-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support mount-buildkite-agent option #158
Comments
For other readers, I'm doing the following in my steps:
- name: 'Example step'
command: echo Hello World
agents:
queue: '*'
plugins:
docker-compose#v2.4.1:
run: tests
config: .buildkite/docker-compose.yml
volumes:
- ${BUILDKITE_AGENT_BINARY_PATH:-/usr/bin/buildkite-agent}:/usr/bin/buildkite-agent
environment:
- BUILDKITE_JOB_ID
- BUILDKITE_BUILD_ID
- BUILDKITE_AGENT_ACCESS_TOKEN Having this automatically added would be nicer as I have a lot of steps and so a lot of undesirable repetition (though I may post-process a simpler NOTE: This does not work if you're using the |
We didn’t do this initially, but I think it’s probably a really sensible default that you could disable if it causes problems. |
Or just have it off by default? I think once the |
I believe the If it’s a safety thing, we should probably default it in both plugins to off? But I’m not sure, I feel that might be overly cautious. I reckon we could do a major version bump now, and set it on by default. |
Currently, the |
One downside to automatically trying to mount the buildkite-agent binary is that (like mounting the working dir), it falls apart quickly in things like kubernetes. |
If I read the agent code correctly, the agent that starts the socket does, but the agent that consumes it only needs the former, no? Or at least, that seemed like the point; unauthenticated to a local socket, another process which "closes over" the auth then proxies to the real endpoint. Or, did I miss the point entirely of that feature?
I don't know anything about Kubernetes to chime in about what to do there, but I am super curious as to what exactly is different there. |
The local socket is actually authenticated too, which might be overkill: I reckon keeping it simple and having an unauthenticated
If you have the agent running in a docker container rather than on the host but with access to the docker socket things get messy. Host volume mounts are relative to the host, so even though in your container |
Yup I see. Messy indeed... |
The only way I can think to solve it is to have something like https://github.com/buildkite/sockguard rewriting certain paths. |
One, potentially hacky|elegant, solution to this issue would be to use old-school data containers to provide a data volume containing the buildkite-agent binary. The docker-compose plugin could then use the override.yml to specify a This has the drawback of potentially requiring a path modification within the target container to pickup the agent binary, as I'm not sure if you can use data containers to bind-mount a single file, but it would be compatible across a variety of docker-within-agent configurations. If buildkite provided a set of standard As a minimal example:
|
Unfortunately |
Yes, the v3 compose file syntax is a bit of a bear. I believe the same general concept works by directly specifying the service dependency and volume mount in the compose override: https://gist.github.com/asford/fc72f7450d2ae464863d6fa98d14b7d0 |
had no idea how to pass Buildkite-agent through to my docker container - thank you for defining these steps (even if it's not as automatic as you'd like) would love to see this documented. |
Some time has passed since the original discussion around this issue - has anything changed that might enable a nicer solution to this? I tried @bjeanes' workaround in the inline step builder and got an error message saying that "BUILDKITE_AGENT_BINARY_PATH couldn't be interpolated". |
We'd be open to revisiting this, and just providing an option to link through the Unfortunately @chrislloyd you won't be able to use that environment variable in the inline step builder — that's an agent run-time environment variable, because we wouldn't know the path to the binary on the agent machine at that stage. If you know the path to the agent binary though, you could hardcode the path instead of using the environment variable? |
here we copied it over from how the docker-buildkite-plugin does it |
As mentioned, PR #285 took care of this :) |
a la https://github.com/buildkite-plugins/docker-buildkite-plugin#mount-buildkite-agent-optional / https://github.com/buildkite-plugins/docker-buildkite-plugin/blob/master/hooks/command#L30-L42
I'm doing this manually in my
docker-compose.yml
but it'd be much nicer to straight forwardly support this use case out of the box, both to keepdocker-compose.yml
less coupled to CI details, but also as I imagine this is a pretty common use case, and increasingly so with increased usage ofbuildkite-agent annotate
The text was updated successfully, but these errors were encountered: