forked from Nekroze/dab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dab
executable file
·167 lines (146 loc) · 5.27 KB
/
dab
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/sh
# vim: ft=sh ts=4 sw=4 sts=4 noet
set -eu
[ "${DAB_PROFILING:-false}" = 'false' ] || echo "[PROFILE] $(date '+%s.%N') [STRT] wrapper $*"
# Some static values to get us started.
image="${DAB_IMAGE:-${DAB_IMAGE_NAMESPACE:-nekroze}/${DAB_IMAGE_NAME:-dab}:${DAB_IMAGE_TAG:-latest}}"
docker_args='--hostname dab --rm --tmpfs /run,/tmp --network host'
# just a little helper to keep things readable when declaring parameters to be
# used when starting the dab container.
dArg() {
for arg in "$@"; do
docker_args="$docker_args $arg"
done
}
# If we are in a tty (interactive terminal environment) then run the dab
# container in one too.
if [ -t 0 ]; then
dArg --tty --interactive
fi
# Pass current working directory through to a consistent location.
dArg -e "HOST_PWD=$PWD" -v "$PWD:/pwd"
# UID and GID passthrough/customization. This will prevent most common docker
# issues with volume mounting directories owned by or running as a different
# user. Also allows customizable permissions if you want to make a user group
# for dab on your machine to restrict its access more granularly, and provide
# security by not running as root.
[ -z "${SUDO_UID:-}" ] || DAB_UID="$SUDO_UID"
[ -z "${SUDO_GID:-}" ] || DAB_GID="$SUDO_GID"
# shellcheck disable=SC2039
if [ -z "${DAB_UID:-}" ]; then
if [ -n "${UID:-}" ]; then
DAB_UID="$UID"
else
DAB_UID="$(id -u)"
fi
fi
if [ -z "${DAB_GID:-}" ]; then
if [ -n "${GID:-}" ]; then
DAB_GID="$GID"
else
DAB_GID="$(id -g)"
fi
fi
export DAB_UID DAB_GID
# Pass the calling user in as DAB_USER
export DAB_USER="${SUDO_USER:-${USER:-user}}"
dArg \
--user "$DAB_UID:$DAB_GID" \
-e USER="$DAB_USER"
# Home passthrough. Detects sudo usage and attempts to mount to the lower
# privileged user's home.
if [ -n "${SUDO_USER:-}" ]; then
if [ -d "/home/$SUDO_USER" ]; then
HOME="/home/$SUDO_USER"
elif [ -d "/Users/$SUDO_USER" ]; then
HOME="/Users/$SUDO_USER"
fi
fi
dArg \
-v "$HOME:$HOME" \
-e "HOME=$HOME"
##OSX does not have /home
if echo "$HOME" | grep -qv '/home'; then
dArg -v "$HOME:/home/$DAB_USER"
fi
# Docker group lists access if it exists on the host.
[ -f /etc/group ] && dArg -v '/etc/group:/etc/group:ro'
# Add the docker user explicitly to the groups dab has access too when
# possible. This may be neccesary for customized UID's or GID's that may not
# have docker access.
if [ -r /etc/group ]; then
docker_gid="$(grep '^docker:' /etc/group | cut -d: -f3)"
export DAB_DOCKER_GID="$docker_gid"
if [ -n "$docker_gid" ]; then
export DAB_DOCKER_GID="$docker_gid"
dArg --group-add "$docker_gid"
fi
fi
# Make dab managed codebases available to the host.
repo_path_default="${XDG_DATA_HOME:-$HOME}/dab"
export DAB_REPO_PATH="${DAB_REPO_PATH:-$repo_path_default}"
mkdir -p "$DAB_REPO_PATH" || true # try ensure it is owned by this user
dArg -v "$DAB_REPO_PATH:$DAB_REPO_PATH"
# Volume mount dab config to host user's XDG config directory.
conf_path_default="${XDG_CONFIG_HOME:-$HOME/.config}/dab"
export DAB_CONF_PATH="${DAB_CONF_PATH:-$conf_path_default}"
mkdir -p "$DAB_CONF_PATH" || true # try ensure it is owned by this user
dArg -v "$DAB_CONF_PATH:$DAB_CONF_PATH"
# Pass through ssh agent socket if available.
if [ -n "${SSH_AUTH_SOCK:-}" ]; then
dArg \
-v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" \
-e 'SSH_AUTH_SOCK'
fi
# Attempt work out how we connect to docker for passthrough.
local_docker_socket='/var/run/docker.sock'
if [ -e "$local_docker_socket" ]; then
dArg -v "$local_docker_socket:$local_docker_socket"
elif [ -n "${DOCKER_HOST:-}" ]; then
dArg -e "DOCKER_HOST=$DOCKER_HOST"
[ -n "${DOCKER_TLS_VERIFY:-}" ] &&
dArg -e "DOCKER_TLS_VERIFY=$DOCKER_TLS_VERIFY"
if [ -n "${DOCKER_CERT_PATH:-}" ]; then
dArg \
-e "DOCKER_CERT_PATH=$DOCKER_CERT_PATH" \
-v "$DOCKER_CERT_PATH:$DOCKER_CERT_PATH:ro"
fi
else
echo "cannot determine how to connect to docker, either ensure $local_docker_socket exists or set environment variables for docker over the network" 1>&2
exit 1
fi
# Mount app dir if it is there for faster dev cycles.
if [ "${DAB_DEV_MOUNT:-true}" = 'true' ] && [ -f "$PWD/app/bin/dab" ]; then
dArg -v "$PWD/app:/opt/dab:ro"
fi
# Attempt to mount this script into the container, if it can be found.
if [ -z "${DAB_WRAPPER_PATH:-}" ]; then
if [ "$(uname -s || true)" != 'Linux' ]; then
wrapperlink="$(readlink "$0" || true)"
else
wrapperlink="$(readlink -f "$0" || true)"
fi
wrappercmd="$(command -v "$0" || true)"
if [ -e "$wrapperlink" ]; then
export DAB_WRAPPER_PATH="$wrapperlink"
elif [ -n "$wrappercmd" ] && [ -f "$wrappercmd" ]; then
export DAB_WRAPPER_PATH="$wrappercmd"
fi
fi
[ -n "${DAB_WRAPPER_PATH:-}" ] && dArg -v "$DAB_WRAPPER_PATH:/tmp/wrapper"
# Pass through host OS type.
dArg -e DAB_HOST_UNAME="$(uname)"
# Passthrough all defined non empty DAB_* environment variables.
dArg "$(
env |
grep -E "^DAB_.+=.+" |
awk '{ print "-e " $1; }' |
tr '\n' ' '
)"
[ "${DAB_DEBUG:-false}" = 'false' ] || set -x
[ "${DAB_PROFILING:-false}" = 'false' ] || echo "[PROFILE] $(date '+%s.%N') [STRT] docker run $*"
# Execute with all generated args and passing in all script params to the container.
# shellcheck disable=SC2086
docker run $docker_args "$image" "$@"
[ "${DAB_PROFILING:-false}" = 'false' ] || echo "[PROFILE] $(date '+%s.%N') [STOP] docker run $*"
[ "${DAB_PROFILING:-false}" = 'false' ] || echo "[PROFILE] $(date '+%s.%N') [STOP] wrapper $*"