9230ee8d30fe2a2ea56
-    plugin: cmake
-    build-packages:
-      - to arm64:
-          - g++-multilib-arm-linux-gnueabihf
-          - gcc-multilib-arm-linux-gnueabihf
-      - else:
-          - gcc-multilib
-          - g++-multilib
-    stage-packages:
-      - to amd64:
-          - lib32stdc++6 
-    override-build: |
-      cd $SNAPCRAFT_PART_SRC 
-      cmake -DCMAKE_INSTALL_PREFIX=$SNAPCRAFT_PART_INSTALL/ .
-      make install
 
   # For inspiration see
   # - https://github.com/ogra1/nginx-snap
@@ -406,6 +321,9 @@ parts:
   # We enable SSL and reverse proxy and compression and disable almost everything else
   nginx:
     source: https://github.com/nginx/nginx.git
+    # Use branch instead of tag to limit the git cloning depth
+    source-branch: release-1.23.3
+    source-depth: 1
     plugin: autotools
     autotools-configure-parameters:
       - --prefix=/usr/nginx
@@ -477,22 +395,20 @@ parts:
     prime:
       - -usr/nginx/logs
 
-  go-build-helper:
-    plugin: dump
-    # see comment for static-packages part about specifying a source part here
-    source: snap/local/build-helpers
+  go-builder:
+    plugin: nil
     build-snaps:
-      - go/1.18/stable
+      - go/1.20/stable
     prime: [-*]
 
-  config-common:
+  runtime-helpers:
     plugin: dump
     source: snap/local/runtime-helpers
 
   helper-go:
     source: snap/local/helper-go
     plugin: make
-    after: [go-build-helper]
+    after: [go-builder]
     override-build: |
       cd $SNAPCRAFT_PART_SRC
       make build
@@ -541,7 +457,7 @@ parts:
   edgex-go:
     after: 
       - metadata
-      - go-build-helper
+      - go-builder
     source: .
     plugin: make
     override-build: |
@@ -610,8 +526,7 @@ parts:
       - zip
       - pkg-config
 
-  # SECURITY SERVICES PARTS
-  vault:    
+  vault:
     plugin: nil
     build-packages:
       - curl