-
Notifications
You must be signed in to change notification settings - Fork 26
/
.dapper
executable file
·142 lines (125 loc) · 4.47 KB
/
.dapper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/usr/bin/env bash
# Pass credential file as read-only, so that the container can use it if necessary
function pass_credentials() {
local credentials=$1
local mountpoint=${credentials/$HOME//root}
mount_volume "$credentials" "$mountpoint"
}
function mount_volume() {
local volume="$1"
local mountpoint="$2"
local suffix="$suffix"
[ -z "${suffix}" ] && suffix=':ro' || suffix+=',ro'
[ -r "$volume" ] || return 0
dockerargs+=" -v $(realpath -s ${volume}):${mountpoint}${suffix}"
}
file=Dockerfile.dapper
socket=false
dockerargs=
while true
do
case "$1" in
--file|-f)
file="$2"
shift 2
;;
--socket|-k)
socket=true
shift
;;
--directory|-C)
cd "$2" || exit
shift 2
;;
--shell|-s)
command=bash
DAPPER_ENV="${DAPPER_ENV} TERM"
shift
;;
--debug|-d)
shift
set -x
;;
--version|-v)
echo Shipyard Dapper
exit 0
;;
--mount-suffix|-S)
suffix=":$2"
shift 2
;;
--)
shift
break
;;
-*)
echo "$0 doesn't support $1" >&2
exit 1
;;
*)
break
;;
esac
done
[ -n "$command" ] && set -- "$command"
buildargs=(--build-arg "ORG=${ORG}" --build-arg "PROJECT=${PROJECT}")
[ -n "${SHIPYARD_REPO}" ] && buildargs+=(--build-arg "SHIPYARD_REPO=${SHIPYARD_REPO}")
[ -n "${SHIPYARD_TAG}" ] && buildargs+=(--build-arg "SHIPYARD_TAG=${SHIPYARD_TAG}")
gitid="$(git symbolic-ref --short HEAD 2>/dev/null | tr / _ || :)"
gitid="${gitid:-$(git show --format=%h -s)}"
container="$(basename "$(pwd)"):${gitid}"
docker build -t "${container}" -f "${file}" "${buildargs[@]}" .
extract_var() {
docker inspect "$1" | grep "$2" | sed -E "s/.*\"$2=(.*)\",?/\1/;q"
}
DAPPER_CP="$(extract_var "${container}" DAPPER_CP)"
[ -z "${DAPPER_CP}" ] && DAPPER_CP="$(pwd)"
DAPPER_ENV="${DAPPER_ENV} $(extract_var "${container}" DAPPER_ENV)"
DAPPER_SOURCE="$(extract_var "${container}" DAPPER_SOURCE)"
[ -z "${DAPPER_SOURCE}" ] && DAPPER_SOURCE="/source/"
DAPPER_DOCKER_SOCKET="$(extract_var "${container}" DAPPER_DOCKER_SOCKET)"
DAPPER_RUN_ARGS="$(extract_var "${container}" DAPPER_RUN_ARGS)"
if [ "${socket}" = true ] || [ "${DAPPER_DOCKER_SOCKET}" = true ]
then
if [ -S /var/run/docker.sock ]; then
# Docker
dockerargs="${dockerargs} -v /var/run/docker.sock:/var/run/docker.sock${suffix}"
else
# Assume rootless Podman
dockerargs="${dockerargs} -v /run/user/$(id -u)/podman/podman.sock:/var/run/docker.sock${suffix}"
fi
fi
[ -t 1 ] && dockerargs="${dockerargs} -t"
DAPPER_UID=$(id -u)
DAPPER_GID=$(id -g)
# If docker is provided by Podman, assume rootless and tell the container to use root internally
if docker 2>&1 | grep -q podman; then
DAPPER_UID=0
DAPPER_GID=0
fi
# Pass through ~/.docker so that the container can get any authentication tokens in ~/.docker/config.json
# We can't mount config.json specifically because "docker login" attempts to rename it, which fails
if [ -d "${HOME}/.docker" ]; then
dockerargs="${dockerargs} -v ${HOME}/.docker:/root/.docker${suffix}"
fi
# Pass through ~/.aws/credentials so that the container can operate on AWS (if needed).
pass_credentials "${HOME}/.aws/credentials"
# Pass through ~/.gcp/osServiceAccount.json so that the container can operate on GCP (if needed).
pass_credentials "${HOME}/.gcp/osServiceAccount.json"
# Attempt to mount any local replaces specified in `go.mod`.
# We can't rely on having the right version (or any version) of go, so parse go.mod manually.
while read -a replace; do
mount_root=""
[[ "${replace[1]}" =~ ^\. ]] && mount_root="$DAPPER_SOURCE/"
mount_volume "${replace[1]}" "${mount_root}${replace[1]}"
done < <(grep -o -E '=>[ ]*(\.\.?)?/[^ ]+' go.mod)
# seccomp is unconfined to avoid problems with clone3 in Fedora 35
# See https://pascalroeleven.nl/2021/09/09/ubuntu-21-10-and-fedora-35-in-docker/
# Remove "--security-opt seccomp=unconfined" once all supported container runtimes
# handle clone3
docker run -i --rm --security-opt seccomp=unconfined \
$(printf -- " -e %s" $DAPPER_ENV) -e "DAPPER_UID=$DAPPER_UID" -e "DAPPER_GID=$DAPPER_GID" \
-v "${DAPPER_CP}:${DAPPER_SOURCE}${suffix}" \
${dockerargs} \
${DAPPER_RUN_ARGS} \
"${container}" "$@"