Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: get host uid:gid and use in docker #576

Merged
merged 2 commits into from
Sep 16, 2019
Merged

feat: get host uid:gid and use in docker #576

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a48561
feat: get host uid:gid and use in docker for dev
focusaurus Sep 6, 2019
124aeaa
chore: build fresh yarn.lock
focusaurus Sep 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 28 additions & 91 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,40 +17,9 @@ defaults: &defaults
- GLOBAL_CACHE_VERSION: “v3”

docker:
- image: circleci/node:8-stretch
- image: circleci/node:10-stretch

jobs:
docker-build-nonprod-and-lint:
<<: *defaults
steps:
- checkout
- setup_remote_docker
- run:
name: Docker build non-prod and run lint
command: |
docker build \
--build-arg "BUILD_COMPARE_URL=$CIRCLE_COMPARE_URL" \
--build-arg "BUILD_DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \
--build-arg "BUILD_ENV=test" \
--build-arg "BUILD_NUMBER=$CIRCLE_BUILD_NUM" \
--build-arg "BUILD_PLATFORM=circleci" \
--build-arg "BUILD_PLATFORM_PROJECT_REPONAME=$CIRCLE_PROJECT_REPONAME" \
--build-arg "BUILD_PLATFORM_PROJECT_USERNAME=$CIRCLE_PROJECT_USERNAME" \
--build-arg "BUILD_PULL_REQUESTS=$CI_PULL_REQUESTS" \
--build-arg "BUILD_TRIGGERED_BY_TAG=$CIRCLE_TAG" \
--build-arg "BUILD_URL=$CIRCLE_BUILD_URL" \
--build-arg "CIRCLE_WORKFLOW_ID=$CIRCLE_WORKFLOW_ID" \
--build-arg "CIRCLE_WORKFLOW_JOB_ID=$CIRCLE_WORKFLOW_JOB_ID" \
--build-arg "CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS=$CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS" \
--build-arg "CIRCLE_WORKSPACE_ID=$CIRCLE_WORKSPACE_ID" \
--build-arg "GIT_REPOSITORY_URL=$CIRCLE_REPOSITORY_URL" \
--build-arg "GIT_SHA1=$CIRCLE_SHA1" \
--build-arg "LICENSE=GPL-3.0-only" \
--build-arg "VCS_REF=$CIRCLE_SHA1" \
--build-arg "VENDOR=Reaction Commerce" \
-t "$DOCKER_REPOSITORY:non-prod" .
docker run --rm $DOCKER_REPOSITORY:non-prod yarn run lint

docker-build:
<<: *defaults
steps:
Expand All @@ -59,62 +28,35 @@ jobs:
- run:
name: Discover Docker Tags
command: |
(cd /tmp && npm install --no-progress @reactioncommerce/ci-scripts@1.4.0 >/dev/null)
mkdir -p docker-cache
.circleci/bin/docker-tags "$CIRCLE_SHA1" "$CIRCLE_BRANCH" \
> docker-cache/docker-tags.txt
cat docker-cache/docker-tags.txt
/tmp/node_modules/.bin/docker-tags "$CIRCLE_SHA1" "$CIRCLE_BRANCH" \
| tee docker-cache/docker-tags.txt
- run:
name: Docker Build
command: |
docker build \
--build-arg "BUILD_COMPARE_URL=$CIRCLE_COMPARE_URL" \
--build-arg "BUILD_DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \
--build-arg "BUILD_ENV=test" \
--build-arg "BUILD_NUMBER=$CIRCLE_BUILD_NUM" \
--build-arg "BUILD_PLATFORM=circleci" \
--build-arg "BUILD_PLATFORM_PROJECT_REPONAME=$CIRCLE_PROJECT_REPONAME" \
--build-arg "BUILD_PLATFORM_PROJECT_USERNAME=$CIRCLE_PROJECT_USERNAME" \
--build-arg "BUILD_PULL_REQUESTS=$CI_PULL_REQUESTS" \
--build-arg "BUILD_TRIGGERED_BY_TAG=$CIRCLE_TAG" \
--build-arg "BUILD_URL=$CIRCLE_BUILD_URL" \
--build-arg "CIRCLE_WORKFLOW_ID=$CIRCLE_WORKFLOW_ID" \
--build-arg "CIRCLE_WORKFLOW_JOB_ID=$CIRCLE_WORKFLOW_JOB_ID" \
--build-arg "CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS=$CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS" \
--build-arg "CIRCLE_WORKSPACE_ID=$CIRCLE_WORKSPACE_ID" \
--build-arg "GIT_REPOSITORY_URL=$CIRCLE_REPOSITORY_URL" \
--build-arg "GIT_SHA1=$CIRCLE_SHA1" \
--build-arg "LICENSE=GPL-3.0-only" \
--build-arg "VCS_REF=$CIRCLE_SHA1" \
--build-arg "VENDOR=Reaction Commerce" \
--build-arg BUILD_ENV=production \
-t "$DOCKER_REPOSITORY:$CIRCLE_SHA1" .
(cd /tmp && npm install --no-progress @reactioncommerce/ci-scripts@1.4.0 >/dev/null)
/tmp/node_modules/.bin/docker-labels >> Dockerfile
docker build --tag "$DOCKER_REPOSITORY:$CIRCLE_SHA1" .
mkdir -p docker-cache
docker save \
-o docker-cache/docker-image.tar \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1"
- run:
name: Save Test .env for Workspace Jobs
command: cp .env.example docker-cache/.env
- persist_to_workspace:
root: docker-cache
paths:
- docker-image.tar
- docker-tags.txt
- .env

docker-push:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
name: Load and Tag Docker Image
command: |
docker load < docker-cache/docker-image.tar
- run:
name: Tag Docker Image
command: |
cat docker-cache/docker-tags.txt \
| xargs -t -I % \
docker tag \
Expand Down Expand Up @@ -161,43 +103,41 @@ jobs:
command: |
.circleci/bin/ecs-deploy.sh

lint:
lint-javascript:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
command: |
docker load < docker-cache/docker-image.tar
- checkout
- run:
name: Lint
name: Lint JavaScript
command: |
docker run \
--env-file docker-cache/.env \
--name reactionapp_next_starterkit \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
yarn run lint
yarn install
yarn lint

test:
<<: *defaults
steps:
- checkout
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
name: Load and Tag Docker Image
command: |
docker load < docker-cache/docker-image.tar
cat docker-cache/docker-tags.txt \
| xargs -t -I % \
docker tag \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
"$DOCKER_REPOSITORY:%"
- run:
name: Test
command: |
docker run \
--env-file docker-cache/.env \
--env-file .env.example \
--env NODE_ENV=test \
--name reactionapp_next_starterkit \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
yarn run test:ci
yarn test:ci
- run:
name: Copy test artifacts from Remote Docker
command: |
Expand All @@ -222,7 +162,7 @@ jobs:
- run:
name: Integration Test
command: |
docker run -e URL=${STAGING_URL} --env-file docker-cache/.env --name reaction_app_next_starterkit "$DOCKER_REPOSITORY:$CIRCLE_SHA1" yarn run test:integration
docker run -e URL=${STAGING_URL} --env-file .env.example --name reaction_app_next_starterkit "$DOCKER_REPOSITORY:$CIRCLE_SHA1" yarn run test:integration
- run:
name: Install Broken Link Checker
command: |
Expand Down Expand Up @@ -274,7 +214,7 @@ jobs:
answer=$(./.circleci/bin/should-run-snyk.sh)
if [[ "${answer}" =~ "^YES" ]] ; then
docker run \
--env-file docker-cache/.env \
--env-file .env.example \
--env "SNYK_TOKEN" \
--name reactionapp_next_starterkit \
--workdir /usr/local/src \
Expand All @@ -287,19 +227,16 @@ workflows:
version: 2
build_and_test:
jobs:
- docker-build-nonprod-and-lint:
- lint-javascript:
context: reaction-build-read
- docker-build:
context: reaction-build-read
requires:
- lint-javascript
- docker-push:
context: reaction-publish-docker
requires:
- docker-build
- docker-build-nonprod-and-lint
# - lint:
# context: reaction-validation
# requires:
# - docker-build
- test:
context: reaction-validation
requires:
Expand Down
26 changes: 26 additions & 0 deletions .reaction/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/usr/bin/env bash

# Please Use Google Shell Style: https://google.github.io/styleguide/shell.xml

# ---- Start unofficial bash strict mode boilerplate
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -o errexit # always exit on error
set -o errtrace # trap errors in functions as well
set -o pipefail # don't ignore exit codes when piping output
set -o posix # more strict failures in subshells
# set -x # enable debugging

IFS=$'\n\t'
# ---- End unofficial bash strict mode boilerplate

cd "$(dirname "${BASH_SOURCE[0]}")/.."
# change the node user's uid:gid to match the repo root directory's
usermod --uid "$(stat -c "%u" .)" --non-unique node |& grep -v "no changes" || true
./.reaction/fix-volumes.sh
export NODE_ENV="${NODE_ENV:-production}"
command=(node .)
if [[ $# -gt 0 ]]; then
command=($@)
fi
unset IFS
exec su-exec node ${command[*]}
34 changes: 34 additions & 0 deletions .reaction/fix-volumes.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

# Please Use Google Shell Style: https://google.github.io/styleguide/shell.xml

# ---- Start unofficial bash strict mode boilerplate
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -o errexit # always exit on error
set -o errtrace # trap errors in functions as well
set -o pipefail # don't ignore exit codes when piping output
set -o posix # more strict failures in subshells
# set -x # enable debugging

IFS=$'\n\t'
# ---- End unofficial bash strict mode boilerplate

cd "$(dirname "${BASH_SOURCE[0]}")/.."
owner=$(stat -c "%u:%g" .)
volumes=(
./node_modules
./build
/home/node/.cache/yarn
/home/node/.cache/yarn-offline-mirror
)
for dir in ${volumes[*]}; do
mkdir -p "${dir}"
old_owner=$(stat -c "%u:%g" "${dir}")
if [[ "$1" != "--force" && "${old_owner}" == "${owner}" ]]; then
continue
fi
printf "Fixing volume ${dir} (before=${old_owner} after=${owner})…"
chown -R "${owner}" "${dir}"
chmod -R a+r,u+rw "${dir}"
echo "✓"
done
Loading