893bd56974
Our utils/docker-run wrapper is needed to provide a reproducible build environment: tools, variables, etc... but is not meant for isolation. As such, we do not care which network configuration is used. In some settings (e.g. enterprise networks), it is often the case that a VPN is in use, especially in those wonderful times of widespread remote work. Letting Docker decide on the network setup will most usually lead to it creating a private network that is NATed onto the principal network interface, leading to non-functional network in the container when a VPN is in use. As such, always use the host network configuration, and do not let Docker create a private network for the container. Signed-off-by: Yann E. MORIN <yann.morin@orange.com> Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
68 lines
2.1 KiB
Bash
Executable File
68 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -o errexit -o pipefail
|
|
DIR=$(dirname "${0}")
|
|
MAIN_DIR=$(readlink -f "${DIR}/..")
|
|
if [ -L "${MAIN_DIR}/.git/config" ]; then
|
|
# Support git-new-workdir
|
|
GIT_DIR="$(dirname "$(realpath "${MAIN_DIR}/.git/config")")"
|
|
else
|
|
# Support git-worktree
|
|
GIT_DIR="$(cd "${MAIN_DIR}" && git rev-parse --no-flags --git-common-dir)"
|
|
fi
|
|
if test -z "${IMAGE}" ; then
|
|
# shellcheck disable=SC2016
|
|
IMAGE=$(grep ^image: "${MAIN_DIR}/.gitlab-ci.yml" | \
|
|
sed -e 's,^image: ,,g' | sed -e 's,\$CI_REGISTRY,registry.gitlab.com,g')
|
|
fi
|
|
|
|
declare -a docker_opts=(
|
|
-i
|
|
--rm
|
|
--user "$(id -u):$(id -g)"
|
|
--workdir "$(pwd)"
|
|
--security-opt label=disable
|
|
--network host
|
|
)
|
|
|
|
declare -a mountpoints=(
|
|
"${MAIN_DIR}"
|
|
"$(pwd)"
|
|
)
|
|
|
|
# Empty GIT_DIR means that we are not in a workdir, *and* git is too old
|
|
# to know about worktrees, so we're not in a worktree either. So it means
|
|
# we're in the main git working copy, and thus we don't need to mount the
|
|
# .git directory.
|
|
if [ "${GIT_DIR}" ]; then
|
|
# GIT_DIR in the main working copy (when git supports worktrees) will
|
|
# be just '.git', but 'docker run' needs an absolute path. If it is
|
|
# not absolute, GIT_DIR is relative to MAIN_DIR. If it's an absolute
|
|
# path already (in a wordir), then that's a noop.
|
|
GIT_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}")"
|
|
mountpoints+=( "${GIT_DIR}" )
|
|
|
|
# 'repo' stores .git/objects separately.
|
|
if [ -L "${GIT_DIR}/objects" ]; then
|
|
# GITDIR is already an absolute path, but for symetry
|
|
# with the above, keep the same cd+readlink construct.
|
|
OBJECTS_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}/objects")"
|
|
mountpoints+=( "${OBJECTS_DIR}" )
|
|
fi
|
|
fi
|
|
|
|
if [ "${BR2_DL_DIR}" ]; then
|
|
mountpoints+=( "${BR2_DL_DIR}" )
|
|
docker_opts+=( --env BR2_DL_DIR )
|
|
fi
|
|
|
|
# shellcheck disable=SC2013 # can't use while-read because of the assignment
|
|
for dir in $(printf '%s\n' "${mountpoints[@]}" |LC_ALL=C sort -u); do
|
|
docker_opts+=( --mount "type=bind,src=${dir},dst=${dir}" )
|
|
done
|
|
|
|
if tty -s; then
|
|
docker_opts+=( -t )
|
|
fi
|
|
|
|
exec docker run "${docker_opts[@]}" "${IMAGE}" "${@}"
|