mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-05-02 23:20:56 -04:00
Run Docker container with host user and group
This commit is contained in:
bandesz
11
Makefile
11
Makefile
@@ -10,6 +10,7 @@ GIT_COMMIT ?= $(shell git rev-parse HEAD)
|
||||
|
||||
DOCKER_IMAGE_TAG := $(shell cat docker/VERSION)
|
||||
DOCKER_BUILDER_IMAGE_NAME = govuk/notify-admin-builder:${DOCKER_IMAGE_TAG}
|
||||
DOCKER_TTY ?= $(if ${JENKINS_HOME},,t)
|
||||
|
||||
BUILD_TAG ?= notifications-admin-manual
|
||||
BUILD_NUMBER ?= 0
|
||||
@@ -128,10 +129,12 @@ prepare-docker-build-image: ## Prepare the Docker builder image
|
||||
make -C docker build
|
||||
|
||||
define run_docker_container
|
||||
@docker run -i --rm \
|
||||
@docker run -i${DOCKER_TTY} --rm \
|
||||
--name "${DOCKER_CONTAINER_PREFIX}-${1}" \
|
||||
-v "`pwd`:/var/project" \
|
||||
-v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \
|
||||
-e UID=$(shell id -u) \
|
||||
-e GID=$(shell id -g) \
|
||||
-e GIT_COMMIT=${GIT_COMMIT} \
|
||||
-e BUILD_NUMBER=${BUILD_NUMBER} \
|
||||
-e BUILD_URL=${BUILD_URL} \
|
||||
@@ -158,16 +161,16 @@ endef
|
||||
|
||||
.PHONY: build-with-docker
|
||||
build-with-docker: prepare-docker-build-image ## Build inside a Docker container
|
||||
$(call run_docker_container,build,make build)
|
||||
$(call run_docker_container,build,gosu hostuser make build)
|
||||
|
||||
.PHONY: test-with-docker
|
||||
test-with-docker: prepare-docker-build-image ## Run tests inside a Docker container
|
||||
$(call run_docker_container,test,make test)
|
||||
$(call run_docker_container,test,gosu hostuser make test)
|
||||
|
||||
# FIXME: CIRCLECI=1 is an ugly hack because the coveralls-python library sends the PR link only this way
|
||||
.PHONY: coverage-with-docker
|
||||
coverage-with-docker: prepare-docker-build-image ## Generates coverage report inside a Docker container
|
||||
$(call run_docker_container,coverage,make coverage)
|
||||
$(call run_docker_container,coverage,gosu hostuser make coverage)
|
||||
|
||||
.PHONY: clean-docker-containers
|
||||
clean-docker-containers: ## Clean up any remaining docker containers
|
||||
|
||||
@@ -6,7 +6,8 @@ ARG NO_PROXY
|
||||
|
||||
ENV PYTHONUNBUFFERED=1 \
|
||||
DEBIAN_FRONTEND=noninteractive \
|
||||
NODEJS_VERSION=6.3.1-1nodesource1~jessie1
|
||||
NODEJS_VERSION=6.3.1-1nodesource1~jessie1 \
|
||||
GOSU_VERSION=1.10
|
||||
|
||||
RUN \
|
||||
echo "Install base packages" \
|
||||
@@ -61,4 +62,21 @@ RUN \
|
||||
&& cf install-plugin -r CF-Community -f "blue-green-deploy" \
|
||||
&& cf install-plugin -r CF-Community -f "antifreeze"
|
||||
|
||||
COPY tianon.gpg /tmp/tianon.gpg
|
||||
|
||||
RUN \
|
||||
echo "Install gosu" \
|
||||
&& curl -sSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
|
||||
&& curl -sSL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
|
||||
&& export GNUPGHOME="$(mktemp -d)" \
|
||||
&& gpg --import /tmp/tianon.gpg \
|
||||
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
|
||||
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
|
||||
&& chmod +x /usr/local/bin/gosu \
|
||||
&& gosu nobody true
|
||||
|
||||
WORKDIR /var/project
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
|
||||
|
||||
@@ -19,5 +19,15 @@ build:
|
||||
.PHONY: bash
|
||||
bash:
|
||||
docker run -it --rm \
|
||||
govuk/notify-admin-builder \
|
||||
-e UID=$(shell id -u) \
|
||||
-e GID=$(shell id -g) \
|
||||
govuk/notify-admin-builder:${DOCKER_IMAGE_TAG} \
|
||||
bash
|
||||
|
||||
.PHONY: bash
|
||||
bash-hostuser:
|
||||
docker run -it --rm \
|
||||
-e UID=$(shell id -u) \
|
||||
-e GID=$(shell id -g) \
|
||||
govuk/notify-admin-builder:${DOCKER_IMAGE_TAG} \
|
||||
gosu hostuser bash
|
||||
|
||||
33
docker/entrypoint.sh
Executable file
33
docker/entrypoint.sh
Executable file
@@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail; [[ "$TRACE" ]] && set -x
|
||||
|
||||
if [[ "$(id -u)" -ne 0 ]]; then
|
||||
echo 'docker-entrypoint requires root' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$UID" ] || [ "$UID" = "0" ]; then
|
||||
echo "UID must be specified as a positive integer"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$GID" ] || [ "$GID" = "0" ]; then
|
||||
echo "GID must be specified as positive integer"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
USER=$(id -un $UID 2>/dev/null || echo "hostuser")
|
||||
GROUP=$(getent group $GID | cut -d: -f1 || echo "hostgroup")
|
||||
|
||||
if [ "$USER" = "hostuser" ]; then
|
||||
useradd -u $UID -s /bin/bash -m $USER
|
||||
fi
|
||||
|
||||
if [ "$GROUP" = "hostgroup" ]; then
|
||||
groupadd -g $GID $GROUP
|
||||
fi
|
||||
|
||||
usermod -g $GROUP $USER
|
||||
|
||||
exec "$@"
|
||||
BIN
docker/tianon.gpg
Normal file
BIN
docker/tianon.gpg
Normal file
Binary file not shown.
Reference in New Issue
Block a user