Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add container's executor to host's group for copy #17729

Merged
merged 1 commit into from
Oct 31, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
172 changes: 112 additions & 60 deletions .circleci/config.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

43 changes: 28 additions & 15 deletions .circleci/config/commands/go_test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,7 @@ steps:

make prep

# Permissions have changed inside docker containers; see hack note below.
mkdir --mode=777 -p test-results/go-test
mkdir -p test-results/go-test

# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
Expand All @@ -118,19 +117,6 @@ steps:
# reasons unclear.
export DOCKER_API_VERSION=1.39

# Hack: Docker permissions appear to have changed; let's explicitly
# chmod the docker certificate path to give other grouped users
# access.
#
# Notably, in this shell pipeline we see:
# uid=1001(circleci) gid=1002(circleci) groups=1002(circleci)
#
# but inside the docker image below, we see:
# uid=3434(circleci) gid=3434(circleci) groups=3434(circleci)
#
# See also: https://github.com/CircleCI-Public/cimg-base/issues/122
chmod o+rx -R $DOCKER_CERT_PATH

TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}"
export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}")
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
Expand All @@ -156,6 +142,33 @@ steps:
mkdir workspace
echo ${CONTAINER_ID} > workspace/container_id

# Hack: Docker permissions appear to have changed; let's explicitly
# add a new user/group with the correct host uid to the docker
# container, fixing all of these permissions issues correctly. We
# then have to run with this user consistently in the future.
#
# Notably, in this shell pipeline we see:
# uid=1001(circleci) gid=1002(circleci) groups=1002(circleci)
#
# but inside the docker image below, we see:
# uid=3434(circleci) gid=3434(circleci) groups=3434(circleci)
#
# See also: https://github.com/CircleCI-Public/cimg-base/issues/122
export HOST_GID="$(id -g)"
export HOST_UID="$(id -u)"
export CONT_GID="$(docker exec ${CONTAINER_ID} sh -c 'id -g')"
export CONT_GNAME="$(docker exec ${CONTAINER_ID} sh -c 'id -g -n')"
export CONT_UID="$(docker exec ${CONTAINER_ID} sh -c 'id -u')"
if (( HOST_UID != CONT_UID )); then
# Only provision a group if necessary; otherwise reuse the
# existing one.
if (( HOST_GID != CONT_GID )); then
docker exec -e HOST_GID -e CONT_GNAME ${CONTAINER_ID} sh -c 'sudo groupmod -g $HOST_GID $CONT_GNAME'
fi

docker exec -e CONT_GNAME -e HOST_UID ${CONTAINER_ID} sh -c 'sudo usermod -a -G $CONT_GNAME -u $HOST_UID circleci'
fi

# Run tests
test -d << parameters.cache_dir >> && docker cp << parameters.cache_dir >> ${CONTAINER_ID}:/tmp/gocache
docker exec ${CONTAINER_ID} sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
Expand Down