contain.sh

#!/bin/bash
set -e # exit on errors

if [ $(uname) = Darwin ]; then
    cat <<EOF0
This script cannot work on OS X because your OS X paths don't exist in the
'boot2docker' virtual machine.
EOF0
    exit 1
fi

# Where are we?
SCRIPTPATH=$( cd "$(dirname "$0")" ; pwd -P ) 

# Determine some names
CONTAINER=`echo $SCRIPTPATH | cut -c 2-`
TAG=$USER

# Build our base container
# Name it according to our location and userid
docker build -t=$CONTAINER:$TAG .

# Use it to build a container to which we can expose our home directory
# and the script's parent directory, and run commands as ourselves.
STAGE2=`mktemp -d -t ${CONTAINER//\//-}-XXXXXX`
GROUP=`id -g -n`
GID=`id -g`
if [ "$GROUP" = "staff" -a "$GID" = "20" ]; then
    GROUP=dialout
fi
cat > $STAGE2/Dockerfile <<EOF1
FROM $CONTAINER:$TAG
RUN grep -e ^${GROUP}: /etc/group || addgroup --gid $GID $GROUP
RUN useradd -d $HOME -g $GROUP -u $UID $USER
RUN echo $USER ALL = NOPASSWD: ALL > /etc/sudoers
USER $USER
WORKDIR $PWD
EOF1
docker build -t=$CONTAINER:$TAG $STAGE2

# Announce the good news
case $SCRIPTPATH/ in
    $HOME/*) VOLUMES=$HOME;;
    *) VOLUMES=$HOME $SCRIPTPATH;;
esac
VOLSPEC=`for VOL in $VOLUMES; do echo "-v=${VOL}:${VOL}"; done`

cat <<EOF2
Built container: $CONTAINER:$TAG

To run a shell:

  docker run -t -i -rm $VOLSPEC $CONTAINER:$TAG /bin/bash

To run non-interactive commands:

  docker run -rm $VOLSPEC $CONTAINER:$TAG /bin/ls

EOF2
for VOL in $VOLUMES; do
    echo WARNING: you can trash the real $VOL from this sandbox\!
done

Use when you want to:

• run commands in a container based on your Dockerfile image
• have those commands modify your home directory and current directory, e.g. ~/.m2 and ./build/
• run those commands as you, so your results aren't owned by root
• not step on other docker users on the same system working on the same software
• give your fellow developers a soft, easy introduction to Docker isolating their software dependencies without "making their life hard"