-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a rootless Docker strategy #2985
Merged
Merged
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
00b6437
Add a rootless Docker strategy
bsideup 62cdd1a
Use `XDG_RUNTIME_DIR`, add CI
bsideup e1d8f5a
run all `core` tests with Rootless Docker
bsideup 0b13156
Fix local compose
bsideup fb9c21e
fix `docker-credential-fake`
bsideup 5ae6ef6
debug
bsideup dd7cc6f
Use `Native.loadLibrary` for better compatibility with JNA 4.x
bsideup 53f5a42
Merge branch 'master' into rootless_docker
bsideup 5976196
change the priority and remove hardcoded "localhost"
bsideup 72ad8d2
Merge branch 'master' into rootless_docker
bsideup 8dc8c79
make `UnixSocketClientProviderStrategy` work on Mac (again :D)
bsideup f7f1a08
Allow overriding host's Docker socket
bsideup 7ff171f
Document the overrides
bsideup b9ffae3
add a new line
bsideup cb01cc8
Mention `DOCKER_HOST` as well
bsideup 8b1e440
fix the DOCKER_HOST link
bsideup 17f531f
Add examples
bsideup File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
name: CI-Docker-Rootless | ||
|
||
on: | ||
pull_request: {} | ||
push: { branches: [ master ] } | ||
|
||
jobs: | ||
test: | ||
runs-on: ubuntu-18.04 | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: debug | ||
run: id -u; whoami | ||
- name: uninstall rootful Docker | ||
run: sudo apt-get -q -y --purge remove moby-engine moby-buildx && sudo rm -rf /var/run/docker.sock | ||
- name: install rootless Docker | ||
run: curl -fsSL https://get.docker.com/rootless | sh | ||
- name: start rootless Docker | ||
run: PATH=$HOME/bin:$PATH XDG_RUNTIME_DIR=/tmp/docker-$(id -u) dockerd-rootless.sh --experimental --storage-driver vfs & | ||
- name: Build with Gradle | ||
run: XDG_RUNTIME_DIR=/tmp/docker-$(id -u) ./gradlew --no-daemon --scan testcontainers:test | ||
- name: aggregate test reports with ciMate | ||
if: always() | ||
continue-on-error: true | ||
env: | ||
CIMATE_PROJECT_ID: 2348n4vl | ||
CIMATE_CI_KEY: "CI / rootless Docker" | ||
run: | | ||
wget -q https://get.cimate.io/release/linux/cimate | ||
chmod +x cimate | ||
./cimate "**/TEST-*.xml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
core/src/main/java/org/testcontainers/dockerclient/RootlessDockerClientProviderStrategy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package org.testcontainers.dockerclient; | ||
|
||
import com.sun.jna.Library; | ||
import com.sun.jna.Native; | ||
import org.apache.commons.lang.SystemUtils; | ||
|
||
import java.net.URI; | ||
import java.nio.file.Files; | ||
import java.nio.file.Path; | ||
import java.nio.file.Paths; | ||
|
||
/** | ||
* | ||
* @deprecated this class is used by the SPI and should not be used directly | ||
*/ | ||
@Deprecated | ||
public final class RootlessDockerClientProviderStrategy extends DockerClientProviderStrategy { | ||
|
||
public static final int PRIORITY = UnixSocketClientProviderStrategy.PRIORITY + 1; | ||
|
||
private Path getSocketPath() { | ||
String xdgRuntimeDir = System.getenv("XDG_RUNTIME_DIR"); | ||
if (xdgRuntimeDir == null) { | ||
xdgRuntimeDir = "/run/user/" + LibC.INSTANCE.getuid(); | ||
} | ||
return Paths.get(xdgRuntimeDir).resolve("docker.sock"); | ||
} | ||
|
||
@Override | ||
public TransportConfig getTransportConfig() throws InvalidConfigurationException { | ||
return TransportConfig.builder() | ||
.dockerHost(URI.create("unix://" + getSocketPath().toString())) | ||
.build(); | ||
} | ||
|
||
@Override | ||
protected boolean isApplicable() { | ||
return SystemUtils.IS_OS_LINUX && Files.exists(getSocketPath()); | ||
} | ||
|
||
@Override | ||
public String getDescription() { | ||
return "Rootless Docker accessed via Unix socket (" + getSocketPath() + ")"; | ||
} | ||
|
||
@Override | ||
protected int getPriority() { | ||
return PRIORITY; | ||
} | ||
|
||
private interface LibC extends Library { | ||
|
||
LibC INSTANCE = Native.loadLibrary("c", LibC.class); | ||
|
||
int getuid(); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😂 for our tests, could we do this using the host socket URI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to do string matching, especially given that the feature is experimental and may change the socket location.
Apparently, Docker returns
rootless
security capability from the info endpoint, just docker-java does not expose it (yet). I will add it to docker-java, so that we can remove this workaround, okay? :)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, I was wondering if that would be the case. Let's not hold up this PR for the change in docker-java, though - it's OK as-is.