From fab64a5d6fd7d2c19f73342e11f33d50cddff512 Mon Sep 17 00:00:00 2001
From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz>
Date: Mon, 13 Oct 2025 11:42:43 +0200
Subject: [PATCH] ci: Move buildx command to python script

This has a few benefits:

* The shellcheck SC2086 warning is disabled for the whole command, but
  is only needed for the DOCKER_BUILD_CACHE_ARG env var.  So in Python,
  only pass this one env var to shlex.split() for proper word splitting.
* Future logic improvements can be implemented in Python.

The comments are moved, which can be checked via the git options:
--color-moved=dimmed-zebra --color-moved-ws=ignore-all-space
---
 ci/test/02_run_container.py | 21 +++++++++++++++++++++
 ci/test/02_run_container.sh | 16 ----------------
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/ci/test/02_run_container.py b/ci/test/02_run_container.py
index 513ecacaca8..c1c6b940d72 100755
--- a/ci/test/02_run_container.py
+++ b/ci/test/02_run_container.py
@@ -45,6 +45,27 @@ def main():
                 file.write(f"{k}={v}\n")
     run(["cat", env_file])
 
+    if not os.getenv("DANGER_RUN_CI_ON_HOST"):
+        CI_IMAGE_LABEL = "bitcoin-ci-test"
+
+        # Use buildx unconditionally
+        # Using buildx is required to properly load the correct driver, for use with registry caching. Neither build, nor BUILDKIT=1 currently do this properly
+        cmd_build = ["docker", "buildx", "build"]
+        cmd_build += [
+            f"--file={os.environ['BASE_READ_ONLY_DIR']}/ci/test_imagefile",
+            f"--build-arg=CI_IMAGE_NAME_TAG={os.environ['CI_IMAGE_NAME_TAG']}",
+            f"--build-arg=FILE_ENV={os.environ['FILE_ENV']}",
+            f"--build-arg=BASE_ROOT_DIR={os.environ['BASE_ROOT_DIR']}",
+            f"--platform={os.environ['CI_IMAGE_PLATFORM']}",
+            f"--label={CI_IMAGE_LABEL}",
+            f"--tag={os.environ['CONTAINER_NAME']}",
+        ]
+        cmd_build += shlex.split(os.getenv("DOCKER_BUILD_CACHE_ARG", ""))
+        cmd_build += [os.environ["BASE_READ_ONLY_DIR"]]
+
+        print(f"Building {os.environ['CONTAINER_NAME']} image tag to run in")
+        run(cmd_build)
+
     run(["./ci/test/02_run_container.sh"])  # run the remainder
 
 
diff --git a/ci/test/02_run_container.sh b/ci/test/02_run_container.sh
index b26cc1b8fb1..2e976773c29 100755
--- a/ci/test/02_run_container.sh
+++ b/ci/test/02_run_container.sh
@@ -10,22 +10,6 @@ export CI_IMAGE_LABEL="bitcoin-ci-test"
 set -o errexit -o pipefail -o xtrace
 
 if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
-  echo "Creating $CI_IMAGE_NAME_TAG container to run in"
-
-  # Use buildx unconditionally
-  # Using buildx is required to properly load the correct driver, for use with registry caching. Neither build, nor BUILDKIT=1 currently do this properly
-  # shellcheck disable=SC2086
-  docker buildx build \
-      --file "${BASE_READ_ONLY_DIR}/ci/test_imagefile" \
-      --build-arg "CI_IMAGE_NAME_TAG=${CI_IMAGE_NAME_TAG}" \
-      --build-arg "FILE_ENV=${FILE_ENV}" \
-      --build-arg "BASE_ROOT_DIR=${BASE_ROOT_DIR}" \
-      --platform="${CI_IMAGE_PLATFORM}" \
-      --label="${CI_IMAGE_LABEL}" \
-      --tag="${CONTAINER_NAME}" \
-      $DOCKER_BUILD_CACHE_ARG \
-      "${BASE_READ_ONLY_DIR}"
-
   docker volume create "${CONTAINER_NAME}_ccache" || true
   docker volume create "${CONTAINER_NAME}_depends" || true
   docker volume create "${CONTAINER_NAME}_depends_sources" || true