forked from kubevirt/kubevirt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dockerized
executable file
·194 lines (161 loc) · 7.22 KB
/
dockerized
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#!/usr/bin/env bash
set -e
# Source common without doing any bootstrap work at this stage
# Bootstrapping should be done inside the build container
source $(dirname "$0")/common.sh
if [ "${KUBEVIRT_RUN_UNNESTED}" == "true" ]; then
/bin/bash -c "$@"
exit $?
fi
fail_if_cri_bin_missing
KUBEVIRT_BUILDER_IMAGE="quay.io/kubevirt/builder:2306271234-e00d9fcf9"
SYNC_OUT=${SYNC_OUT:-true}
BUILDER=${job_prefix}
SYNC_VENDOR=${SYNC_VENDOR:-false}
TEMPFILE=".rsynctemp"
CONTAINER_ENV="--env HTTP_PROXY=${HTTP_PROXY} --env HTTPS_PROXY=${HTTP_PROXY} --env NO_PROXY=${NO_PROXY}"
# Be less verbose with bazel
# For ppc64le the bazel server seems to be running out of memory in the Travis CI, so forcing no concurrent jobs to be run
if [ -n "${TRAVIS_JOB_ID}" ]; then
cat >ci.bazelrc <<EOF
common --noshow_progress --noshow_loading_progress
build:ppc64le --jobs=1
build:aarch64 --jobs=1
run:ppc64le --jobs=1
run:aarch64 --jobs=1
EOF
fi
# Create the persistent container volume
if [ -z "$($KUBEVIRT_CRI volume list | grep ${BUILDER})" ]; then
$KUBEVIRT_CRI volume create ${BUILDER}
fi
selinux_bind_options=",z"
# Using Podman and MacOS and 'z' bind option may not work correctly.
# See: https://github.com/containers/podman/issues/13631
if [[ $KUBEVIRT_CRI = podman* ]] && [[ "$(uname -s)" == "Darwin" ]]; then
selinux_bind_options=""
fi
# Make sure that the output directory exists on both sides
$KUBEVIRT_CRI run ${CONTAINER_ENV} -v "${BUILDER}:/root:rw${selinux_bind_options}" --security-opt "label=disable" --rm ${KUBEVIRT_BUILDER_IMAGE} mkdir -p /root/go/src/kubevirt.io/kubevirt/_out
mkdir -p ${OUT_DIR}
# Start an rsyncd instance and make sure it gets stopped after the script exits
RSYNC_CID=$($KUBEVIRT_CRI run ${CONTAINER_ENV} -d -v "${BUILDER}:/root:rw${selinux_bind_options}" --security-opt "label=disable" --cap-add SYS_CHROOT --expose 873 -P ${KUBEVIRT_BUILDER_IMAGE} /usr/bin/rsync --no-detach --daemon --verbose)
function finish() {
$KUBEVIRT_CRI stop --time 1 ${RSYNC_CID} >/dev/null 2>&1
$KUBEVIRT_CRI rm -f ${RSYNC_CID} >/dev/null 2>&1
}
trap finish EXIT
RSYNCD_PORT=$($KUBEVIRT_CRI port $RSYNC_CID 873 | cut -d':' -f2)
rsynch_fail_count=0
while ! rsync ${KUBEVIRT_DIR}/${RSYNCTEMP} "rsync://[email protected]:${RSYNCD_PORT}/build/${RSYNCTEMP}" &>/dev/null; do
if [[ "$rsynch_fail_count" -eq 0 ]]; then
printf "Waiting for rsyncd to be ready"
sleep .1
elif [[ "$rsynch_fail_count" -lt 30 ]]; then
printf "."
sleep 1
else
printf "failed"
break
fi
rsynch_fail_count=$((rsynch_fail_count + 1))
done
printf "\n"
rsynch_fail_count=0
_rsync() {
rsync -al "$@"
}
# Copy kubevirt into the persistent container volume
_rsync \
--delete \
--exclude 'bazel-bin' \
--exclude 'bazel-genfiles' \
--exclude 'bazel-kubevirt' \
--exclude 'bazel-out' \
--exclude 'bazel-testlogs' \
--exclude 'cluster-up/cluster/**/.kubectl' \
--exclude 'cluster-up/cluster/**/.oc' \
--exclude 'cluster-up/cluster/**/.kubeconfig' \
--exclude "_out" \
--exclude ".vagrant" \
--exclude ".bazeldnf" \
${KUBEVIRT_DIR}/ \
"rsync://[email protected]:${RSYNCD_PORT}/build"
volumes="-v ${BUILDER}:/root:rw${selinux_bind_options}"
# append .docker secrets directory as volume
mkdir -p "${HOME}/.docker/secrets"
volumes="$volumes -v ${HOME}/.docker/secrets:/root/.docker/secrets:ro${selinux_bind_options}"
# Use a bind-mount to expose docker/podman auth file to the container
if [[ $KUBEVIRT_CRI = podman* ]] && [[ -f "${XDG_RUNTIME_DIR}/containers/auth.json" ]]; then
volumes="$volumes --mount type=bind,source=${XDG_RUNTIME_DIR}/containers/auth.json,target=/root/.docker/config.json,readonly"
elif [[ -f "${HOME}/.docker/config.json" && "$(cat ${HOME}/.docker/config.json | jq 'has("credHelpers")')" != "true" ]]; then
volumes="$volumes --mount type=bind,source=${HOME}/.docker/config.json,target=/root/.docker/config.json,readonly"
fi
# add custom docker certs, if needed
if [ -n "$DOCKER_CA_CERT_FILE" ] && [ -f "$DOCKER_CA_CERT_FILE" ]; then
volumes="$volumes -v ${DOCKER_CA_CERT_FILE}:${DOCKERIZED_CUSTOM_CA_PATH}:ro${selinux_bind_options}"
fi
# if defined, append the ARTIFACTS directory
if [ -n "$ARTIFACTS" ]; then
mkdir -p "$ARTIFACTS"
if [[ "$ARTIFACTS" = /* ]]; then
volumes="$volumes -v ${ARTIFACTS}:${ARTIFACTS}:rw${selinux_bind_options}"
else
echo "ARTIFACTS directory is specified, but it is not an absolute directory"
exit 1
fi
fi
# Ensure that a bazel server which is running is the correct one
if [ -n "$($KUBEVIRT_CRI ps --format '{{.Names}}' | grep ${BUILDER}-bazel-server)" ]; then
# check if the image is correct
builder_id=$($KUBEVIRT_CRI inspect --format='{{.Id}}' ${KUBEVIRT_BUILDER_IMAGE})
bazel_server_id=$($KUBEVIRT_CRI inspect --format='{{.Image}}' ${BUILDER}-bazel-server)
if [ "${builder_id}" != "${bazel_server_id}" ]; then
echo "Bazel server is outdated, restarting ..."
$KUBEVIRT_CRI stop ${BUILDER}-bazel-server
fi
fi
# Ensure that a bazel server is running
if [ -z "$($KUBEVIRT_CRI ps --format '{{.Names}}' | grep ${BUILDER}-bazel-server)" ]; then
$KUBEVIRT_CRI run ${CONTAINER_ENV} --ulimit nofile=10000:10000 --network host -d ${volumes} --security-opt "label=disable" --name ${BUILDER}-bazel-server -w "/root/go/src/kubevirt.io/kubevirt" --rm ${KUBEVIRT_BUILDER_IMAGE} hack/bazel-server.sh
fi
# Update cert trust, if custom is provided
if [ -n "$DOCKER_CA_CERT_FILE" ] && [ -f "$DOCKER_CA_CERT_FILE" ]; then
$KUBEVIRT_CRI exec ${CONTAINER_ENV} ${BUILDER}-bazel-server /entrypoint.sh "/usr/bin/update-ca-trust"
fi
# Run the command
test -t 1 && USE_TTY="-it"
if ! $KUBEVIRT_CRI exec ${CONTAINER_ENV} ${USE_TTY} ${BUILDER}-bazel-server /entrypoint.sh "$@"; then
# Copy the build output out of the container, make sure that _out exactly matches the build result
if [ "$SYNC_OUT" = "true" ]; then
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/out" ${OUT_DIR}
fi
exit 1
fi
# Copy the whole kubevirt data out to get generated sources and formatting changes
_rsync \
--exclude 'bazel-bin' \
--exclude 'bazel-genfiles' \
--exclude 'bazel-kubevirt' \
--exclude 'bazel-out' \
--exclude 'bazel-testlogs' \
--exclude 'cluster-up/cluster/**/.kubectl' \
--exclude 'cluster-up/cluster/**/.oc' \
--exclude 'cluster-up/cluster/**/.kubeconfig' \
--exclude "_out" \
--exclude "vendor" \
--exclude ".vagrant" \
--exclude ".git" \
--exclude ".bazeldnf" \
"rsync://[email protected]:${RSYNCD_PORT}/build" \
${KUBEVIRT_DIR}/
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/build/manifests/generated/" "${KUBEVIRT_DIR}/manifests/generated"
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/build/staging/src/kubevirt.io/client-go/generated/" "${KUBEVIRT_DIR}/staging/src/kubevirt.io/client-go/generated"
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/build/examples/" "${KUBEVIRT_DIR}/examples"
if [ "$SYNC_VENDOR" = "true" ]; then
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/vendor" "${VENDOR_DIR}/"
fi
# Copy the build output out of the container, make sure that _out exactly matches the build result
if [ "$SYNC_OUT" = "true" ]; then
_rsync --delete "rsync://[email protected]:${RSYNCD_PORT}/out" ${OUT_DIR}
fi