CI: improve pipeline duration

- do not use a intermediate docker image between 'build' and 'test' - in 'build_deps', avoid downloading the cached image - in 'prepare', use `opam bundle` to: - embedded the sources of dependency - reduce the embedded opam repository to the needed package Other changes: - reintroduced 'sudo' in the base image, it is needed by `opam depext` and the job 'publish:doc' - moved the docker script used by the CI in `scripts/ci/`
2018-01-28 20:03:31 +01:00 · 2018-01-28 20:03:31 +01:00 · 55db2dbf18
commit 55db2dbf18
parent 99cdf5e5c2
24 changed files with 791 additions and 509 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -5,7 +5,8 @@
 __pycache__

 _build
-**/*.install
+_opam
+_docker_build

 tezos-node
 tezos-protocol-compiler
@ -16,6 +17,7 @@ scripts/opam-test-all.sh.DONE

 docs/introduction/readme.rst

+**/*.install
 **/.merlin

 **/*~
@ -24,8 +26,6 @@ docs/introduction/readme.rst
 **/*.rej
 **/*.orig

-_opam
-
 ## Not in .gitignore

 .git
--- a/.gitignore
+++ b/.gitignore
@ -4,8 +4,9 @@
 .DS_Store
 __pycache__

-_build
-*.install
+/_build
+/_opam
+/_docker_build

 /tezos-node
 /tezos-protocol-compiler
@ -16,6 +17,7 @@ _build

 /docs/introduction/readme.rst

+*.install
 .merlin

 *~
@ -24,9 +26,3 @@ _build
 *.rej
 *.orig

-/_opam
-
-## Not in .dockerignore
-
-/Dockerfile
-/_apk
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,9 +1,12 @@

 variables:
+  opam_image: ${CI_REGISTRY_IMAGE}/opam
+  build_deps_image: ${CI_REGISTRY_IMAGE}/build_deps
  public_docker_image: docker.io/tezos/tezos

 stages:
  - prepare
+  - build_deps
  - build
  - test
  - opam
@ -20,8 +23,9 @@ stages:
  services:
    - docker:dind
  before_script:
-    - docker info
-    - docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "${CI_REGISTRY}"
+    - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
+    - apk add --no-cache curl jq
+    - . ./scripts/version.sh
  tags:
    - docker

@ -30,47 +34,54 @@ prepare:opam:
  stage: prepare
  only:
    - schedules
-  before_script:
-    - . ./scripts/version.sh
  script:
-    - mkdir -p ~/.docker
-    - echo "$CI_DOCKER_AUTH" > ~/.docker/config.json ;
-    - ./scripts/create_docker_image.opam.sh
-    - docker push "tezos/opam:alpine-${alpine_version}_ocaml-${ocaml_version}"
-    - docker tag "tezos/opam:alpine-${alpine_version}_ocaml-${ocaml_version}"
-                 "tezos/opam:latest"
-    - docker push "tezos/opam:latest"
+    - ./scripts/ci/create_docker_image.opam.sh "${opam_image}"
+    - docker push "${opam_image}:alpine-${alpine_version}_ocaml-${ocaml_version}"
+    - docker tag "${opam_image}:alpine-${alpine_version}_ocaml-${ocaml_version}"
+                 "${opam_image}:latest"
+    - docker push "${opam_image}:latest"
+
+## Tezos build dependencies
+
+build_deps:
+  <<: *dind_definition
+  stage: build_deps
+  script:
+    ## Building dependencies...
+    - ./scripts/ci/create_docker_image.build_deps.sh
+        "${build_deps_image}" "${CI_COMMIT_SHA}"
+        "${opam_image}:alpine-${alpine_version}_ocaml-${ocaml_version}"
+        "yes"
+
+.build_deps_template: &build_deps_definition
+  image: ${build_deps_image}:${CI_COMMIT_SHA}
+  before_script:
+    - if [ "${CI_PROJECT_PATH}" = "tezos/tezos" ] ; then
+        ./scripts/apply_patch.sh "${CI_COMMIT_REF_NAME}" ;
+      fi

 ## Tezos

 build:
-  <<: *dind_definition
+  <<: *build_deps_definition
  stage: build
  script:
-    ## Building dependencies...
-    - ./scripts/create_docker_image.build_deps.sh
-        "build_deps" "${CI_BUILD_REF}"
-        "${CI_REGISTRY_IMAGE}/build_deps"
-    ## Preparing sources for the alphanet or the zeronet...
-    - if [ "${CI_PROJECT_PATH}" = "tezos/tezos" ] ; then
-        ./scripts/apply_patch.sh "${CI_BUILD_REF_NAME}" ;
-      fi
-    ## Building...
-    - ./scripts/create_docker_image.build.sh
-        "${CI_REGISTRY_IMAGE}/build" "${CI_BUILD_REF}"
-        "build_deps:${CI_BUILD_REF}"
-    ## Saving the docker image...
-    - docker push "${CI_REGISTRY_IMAGE}/build:${CI_BUILD_REF}"
+    - make all
+    - make build-test
+  artifacts:
+    paths:
+    - _build
+    expire_in: 1 day

 ## Basic tests (run on merge requests)

 .test_template: &test_definition
+  <<: *build_deps_definition
  stage: test
-  image: ${CI_REGISTRY_IMAGE}/build:${CI_BUILD_REF}
  except:
    - master@tezos/tezos
  before_script:
-    - cd /home/opam/tezos
+    - find _build -type f -exec touch {} \;
  dependencies:
    - build

@ -145,17 +156,14 @@ test:proto:sandbox:
    - jbuilder build @runtest_sandbox

 ## Basic tests through opam packaged (run on master only)
-##
-## We use opam2-beta because we want to run the testsuite,
-## i.e. `opam install --with-test`, and it is buggy in opam.1.2.1. It
-## insists on building the testsuite of all the dependencies... and many
-## package in opam-repository have buggy testsuite packaging.

 .opam_template: &opam_definition
-  image: tezos/opam2
+  image: ${opam_image}
  stage: opam
+  dependencies: []
  only:
    - master@tezos/tezos
+    - /^.*opam.*$/
  script:
    - ./scripts/opam-pin.sh
    - opam depext --yes ${package}
@ -347,22 +355,26 @@ publish:docker:minimal:
    - alphanet@tezos/tezos
    - zeronet@tezos/tezos
  script:
-    - docker pull "${CI_REGISTRY_IMAGE}/build:${CI_BUILD_REF}"
+    - docker pull "${build_deps_image}:${CI_COMMIT_SHA}"
    - if [ "${CI_PROJECT_PATH}" = "tezos/tezos" ] ; then
-        ./scripts/apply_patch.sh "${CI_BUILD_REF_NAME}" ;
+        ./scripts/apply_patch.sh "${CI_COMMIT_REF_NAME}" ;
      fi
+    - ./scripts/create_docker_image.build.sh
+        "tezos_build" "${CI_COMMIT_REF_NAME}"
+        "${build_deps_image}:${CI_COMMIT_SHA}"
    - ./scripts/create_docker_image.minimal.sh
-        "${public_docker_image}" "${CI_BUILD_REF_NAME}"
-        "${CI_REGISTRY_IMAGE}/build:${CI_BUILD_REF}"
+        "${public_docker_image}" "${CI_COMMIT_REF_NAME}"
+        "tezos_build:${CI_COMMIT_REF_NAME}"
    - mkdir ~/.docker || true
-    - echo "$CI_DOCKER_AUTH" > ~/.docker/config.json ;
-    - docker push "${public_docker_image}:${CI_BUILD_REF_NAME}"
+    - echo "${CI_DOCKER_AUTH}" > ~/.docker/config.json ;
+    - docker push "${public_docker_image}:${CI_COMMIT_REF_NAME}"

 ## Publish to github...

 publish:github:
-  image: tezos/opam
+  image: ${opam_image}
  stage: publish
+  dependencies: []
  only:
    - master@tezos/tezos
    - alphanet@tezos/tezos
@ -372,22 +384,40 @@ publish:github:
    - chmod 400 ~/.ssh/id_rsa
    - rm -fr .git/refs/original
    - if [ "${CI_PROJECT_PATH}" = "tezos/tezos" ] ; then
-        ./scripts/apply_patch.sh "${CI_BUILD_REF_NAME}" ;
+        ./scripts/apply_patch.sh "${CI_COMMIT_REF_NAME}" ;
      fi
-    - git push git@github.com:tezos/tezos.git -f HEAD:${CI_BUILD_REF_NAME}
+    - git push git@github.com:tezos/tezos.git -f HEAD:${CI_COMMIT_REF_NAME}

+## Publish docs to gitlab...
+
+publish:pages:
+  image: ${build_deps_image}:${CI_COMMIT_SHA}
+  stage: publish
+  only:
+    - master@tezos/tezos
+  artifacts:
+    paths:
+    - public
+  script:
+    - cd /home/opam/tezos
+    - sudo apk update && sudo apk upgrade
+    - sudo apk add py3-sphinx py3-sphinx_rtd_theme
+    - sudo ln -s /usr/bin/sphinx-build-3 /usr/bin/sphinx-build
+    - opam install odoc
+    - make doc-html && sudo mv docs/_build "${CI_PROJECT_DIR}"/public

 ## Relaunching the bootstrap servers of the alphanet.zeronet

 .bootstrap_template: &bootstrap_definition
-  image: tezos/opam
+  image: ${opam_image}
  stage: deploy
+  dependencies: []
  only:
    - alphanet@tezos/tezos
    - zeronet@tezos/tezos
  before_script:
    - echo "${CI_KH}" > ~/.ssh/known_hosts
-    - if [ "${CI_BUILD_REF_NAME}" = "alphanet" ]; then
+    - if [ "${CI_COMMIT_REF_NAME}" = "alphanet" ]; then
        echo "${CI_PK_ALPHANET}" | tr -d "\r" > ~/.ssh/id_ed25519 ;
      else
        echo "${CI_PK_ZERONET}" | tr -d "\r" > ~/.ssh/id_ed25519 ;
@ -429,26 +459,8 @@ deploy:bootstrap6:
 # cleanup:
  # <<: *dind_definition
  # stage: cleanup
+  # dependencies: []
  # script:
-    # - apk add -U curl jq
-    # - ./scripts/delete_ci_image.sh gitlab-ci-token "${CI_BUILD_TOKEN}"
-         # "${CI_PROJECT_PATH}/build"
-         # "${CI_BUILD_REF}"
-
-pages:
-  stage: publish
-  image: ${CI_REGISTRY_IMAGE}/build:${CI_BUILD_REF}
-  only:
-    - master@tezos/tezos
-  artifacts:
-    paths:
-    - public
-  script:
-    - cd /home/opam/tezos
-    - sudo apk update && sudo apk upgrade
-    - sudo apk add py3-sphinx py3-sphinx_rtd_theme
-    - sudo ln -s /usr/bin/sphinx-build-3 /usr/bin/sphinx-build
-    - opam install odoc
-    - make doc-html && sudo mv docs/_build "${CI_PROJECT_DIR}"/public
-  dependencies:
-    - build
+    # - ./scripts/ci/docker_registry_delete.sh
+         # "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}"
+         # "${build_deps_image}" "${CI_COMMIT_SHA}"
--- a/scripts/Dockerfile.minimal.in
+++ b/scripts/Dockerfile.minimal.in
@ -1,52 +0,0 @@
-FROM alpine:$alpine_version
-
-LABEL distro_style="apk" distro="alpine" distro_long="alpine-$alpine_version" arch="x86_64" operatingsystem="linux"
-
-RUN adduser -S tezos && \
-    adduser tezos abuild && \
-    apk update && \
-    apk upgrade && \
-    apk add sudo bash libssl1.0 libsodium libev gmp git snappy && \
-    rm -f /var/cache/apk/* && \
-    echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \
-    chmod 440 /etc/sudoers.d/tezos && \
-    chown root:root /etc/sudoers.d/tezos && \
-    sed -i 's/^Defaults.*requiretty//g' /etc/sudoers
-
-USER tezos
-
-COPY . /home/tezos
-
-WORKDIR /home/tezos
-
-RUN sudo apk update && \
-    sudo apk add abuild build-base snappy-dev && \
-    abuild-keygen -ai && \
-    mkdir leveldb-1.18 && \
-    cp scripts/leveldb-1.18.APKBUILD leveldb-1.18/APKBUILD && \
-    cd leveldb-1.18 && \
-    abuild checksum && abuild -r && \
-    cd .. && \
-    sudo apk del build-base snappy-dev abuild && \
-    sudo apk add packages/tezos/x86_64/leveldb-1.18-r0.apk && \
-    rm -rf leveldb-1.18 packages && \
-    sudo rm -f /var/cache/apk/*
-
-RUN sudo chown root:root bin/* && \
-    sudo chmod a+rx bin/* && \
-    sudo mv bin/* /usr/local/bin && \
-    rmdir bin
-
-RUN sudo cp scripts/docker_entrypoint.sh /usr/local/bin/tezos && \
-    sudo cp scripts/docker_entrypoint.inc.sh \
-            /usr/local/bin/ && \
-    sudo chmod a+rx /usr/local/bin/tezos
-
-RUN sudo mkdir -p /var/run/tezos && \
-    sudo chown tezos /var/run/tezos
-
-ENV EDITOR=vi
-
-VOLUME /var/run/tezos
-
-ENTRYPOINT [ "/usr/local/bin/tezos" ]
--- a/scripts/ci/create_apk.leveldb.sh
+++ b/scripts/ci/create_apk.leveldb.sh
@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+build_dir=${build_dir:-_docker_build}
+
+if [ -f "$build_dir"/leveldb-$leveldb_version-r0.apk ] && \
+   [ -f "$build_dir"/leveldb-dev-$leveldb_version-r0.apk ] && \
+   [ -d "$build_dir"/keys/ ] ; then
+    exit 0
+fi
+
+tmp_image="leveldb.apk-builder"
+tmp_dir=$(mktemp -dt tezos.leveldb.XXXXXXXX)
+cleanup () {
+    set +e
+    rm -rf "$tmp_dir"
+    if ! [ -z "$container" ]; then docker rm $container; fi
+    # docker rmi $tmp_image || true
+}
+trap cleanup EXIT INT
+
+cp -a "$script_dir"/ci/leveldb-$leveldb_version.APKBUILD "$tmp_dir"/APKBUILD
+
+cat <<EOF > "$tmp_dir/Dockerfile"
+FROM andyshinn/alpine-abuild:v4
+ENV PACKAGER "Tezos <ci@tezos.com>"
+WORKDIR /home/builder/
+RUN abuild-keygen -a -i
+COPY APKBUILD .
+RUN abuilder -r
+EOF
+
+echo
+echo "### Building leveldb..."
+echo
+
+docker build -t $tmp_image "$tmp_dir"
+
+mkdir -p "$build_dir"
+
+container=$(docker create $tmp_image)
+docker cp -L $container:/etc/apk/keys "$build_dir"
+docker cp -L $container:/packages/home/x86_64/leveldb-$leveldb_version-r0.apk \
+             "$build_dir"
+docker cp -L $container:/packages/home/x86_64/leveldb-dev-$leveldb_version-r0.apk \
+             "$build_dir"
--- a/scripts/ci/create_binary.opam.sh
+++ b/scripts/ci/create_binary.opam.sh
@ -0,0 +1,62 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+build_dir=${build_dir:-_docker_build}
+
+if [ -f "$build_dir"/opam-$opam_tag ] && \
+   [ -f "$build_dir"/opam-installer-$opam_tag ] ; then
+    exit 0
+fi
+
+tmp_image="opam.bin-builder"
+tmp_dir=$(mktemp -dt tezos.opam.XXXXXXXX)
+
+cleanup () {
+    set +e
+    rm -rf "$tmp_dir"
+    if ! [ -z "$container" ]; then docker rm $container; fi
+    # docker rmi $tmp_image || true
+}
+trap cleanup EXIT INT
+
+opam_tag="${1:-$opam_tag}"
+
+if ! [ -f "$build_dir"/opam-$opam_tag.tgz ]; then
+    echo
+    echo "### Fetching opam-$opam_tag.tar.gz ..."
+    echo
+    mkdir -p "$build_dir"
+    wget -O "$build_dir"/opam-$opam_tag.tgz \
+         https://github.com/ocaml/opam/archive/$opam_tag.tar.gz
+fi
+
+echo
+echo "### Building opam ..."
+echo
+
+cp -a "$build_dir"/opam-$opam_tag.tgz "$tmp_dir"
+
+cat <<EOF > "$tmp_dir"/Dockerfile
+FROM ocaml/opam:alpine-${alpine_version}_ocaml-$ocaml_version
+ENV PACKAGER "Tezos <ci@tezos.com>"
+COPY opam-$opam_tag.tgz opam-$opam_tag.tgz
+RUN tar xzf opam-$opam_tag.tgz && \
+    cd opam-$opam_tag && \
+    ./configure && \
+    make lib-ext && \
+    make
+EOF
+
+docker build -t $tmp_image "$tmp_dir"
+
+container=$(docker create $tmp_image)
+docker cp -L $container:/home/opam/opam-$opam_tag/opam "$build_dir"/opam-$opam_tag
+docker cp -L $container:/home/opam/opam-$opam_tag/opam-installer "$build_dir"/opam-installer-$opam_tag
--- a/scripts/ci/create_docker_image.build.sh
+++ b/scripts/ci/create_docker_image.build.sh
@ -0,0 +1,41 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+export build_dir=${build_dir:-_docker_build}
+tmp_dir=$(mktemp -dt tezos.opam.tezos.XXXXXXXX)
+
+cleanup () {
+    set +e
+    echo Cleaning up...
+    rm -rf Dockerfile
+}
+trap cleanup EXIT INT
+
+image_name="${1:-tezos_build}"
+image_version="${2:-latest}"
+base_image_name="${3-${image_name}_deps:${image_version}}"
+
+cat <<EOF > "$src_dir"/Dockerfile
+FROM $base_image_name
+COPY . tezos
+RUN sudo chown -R opam tezos && \
+    opam exec -- make -C tezos all build-test
+EOF
+
+echo
+echo "### Building tezos..."
+echo
+
+docker build -t "$image_name:$image_version" "$src_dir"
+
+echo
+echo "### Succesfully build docker image: $image_name:$image_version"
+echo
--- a/scripts/ci/create_docker_image.build_deps.sh
+++ b/scripts/ci/create_docker_image.build_deps.sh
@ -0,0 +1,87 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+export build_dir=${build_dir:-_docker_build}
+tmp_dir=$(mktemp -dt tezos.build_deps.tezos.XXXXXXXX)
+
+cleanup () {
+    set +e
+    echo Cleaning up...
+    rm -rf "$tmp_dir"
+}
+trap cleanup EXIT INT
+
+opam_files=$(find -name \*.opam | sort)
+dependencies="$opam_files scripts/install_build_deps.sh scripts/version.sh scripts/opam-pin.sh scripts/opam-unpin.sh scripts/opam-remove.sh"
+
+image_name="${1:-tezos_build_deps}"
+image_version="${2:-latest}"
+base_image="${3:-tezos_opam:alpine-${alpine_version}_ocaml-${ocaml_version}}"
+cached_image="${4:-}"
+
+cat <<EOF > "$tmp_dir"/Dockerfile
+FROM $base_image
+COPY . tezos
+RUN sudo chown -R opam tezos
+RUN opam exec -- ./tezos/scripts/install_build_deps.sh || \
+    ( echo ; \
+      echo "### Failed to build with preloaded package" ; \
+      echo "### Retrying with the default opam repository" ; \
+      echo ; \
+      opam remote add default https://opam.ocaml.org/2.0 && \
+      opam exec -- ./tezos/scripts/install_build_deps.sh )
+RUN opam install --yes ocp-indent
+EOF
+
+tar -c $dependencies | tar -C "$tmp_dir" -x
+
+
+## Lookup for for prebuilt dependencies...
+
+if [ ! -z "$cached_image" ]; then
+    cd "$tmp_dir"
+    base_image_sha1=$("$ci_dir"/docker_registry_read.sh \
+                               "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" \
+                               "$base_image")
+    dependencies_sha1=cache_$(echo "$base_image_sha1" | sha1sum - $dependencies Dockerfile | sha1sum | tr -d ' -')
+    echo
+    echo "### Looking for prebuilt dependencies ($image_name:$dependencies_sha1)..."
+    if "$ci_dir"/docker_registry_tag.sh gitlab-ci-token "${CI_BUILD_TOKEN}" \
+                "$image_name" "$dependencies_sha1" "$image_version" ; then
+        echo
+        echo "### Found $image_name:$dependencies_sha1"
+        echo
+        exit 0
+    fi
+    echo
+    echo "### Missing..."
+    echo
+fi
+
+echo
+echo "### Building tezos dependencies..."
+echo
+
+docker build -t "$image_name:$image_version" "$tmp_dir"
+
+echo
+echo "### Succesfully build docker image: $image_name:$image_version"
+echo
+
+if [ ! -z "$cached_image" ]; then
+    echo
+    echo "### Saving docker image ($image_name:$dependencies_sha1)..."
+    echo
+    docker push "$image_name:$image_version"
+    "$ci_dir"/docker_registry_tag.sh \
+             "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" \
+             "$image_name" "$image_version" "$dependencies_sha1"
+fi
--- a/scripts/ci/create_docker_image.minimal.sh
+++ b/scripts/ci/create_docker_image.minimal.sh
@ -0,0 +1,89 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+export build_dir=${build_dir:-_docker_build}
+tmp_dir=$(mktemp -dt tezos.opam.tezos.XXXXXXXX)
+
+image_name="${1:-tezos}"
+image_version="${2:-latest}"
+build_image_name="${3:-${image_name}_build:${image_version}}"
+
+cleanup () {
+    set +e
+    echo Cleaning up...
+    rm -rf "$tmp_dir"
+    if ! [ -z "$container" ]; then docker rm $container; fi
+}
+trap cleanup EXIT INT
+
+"$ci_dir"/create_apk.leveldb.sh
+
+cp -a "$build_dir"/leveldb-$leveldb_version-r0.apk \
+      "$build_dir"/keys/ \
+      "$tmp_dir"
+
+mkdir -p "$tmp_dir"/bin
+container=$(docker create $build_image_name)
+for bin in tezos-client tezos-node; do
+    docker cp -L $container:/home/opam/tezos/$bin "$tmp_dir"/bin
+done
+cp -a "$script_dir"/docker_entrypoint.sh "$tmp_dir"/bin/tezos
+cp -a "$script_dir"/docker_entrypoint.inc.sh "$tmp_dir"/bin/
+
+echo
+echo "### Building minimal docker image..."
+echo
+
+cat > "$tmp_dir"/Dockerfile <<EOF
+FROM alpine:$alpine_version
+
+LABEL distro_style="apk" distro="alpine" distro_long="alpine-$alpine_version" arch="x86_64" operatingsystem="linux"
+
+COPY keys /etc/apk/keys/
+COPY leveldb-$leveldb_version-r0.apk .
+COPY bin .
+
+RUN adduser -S tezos && \
+    adduser tezos abuild && \
+    apk add --no-cache sudo bash \
+            libssl1.0 libsodium libev gmp git snappy \
+            leveldb-$leveldb_version-r0.apk && \
+    echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \
+    chmod 440 /etc/sudoers.d/tezos && \
+    chown root:root /etc/sudoers.d/tezos && \
+    sed -i 's/^Defaults.*requiretty//g' /etc/sudoers
+
+USER tezos
+
+COPY . /home/tezos
+
+WORKDIR /home/tezos
+
+RUN sudo chown root:root bin/* && \
+    sudo chmod a+rx bin/* && \
+    sudo mv bin/* /usr/local/bin && \
+    rmdir bin
+
+RUN sudo mkdir -p /var/run/tezos && \
+    sudo chown tezos /var/run/tezos
+
+ENV EDITOR=vi
+
+VOLUME /var/run/tezos
+
+ENTRYPOINT [ "/usr/local/bin/tezos" ]
+EOF
+
+docker build -t "$image_name:$image_version" "$tmp_dir"
+
+echo
+echo "### Succesfully build docker image: $image_name:$image_version"
+echo
--- a/scripts/ci/create_docker_image.opam.sh
+++ b/scripts/ci/create_docker_image.opam.sh
@ -0,0 +1,88 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+export build_dir=${build_dir:-_docker_build}
+tmp_dir=$(mktemp -dt tezos.opam.tezos.XXXXXXXX)
+
+cleanup () {
+    set +e
+    echo Cleaning up...
+    rm -rf "$tmp_dir"
+}
+trap cleanup EXIT INT
+
+"$ci_dir"/create_apk.leveldb.sh
+"$ci_dir"/create_binary.opam.sh
+"$ci_dir"/create_opam_repository.tezos_deps.sh
+
+echo
+echo "### Building base image..."
+echo
+
+image_name="${1:-tezos_opam}"
+image_version="${2:-alpine-${alpine_version}_ocaml-${ocaml_version}}"
+
+cp -a "$build_dir"/leveldb-$leveldb_version-r0.apk \
+      "$build_dir"/leveldb-dev-$leveldb_version-r0.apk \
+      "$build_dir"/keys/ \
+      "$tmp_dir"
+
+cp "$build_dir"/opam-$opam_tag "$tmp_dir/opam"
+cp "$build_dir"/opam-installer-$opam_tag "$tmp_dir/opam-installer"
+
+tar -C "$tmp_dir" -xzf "$build_dir"/opam_repository-tezos_deps-$ocaml_version.tgz
+
+cat <<EOF > "$tmp_dir"/Dockerfile
+FROM alpine:$alpine_version
+
+COPY opam /usr/bin/opam
+COPY opam-installer /usr/bin/opam-installer
+
+COPY keys /etc/apk/keys/
+COPY leveldb-$leveldb_version-r0.apk .
+COPY leveldb-dev-$leveldb_version-r0.apk .
+
+RUN apk --no-cache add \
+        build-base bash perl xz m4 git curl tar rsync patch sudo jq \
+        ncurses-dev gmp-dev libev-dev libressl-dev \
+        pcre-dev zlib-dev libsodium-dev \
+        snappy snappy-dev \
+        leveldb-$leveldb_version-r0.apk \
+        leveldb-dev-$leveldb_version-r0.apk && \
+    adduser -S opam && \
+    echo 'opam ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/opam && \
+    chmod 440 /etc/sudoers.d/opam && \
+    chown root:root /etc/sudoers.d/opam && \
+    sed -i.bak 's/^Defaults.*requiretty//g' /etc/sudoers
+USER opam
+
+WORKDIR /home/opam
+
+COPY opam_repository-tezos_deps opam-repository-tezos_deps
+
+RUN mkdir ~/.ssh && \
+    chmod 700 ~/.ssh && \
+    git config --global user.email "ci@tezos.com" && \
+    git config --global user.name "Tezos CI" && \
+    opam init --bare --no-setup --yes \
+              tezos_deps /home/opam/opam-repository-tezos_deps && \
+    opam switch create --yes tezos ocaml-base-compiler.4.04.2
+
+## Temporary 'opam pin' for 'opam-depext' see:
+## https://github.com/ocaml/opam-depext/pull/89
+RUN opam pin --yes opam-depext git+https://github.com/jpdeplaix/opam-depext#2.0 && \
+    opam install --yes opam-depext
+
+ENTRYPOINT [ "opam", "exec", "--" ]
+CMD [ "/bin/bash" ]
+EOF
+
+docker build --pull -t "$image_name:$image_version" "$tmp_dir"
--- a/scripts/ci/create_opam_repository.tezos_deps.sh
+++ b/scripts/ci/create_opam_repository.tezos_deps.sh
@ -0,0 +1,105 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$script_dir"/version.sh
+
+build_dir=${build_dir:-_docker_build}
+
+if [ -f "$build_dir/opam_repository-tezos_deps-$ocaml_version.tgz" ]; then
+    exit 0
+fi
+
+tmp_image="opam_bundle-tezos"
+tmp_dir=$(mktemp -dt tezos.opam_bundle.XXXXXXXX)
+
+cleanup () {
+    set +e
+    rm -rf "$tmp_dir"
+    if ! [ -z "$container" ]; then docker rm $container; fi
+    # docker rmi $tmp_image || true
+}
+trap cleanup EXIT INT
+
+
+## Creating a repository of tezos packages
+
+repo="$tmp_dir"/opam-repository-tezos
+opams=$(find "$src_dir" -name \*.opam -print)
+mkdir -p "$repo/packages"
+echo "1.2" > "$repo/version"
+packages=
+for opam in $opams; do
+    dir=$(dirname $opam)
+    file=$(basename $opam)
+    package=${file%.opam}
+    destdir="$repo/packages/$package/$package.dev"
+    mkdir -p "$destdir"
+    cp -a "$opam" "$destdir/opam"
+    # echo "local: \"rsync://$dir\"" > "$destdir/url"
+    packages="$packages $package"
+done
+
+if ! [ -f "$build_dir"/opam-repository-master.tgz ]; then
+    echo
+    echo "### Fetching opam-repository-master.tar.gz ..."
+    echo
+    mkdir -p "$build_dir"
+    wget -O "$build_dir"/opam-repository-master.tgz \
+         https://github.com/ocaml/opam-repository/archive/master.tar.gz
+fi
+tar -C "$tmp_dir" -xzf "$build_dir"/opam-repository-master.tgz
+
+## HACK: Once opam2 is released, we should use the `ocaml/opam` image
+## instead of this custom installation of ocaml and opam.
+
+"$ci_dir"/create_binary.opam.sh
+cp -a "$build_dir"/opam-$opam_tag "$tmp_dir"/opam
+
+echo
+echo "### Building tezos_bundle.tar.gz..."
+echo
+
+cat <<EOF > "$tmp_dir"/Dockerfile
+FROM alpine
+ENV PACKAGER "Tezos <ci@tezos.com>"
+COPY opam-repository-master opam-repository-master
+COPY opam /usr/local/bin/opam
+RUN apk add --no-cache ocaml build-base m4 tar xz bzip2 curl perl rsync
+RUN cd ./opam-repository-master/compilers && \
+    ( ls -1 | grep -v \$(ocamlc --version) | xargs rm -r )
+RUN opam init --no-setup --yes default ./opam-repository-master
+RUN opam install --yes opam-bundle
+COPY opam-repository-tezos opam-repository-tezos
+RUN opam bundle --yes --output="tezos_bundle-$ocaml_version" \
+                --repository=opam-repository-tezos \
+                --repository=opam-repository-master \
+                --ocaml=$ocaml_version \
+                $packages depext ocp-indent
+EOF
+
+docker build --pull -t $tmp_image "$tmp_dir"
+
+container=$(docker create $tmp_image)
+docker cp -L $container:/tezos_bundle-$ocaml_version.tar.gz "$tmp_dir"
+
+cd "$tmp_dir"
+tar xf tezos_bundle-$ocaml_version.tar.gz tezos_bundle-$ocaml_version/repo
+
+# removing fake tezos packages
+cd tezos_bundle-$ocaml_version/repo/packages
+rm -r $packages
+
+# Repacking the repo
+cd "$tmp_dir"
+mv tezos_bundle-$ocaml_version/repo opam_repository-tezos_deps
+tar czf "opam_repository-tezos_deps-$ocaml_version.tgz" \
+    opam_repository-tezos_deps
+
+cd "$src_dir"
+mv "$tmp_dir"/opam_repository-tezos_deps-$ocaml_version.tgz "$build_dir"
--- a/scripts/ci/docker_registry.inc.sh
+++ b/scripts/ci/docker_registry.inc.sh
@ -0,0 +1,75 @@
+#! /bin/sh
+
+registry_uri="https://registry.gitlab.com/v2"
+auth_uri="https://gitlab.com/jwt/auth"
+
+scope=push,pull
+
+getBearerToken() {
+    local headers
+    local username
+    local reponame
+    local basic_token
+    username="$1"
+    password="$2"
+    reponame="$3"
+    basic_token=$(echo -n "${username}:${password}" | base64)
+    headers="Authorization: Basic ${basic_token}"
+    curl -fs -H "${headers}" "${auth_uri}?service=container_registry&scope=repository:${reponame}:${scope}" | jq '.token' -r
+}
+
+getTagDigest() {
+    local token=$1
+    local reponame=$2
+    local tag=$3
+    local digest="$(curl -fs -H "Authorization: Bearer ${token}" \
+                            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+                    --head  \
+                    "${registry_uri}/${reponame}/manifests/${tag}" | \
+                   grep Docker-Content-Digest | tr -d '\r')"
+    echo -n "${digest##Docker-Content-Digest: }"
+}
+
+deleteDigest() {
+    local token=$1
+    local reponame=$2
+    local digest=$3
+    curl -fs -H "Authorization: Bearer ${token}" \
+         -D - -o - -X DELETE "${registry_uri}/${reponame}/manifests/${digest}"
+}
+
+deleteTag() {
+    local token=$1
+    local reponame=$2
+    local tag=$3
+    local digest="$(getTagDigest "${token}" "${reponame}" "${tag}")"
+    if [ -z "$digest" ]; then
+        echo "Failed to locate the ${reponame}:${tag}"
+        exit 1
+    fi
+    deleteDigest "${token}" "${reponame}" "${digest}"
+}
+
+readTag() {
+    local token=$1
+    local reponame=$2
+    local tag=$3
+    curl -fs -H "Authorization: Bearer ${token}" \
+         -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+         --head "$registry_uri/$reponame/manifests/$tag" | \
+        grep Docker-Content-Digest
+}
+
+renameTag() {
+    local token=$1
+    local reponame=$2
+    local old_tag=$3
+    local new_tag=$4
+    curl -fs -H "Authorization: Bearer ${token}" \
+         -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+         -o MANIFEST "$registry_uri/$reponame/manifests/$old_tag"
+    curl -fs -H "Authorization: Bearer ${token}" \
+         -H "Content-type: application/vnd.docker.distribution.manifest.v2+json" \
+         -X PUT -d @MANIFEST "$registry_uri/$reponame/manifests/$new_tag"
+    rm MANIFEST
+}
--- a/scripts/ci/docker_registry_delete.sh
+++ b/scripts/ci/docker_registry_delete.sh
@ -0,0 +1,41 @@
+#! /bin/sh
+
+set -e
+set -x
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$ci_dir"/docker_registry.inc.sh
+
+username="$1"
+password="$2"
+reponame="${3##registry.gitlab.com/}"
+shift 3
+tags="${@:-latest}"
+
+for tag in $tags; do
+
+    scope='push,pull'
+    token="$(getBearerToken "${username}" "${password}" "${reponame}")"
+    if [ -z "$token" ]; then
+        echo "Failed to fetch the Bearer token"
+        exit 1
+    fi
+    digest="$(getTagDigest "${token}" "${reponame}" "${tag}")"
+    if [ -z "$digest" ]; then
+        echo "Failed to locate the ${reponame}:${tag}"
+        exit 1
+    fi
+
+    scope='*'
+    token="$(getBearerToken "${username}" "${password}" "${reponame}")"
+    if [ -z "$token" ]; then
+        echo "Failed to fetch the Bearer token"
+        exit 1
+    fi
+    deleteDigest "${token}" "${reponame}" "${digest}"
+
+done
--- a/scripts/ci/docker_registry_read.sh
+++ b/scripts/ci/docker_registry_read.sh
@ -0,0 +1,25 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$ci_dir"/docker_registry.inc.sh
+
+username="$1"
+password="$2"
+image="${3##registry.gitlab.com/}"
+
+reponame=${image%%:*}
+tag=${image##*:}
+
+token="$(getBearerToken "${username}" "${password}" "${reponame}")"
+if [ -z "$token" ]; then
+    echo "Failed to fetch the Bearer token"
+    exit 1
+fi
+
+readTag "$token" "$reponame" "$tag"
--- a/scripts/ci/docker_registry_tag.sh
+++ b/scripts/ci/docker_registry_tag.sh
@ -0,0 +1,24 @@
+#! /bin/sh
+
+set -e
+
+ci_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
+script_dir="$(dirname "$ci_dir")"
+src_dir="$(dirname "$script_dir")"
+cd "$src_dir"
+
+. "$ci_dir"/docker_registry.inc.sh
+
+username="$1"
+password="$2"
+reponame="${3##registry.gitlab.com/}"
+old_tag="$4"
+new_tag="$5"
+
+token="$(getBearerToken "${username}" "${password}" "${reponame}")"
+if [ -z "$token" ]; then
+    echo "Failed to fetch the Bearer token"
+    exit 1
+fi
+
+renameTag "$token" "$reponame" "$old_tag" "$new_tag"
--- a/scripts/ci/leveldb-1.18.APKBUILD
+++ b/scripts/ci/leveldb-1.18.APKBUILD
--- a/scripts/create_apk.leveldb.sh
+++ b/scripts/create_apk.leveldb.sh
@ -1,35 +0,0 @@
-#!/bin/sh
-
-set -e
-
-script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
-src_dir="$(dirname "$script_dir")"
-cd "$src_dir"
-
-. scripts/version.sh
-
-image_name="${1:-tezos/leveldb}"
-
-cat <<EOF > Dockerfile
-FROM andyshinn/alpine-abuild:v4
-
-ENV PACKAGER "Tezos <team@tezos.com>"
-WORKDIR /home/builder/
-RUN abuild-keygen -a -i
-COPY scripts/leveldb-$leveldb_version.APKBUILD APKBUILD
-RUN abuilder -r
-EOF
-
-echo
-echo "### Building leveldb..."
-echo
-
-docker build -t $image_name:$leveldb_version .
-rm Dockerfile
-
-mkdir -p _apk
-
-docker create --name tezos.leveldb.tmp $image_name:$leveldb_version
-docker cp -L tezos.leveldb.tmp:/etc/apk/keys _apk/
-docker cp -L tezos.leveldb.tmp:/packages _apk
-docker rm tezos.leveldb.tmp
--- a/scripts/create_docker_image.build.sh
+++ b/scripts/create_docker_image.build.sh
@ -1,49 +0,0 @@
-#! /bin/sh
-
-set -e
-
-script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
-src_dir="$(dirname "$script_dir")"
-cd "$src_dir"
-
-. scripts/version.sh
-image_name="${1:-tezos_build}"
-image_version="${2:-latest}"
-build_deps_image_name="${3-${image_name}_deps:${image_version}}"
-
-cleanup () {
-    set +e
-    echo Cleaning up...
-    rm -rf Dockerfile
-}
-trap cleanup EXIT INT
-
-cat <<EOF > Dockerfile
-FROM $build_deps_image_name
-
-COPY . tezos
-USER root
-RUN chown -R opam /home/opam/tezos
-
-# build tezos and friends
-USER opam
-
-RUN cd tezos && \
-    opam config exec -- jbuilder build @install && \
-    opam config exec -- jbuilder install
-
-USER root
-
-ENTRYPOINT [ "/sbin/su-exec", "opam", "opam", "config", "exec", "--" ]
-EOF
-
-echo
-echo "### Building tezos..."
-echo
-
-docker build -t "$image_name:$image_version" .
-rm Dockerfile
-
-echo
-echo "### Succesfully build docker image: $image_name:$image_version"
-echo
--- a/scripts/create_docker_image.build_deps.sh
+++ b/scripts/create_docker_image.build_deps.sh
@ -1,87 +0,0 @@
-#!/bin/sh
-
-set -e
-
-script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
-src_dir="$(dirname "$script_dir")"
-cd "$src_dir"
-
-. scripts/version.sh
-image_name="${1:-tezos_build_deps}"
-image_version="${2:-latest}"
-cached_image="${3:-}"
-
-base_image="tezos/opam:alpine-${alpine_version}_ocaml-${ocaml_version}"
-if ! docker pull "$base_image" ; then
-    ./scripts/create_docker_image.alpine.opam2.sh
-fi
-
-cleanup () {
-    set +e
-    echo Cleaning up...
-    rm -f Dockerfile opams.tar.gz scripts.tar.gz
-}
-trap cleanup EXIT INT
-
-dependencies="scripts/install_build_deps.sh scripts/version.sh scripts/opam-pin.sh scripts/opam-unpin.sh scripts/opam-remove.sh"
-tar czvf scripts.tar.gz $dependencies
-
-opams=$(find -name \*.opam -type f)
-tar czvf opams.tar.gz $opams
-
-cat <<EOF >Dockerfile
-FROM $base_image
-
-# these two archives are created in the file
-# scripts/create_docker_image.build_deps.sh and removed
-# automatically after
-ADD opams.tar.gz tezos/
-ADD scripts.tar.gz tezos/
-
-USER opam
-
-RUN opam config exec -- ./tezos/scripts/install_build_deps.sh
-ENV OPAMYES=yes
-RUN opam config exec -- opam install ocp-indent && \
-  rm -fr ~/.opam/log/ && \
-  rm -fr "\$(opam config exec -- ocamlfind query stdlib)"/topdirs.cmi
-
-EOF
-
-## Lookup for for prebuilt dependencies...
-dependencies_sha1=$(docker inspect --format="{{ .RootFS.Layers }}" --type=image $base_image | sha1sum - $dependencies | sha1sum | tr -d ' -')
-if [ ! -z "$cached_image" ]; then
-    echo
-    echo "### Looking for prebuilt dependencies ($cached_image)..."
-    if docker pull "$cached_image:$dependencies_sha1"; then
-        echo
-        echo "### Found $cached_image:$dependencies_sha1"
-        echo
-        docker tag "$cached_image:$dependencies_sha1" \
-                   "$image_name:$image_version"
-        exit 0
-    fi
-    echo "### Missing..."
-    echo
-fi
-
-echo
-echo "### Building tezos dependencies... $image_name:$image_version"
-echo
-
-docker build --pull -t "$image_name:$image_version" .
-
-rm -f Dockerfile opams.tar.gz scripts.tar.gz
-
-echo
-echo "### Succesfully build docker image: $image_name:$image_version"
-echo
-
-if [ ! -z "$cached_image" ]; then
-    echo
-    echo "### Saving docker image ($cached_image)..."
-    echo
-    docker tag "$image_name:$image_version" \
-               "$cached_image:$dependencies_sha1"
-    docker push "$cached_image:$dependencies_sha1"
-fi
--- a/scripts/create_docker_image.minimal.sh
+++ b/scripts/create_docker_image.minimal.sh
@ -1,48 +0,0 @@
-#! /bin/sh
-
-set -e
-
-script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
-src_dir="$(dirname "$script_dir")"
-cd "$src_dir"
-
-. scripts/version.sh
-image_name="${1:-tezos}"
-image_version="${2:-latest}"
-build_image_name="${3:-${image_name}_build:${image_version}}"
-
-cleanup () {
-    set +e
-    echo Cleaning up...
-    rm -rf Dockerfile bin
-}
-trap cleanup EXIT INT
-
-# assume $build_image_name has already been created
-mkdir -p _docker_build_result
-docker create --name tmp1 $build_image_name
-docker cp -L tmp1:/home/opam/tezos/_build/install/default/bin/tezos-client _docker_build_result/
-docker cp -L tmp1:/home/opam/tezos/_build/install/default/bin/tezos-node _docker_build_result/
-docker rm tmp1
-
-# assume tezos/leveldb has already been created
-mkdir -p _docker_build_result/leveldb
-mkdir -p _docker_build_result/keys
-docker create --name tmp1 tezos/leveldb
-docker cp -L tmp1:/etc/apk/keys _docker_build_result/
-docker cp -L tmp1:/packages _docker_build_result/
-docker rm tmp1
-
-echo
-echo "### Building minimal docker image..."
-echo
-
-sed -e 's|$alpine_version|'"$alpine_version"'|g' \
-    scripts/Dockerfile.minimal.in > Dockerfile
-docker build -t "$image_name:$image_version" .
-
-echo
-echo "### Succesfully build docker image: $image_name:$image_version"
-echo
-
-rm -Rf _docker_build_result
--- a/scripts/create_docker_image.opam.sh
+++ b/scripts/create_docker_image.opam.sh
@ -1,88 +0,0 @@
-#! /bin/sh
-
-set -e
-
-script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
-src_dir="$(dirname "$script_dir")"
-cd "$src_dir"
-
-. scripts/version.sh
-
-image_name="${1:-tezos/opam}"
-image_version="${2:-alpine-${alpine_version}_ocaml-${ocaml_version}}"
-
-cleanup () {
-    set +e
-    echo Cleaning up...
-    rm -rf Dockerfile
-}
-trap cleanup EXIT INT
-
-apk_keys="_apk/keys/"
-apk_packages="_apk/packages/home/x86_64/"
-
-if ! ( [ -f "$apk_packages/leveldb-$leveldb_version-r0.apk" ] && \
-       [ -f "$apk_packages/leveldb-dev-$leveldb_version-r0.apk" ] && \
-       [ -d "$apk_keys" ] ) ; then
-  ./scripts/create_apk.leveldb.sh
-fi
-
-opam_tag=2.0.0-rc
-
-cat <<EOF > Dockerfile
-FROM alpine:$alpine_version
-
-RUN apk update && \
-    apk upgrade && \
-    apk --no-cache add su-exec build-base \
-            bash ncurses-dev xz m4 git ca-certificates wget \
-            gmp-dev libev-dev libressl-dev pcre-dev perl zlib-dev libsodium-dev && \
-    update-ca-certificates && \
-    rm -f /var/cache/apk/* && \
-    adduser -S opam
-
-COPY $apk_keys /etc/apk/keys/
-COPY $apk_packages/leveldb-$leveldb_version-r0.apk .
-COPY $apk_packages/leveldb-dev-$leveldb_version-r0.apk .
-
-RUN apk --no-cache add leveldb-$leveldb_version-r0.apk \
-                       leveldb-dev-$leveldb_version-r0.apk && \
-    rm -f /var/cache/apk/* \
-          leveldb-$leveldb_version-r0.apk \
-          leveldb-dev-$leveldb_version-r0.apk
-
-RUN git clone --depth 1 -b "$opam_tag" git://github.com/ocaml/opam && \
-    cd opam && \
-    make cold CONFIGURE_ARGS="--prefix /usr" && \
-    make install && \
-    cd .. && \
-    rm -r opam
-
-USER opam
-
-WORKDIR /home/opam
-
-RUN mkdir ~/.ssh && \
-    chmod 700 ~/.ssh && \
-    git config --global user.email "tezos@example.com" && \
-    git config --global user.name "Tezos CI" && \
-    cd /home/opam && \
-    git clone --depth 1 -b master git://github.com/ocaml/opam-repository && \
-    cd opam-repository && \
-    cd /home/opam/opam-repository && \
-    opam admin upgrade && \
-    git checkout -b v2 && \
-    git add . && \
-    git commit -a -m 'opam admin upgrade' && \
-    opam init -a -y --comp $ocaml_version /home/opam/opam-repository && \
-    opam install -y depext
-
-EOF
-
-echo
-echo "### Building base image..."
-echo
-
-docker build --pull -t "$image_name:$image_version" .
-
-rm Dockerfile
--- a/scripts/create_docker_image.sh
+++ b/scripts/create_docker_image.sh
@ -6,17 +6,24 @@ script_dir="$(cd "$(dirname "$0")" && echo "$(pwd -P)/")"
 src_dir="$(dirname "$script_dir")"
 cd "$src_dir"

-. scripts/version.sh
+. "$script_dir"/version.sh
+
+export build_dir=$(mktemp -dt tezos.docker.XXXXXXXX)
+
 image_name="${1:-tezos}"
 image_version="${2:-latest}"
+opam_image_name="${image_name}_opam"
 build_image_name="${image_name}_build"
 build_deps_image_name="${image_name}_build_deps"

-./scripts/create_docker_image.build_deps.sh \
-    "$build_deps_image_name" "$image_version"
+"$script_dir"/ci/create_docker_image.opam.sh \
+    "$opam_image_name" "$image_version"

-./scripts/create_docker_image.build.sh \
+"$script_dir"/ci/create_docker_image.build_deps.sh \
+    "$build_deps_image_name" "$image_version" "$opam_image_name:$image_version"
+
+"$script_dir"/ci/create_docker_image.build.sh \
    "$build_image_name" "$image_version" "$build_deps_image_name"

-./scripts/create_docker_image.minimal.sh \
+"$script_dir"/ci/create_docker_image.minimal.sh \
    "$image_name" "$image_version" "$build_image_name"
--- a/scripts/delete_ci_image.sh
+++ b/scripts/delete_ci_image.sh
@ -1,67 +0,0 @@
-#! /bin/sh
-
-set -e
-
-registry_uri="https://registry.gitlab.com/v2"
-auth_uri="https://gitlab.com/jwt/auth"
-
-getBearerToken() {
-    local headers
-    local username
-    local reponame
-    local basic_token
-    username="$1"
-    password="$2"
-    reponame="$3"
-    basic_token=$(echo -n "${username}:${password}" | base64)
-    headers="Authorization: Basic ${basic_token}"
-    curl -s -H "${headers}" "${auth_uri}?service=container_registry&scope=repository:${reponame}:*" | jq '.token' -r
-}
-
-getTagDigest() {
-    local token=$1
-    local reponame=$2
-    local tag=$3
-    local digest="$(curl -s -H "Authorization: Bearer ${token}" \
-                            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-                    --head  \
-                    "${registry_uri}/${reponame}/manifests/${tag}" | \
-                   grep Docker-Content-Digest | tr -d '\r')"
-    echo -n "${digest##Docker-Content-Digest: }"
-}
-
-deleteDigest() {
-    local token=$1
-    local reponame=$2
-    local digest=$3
-    curl -s -H "Authorization: Bearer ${token}" \
-         -D - -o - -X DELETE \
-         "${registry_uri}/${reponame}/manifests/${digest}"
-}
-
-deleteTag() {
-    local token=$1
-    local reponame=$2
-    local tag=$3
-    local digest="$(getTagDigest "${token}" "${reponame}" "${tag}")"
-    if [ -z "$digest" ]; then
-        echo "Failed to locate the ${reponame}:${tag}"
-        exit 1
-    fi
-    deleteDigest "${token}" "${reponame}" "${digest}"
-}
-
-username="$1"
-password="$2"
-reponame="$3"
-tags="${4:-latest}"
-
-token="$(getBearerToken "${username}" "${password}" "${reponame}")"
-if [ -z "$token" ]; then
-    echo "Failed to fetch the Bearer token"
-    exit 1
-fi
-
-for tag in $tags; do
-    deleteTag "${token}" "${reponame}" "${tag}"
-done
--- a/scripts/version.sh
+++ b/scripts/version.sh
@ -6,3 +6,5 @@
 alpine_version=3.6
 ocaml_version=4.04.2
 leveldb_version=1.18
+opam_version=2.0.0~rc
+opam_tag=2.0.0-rc