forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 2
/
run_envoy_docker.sh
executable file
·131 lines (117 loc) · 5 KB
/
run_envoy_docker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
set -e
# shellcheck source=ci/envoy_build_sha.sh
. "$(dirname "$0")"/envoy_build_sha.sh
function is_windows() {
[[ "$(uname -s)" == *NT* ]]
}
read -ra ENVOY_DOCKER_OPTIONS <<< "${ENVOY_DOCKER_OPTIONS:-}"
# TODO(phlax): uppercase these env vars
export HTTP_PROXY="${http_proxy:-}"
export HTTPS_PROXY="${https_proxy:-}"
export NO_PROXY="${no_proxy:-}"
export GOPROXY="${go_proxy:-}"
if is_windows; then
[[ -z "${IMAGE_NAME}" ]] && IMAGE_NAME="envoyproxy/envoy-build-windows2019"
# TODO(sunjayBhatia): Currently ENVOY_DOCKER_OPTIONS is ignored on Windows because
# CI sets it to a Linux-specific value. Undo this once https://github.com/envoyproxy/envoy/issues/13272
# is resolved.
ENVOY_DOCKER_OPTIONS=()
# Replace MSYS style drive letter (/c/) with Windows drive letter designation (C:/)
DEFAULT_ENVOY_DOCKER_BUILD_DIR=$(echo "${TEMP}" | sed -E "s#^/([a-zA-Z])/#\1:/#")/envoy-docker-build
BUILD_DIR_MOUNT_DEST=C:/build
SOURCE_DIR=$(echo "${PWD}" | sed -E "s#^/([a-zA-Z])/#\1:/#")
SOURCE_DIR_MOUNT_DEST=C:/source
START_COMMAND=("bash" "-c" "cd /c/source && export HOME=/c/build && $*")
else
[[ -z "${IMAGE_NAME}" ]] && IMAGE_NAME="envoyproxy/envoy-build-ubuntu"
# We run as root and later drop permissions. This is required to setup the USER
# in useradd below, which is need for correct Python execution in the Docker
# environment.
ENVOY_DOCKER_OPTIONS+=(-u root:root)
DOCKER_USER_ARGS=()
DOCKER_GROUP_ARGS=()
DEFAULT_ENVOY_DOCKER_BUILD_DIR=/tmp/envoy-docker-build
if [[ -n "$ENVOY_DOCKER_IN_DOCKER" ]]; then
ENVOY_DOCKER_OPTIONS+=(-v /var/run/docker.sock:/var/run/docker.sock)
DOCKER_GID="$(stat -c %g /var/run/docker.sock 2>/dev/null || stat -f %g /var/run/docker.sock)"
DOCKER_USER_ARGS=(--gid "${DOCKER_GID}")
DOCKER_GROUP_ARGS=(--gid "${DOCKER_GID}")
fi
BUILD_DIR_MOUNT_DEST=/build
SOURCE_DIR="${PWD}"
SOURCE_DIR_MOUNT_DEST=/source
START_COMMAND=("/bin/bash" "-lc" "groupadd ${DOCKER_GROUP_ARGS[*]} -f envoygroup && useradd -o --uid $(id -u) ${DOCKER_USER_ARGS[*]} --no-create-home --home-dir /build envoybuild \
&& usermod -a -G pcap envoybuild \
&& chown envoybuild:envoygroup /build \
&& chown envoybuild /proc/self/fd/2 \
&& sudo -EHs -u envoybuild bash -c 'cd /source && $*'")
fi
# The IMAGE_ID defaults to the CI hash but can be set to an arbitrary image ID (found with 'docker
# images').
[[ -z "${IMAGE_ID}" ]] && IMAGE_ID="${ENVOY_BUILD_SHA}"
[[ -z "${ENVOY_DOCKER_BUILD_DIR}" ]] && ENVOY_DOCKER_BUILD_DIR="${DEFAULT_ENVOY_DOCKER_BUILD_DIR}"
# Replace backslash with forward slash for Windows style paths
ENVOY_DOCKER_BUILD_DIR="${ENVOY_DOCKER_BUILD_DIR//\\//}"
mkdir -p "${ENVOY_DOCKER_BUILD_DIR}"
[[ -t 1 ]] && ENVOY_DOCKER_OPTIONS+=("-it")
[[ -f .git ]] && [[ ! -d .git ]] && ENVOY_DOCKER_OPTIONS+=(-v "$(git rev-parse --git-common-dir):$(git rev-parse --git-common-dir)")
[[ -n "${SSH_AUTH_SOCK}" ]] && ENVOY_DOCKER_OPTIONS+=(-v "${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}" -e SSH_AUTH_SOCK)
export ENVOY_BUILD_IMAGE="${IMAGE_NAME}:${IMAGE_ID}"
VOLUMES=(
-v "${ENVOY_DOCKER_BUILD_DIR}":"${BUILD_DIR_MOUNT_DEST}"
-v "${SOURCE_DIR}":"${SOURCE_DIR_MOUNT_DEST}")
if ! is_windows && [[ -n "$ENVOY_DOCKER_IN_DOCKER" ]]; then
# Create a "shared" directory that has the same path in/outside the container
# This allows the host docker engine to see artefacts using a temporary path created inside the container,
# at the same path.
# For example, a directory created with `mktemp -d --tmpdir /tmp/bazel-shared` can be mounted as a volume
# from within the build container.
SHARED_TMP_DIR=/tmp/bazel-shared
mkdir -p "${SHARED_TMP_DIR}"
chmod +rwx "${SHARED_TMP_DIR}"
VOLUMES+=(-v "${SHARED_TMP_DIR}":"${SHARED_TMP_DIR}")
fi
if [[ -n "${ENVOY_DOCKER_PULL}" ]]; then
time docker pull "${ENVOY_BUILD_IMAGE}"
fi
# Since we specify an explicit hash, docker-run will pull from the remote repo if missing.
docker run --rm \
"${ENVOY_DOCKER_OPTIONS[@]}" \
"${VOLUMES[@]}" \
-e AZP_BRANCH \
-e AZP_COMMIT_SHA \
-e AZP_TARGET_BRANCH \
-e HTTP_PROXY \
-e HTTPS_PROXY \
-e NO_PROXY \
-e GOPROXY \
-e BAZEL_STARTUP_OPTIONS \
-e BAZEL_BUILD_EXTRA_OPTIONS \
-e BAZEL_EXTRA_TEST_OPTIONS \
-e BAZEL_REMOTE_CACHE \
-e ENVOY_STDLIB \
-e BUILD_REASON \
-e BAZEL_REMOTE_INSTANCE \
-e GOOGLE_BES_PROJECT_ID \
-e GCP_SERVICE_ACCOUNT_KEY \
-e NUM_CPUS \
-e ENVOY_RBE \
-e ENVOY_BUILD_IMAGE \
-e ENVOY_SRCDIR \
-e ENVOY_BUILD_TARGET \
-e ENVOY_BUILD_DEBUG_INFORMATION \
-e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER \
-e GCS_ARTIFACT_BUCKET \
-e GITHUB_TOKEN \
-e BUILD_SOURCEBRANCHNAME \
-e BAZELISK_BASE_URL \
-e ENVOY_BUILD_ARCH \
-e SLACK_TOKEN \
-e BUILD_URI\
-e REPO_URI \
-e SYSTEM_STAGEDISPLAYNAME \
-e SYSTEM_JOBDISPLAYNAME \
-e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER \
"${ENVOY_BUILD_IMAGE}" \
"${START_COMMAND[@]}"