From 95f3df9a1078cb0c258f28a16a819069aa62487b Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 16 Nov 2022 20:36:16 +0100 Subject: [PATCH] ci: ensure docker-compose up erlang container with root when test Kafka --- .github/workflows/run_test_cases.yaml | 2 +- scripts/ct/run.sh | 28 ++++++++++++++++++--------- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index 03030908c..d1794f2fb 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -15,7 +15,7 @@ on: jobs: prepare: - runs-on: ubuntu-20.04 + runs-on: aws-amd64 # prepare source with any OTP version, no need for a matrix container: "ghcr.io/emqx/emqx-builder/5.0-18:1.13.4-24.3.4.2-1-ubuntu20.04" outputs: diff --git a/scripts/ct/run.sh b/scripts/ct/run.sh index 78b211844..145d915d1 100755 --- a/scripts/ct/run.sh +++ b/scripts/ct/run.sh @@ -115,6 +115,9 @@ for dep in ${CT_DEPS}; do '.ci/docker-compose-file/docker-compose-pgsql-tls.yaml' ) ;; kafka) + # Kafka container generates root owned ssl files + # the files are shared with EMQX (with a docker volume) + NEED_ROOT=yes FILES+=( '.ci/docker-compose-file/docker-compose-kafka.yaml' ) ;; *) @@ -130,13 +133,19 @@ for file in "${FILES[@]}"; do F_OPTIONS="$F_OPTIONS -f $file" done -# Passing $UID to docker-compose to be used in erlang container -# as owner of the main process to avoid git repo permissions issue. -# Permissions issue happens because we are mounting local filesystem -# where files are owned by $UID to docker container where it's using -# root (UID=0) by default, and git is not happy about it. +if [[ "${NEED_ROOT:-}" == 'yes' ]]; then + export UID_GID='root:root' +else + # Passing $UID to docker-compose to be used in erlang container + # as owner of the main process to avoid git repo permissions issue. + # Permissions issue happens because we are mounting local filesystem + # where files are owned by $UID to docker container where it's using + # root (UID=0) by default, and git is not happy about it. + export UID_GID="$UID:$UID" +fi + # shellcheck disable=2086 # no quotes for F_OPTIONS -UID_GID="$UID:$UID" docker-compose $F_OPTIONS up -d --build +docker-compose $F_OPTIONS up -d --build # /emqx is where the source dir is mounted to the Erlang container # in .ci/docker-compose-file/docker-compose.yaml @@ -145,10 +154,11 @@ if [[ -t 1 ]]; then TTY='-t' fi +echo "Fixing file owners and permissions for $UID_GID" # rebar and hex cache directory need to be writable by $UID -docker exec -i $TTY -u root:root "$ERLANG_CONTAINER" bash -c "mkdir /.cache && chown $UID:$UID /.cache" +docker exec -i $TTY -u root:root "$ERLANG_CONTAINER" bash -c "mkdir -p /.cache && chown $UID_GID /.cache && chown -R $UID_GID /emqx" # need to initialize .erlang.cookie manually here because / is not writable by $UID -docker exec -i $TTY -u root:root "$ERLANG_CONTAINER" bash -c "openssl rand -base64 16 > /.erlang.cookie && chown $UID:$UID /.erlang.cookie && chmod 0400 /.erlang.cookie" +docker exec -i $TTY -u root:root "$ERLANG_CONTAINER" bash -c "openssl rand -base64 16 > /.erlang.cookie && chown $UID_GID /.erlang.cookie && chmod 0400 /.erlang.cookie" if [ "$ONLY_UP" = 'yes' ]; then exit 0 @@ -166,7 +176,7 @@ else exit $RESULT else # shellcheck disable=2086 # no quotes for F_OPTIONS - UID_GID="$UID:$UID" docker-compose $F_OPTIONS down + docker-compose $F_OPTIONS down exit $RESULT fi fi