forked from pex-tool/pex
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdtox.sh
executable file
·111 lines (96 loc) · 3.13 KB
/
dtox.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env bash
set -euo pipefail
ROOT="$(git rev-parse --show-toplevel)"
BASE_MODE="${BASE_MODE:-build}"
CACHE_MODE="${CACHE_MODE:-}"
CACHE_TAG="${CACHE_TAG:-latest}"
BASE_INPUT=(
"${ROOT}/docker/base/Dockerfile"
"${ROOT}/docker/base/install_pythons.sh"
)
base_hash=$(cat "${BASE_INPUT[@]}" | git hash-object -t blob --stdin)
function base_image_id() {
docker image ls -q "ghcr.io/pantsbuild/pex/base:${base_hash}"
}
if [[ "${BASE_MODE}" == "build" && -z "$(base_image_id)" ]]; then
docker build \
--tag ghcr.io/pantsbuild/pex/base:latest \
--tag "ghcr.io/pantsbuild/pex/base:${base_hash}" \
"${ROOT}/docker/base"
elif [[ "${BASE_MODE}" == "pull" ]]; then
docker pull "ghcr.io/pantsbuild/pex/base:${base_hash}"
fi
USER_INPUT=(
"${ROOT}/docker/user/Dockerfile"
"${ROOT}/docker/user/create_docker_image_user.sh"
)
user_hash=$(cat "${USER_INPUT[@]}" | git hash-object -t blob --stdin)
function user_image_id() {
docker image ls -q "pantsbuild/pex/user:${user_hash}"
}
if [[ -z "$(user_image_id)" ]]; then
docker build \
--build-arg BASE_IMAGE_TAG="${base_hash}" \
--build-arg USER="$(id -un)" \
--build-arg UID="$(id -u)" \
--build-arg GROUP="$(id -gn)" \
--build-arg GID="$(id -g)" \
--tag pantsbuild/pex/user:latest \
--tag "pantsbuild/pex/user:${user_hash}" \
"${ROOT}/docker/user"
fi
if [[ "${CACHE_MODE}" == "pull" ]]; then
# N.B.: This is a fairly particular dance / trick that serves to populate a local named volume
# with the contents of a data-only image. In particular, starting with an empty named volume is
# required to get the subsequent no-op `docker run --volume pex-caches:...` to populate that
# volume. This population only happens under that condition.
docker volume rm --force pex-caches
docker volume create pex-caches
docker run \
--rm \
--volume pex-caches:/development/pex_dev \
"ghcr.io/pantsbuild/pex/cache:${CACHE_TAG}" || true
docker run \
--rm \
--volume pex-caches:/development/pex_dev \
--entrypoint bash \
--user root \
"pantsbuild/pex/user:${user_hash}" \
-c "chown -R $(id -u):$(id -g) /development/pex_dev"
fi
DOCKER_ARGS=()
if [[ "${1:-}" == "inspect" ]]; then
shift
DOCKER_ARGS+=(
--entrypoint bash
)
fi
if [[ -t 1 ]]; then
DOCKER_ARGS+=(
--interactive
--tty
)
fi
if [[ -n "${SSH_AUTH_SOCK:-}" ]]; then
# Some integration tests need an SSH agent. Propagate it when available.
DOCKER_ARGS+=(
--volume "${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}"
--env SSH_AUTH_SOCK="${SSH_AUTH_SOCK}"
)
fi
# This ensures the current user owns the host .tox/ dir before launching the container, which
# otherwise sets the ownership as root for undetermined reasons
mkdir -p "${ROOT}/.tox"
CONTAINER_HOME="/home/$(id -un)"
exec docker run \
--rm \
--volume pex-tmp:/tmp \
--volume "${HOME}/.netrc:${CONTAINER_HOME}/.netrc" \
--volume "${HOME}/.ssh:${CONTAINER_HOME}/.ssh" \
--volume "pex-root:${CONTAINER_HOME}/.pex" \
--volume pex-caches:/development/pex_dev \
--volume "${ROOT}:/development/pex" \
--volume pex-tox:/development/pex/.tox \
"${DOCKER_ARGS[@]}" \
"pantsbuild/pex/user:${user_hash}" \
"$@"