forked from apache/beam
-
Notifications
You must be signed in to change notification settings - Fork 1
/
start-build-env.sh
executable file
·138 lines (120 loc) · 5.61 KB
/
start-build-env.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e # exit on error
cd "$(dirname "$0")" # connect to root
DOCKER_DIR=dev-support/docker
DOCKER_FILE="${DOCKER_DIR}/Dockerfile"
CONTAINER_NAME=beam-dev-${USER}-$$
if [ ! -x "$(command -v docker)" ] ; then
echo "Unable to locate docker"
echo "This Beam Build environment is based upon docker so you must install it first."
exit 1;
fi
docker build -t beam-build -f $DOCKER_FILE $DOCKER_DIR
USER_NAME=${SUDO_USER:=$USER}
USER_ID=$(id -u "${USER_NAME}")
if [ "$(uname -s)" = "Darwin" ]; then
GROUP_ID=100
if (dscl . -read /Groups/docker 2>/dev/null); then
DOCKER_GROUP_ID=$(dscl . -read /Groups/docker| awk '($1 == "PrimaryGroupID:") { print $2 }')
else
# if Docker post-install steps to manage as non-root user not performed - will use dummy gid
DOCKER_GROUP_ID=1000
echo "`tput setaf 3`Please take a look post-install steps, to manage Docker as non-root user"
echo "`tput setaf 2`https://docs.docker.com/engine/install/linux-postinstall`tput sgr0`"
fi
fi
if [ "$(uname -s)" = "Linux" ]; then
DOCKER_GROUP_ID=$(getent group docker | cut -d':' -f3)
GROUP_ID=$(id -g "${USER_NAME}")
# man docker-run
# When using SELinux, mounted directories may not be accessible
# to the container. To work around this, with Docker prior to 1.7
# one needs to run the "chcon -Rt svirt_sandbox_file_t" command on
# the directories. With Docker 1.7 and later the z mount option
# does this automatically.
if command -v selinuxenabled >/dev/null && selinuxenabled; then
DCKR_VER=$(docker -v|
awk '$1 == "Docker" && $2 == "version" {split($3,ver,".");print ver[1]"."ver[2]}')
DCKR_MAJ=${DCKR_VER%.*}
DCKR_MIN=${DCKR_VER#*.}
if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] ||
[ "${DCKR_MAJ}" -gt 1 ]; then
V_OPTS=:z
else
for d in "${PWD}" "${HOME}/.m2"; do
ctx=$(stat --printf='%C' "$d"|cut -d':' -f3)
if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then
printf 'INFO: SELinux is enabled.\n'
printf '\tMounted %s may not be accessible to the container.\n' "$d"
printf 'INFO: If so, on the host, run the following command:\n'
printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d"
fi
done
fi
fi
fi
# Set the home directory in the Docker container.
DOCKER_HOME_DIR=${DOCKER_HOME_DIR:-/home/${USER_NAME}}
docker build -t "beam-build-${USER_ID}" - <<UserSpecificDocker
FROM beam-build
RUN rm -f /var/log/faillog /var/log/lastlog
RUN groupadd --non-unique -g ${GROUP_ID} ${USER_NAME}
RUN groupmod -g ${DOCKER_GROUP_ID} docker
RUN useradd -g ${GROUP_ID} -G docker -u ${USER_ID} -k /root -m ${USER_NAME} -d "${DOCKER_HOME_DIR}"
RUN echo "${USER_NAME} ALL=NOPASSWD: ALL" > "/etc/sudoers.d/beam-build-${USER_ID}"
ENV HOME "${DOCKER_HOME_DIR}"
ENV GOPATH ${DOCKER_HOME_DIR}/beam/sdks/go/examples/.gogradle/project_gopath
# This next command still runs as root causing the ~/.cache/go-build to be owned by root
RUN go get github.com/linkedin/goavro/v2
RUN chown -R ${USER_NAME}:${GROUP_ID} ${DOCKER_HOME_DIR}/.cache
UserSpecificDocker
echo ""
echo "Docker image build completed."
echo "=============================================================================================="
echo ""
# If this env variable is empty, docker will be started
# in non interactive mode
DOCKER_INTERACTIVE_RUN=${DOCKER_INTERACTIVE_RUN-"-i -t"}
DOCKER_SOCKET_MOUNT=""
if [ -S /var/run/docker.sock ];
then
DOCKER_SOCKET_MOUNT="-v /var/run/docker.sock:/var/run/docker.sock${V_OPTS:-}"
echo "Enabling Docker support with the docker build environment."
else
echo "There is NO Docker support with the docker build environment."
fi
COMMAND=( "$@" )
if [ $# -eq 0 ];
then
COMMAND=( "bash" )
fi
[ -d "${HOME}/.beam_docker_build_env/.gradle" ] || mkdir -p "${HOME}/.beam_docker_build_env/.gradle"
# By mapping the .m2 directory you can do an mvn install from
# within the container and use the result on your normal
# system. And this also is a significant speedup in subsequent
# builds because the dependencies are downloaded only once.
docker run --rm=true ${DOCKER_INTERACTIVE_RUN} \
--name "${CONTAINER_NAME}" \
--network=host \
-v "${HOME}/.m2:${DOCKER_HOME_DIR}/.m2${V_OPTS:-}" \
-v "${HOME}/.gnupg:${DOCKER_HOME_DIR}/.gnupg${V_OPTS:-}" \
-v "${HOME}/.beam_docker_build_env/.gradle:${DOCKER_HOME_DIR}/.gradle${V_OPTS:-}" \
-v "${PWD}:${DOCKER_HOME_DIR}/beam${V_OPTS:-}" \
-w "${DOCKER_HOME_DIR}/beam" \
${DOCKER_SOCKET_MOUNT} \
-u "${USER_ID}" \
"beam-build-${USER_ID}" "${COMMAND[@]}"