-
Notifications
You must be signed in to change notification settings - Fork 105
/
command
executable file
Β·395 lines (335 loc) Β· 11.9 KB
/
command
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
#!/bin/bash
set -euo pipefail
# retry <number-of-retries> <command>
function retry {
local retries=$1; shift
local attempts=1
until "$@"; do
retry_exit_status=$?
echo "Exited with $retry_exit_status"
if (( retries == "0" )); then
return $retry_exit_status
elif (( attempts == retries )); then
echo "Failed $attempts retries"
return $retry_exit_status
else
echo "Retrying $((retries - attempts)) more times..."
attempts=$((attempts + 1))
sleep $(((attempts - 2) * 2))
fi
done
}
# Reads a list from plugin config into a global result array
# Returns success if values were read
plugin_read_list_into_result() {
result=()
for prefix in "$@" ; do
local i=0
local parameter="${prefix}_${i}"
if [[ -n "${!prefix:-}" ]] ; then
echo "π¨ Plugin received a string for $prefix, expected an array" >&2
exit 1
fi
while [[ -n "${!parameter:-}" ]]; do
result+=("${!parameter}")
i=$((i+1))
parameter="${prefix}_${i}"
done
done
[[ ${#result[@]} -gt 0 ]] || return 1
}
# docker's -v arguments don't do local path expansion, so we add very simple support for .
expand_relative_volume_path() {
local path="$1"
if [[ $path =~ ^\.: ]] ; then
printf "%s" "${PWD}${path#.}"
elif [[ $path =~ ^\.(/|\\) ]] ; then
printf "%s" "${PWD}/${path#.}"
else
echo "$path"
fi
}
is_windows() {
[[ "$OSTYPE" =~ ^(win|msys|cygwin) ]]
}
is_macos() {
[[ "$OSTYPE" =~ ^(darwin) ]]
}
tty_default='on'
init_default='on'
mount_agent_default='on'
mount_ssh_agent=''
pwd_default="$PWD"
workdir_default="/workdir"
# Set operating system specific defaults
if is_windows ; then
tty_default=''
init_default=''
mount_agent_default=''
workdir_default="C:\\workdir"
# escaping /C is a necessary workaround for an issue with Git for Windows 2.24.1.2
# https://github.com/git-for-windows/git/issues/2442
pwd_default="$(cmd.exe //C "echo %CD%")"
elif is_macos ; then
mount_agent_default=''
fi
args=()
# Support switching tty off
if [[ "${BUILDKITE_PLUGIN_DOCKER_TTY:-$tty_default}" =~ ^(true|on|1)$ ]] ; then
args+=("-it")
else
args+=("-i")
fi
args+=("--rm")
# Support docker run --init.
if [[ "${BUILDKITE_PLUGIN_DOCKER_INIT:-$init_default}" =~ ^(true|on|1)$ ]] ; then
args+=("--init")
fi
# Parse tmpfs property.
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_TMPFS ; then
for arg in "${result[@]}" ; do
args+=( "--tmpfs" "$(expand_relative_volume_path "${arg}")" )
done
fi
workdir=''
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_WORKDIR:-}" ]] || [[ "${BUILDKITE_PLUGIN_DOCKER_MOUNT_CHECKOUT:-on}" =~ ^(true|on|1)$ ]] ; then
workdir="${BUILDKITE_PLUGIN_DOCKER_WORKDIR:-$workdir_default}"
fi
# By default, mount $PWD onto $WORKDIR
if [[ "${BUILDKITE_PLUGIN_DOCKER_MOUNT_CHECKOUT:-on}" =~ ^(true|on|1)$ ]] ; then
args+=( "--volume" "${pwd_default}:${workdir}" )
fi
# Parse volumes (and deprecated mounts) and add them to the docker args
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_VOLUMES BUILDKITE_PLUGIN_DOCKER_MOUNTS ; then
for arg in "${result[@]}" ; do
args+=( "--volume" "$(expand_relative_volume_path "${arg}")" )
done
fi
# Parse devices and add them to the docker args
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_DEVICES ; then
for arg in "${result[@]}" ; do
args+=( "--device" "${arg}" )
done
fi
# Parse sysctl args and add them to docker args
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_SYSCTLS ; then
for arg in "${result[@]}" ; do
args+=( "--sysctl" "$arg" )
done
fi
# Set workdir if one is provided or if the checkout is mounted
if [[ -n "${workdir:-}" ]] || [[ "${BUILDKITE_PLUGIN_DOCKER_MOUNT_CHECKOUT:-on}" =~ ^(true|on|1)$ ]]; then
args+=("--workdir" "${workdir}")
fi
# Support docker run --user
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_USER:-}" ]] && [[ -n "${BUILDKITE_PLUGIN_DOCKER_PROPAGATE_UID_GID:-}" ]]; then
echo "+++ Error: Can't set both user and propagate-uid-gid"
exit 1
fi
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_USER:-}" ]] ; then
args+=("-u" "${BUILDKITE_PLUGIN_DOCKER_USER:-}")
fi
# Parse publish args and add them to docker args
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_PUBLISH ; then
for arg in "${result[@]}" ; do
args+=( "--publish" "$arg" )
done
fi
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_PROPAGATE_UID_GID:-}" ]] ; then
args+=("-u" "$(id -u):$(id -g)")
fi
# Support docker run --group-add
while IFS='=' read -r name _ ; do
if [[ $name =~ ^(BUILDKITE_PLUGIN_DOCKER_ADDITIONAL_GROUPS_[0-9]+) ]] ; then
args+=( "--group-add" "${!name}" )
fi
done < <(env | sort)
# Support docker run --userns
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_USERNS:-}" ]]; then
# However, if BUILDKITE_PLUGIN_DOCKER_PRIVILEGED is enabled, then userns MUST
# be overridden to host per limitations of docker
# https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations
if [[ "${BUILDKITE_PLUGIN_DOCKER_PRIVILEGED:-false}" =~ ^(true|on|1)$ ]] ; then
args+=("--userns" "host")
else
args+=("--userns" "${BUILDKITE_PLUGIN_DOCKER_USERNS:-}")
fi
fi
# Mount ssh-agent socket and known_hosts
if [[ "${BUILDKITE_PLUGIN_DOCKER_MOUNT_SSH_AGENT:-$mount_ssh_agent}" =~ ^(true|on|1)$ ]] ; then
if [[ -z "${SSH_AUTH_SOCK:-}" ]] ; then
echo "+++ π¨ \$SSH_AUTH_SOCK isn't set, has ssh-agent started?"
exit 1
fi
if [[ ! -S "${SSH_AUTH_SOCK}" ]] ; then
echo "+++ π¨ There isn't any file at ${SSH_AUTH_SOCK}, has ssh-agent started?"
exit 1
fi
if [[ ! -S "${SSH_AUTH_SOCK}" ]] ; then
echo "+++ π¨ The file at ${SSH_AUTH_SOCK} isn't a socket, has ssh-agent started?"
exit 1
fi
args+=(
"--env" "SSH_AUTH_SOCK=/ssh-agent"
"--volume" "${SSH_AUTH_SOCK}:/ssh-agent"
"--volume" "${HOME}/.ssh/known_hosts:/root/.ssh/known_hosts"
)
fi
# Handle the mount-buildkite-agent option
if [[ "${BUILDKITE_PLUGIN_DOCKER_MOUNT_BUILDKITE_AGENT:-$mount_agent_default}" =~ ^(true|on|1)$ ]] ; then
if [[ -z "${BUILDKITE_AGENT_BINARY_PATH:-}" ]] ; then
if ! command -v buildkite-agent >/dev/null 2>&1 ; then
echo -n "+++ π¨ Failed to find buildkite-agent in PATH to mount into container, "
echo "you can disable this behaviour with 'mount-buildkite-agent:false'"
else
BUILDKITE_AGENT_BINARY_PATH=$(command -v buildkite-agent)
fi
fi
fi
# Mount buildkite-agent if we have a path for it
if [[ -n "${BUILDKITE_AGENT_BINARY_PATH:-}" ]] ; then
args+=(
"--env" "BUILDKITE_JOB_ID"
"--env" "BUILDKITE_BUILD_ID"
"--env" "BUILDKITE_AGENT_ACCESS_TOKEN"
"--volume" "$BUILDKITE_AGENT_BINARY_PATH:/usr/bin/buildkite-agent"
)
fi
# Parse extra env vars and add them to the docker args
while IFS='=' read -r name _ ; do
if [[ $name =~ ^(BUILDKITE_PLUGIN_DOCKER_ENVIRONMENT_[0-9]+) ]] ; then
args+=( "--env" "${!name}" )
fi
done < <(env | sort)
# Parse host mappings and add them to the docker args
while IFS='=' read -r name _ ; do
if [[ $name =~ ^(BUILDKITE_PLUGIN_DOCKER_ADD_HOST_[0-9]+) ]] ; then
args+=( "--add-host" "${!name}" )
fi
done < <(env | sort)
# Privileged container
if [[ "${BUILDKITE_PLUGIN_DOCKER_PRIVILEGED:-false}" =~ ^(true|on|1)$ ]] ; then
args+=( "--privileged" )
fi
# Propagate all environment variables into the container if requested
if [[ "${BUILDKITE_PLUGIN_DOCKER_PROPAGATE_ENVIRONMENT:-false}" =~ ^(true|on|1)$ ]] ; then
if [[ -n "${BUILDKITE_ENV_FILE:-}" ]] ; then
# Read in the env file and convert to --env params for docker
# This is because --env-file doesn't support newlines or quotes per https://docs.docker.com/compose/env-file/#syntax-rules
while read -r var; do
args+=( --env "${var%%=*}" )
done < "$BUILDKITE_ENV_FILE"
else
echo -n "π¨ Not propagating environment variables to container as \$BUILDKITE_ENV_FILE is not set"
fi
fi
if [[ "${BUILDKITE_PLUGIN_DOCKER_ALWAYS_PULL:-false}" =~ ^(true|on|1)$ ]] ; then
echo "--- :docker: Pulling ${BUILDKITE_PLUGIN_DOCKER_IMAGE}"
if ! retry "${BUILDKITE_PLUGIN_DOCKER_PULL_RETRIES:-3}" \
docker pull "${BUILDKITE_PLUGIN_DOCKER_IMAGE}" ; then
echo "!!! :docker: Pull failed."
exit $retry_exit_status
fi
fi
# Parse network and create it if it don't exist.
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_NETWORK:-}" ]] ; then
DOCKER_NETWORK_ID=$(docker network ls --quiet --filter "name=${BUILDKITE_PLUGIN_DOCKER_NETWORK}")
if [[ -z ${DOCKER_NETWORK_ID} ]] ; then
echo "creating network ${BUILDKITE_PLUGIN_DOCKER_NETWORK}"
docker network create "${BUILDKITE_PLUGIN_DOCKER_NETWORK}"
else
echo "docker network ${BUILDKITE_PLUGIN_DOCKER_NETWORK} already exists"
fi
args+=("--network" "${BUILDKITE_PLUGIN_DOCKER_NETWORK:-}")
fi
# Support docker run --runtime
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_RUNTIME:-}" ]] ; then
args+=("--runtime" "${BUILDKITE_PLUGIN_DOCKER_RUNTIME:-}")
fi
# Support docker run --ipc
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_IPC:-}" ]] ; then
args+=("--ipc" "${BUILDKITE_PLUGIN_DOCKER_IPC:-}")
fi
shell=()
shell_disabled=1
if [[ -n "${BUILDKITE_COMMAND}" ]]; then
shell_disabled=''
fi
# Handle setting of shm size if provided
if [[ -n "${BUILDKITE_PLUGIN_DOCKER_SHM_SIZE:-}" ]]; then
args+=("--shm-size" "${BUILDKITE_PLUGIN_DOCKER_SHM_SIZE}")
fi
# Handle entrypoint if set (or empty), and default shell to disabled
if [[ "${BUILDKITE_PLUGIN_DOCKER_ENTRYPOINT-false}" != "false" ]] ; then
args+=("--entrypoint" "${BUILDKITE_PLUGIN_DOCKER_ENTRYPOINT:-}")
shell_disabled=1
fi
# Handle shell being disabled
if [[ "${BUILDKITE_PLUGIN_DOCKER_SHELL:-}" =~ ^(false|off|0)$ ]] ; then
shell_disabled=1
# Show a helpful error message if a string version of shell is used
elif [[ -n "${BUILDKITE_PLUGIN_DOCKER_SHELL:-}" ]] ; then
echo -n "π¨ The Docker Pluginβs shell configuration option can no longer be specified as a string, "
echo -n "but only as an array. Please update your pipeline.yml to use an array, "
echo "for example: [\"/bin/sh\", \"-e\", \"-u\"]."
echo
echo -n "Note that the docker plugin will infer a shell if one is required, so you might be able to remove"
echo "the option entirely"
exit 1
# Handle shell being provided as a string or list
elif plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_SHELL ; then
shell_disabled=''
for arg in "${result[@]}" ; do
shell+=("$arg")
done
fi
# Add the job id as meta-data for reference in pre-exit
args+=("--label" "com.buildkite.job-id=${BUILDKITE_JOB_ID}")
# Add the image in before the shell and command
args+=("${BUILDKITE_PLUGIN_DOCKER_IMAGE}")
# Set a default shell if one is needed
if [[ -z $shell_disabled ]] && [[ ${#shell[@]} -eq 0 ]] ; then
if is_windows ; then
shell=("CMD.EXE" "/c")
else
shell=("/bin/sh" "-e" "-c")
fi
fi
command=()
# Parse plugin command if provided
if plugin_read_list_into_result BUILDKITE_PLUGIN_DOCKER_COMMAND ; then
for arg in "${result[@]}" ; do
command+=("$arg")
done
fi
if [[ ${#command[@]} -gt 0 ]] && [[ -n "${BUILDKITE_COMMAND}" ]] ; then
echo "+++ Error: Can't use both a step level command and the command parameter of the plugin"
exit 1
fi
# Assemble the shell and command arguments into the docker arguments
if [[ ${#shell[@]} -gt 0 ]] ; then
for shell_arg in "${shell[@]}" ; do
args+=("$shell_arg")
done
fi
if [[ -n "${BUILDKITE_COMMAND}" ]] ; then
if is_windows ; then
# The windows CMD shell only supports multiple commands with &&.
windows_multi_command=${BUILDKITE_COMMAND//$'\n'/ && }
args+=("${windows_multi_command}")
else
args+=("${BUILDKITE_COMMAND}")
fi
elif [[ ${#command[@]} -gt 0 ]] ; then
for command_arg in "${command[@]}" ; do
args+=("$command_arg")
done
fi
echo "--- :docker: Running command in ${BUILDKITE_PLUGIN_DOCKER_IMAGE}"
echo -ne '\033[90m$\033[0m docker run ' >&2
# Print all the arguments, with a space after, properly shell quoted
printf "%q " "${args[@]}"
echo
# Don't convert paths on gitbash on windows, as that can mangle user paths and cmd options.
# See https://github.com/buildkite-plugins/docker-buildkite-plugin/issues/81 for more information.
( if is_windows ; then export MSYS_NO_PATHCONV=1; fi && docker run "${args[@]}" )