Fix the mounts.... (#22929)

- Removed the deprecated docker-compose.ci.yml file, consolidating configurations into docker-compose.yml.
- Updated environment variable mappings to use OLYMPIA_UID and OLYMPIA_MOUNT for improved clarity and consistency.
- Enhanced entrypoint script to adjust user IDs based on the new environment variables.
- Modified setup.py to determine the appropriate olympia mount based on the target environment.
- Updated GitHub Actions workflows to reflect changes in environment variable usage and remove references to the old compose file.

.github/actions/run-docker/action.yml

@@ -12,42 +12,33 @@ inputs:
   run:
     description: 'Run command in container'
     required: true
-  compose_file:
-    description: 'The docker-compose file to use'
-    required: false
-    default: 'docker-compose.yml:docker-compose.ci.yml'
   logs:
     description: 'Show logs'
     required: false
   data_backup_skip:
     description: 'Skip data backup'
     required: false
     default: 'true'
+  mount:
+    description: 'Mount olympia files from host'
+    required: false
+    default: 'production'
 
 runs:
   using: 'composite'
   steps:
-    - id: id
-      shell: bash
-      run: |
-        echo "id=$(id -u)" >> $GITHUB_OUTPUT
-
     - name: Run Docker Container
       shell: bash
-      env:
-        DOCKER_VERSION: ${{ inputs.version }}
-        DOCKER_DIGEST: ${{ inputs.digest }}
-        COMPOSE_FILE: ${{ inputs.compose_file }}
-        HOST_UID: ${{ steps.id.outputs.id }}
-        DATA_BACKUP_SKIP: ${{ inputs.data_backup_skip }}
-        # In CI, we should use the docker-compose wait flag to ensure
-        # healthchecks are passing before running any commands on the containers.
-        # This comes at a performance cost, but ensures containers are ready
-        # to accept commands before CI continues to execute.
-        DOCKER_WAIT: true
       run: |
         # Start the specified services
-        make up
+        make up \
+          DOCKER_VERSION="${{ inputs.version }}" \
+          DOCKER_DIGEST="${{ inputs.digest }}" \
+          OLYMPIA_UID="$(id -u)" \
+          OLYMPIA_MOUNT="${{ inputs.mount }}" \
+          DATA_BACKUP_SKIP="${{ inputs.data_backup_skip }}" \
+          DOCKER_WAIT="true"
+
 
         # Exec the run command in the container
         # quoted 'EOF' to prevent variable expansion

.github/workflows/_test.yml

@@ -41,29 +41,24 @@ jobs:
           -
             name: Needs Locale Compilation
             services: ''
-            compose_file: docker-compose.yml:docker-compose.ci.yml
             run: |
               make compile_locales
               make test_needs_locales_compilation
           -
             name: Static Assets
             services: ''
-            compose_file: docker-compose.yml:docker-compose.ci.yml
             run: make test_static_assets
           -
             name: Internal Routes
             services: ''
-            compose_file: docker-compose.yml:docker-compose.ci.yml
             run: make test_internal_routes_allowed
           -
             name: Elastic Search
             services: ''
-            compose_file: docker-compose.yml:docker-compose.ci.yml
             run: make test_es_tests
           -
             name: Codestyle
             services: web
-            compose_file: docker-compose.yml:docker-compose.ci.yml
             run: make lint-codestyle
     steps:
       - uses: actions/checkout@v4
@@ -73,5 +68,4 @@ jobs:
           version: ${{ inputs.version }}
           digest: ${{ inputs.digest }}
           services: ${{ matrix.services }}
-          compose_file: ${{ matrix.compose_file }}
           run: ${{ matrix.run }}

.github/workflows/_test_check.yml

@@ -45,16 +45,16 @@ jobs:
     runs-on: ubuntu-latest
     name: |
       version: '${{ matrix.version }}' |
-      compose_file: '${{ matrix.compose_file }}'
+      mount: '${{ matrix.mount }}'
     strategy:
       fail-fast: false
       matrix:
         version:
           - local
           - ${{ inputs.version }}
-        compose_file:
-          - docker-compose.yml
-          - docker-compose.yml:docker-compose.ci.yml
+        mount:
+          - development
+          - production
     steps:
       - uses: actions/checkout@v4
       - shell: bash
@@ -63,7 +63,7 @@ jobs:
           cat <<EOF
             Values passed to the action:
             version: ${{ matrix.version }}
-            compose_file: ${{ matrix.compose_file }}
+            mount: ${{ matrix.mount }}
           EOF
       - name: ${{ matrix.version == 'local' && 'Uncached Build' || 'Pull' }} Check
         uses: ./.github/actions/run-docker
@@ -73,14 +73,14 @@ jobs:
           DOCKER_VERSION: 'not-expected'
         with:
           version: ${{ matrix.version }}
-          compose_file: ${{ matrix.compose_file }}
+          mount: ${{ matrix.mount }}
           run: make check
       - name: Cached Build Check
         uses: ./.github/actions/run-docker
         if: ${{ matrix.version == 'local' }}
         with:
           version: ${{ matrix.version }}
-          compose_file: ${{ matrix.compose_file }}
+          mount: ${{ matrix.mount }}
           run: echo true
 
   test_make_docker_configuration:

.github/workflows/_test_main.yml

@@ -88,7 +88,7 @@ jobs:
           services: ''
           digest: ${{ inputs.digest }}
           version: ${{ inputs.version }}
-          compose_file: docker-compose.yml
+          mount: development
           run: |
             split="--splits ${{ needs.test_config.outputs.splits }}"
             group="--group ${{ matrix.group }}"

.github/workflows/ci.yml

@@ -88,7 +88,7 @@ jobs:
         with:
           digest: ${{ needs.build.outputs.digest }}
           version: ${{ needs.build.outputs.version }}
-          compose_file: docker-compose.yml
+          mount: development
           run: |
             make docs
 
@@ -139,7 +139,7 @@ jobs:
         with:
           digest: ${{ needs.build.outputs.digest }}
           version: ${{ needs.build.outputs.version }}
-          compose_file: docker-compose.yml
+          mount: development
           run: make extract_locales
 
       - name: Push Locales

.gitignore

@@ -47,12 +47,12 @@ src/olympia/discovery/strings.jinja2
 static-build/*
 static/css/node_lib/*
 static/js/node_lib/*
-storage
+storage/*
 tmp/*
 
 # End of .gitignore. Please keep this in sync with the top section of .dockerignore
 
 # do not ignore the following files
-!docker-compose.ci.yml
 !docker-compose.private.yml
 !private/README.md
+!storage/.gitignore

docker-compose.yml

@@ -20,13 +20,8 @@ x-env-mapping: &env
     - HISTIGNORE=ls:exit:"cd .."
     - HISTCONTROL=erasedups
     - CIRCLECI
-    - HOST_UID
-    - DEBUG
     - DATA_BACKUP_SKIP
 
-x-site-static-mount: &site-static-mount
-  data_site_static:/data/olympia/site-static
-
 x-olympia: &olympia
   <<: *env
   image: ${DOCKER_TAG:-}
@@ -49,7 +44,10 @@ services:
     # so we just sleep indefinitely instead.
     command: ["sleep", "infinity"]
     volumes:
-      - *site-static-mount
+      # used by: web, worker, nginx
+      - ${HOST_MOUNT_SOURCE:?}:/data/olympia
+      - data_site_static:/data/olympia/site-static
+      - ${HOST_MOUNT_SOURCE:?}storage:/data/olympia/storage
   worker:
     <<: *olympia
     command: [
@@ -64,7 +62,8 @@ services:
       "celery -A olympia.amo.celery:app worker -E -c 2 --loglevel=INFO",
     ]
     volumes:
-      - .:/data/olympia
+      - ${HOST_MOUNT_SOURCE:?}:/data/olympia
+      - ${HOST_MOUNT_SOURCE:?}storage:/data/olympia/storage
     extra_hosts:
      - "olympia.test:127.0.0.1"
     restart: on-failure:5
@@ -74,6 +73,7 @@ services:
       retries: 3
       start_interval: 1s
     depends_on:
+      - olympia_volumes
       - mysqld
       - elasticsearch
       - redis
@@ -95,16 +95,15 @@ services:
       # Don't mount generated files. They only exist in the container
       # and would otherwiser be deleted by mounting the cwd volume above
       - data_static_build:/data/olympia/static-build
-      - *site-static-mount
-    depends_on:
-      - olympia_volumes
+      - data_site_static:/data/olympia/site-static
 
   nginx:
     image: nginx
     volumes:
       - data_nginx:/etc/nginx/conf.d
-      - .:/srv
-      - *site-static-mount
+      - ${HOST_MOUNT_SOURCE:?}:/srv
+      - data_site_static:/srv/site-static
+      - ${HOST_MOUNT_SOURCE:?}storage:/srv/storage
     ports:
       - "80:80"
     networks:
@@ -139,7 +138,7 @@ services:
       # Disable performance schema for faster startup
       - --performance-schema=OFF
     healthcheck:
-      test: ["CMD-SHELL", "mysql -u root --silent --execute='SELECT 1;'"]
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "--silent"]
       start_interval: 1s
       timeout: 2s
       start_period: 10s
@@ -207,6 +206,16 @@ volumes:
   # mounted from the host.
   data_static_build:
   data_site_static:
+  # Volumes for the production olympia mounts
+  # allowing to conditionally mount directories
+  # from the host or from the image to <path>
+  # in the running docker container.
+  # If OLYMPIA_MOUNT_SOURCE matches (data_olympia_)
+  # then we use the production volume mounts. Otherwise
+  # it will map to the current directory ./<name>
+  # (data_olympia_)<name>:/<path>
+  data_olympia_:
+  data_olympia_storage:
   # Volume for rabbitmq/redis to avoid anonymous volumes
   data_rabbitmq:
   data_redis:

docker/entrypoint.sh

@@ -18,13 +18,26 @@ OLYMPIA_USER="olympia"
 function get_olympia_uid() { echo "$(id -u "$OLYMPIA_USER")"; }
 function get_olympia_gid() { echo "$(id -g "$OLYMPIA_USER")"; }
 
-if [[ -n "${HOST_UID:-}" ]]; then
+OLD_HOST_UID=$(get_olympia_uid)
+
+# If the olympia user's uid is different in the container than from the build,
+# we need to update the olympia user's uid to match the new one.
+if [[ "${HOST_UID}" != "${OLD_HOST_UID}" ]]; then
   usermod -u ${HOST_UID} ${OLYMPIA_USER}
-  echo "${OLYMPIA_USER} UID: ${OLYMPIA_UID} -> ${HOST_UID}"
+  echo "${OLYMPIA_USER} UID: ${OLD_HOST_UID} -> ${HOST_UID}"
+fi
+
+NEW_HOST_UID=$(get_olympia_uid)
+OLYMPIA_ID_STRING="${NEW_HOST_UID}:$(get_olympia_gid)"
+
+# If we are on production mode, update the ownership of /data/olympia and /deps to match the new id
+if [[ "${HOST_MOUNT}" == "production" ]]; then
+  echo "Updating ownership of /data/olympia and /deps to ${OLYMPIA_ID_STRING}"
+  chown -R ${OLYMPIA_ID_STRING} /data/olympia /deps
 fi
 
 cat <<EOF | su -s /bin/bash $OLYMPIA_USER
-  echo "Running command as ${OLYMPIA_USER} $(get_olympia_uid):$(get_olympia_gid)"
+  echo "Running command as ${OLYMPIA_USER} ${OLYMPIA_ID_STRING}"
   set -xue
   $@
 EOF

docs/topics/development/building_and_running_services.md

@@ -17,8 +17,7 @@ The Dockerfile for the **addons-server** project uses a multi-stage build to opt
    - **Mounting Dependencies**: The volume `./deps:/deps` mounts the dependencies directory, enabling better caching across builds and providing visibility for debugging directly on the host.
 
 4. **Environment Variables for OLYMPIA_USER**:
-   - **Development Setup**: The `HOST_UID` environment variable is set to the host user ID, ensuring that the container runs with the correct permissions.
-   - **CI Setup**: In CI environments, such as defined in `docker-compose.ci.yml`, the user ID is reset to the default 9500, and the Olympia mount is removed. This makes the container a closed system, mimicking production behavior closely.
+   - **Development Setup**: The `OLYMPIA_UID` .env variable is set to the host user ID, ensuring that the container runs with the correct permissions.
 
 ### Best Practices for the Dockerfile
 
@@ -146,7 +145,7 @@ We use docker compose under the hood to orchestrate container both locally and i
 The `docker-compose.yml` file defines the services, volumes, and networks required for the project.
 
 Our docker compose project is split into a root [docker-compose.yml](../../../docker-compose.yml) file and additional files for specific environments,
-such as [docker-compose.ci.yml](../../../docker-compose.ci.yml) for CI environments.
+such as [docker-compose.override.yml](../../../docker-compose.override.yml) for CI environments.
 
 ### Healthchecks
 
@@ -156,14 +155,13 @@ The health checks ensure the django wsgi server and celery worker node are runni
 ### Environment specific compose files
 
 - **Local Development**: The `docker-compose.yml` file is used for local development. It defines services like `web`, `db`, `redis`, and `elasticsearch`.
-- **CI Environment**: The `docker-compose.ci.yml` file is used for CI environments. It overrides the HOST_UID as well as removing volumes to make the container more production like.
 - **Private**: This file includes the customs service that is not open source and should therefore not be included by default.
 - **Override**: This file allows modifying the default configuration without changing the main `docker-compose.yml` file. This file is larglely obsolete and should not be used.
 
 To mount with a specific  set of docker compose files you can add the COMPOSE_FILE argument to make up. This will persist your setting to .env.
 
 ```sh
-make up COMPOSE_FILE=docker-compose.yml:docker-compose.ci.yml
+make up COMPOSE_FILE=docker-compose.yml:docker-compose.override.yml
 ```
 
 Files should be separated with a colon.

docs/topics/development/setup_and_configuration.md

@@ -187,7 +187,6 @@ Though it is **highly recommended to use the make commands** instead of directly
 ### Docker Compose Files
 
 - **[docker-compose.yml][docker-compose]**: The primary Docker Compose file defining services, networks, and volumes for local and CI environments.
-- **[docker-compose.ci.yml][docker-compose-ci]**: Overrides certain configurations for CI-specific needs, ensuring the environment is optimized for automated testing and builds.
 - **[docker-compose.private.yml][docker-compose-private]**: Runs addons-server with the _customs_ service that is only available to Mozilla employees
 
 Our docker compose files rely on substituted values, all of which are included in our .env file for direct CLI compatibility.
@@ -317,7 +316,6 @@ and docker-comose.yml file locally.
 To fix this error `rm -f .env` to remove your .env and `make up` to restart the containers.
 
 [docker-compose]: ../../../docker-compose.yml
-[docker-compose-ci]: ../../../docker-compose.ci.yml
 [docker-compose-private]: ../../../docker-compose.private.yml
 [docker-image-digest]: https://github.com/opencontainers/.github/blob/main/docs/docs/introduction/digests.md
 [addons-server-tags]: https://hub.docker.com/r/mozilla/addons-server/tags