Refactor handling of docker settings (#588)

* Resolve all bind-mounted volumes to absolute paths * Refactor docker options passing
ros-industrial · Jan 23, 2021 · 341ac5b · 341ac5b
1 parent 69576ad
commit 341ac5b
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 47 deletions.
diff --git a/industrial_ci/src/isolation/docker.sh b/industrial_ci/src/isolation/docker.sh
@@ -20,13 +20,40 @@ export DOCKER_COMMIT_MSG=${DOCKER_COMMIT_MSG:-}
 export DOCKER_COMMIT_CREDENTIALS=${DOCKER_COMMIT_CREDENTIALS:-}
 export DOCKER_PULL=${DOCKER_PULL:-true}
 
+# ici_forward_mount VARNAME/FILE rw/ro [PATH]
+function ici_forward_mount() {
+  local p=$1
+  local v=
+  if ! [ -e "$1" ]; then
+    v=$1
+    p=${!1:-}
+  fi
+  if [ -n "$p" ]; then
+    local p_abs
+    p_abs=$(readlink -m "$p")
+    local p_inner=${3:-$p_abs}
+    _docker_run_opts+=(-v "$p_abs:$p_inner:$2")
+    if [ -n "$v" ]; then
+      ici_forward_variable "$v" "$p_inner"
+    fi
+  fi
+}
+
+# ici_forward_variable VARNAME [VALUE]
+function ici_forward_variable() {
+  if [ -n "${2-}" ]; then
+    _docker_run_opts+=(-e "$1=$2")
+  else
+    _docker_run_opts+=(-e "$1")
+  fi
+}
+
 #######################################
 # rerun the CI script in docker container end exit the outer script
 #
 # Globals:
 #   DOCKER_IMAGE (read-only)
 #   ICI_SRC_PATH (read-only)
-#   IN_DOCKER (read-only)
 #   TARGET_REPO_PATH (read-only)
 # Arguments:
 #   (None)
@@ -47,22 +74,26 @@ function ici_isolate() {
       unset ROS_DISTRO
   fi
 
-  local docker_target_repo_path=/root/src/$TARGET_REPO_NAME
-  local docker_ici_src_path=/root/ici
-  file="${file/#$TARGET_REPO_PATH/$docker_target_repo_path}"
-  file="${file/#$ICI_SRC_PATH/$docker_ici_src_path}"
+  ici_forward_mount TARGET_REPO_PATH ro
+  ici_forward_mount ICI_SRC_PATH ro
+  ici_forward_mount BASEDIR rw
+  ici_forward_mount CCACHE_DIR rw
+  ici_forward_mount SSH_AUTH_SOCK rw # forward ssh agent into docker container
+
+  local run_opts
+  ici_parse_env_array run_opts DOCKER_RUN_OPTS
+
+  for hook in $(env | grep -o '^\(BEFORE\|AFTER\)_[^=]*'); do
+      ici_forward_variable "$hook"
+  done
 
-  ici_run_cmd_in_docker -e "TARGET_REPO_PATH=$docker_target_repo_path" \
-                        -v "$TARGET_REPO_PATH/:$docker_target_repo_path:ro" \
-                        -e "ICI_SRC_PATH=$docker_ici_src_path" \
-                        -v "$ICI_SRC_PATH/:$docker_ici_src_path:ro" \
+  ici_run_cmd_in_docker "${_docker_run_opts[@]}" "${run_opts[@]}" \
                         -t \
                         --entrypoint '' \
-                        -w "$docker_target_repo_path" \
+                        -w "$TARGET_REPO_PATH" \
                         "$DOCKER_IMAGE" \
-                        /bin/bash $docker_ici_src_path/run.sh "$file" "$@"
+                        /bin/bash "$ICI_SRC_PATH/run.sh" "$file" "$@"
 }
-
 #######################################
 # wrapper for running a command in docker
 #
@@ -79,43 +110,18 @@ function ici_isolate() {
 #   (None)
 #######################################
 function ici_run_cmd_in_docker() {
-  local run_opts=()
-  ici_parse_env_array run_opts DOCKER_RUN_OPTS
   local commit_image=$DOCKER_COMMIT
   DOCKER_COMMIT=
 
-  #forward ssh agent into docker container
-  if [ -n "${SSH_AUTH_SOCK:-}" ]; then
-     local auth_dir
-     auth_dir=$(dirname "$SSH_AUTH_SOCK")
-     run_opts+=(-v "$auth_dir:$auth_dir" -e "SSH_AUTH_SOCK=$SSH_AUTH_SOCK")
-  fi
 
-  if [ -n "${BASEDIR-}" ]; then
-    mkdir -p "$BASEDIR"
-    run_opts+=(-v "$BASEDIR:$BASEDIR" -e "BASEDIR=$BASEDIR")
-  fi
-
-  if [ -n "${CCACHE_DIR}" ]; then
-     run_opts+=(-v "$CCACHE_DIR:/root/.ccache" -e "CCACHE_DIR=/root/.ccache")
-  fi
-
-  local hooks=()
-  for hook in $(env | grep -o '^\(BEFORE\|AFTER\)_[^=]*'); do
-      hooks+=(-e "$hook")
-  done
   local cid
-  cid=$(docker create \
-      --env-file "${ICI_SRC_PATH}/isolation/docker.env" \
-      "${hooks[@]}" \
-      "${run_opts[@]}" \
-      "$@")
+  cid=$(docker create --env-file "${ICI_SRC_PATH}/isolation/docker.env" "$@")
 
   # detect user inside container
   local image
   image=$(docker inspect --format='{{.Config.Image}}' "$cid")
-  docker_uid=$(docker run --rm "${run_opts[@]}" --entrypoint '' "$image" id -u)
-  docker_gid=$(docker run --rm "${run_opts[@]}" --entrypoint '' "$image" id -g)
+  docker_uid=$(docker run --rm --entrypoint '' "$image" id -u)
+  docker_gid=$(docker run --rm --entrypoint '' "$image" id -g)
 
   # pass common credentials to container
   if [ "$DOCKER_COMMIT_CREDENTIALS" != false ]; then

diff --git a/industrial_ci/src/isolation/shell.sh b/industrial_ci/src/isolation/shell.sh
@@ -15,6 +15,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# ici_forward_mount VARNAME/FILE rw/ro [PATH]
+function ici_forward_mount() {
+  true
+}
+
+# ici_forward_variable VARNAME [VALUE]
+function ici_forward_variable() {
+  if [ -n "${2-}" ]; then
+    export "$1"="$2"
+  fi
+}
+
 function ici_isolate {
   if [ "${CI:-}" != true ] ; then
     ici_error 'ISOLATION=shell needs CI=true'

diff --git a/industrial_ci/src/tests/ros_prerelease.sh b/industrial_ci/src/tests/ros_prerelease.sh
@@ -69,7 +69,6 @@ function prepare_ros_prerelease() {
         export BUILDER=catkin_make_isolated
     fi
     export WORKSPACE; WORKSPACE=$(mktemp -d)
-    local opts=()
     if [ -z "${ROSDISTRO_INDEX_URL:-}" ]; then
       if [ "$ROS_VERSION" -eq 2 ]; then
           export ROSDISTRO_INDEX_URL="https://raw.githubusercontent.com/ros2/ros_buildfarm_config/ros2/index.yaml"
@@ -80,18 +79,21 @@ function prepare_ros_prerelease() {
     export PRERELEASE_DISTRO="$ROS_DISTRO"
 
     ici_parse_env_array opts DOCKER_RUN_OPTS
-    opts+=(-e TRAVIS -e OS_NAME -e OS_CODE_NAME -e OS_ARCH -e PRERELEASE_DOWNSTREAM_DEPTH -e PRERELEASE_REPONAME -e ROSDISTRO_INDEX_URL -e PRERELEASE_DISTRO
-                 -v "$WORKSPACE:$WORKSPACE:rw" -e "WORKSPACE=$WORKSPACE")
+    for e in TRAVIS OS_NAME OS_CODE_NAME OS_ARCH PRERELEASE_DOWNSTREAM_DEPTH PRERELEASE_REPONAME ROSDISTRO_INDEX_URL PRERELEASE_DISTRO; do
+        ici_forward_variable "$e"
+    done
+
+    ici_forward_mount WORKSPACE rw
 
     if [ -n "${DOCKER_PORT:-}" ]; then
-        opts+=(-e "DOCKER_HOST=$DOCKER_PORT")
+        ici_forward_variable DOCKER_HOST "$DOCKER_PORT"
     elif [ -e /var/run/docker.sock ]; then
-        opts+=(-v /var/run/docker.sock:/var/run/docker.sock)
+        ici_forward_mount /var/run/docker.sock rw
     fi
     if [ -n "${CCACHE_DIR}" ]; then
-      opts+=(-v "$CCACHE_DIR:$WORKSPACE/home/.ccache")
+      ici_forward_mount CCACHE_DIR rw "$WORKSPACE/home/.ccache"
+      CCACHE_DIR= # prevent cachedir from beeing added twice
     fi
-    export DOCKER_RUN_OPTS="${opts[*]}"
     export DOCKER_IMAGE=${DOCKER_IMAGE:-ros:noetic-ros-core}
     export ROS_DISTRO=noetic
 }