darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-02 09:26:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add gosu and host user to Docker

Browse Source
This commit is contained in:
bandesz
2017-01-12 14:38:08 +00:00
parent 8300cb0ac0
commit ac0e1f1def
5 changed files with 91 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Makefile
View File

@@ -10,6 +10,7 @@ GIT_COMMIT ?= $(shell git rev-parse HEAD)
DOCKER_IMAGE_TAG := $(shell cat docker/VERSION) DOCKER_IMAGE_TAG := $(shell cat docker/VERSION)
DOCKER_BUILDER_IMAGE_NAME = govuk/notify-api-builder:${DOCKER_IMAGE_TAG} DOCKER_BUILDER_IMAGE_NAME = govuk/notify-api-builder:${DOCKER_IMAGE_TAG}
DOCKER_TTY ?= $(if ${JENKINS_HOME},,t)
BUILD_TAG ?= notifications-api-manual BUILD_TAG ?= notifications-api-manual
BUILD_NUMBER ?= 0 BUILD_NUMBER ?= 0
@@ -128,10 +129,12 @@ prepare-docker-build-image: ## Prepare the Docker builder image
.PHONY: build-with-docker .PHONY: build-with-docker
build-with-docker: prepare-docker-build-image ## Build inside a Docker container build-with-docker: prepare-docker-build-image ## Build inside a Docker container
@docker run -i --rm \ @docker run -i${DOCKER_TTY} --rm \
--name "${DOCKER_CONTAINER_PREFIX}-build" \ --name "${DOCKER_CONTAINER_PREFIX}-build" \
-v "`pwd`:/var/project" \ -v "`pwd`:/var/project" \
-v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \ -v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
-e GIT_COMMIT=${GIT_COMMIT} \ -e GIT_COMMIT=${GIT_COMMIT} \
-e BUILD_NUMBER=${BUILD_NUMBER} \ -e BUILD_NUMBER=${BUILD_NUMBER} \
-e BUILD_URL=${BUILD_URL} \ -e BUILD_URL=${BUILD_URL} \
@@ -141,14 +144,16 @@ build-with-docker: prepare-docker-build-image ## Build inside a Docker container
-e HTTPS_PROXY="${HTTPS_PROXY}" \ -e HTTPS_PROXY="${HTTPS_PROXY}" \
-e NO_PROXY="${NO_PROXY}" \ -e NO_PROXY="${NO_PROXY}" \
${DOCKER_BUILDER_IMAGE_NAME} \ ${DOCKER_BUILDER_IMAGE_NAME} \
make build gosu hostuser make build
.PHONY: cf-build-with-docker .PHONY: cf-build-with-docker
cf-build-with-docker: prepare-docker-build-image ## Build inside a Docker container cf-build-with-docker: prepare-docker-build-image ## Build inside a Docker container
@docker run -i --rm \ @docker run -i${DOCKER_TTY} --rm \
--name "${DOCKER_CONTAINER_PREFIX}-build" \ --name "${DOCKER_CONTAINER_PREFIX}-build" \
-v "`pwd`:/var/project" \ -v "`pwd`:/var/project" \
-v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \ -v "${PIP_ACCEL_CACHE}:/var/project/cache/pip-accel" \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
-e GIT_COMMIT=${GIT_COMMIT} \ -e GIT_COMMIT=${GIT_COMMIT} \
-e BUILD_NUMBER=${BUILD_NUMBER} \ -e BUILD_NUMBER=${BUILD_NUMBER} \
-e BUILD_URL=${BUILD_URL} \ -e BUILD_URL=${BUILD_URL} \
@@ -158,13 +163,15 @@ cf-build-with-docker: prepare-docker-build-image ## Build inside a Docker contai
-e HTTPS_PROXY="${HTTPS_PROXY}" \ -e HTTPS_PROXY="${HTTPS_PROXY}" \
-e NO_PROXY="${NO_PROXY}" \ -e NO_PROXY="${NO_PROXY}" \
${DOCKER_BUILDER_IMAGE_NAME} \ ${DOCKER_BUILDER_IMAGE_NAME} \
make cf-build gosu hostuser make cf-build
.PHONY: test-with-docker .PHONY: test-with-docker
test-with-docker: prepare-docker-build-image create-docker-test-db ## Run tests inside a Docker container test-with-docker: prepare-docker-build-image create-docker-test-db ## Run tests inside a Docker container
@docker run -i --rm \ @docker run -i${DOCKER_TTY} --rm \
--name "${DOCKER_CONTAINER_PREFIX}-test" \ --name "${DOCKER_CONTAINER_PREFIX}-test" \
--link "${DOCKER_CONTAINER_PREFIX}-db:postgres" \ --link "${DOCKER_CONTAINER_PREFIX}-db:postgres" \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
-e TEST_DATABASE=postgresql://postgres:postgres@postgres/test_notification_api \ -e TEST_DATABASE=postgresql://postgres:postgres@postgres/test_notification_api \
-e GIT_COMMIT=${GIT_COMMIT} \ -e GIT_COMMIT=${GIT_COMMIT} \
-e BUILD_NUMBER=${BUILD_NUMBER} \ -e BUILD_NUMBER=${BUILD_NUMBER} \
@@ -176,7 +183,7 @@ test-with-docker: prepare-docker-build-image create-docker-test-db ## Run tests
-e NO_PROXY="${NO_PROXY}" \ -e NO_PROXY="${NO_PROXY}" \
-v "`pwd`:/var/project" \ -v "`pwd`:/var/project" \
${DOCKER_BUILDER_IMAGE_NAME} \ ${DOCKER_BUILDER_IMAGE_NAME} \
make test gosu hostuser make test
.PHONY: test-with-docker .PHONY: test-with-docker
create-docker-test-db: ## Start the test database in a Docker container create-docker-test-db: ## Start the test database in a Docker container
@@ -191,9 +198,11 @@ create-docker-test-db: ## Start the test database in a Docker container
# FIXME: CIRCLECI=1 is an ugly hack because the coveralls-python library sends the PR link only this way # FIXME: CIRCLECI=1 is an ugly hack because the coveralls-python library sends the PR link only this way
.PHONY: coverage-with-docker .PHONY: coverage-with-docker
coverage-with-docker: prepare-docker-build-image ## Generates coverage report inside a Docker container coverage-with-docker: prepare-docker-build-image ## Generates coverage report inside a Docker container
@docker run -i --rm \ @docker run -i${DOCKER_TTY} --rm \
--name "${DOCKER_CONTAINER_PREFIX}-coverage" \ --name "${DOCKER_CONTAINER_PREFIX}-coverage" \
-v "`pwd`:/var/project" \ -v "`pwd`:/var/project" \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
-e COVERALLS_REPO_TOKEN=${COVERALLS_REPO_TOKEN} \ -e COVERALLS_REPO_TOKEN=${COVERALLS_REPO_TOKEN} \
-e CIRCLECI=1 \ -e CIRCLECI=1 \
-e CI_NAME=${CI_NAME} \ -e CI_NAME=${CI_NAME} \
@@ -207,7 +216,7 @@ coverage-with-docker: prepare-docker-build-image ## Generates coverage report in
-e HTTPS_PROXY="${HTTPS_PROXY}" \ -e HTTPS_PROXY="${HTTPS_PROXY}" \
-e NO_PROXY="${NO_PROXY}" \ -e NO_PROXY="${NO_PROXY}" \
${DOCKER_BUILDER_IMAGE_NAME} \ ${DOCKER_BUILDER_IMAGE_NAME} \
make coverage gosu hostuser make coverage
.PHONY: clean-docker-containers .PHONY: clean-docker-containers
clean-docker-containers: ## Clean up any remaining docker containers clean-docker-containers: ## Clean up any remaining docker containers
@@ -259,9 +268,11 @@ cf-push-delivery: ## Deploys a delivery app to Cloud Foundry
cf push ${CF_APP} -f manifest-$(subst notify-,,${CF_APP}).yml cf push ${CF_APP} -f manifest-$(subst notify-,,${CF_APP}).yml
define cf_deploy_with_docker define cf_deploy_with_docker
@docker run -i --rm \ @docker run -i${DOCKER_TTY} --rm \
--name "${DOCKER_CONTAINER_PREFIX}-${1}" \ --name "${DOCKER_CONTAINER_PREFIX}-${1}" \
-v "`pwd`:/var/project" \ -v "`pwd`:/var/project" \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
-e http_proxy="${HTTP_PROXY}" \ -e http_proxy="${HTTP_PROXY}" \
-e HTTP_PROXY="${HTTP_PROXY}" \ -e HTTP_PROXY="${HTTP_PROXY}" \
-e https_proxy="${HTTPS_PROXY}" \ -e https_proxy="${HTTPS_PROXY}" \

36
docker/Dockerfile
View File

@@ -5,7 +5,8 @@ ARG HTTPS_PROXY
ARG NO_PROXY ARG NO_PROXY
ENV PYTHONUNBUFFERED=1 \ ENV PYTHONUNBUFFERED=1 \
DEBIAN_FRONTEND=noninteractive DEBIAN_FRONTEND=noninteractive \
GOSU_VERSION=1.10
RUN \ RUN \
echo "Install base packages" \ echo "Install base packages" \
@@ -19,14 +20,6 @@ RUN \
zip \ zip \
libpq-dev \ libpq-dev \
jq \ jq \
&& echo "Install Cloud Foundry CLI" \
&& curl -sSL "https://cli.run.pivotal.io/stable?release=debian64&source=github" -o /tmp/cloudfoundry-cli.deb \
&& dpkg -i /tmp/cloudfoundry-cli.deb \
&& cf install-plugin -r CF-Community -f "autopilot" \
&& cf install-plugin -r CF-Community -f "blue-green-deploy" \
&& cf install-plugin -r CF-Community -f "antifreeze" \
&& echo "Clean up" \ && echo "Clean up" \
&& rm -rf /var/lib/apt/lists/* /tmp/* && rm -rf /var/lib/apt/lists/* /tmp/*
@@ -37,4 +30,29 @@ RUN \
awscli \ awscli \
wheel wheel
RUN \
echo "Install Cloud Foundry CLI" \
&& curl -sSL "https://cli.run.pivotal.io/stable?release=debian64&source=github" -o /tmp/cloudfoundry-cli.deb \
&& dpkg -i /tmp/cloudfoundry-cli.deb \
&& cf install-plugin -r CF-Community -f "autopilot" \
&& cf install-plugin -r CF-Community -f "blue-green-deploy" \
&& cf install-plugin -r CF-Community -f "antifreeze"
COPY tianon.gpg /tmp/tianon.gpg
RUN \
echo "Install gosu" \
&& curl -sSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& curl -sSL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --import /tmp/tianon.gpg \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true
WORKDIR /var/project WORKDIR /var/project
COPY entrypoint.sh /usr/local/bin/docker-entrypoint
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]

12
docker/Makefile
View File

@@ -19,5 +19,15 @@ build:
.PHONY: bash .PHONY: bash
bash: bash:
docker run -it --rm \ docker run -it --rm \
govuk/notify-api-builder \ -e UID=$(shell id -u) \
-e GID=$(shell id -g) \
govuk/notify-api-builder:${DOCKER_IMAGE_TAG} \
bash bash
.PHONY: bash
bash-hostuser:
docker run -it --rm \
-e UID=$(shell id -u) \
-e GID=$(shell id -g) \
govuk/notify-api-builder:${DOCKER_IMAGE_TAG} \
gosu hostuser bash

33
docker/entrypoint.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/env bash
set -eo pipefail; [[ "$TRACE" ]] && set -x
if [[ "$(id -u)" -ne 0 ]]; then
echo 'docker-entrypoint requires root' >&2
exit 1
fi
if [ -z "$UID" ] || [ "$UID" = "0" ]; then
echo "UID must be specified as a positive integer"
exit 1
fi
if [ -z "$GID" ] || [ "$GID" = "0" ]; then
echo "GID must be specified as positive integer"
exit 1
fi
USER=$(id -un $UID 2>/dev/null || echo "hostuser")
GROUP=$(getent group $GID | cut -d: -f1 || echo "hostgroup")
if [ "$USER" = "hostuser" ]; then
useradd -u $UID -s /bin/bash -m $USER
fi
if [ "$GROUP" = "hostgroup" ]; then
groupadd -g $GID $GROUP
fi
usermod -g $GROUP $USER
exec "$@"

BIN
docker/tianon.gpg Normal file
View File

Binary file not shown.