kousu/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This is a wrapper around docker exec that makes sure to set up a matching user; it also has a pre-script hook. It's kind of janky but it was useful.
It's a lot like Microsoft's `wsl -- command'
Originally written as part of https://github.com/neuropoly/spinalcordtoolbox/blob/916ab591ca2e35cab9f5f27ec2439ce8fdb0b9d2/util/dockerize.sh but that project migrated to Github Actions.
We used it like this:
# if this is a docker job, run in the container instead; but if not just run it here.
if [ -n "${DOCKER_IMAGE:-}" ]; then
    ./util/dockerize.sh ./.ci.sh
elif [ "${TRAVIS_OS_NAME:-}" = "windows" ]; then
    choco install wsl-ubuntu-1804 -y --ignore-checksums
     # or, instead of choco, use curl + powershell:
     # https://docs.microsoft.com/en-us/windows/wsl/install-manual#downloading-distros-via-the-command-line
    # wsl --setdefault "Ubuntu-18.04"
     # TODO: Travis's version of wsl is too old for --setdefault.
     # Instead we trust that wsl will default to the installed
     # Ubuntu because it is the only option, but it would be
     # better to be explicit when it becomes possible.

    # disable apt's helpful (and build-breaking) interactive mode
    # https://linuxhint.com/debian_frontend_noninteractive/
    export DEBIAN_FRONTEND="noninteractive"
    # Use WSLENV to actually pass it into WSL
    # https://devblogs.microsoft.com/commandline/share-environment-vars-between-wsl-and-windows/
    export WSLENV=DEBIAN_FRONTEND

    wsl apt-get update
    #wsl apt-get -y upgrade  # this step is probably important, but it's also sooo slow
    wsl apt-get install -y gcc git curl
    wsl ./.ci.sh
else
    ./.ci.


## dockerize.sh
#!/usr/bin/env bash
# dockerize.sh: run a script inside of another environment.
#
# usage: DOCKER_IMAGE="<image>" DOCKER_DEPS_CMD="<command to run before script>" dockerize.sh script.sh

# stricter shell mode
# https://sipb.mit.edu/doc/safe-shell/
set -eo pipefail  # exit if non-zero error is encountered (even in a pipeline)
set -u            # exit if unset variables used
shopt -s failglob # error if a glob doesn't find any files, instead of remaining unexpanded

CONTAINER=$(docker run \
    --init \
    -it -d \
    --rm \
    -v "`pwd`":/repo -w /repo \
    "$DOCKER_IMAGE")
trap "docker stop "$CONTAINER"" EXIT
# set up a user:group matching that of the volume mount /repo, so the installer isn't confused
#
# TODO: it would be nice if the volume was mounted at `pwd`/, to further reduce the distinction
# between docker/nondocker runs, but docker gets the permissions wrong:
# it does `mkdir -p $mountpoint` *as root* so while the contents of the mountpoint are owned by
# $USER, its parents are owned by root, usually including /home/$USER which breaks things like pip.
# and there's no way to boot a container, `mkdir -p` manually, then attach the volume *after*.
docker exec "$CONTAINER" groupadd -g "`id -g`" "`id -g -n`"
docker exec "$CONTAINER" useradd -m -u "`id -u`" -g "`id -g`" "`id -u -n`"
# install platform-specific dependencies
if [ -n "$DOCKER_DEPS_CMD" ]; then
    docker exec "$CONTAINER" sh -c "$DOCKER_DEPS_CMD"
fi
# recurse to run the real test script
# --user `id -u` makes sure the build script is the owner of the files at /repo
# TODO: pass through the Travis envs: https://docs.travis-ci.com/user/environment-variables/
docker exec --user "`id -u`":"`id -g`" "$CONTAINER" "$1"
	#!/usr/bin/env bash
	# dockerize.sh: run a script inside of another environment.
	#
	# usage: DOCKER_IMAGE="<image>" DOCKER_DEPS_CMD="<command to run before script>" dockerize.sh script.sh

	# stricter shell mode
	# https://sipb.mit.edu/doc/safe-shell/
	set -eo pipefail # exit if non-zero error is encountered (even in a pipeline)
	set -u # exit if unset variables used
	shopt -s failglob # error if a glob doesn't find any files, instead of remaining unexpanded

	CONTAINER=$(docker run \
	--init \
	-it -d \
	--rm \
	-v "`pwd`":/repo -w /repo \
	"$DOCKER_IMAGE")
	trap "docker stop "$CONTAINER"" EXIT
	# set up a user:group matching that of the volume mount /repo, so the installer isn't confused
	#
	# TODO: it would be nice if the volume was mounted at `pwd`/, to further reduce the distinction
	# between docker/nondocker runs, but docker gets the permissions wrong:
	# it does `mkdir -p $mountpoint` as root so while the contents of the mountpoint are owned by
	# $USER, its parents are owned by root, usually including /home/$USER which breaks things like pip.
	# and there's no way to boot a container, `mkdir -p` manually, then attach the volume after.
	docker exec "$CONTAINER" groupadd -g "`id -g`" "`id -g -n`"
	docker exec "$CONTAINER" useradd -m -u "`id -u`" -g "`id -g`" "`id -u -n`"
	# install platform-specific dependencies
	if [ -n "$DOCKER_DEPS_CMD" ]; then
	docker exec "$CONTAINER" sh -c "$DOCKER_DEPS_CMD"
	fi
	# recurse to run the real test script
	# --user `id -u` makes sure the build script is the owner of the files at /repo
	# TODO: pass through the Travis envs: https://docs.travis-ci.com/user/environment-variables/
	docker exec --user "`id -u`":"`id -g`" "$CONTAINER" "$1"