626 lines
30 KiB
Bash
626 lines
30 KiB
Bash
#!/usr/bin/env bash
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Copyright (c) 2013-2023 Igor Pecovnik, igor@armbian.com
|
|
#
|
|
# This file is a part of the Armbian Build Framework
|
|
# https://github.com/armbian/build/
|
|
|
|
#############################################################################################################
|
|
# @TODO: called by no-one, yet.
|
|
function check_and_install_docker_daemon() {
|
|
# @TODO: sincerely, not worth keeping this. Send user to Docker install docs. `adduser $USER docker` is important on Linux.
|
|
# Install Docker if not there but wanted. We cover only Debian based distro install. On other distros, manual Docker install is needed
|
|
if [[ "${1}" == docker && -f /etc/debian_version && -z "$(command -v docker)" ]]; then
|
|
DOCKER_BINARY="docker-ce"
|
|
|
|
# add exception for Ubuntu Focal until Docker provides dedicated binary
|
|
codename=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d"=" -f2)
|
|
codeid=$(cat /etc/os-release | grep ^NAME | cut -d"=" -f2 | awk '{print tolower($0)}' | tr -d '"' | awk '{print $1}')
|
|
[[ "${codename}" == "debbie" ]] && codename="buster" && codeid="debian"
|
|
[[ "${codename}" == "ulyana" || "${codename}" == "jammy" ]] && codename="focal" && codeid="ubuntu"
|
|
|
|
# different binaries for some. TBD. Need to check for all others
|
|
[[ "${codename}" =~ focal|hirsute ]] && DOCKER_BINARY="docker containerd docker.io"
|
|
|
|
display_alert "Docker not installed." "Installing" "Info"
|
|
sudo bash -c "echo \"deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/${codeid} ${codename} stable\" > /etc/apt/sources.list.d/docker.list"
|
|
|
|
sudo bash -c "curl -fsSL \"https://download.docker.com/linux/${codeid}/gpg\" | apt-key add -qq - > /dev/null 2>&1 "
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
sudo apt-get update
|
|
sudo apt-get install -y -qq --no-install-recommends ${DOCKER_BINARY}
|
|
display_alert "Add yourself to docker group to avoid root privileges" "" "wrn"
|
|
"${SRC}/compile.sh" "$@"
|
|
exit $?
|
|
fi
|
|
}
|
|
|
|
# "docker info" is expensive to run, so cache it. output globals DOCKER_INFO and DOCKER_INFO_OK=yes/no
|
|
function get_docker_info_once() {
|
|
if [[ -z "${DOCKER_INFO}" ]]; then
|
|
declare -g DOCKER_INFO
|
|
declare -g DOCKER_IN_PATH="no"
|
|
|
|
# if "docker" is in the PATH...
|
|
if [[ -n "$(command -v docker)" ]]; then
|
|
display_alert "Docker is in the path" "Docker in PATH" "debug"
|
|
DOCKER_IN_PATH="yes"
|
|
fi
|
|
|
|
# Shenanigans to go around error control & capture output in the same effort.
|
|
DOCKER_INFO="$({ docker info 2> /dev/null && echo "DOCKER_INFO_OK"; } || true)"
|
|
declare -g -r DOCKER_INFO="${DOCKER_INFO}" # readonly
|
|
|
|
declare -g DOCKER_INFO_OK="no"
|
|
if [[ "${DOCKER_INFO}" =~ "DOCKER_INFO_OK" ]]; then
|
|
DOCKER_INFO_OK="yes"
|
|
fi
|
|
declare -g -r DOCKER_INFO_OK="${DOCKER_INFO_OK}" # readonly
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# Usage: if is_docker_ready_to_go; then ...; fi
|
|
function is_docker_ready_to_go() {
|
|
# For either Linux or Darwin.
|
|
# Gotta tick all these boxes:
|
|
# 0) NOT ALREADY UNDER DOCKER.
|
|
# 1) can find the `docker` command in the path, via command -v
|
|
# 2) can run `docker info` without errors
|
|
if [[ "${ARMBIAN_RUNNING_IN_CONTAINER}" == "yes" ]]; then
|
|
display_alert "Can't use Docker" "Actually ALREADY UNDER DOCKER!" "debug"
|
|
return 1
|
|
fi
|
|
if [[ -z "$(command -v docker)" ]]; then
|
|
display_alert "Can't use Docker" "docker command not found" "debug"
|
|
return 1
|
|
fi
|
|
|
|
get_docker_info_once
|
|
|
|
if [[ "${DOCKER_INFO_OK}" != "yes" ]]; then
|
|
display_alert "Can't use Docker" "docker -- info failed" "debug"
|
|
return 1
|
|
fi
|
|
|
|
# If we get here, we're good to go.
|
|
return 0
|
|
}
|
|
|
|
# Called by the cli-entrypoint. At this moment ${1} is already shifted; we know it via ${DOCKER_SUBCMD} now.
|
|
function cli_handle_docker() {
|
|
display_alert "Handling" "docker" "info"
|
|
exit 0
|
|
|
|
# Purge Armbian Docker images
|
|
if [[ "${1}" == dockerpurge && -f /etc/debian_version ]]; then
|
|
display_alert "Purging Armbian Docker containers" "" "wrn"
|
|
docker container ls -a | grep armbian | awk '{print $1}' | xargs docker container rm &> /dev/null
|
|
docker image ls | grep armbian | awk '{print $3}' | xargs docker image rm &> /dev/null
|
|
# removes "dockerpurge" from $1, thus $2 becomes $1
|
|
shift
|
|
set -- "docker" "$@"
|
|
fi
|
|
|
|
# Docker shell
|
|
if [[ "${1}" == docker-shell ]]; then
|
|
# this swaps the value of $1 with 'docker', and life continues
|
|
shift
|
|
SHELL_ONLY=yes
|
|
set -- "docker" "$@"
|
|
fi
|
|
|
|
}
|
|
|
|
function docker_cli_prepare() {
|
|
# @TODO: Make sure we can access docker, on Linux; gotta be part of 'docker' group: grep -q "$(whoami)" <(getent group docker)
|
|
|
|
declare -g DOCKER_ARMBIAN_INITIAL_IMAGE_TAG="armbian.local.only/armbian-build:initial"
|
|
# declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE:-"debian:trixie"}"
|
|
# declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE:-"debian:bookworm"}"
|
|
# declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE:-"debian:sid"}"
|
|
# declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE:-"ubuntu:kinetic"}"
|
|
declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE:-"ubuntu:jammy"}"
|
|
declare -g DOCKER_ARMBIAN_TARGET_PATH="${DOCKER_ARMBIAN_TARGET_PATH:-"/armbian"}"
|
|
|
|
declare wanted_os_tag="${DOCKER_ARMBIAN_BASE_IMAGE%%:*}"
|
|
declare wanted_release_tag="${DOCKER_ARMBIAN_BASE_IMAGE##*:}"
|
|
|
|
# Store the "from scratch" image. Will be used if Armbian image is not available, for a "from scratch" build.
|
|
declare -g DOCKER_ARMBIAN_BASE_IMAGE_SCRATCH="${DOCKER_ARMBIAN_BASE_IMAGE}"
|
|
|
|
# If we're NOT building the public, official image, then USE the public, official image as base.
|
|
# IMPORTANT: This has to match the naming scheme for tag the is used in the GitHub actions workflow.
|
|
if [[ "${DOCKERFILE_USE_ARMBIAN_IMAGE_AS_BASE}" != "no" && "${DOCKER_SIMULATE_CLEAN}" != "yes" ]]; then
|
|
DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_COORDINATE_PREFIX:-"ghcr.io/armbian/docker-armbian-build:armbian-"}${wanted_os_tag}-${wanted_release_tag}-latest"
|
|
display_alert "Using prebuilt Armbian image as base for '${wanted_os_tag}-${wanted_release_tag}'" "DOCKER_ARMBIAN_BASE_IMAGE: ${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
fi
|
|
|
|
#############################################################################################################
|
|
# Stop here if Docker can't be used at all.
|
|
if ! is_docker_ready_to_go; then
|
|
display_alert "Docker is not ready" "Docker is not available. Make sure you've Docker installed, configured, and running; add your user to the 'docker' group and restart your shell too." "err"
|
|
exit 56
|
|
fi
|
|
|
|
#############################################################################################################
|
|
# Detect some docker info; use cached.
|
|
get_docker_info_once
|
|
|
|
DOCKER_SERVER_VERSION="$(echo "${DOCKER_INFO}" | grep -i -e "Server Version\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server version" "${DOCKER_SERVER_VERSION}" "debug"
|
|
|
|
DOCKER_SERVER_KERNEL_VERSION="$(echo "${DOCKER_INFO}" | grep -i -e "Kernel Version\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server Kernel version" "${DOCKER_SERVER_KERNEL_VERSION}" "debug"
|
|
|
|
DOCKER_SERVER_TOTAL_RAM="$(echo "${DOCKER_INFO}" | grep -i -e "Total memory\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server Total RAM" "${DOCKER_SERVER_TOTAL_RAM}" "debug"
|
|
|
|
DOCKER_SERVER_CPUS="$(echo "${DOCKER_INFO}" | grep -i -e "CPUs\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server CPUs" "${DOCKER_SERVER_CPUS}" "debug"
|
|
|
|
DOCKER_SERVER_OS="$(echo "${DOCKER_INFO}" | grep -i -e "Operating System\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server OS" "${DOCKER_SERVER_OS}" "debug"
|
|
|
|
declare -g DOCKER_ARMBIAN_HOST_OS_UNAME
|
|
DOCKER_ARMBIAN_HOST_OS_UNAME="$(uname)"
|
|
display_alert "Local uname" "${DOCKER_ARMBIAN_HOST_OS_UNAME}" "debug"
|
|
|
|
DOCKER_BUILDX_VERSION="$(echo "${DOCKER_INFO}" | grep -i -e "buildx\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Buildx version" "${DOCKER_BUILDX_VERSION}" "debug"
|
|
|
|
declare -g DOCKER_HAS_BUILDX=no
|
|
declare -g -a DOCKER_BUILDX_OR_BUILD=("build")
|
|
if [[ -n "${DOCKER_BUILDX_VERSION}" ]]; then
|
|
DOCKER_HAS_BUILDX=yes
|
|
DOCKER_BUILDX_OR_BUILD=("buildx" "build" "--progress=plain" "--load")
|
|
fi
|
|
display_alert "Docker has buildx?" "${DOCKER_HAS_BUILDX}" "debug"
|
|
|
|
DOCKER_SERVER_NAME_HOST="$(echo "${DOCKER_INFO}" | grep -i -e "name\:" | cut -d ":" -f 2 | xargs echo -n)"
|
|
display_alert "Docker Server Hostname" "${DOCKER_SERVER_NAME_HOST}" "debug"
|
|
|
|
# Gymnastics: under Darwin, Docker Desktop and Rancher Desktop in dockerd mode behave differently.
|
|
declare -g DOCKER_SERVER_REQUIRES_LOOP_HACKS=yes DOCKER_SERVER_USE_STATIC_LOOPS=no
|
|
if [[ "${DOCKER_ARMBIAN_HOST_OS_UNAME}" == "Darwin" ]]; then
|
|
case "${DOCKER_SERVER_NAME_HOST}" in
|
|
lima-rancher-desktop)
|
|
display_alert "Detected Rancher Desktop" "due to lima-rancher-desktop; EXPERIMENTAL" "warn"
|
|
DOCKER_SERVER_USE_STATIC_LOOPS=yes # use static list; the 'host' is not the real Linux machine.
|
|
;;
|
|
docker-desktop)
|
|
display_alert "Detected Docker Desktop under Darwin" "due to docker-desktop" "info"
|
|
DOCKER_SERVER_USE_STATIC_LOOPS=yes # use static list; the 'host' is not the real Linux machine.
|
|
# Alternatively, set DOCKER_SERVER_REQUIRES_LOOP_HACKS=no which somehow works without any CONTAINER_COMPAT hacks.
|
|
;;
|
|
*)
|
|
display_alert "Not Docker Desktop nor Rancher Desktop" "due to ${DOCKER_SERVER_NAME_HOST}" "debug"
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
declare un_ignore_dot_git=""
|
|
declare include_dot_git_dir=""
|
|
if [[ "${DOCKER_PASS_GIT}" == "yes" ]]; then
|
|
display_alert "git/docker:" "adding static copy of .git to Dockerfile" "info"
|
|
un_ignore_dot_git="!.git"
|
|
include_dot_git_dir="COPY .git ${DOCKER_ARMBIAN_TARGET_PATH}/.git"
|
|
fi
|
|
|
|
# Info summary message. Thank you, GitHub Co-pilot!
|
|
display_alert "Docker info" "Docker ${DOCKER_SERVER_VERSION} Kernel:${DOCKER_SERVER_KERNEL_VERSION} RAM:${DOCKER_SERVER_TOTAL_RAM} CPUs:${DOCKER_SERVER_CPUS} OS:'${DOCKER_SERVER_OS}' hostname '${DOCKER_SERVER_NAME_HOST}' under '${DOCKER_ARMBIAN_HOST_OS_UNAME}' - buildx:${DOCKER_HAS_BUILDX} - loop-hacks:${DOCKER_SERVER_REQUIRES_LOOP_HACKS} static-loops:${DOCKER_SERVER_USE_STATIC_LOOPS}" "sysinfo"
|
|
}
|
|
|
|
function docker_cli_prepare_dockerfile() {
|
|
# @TODO: grab git info, add as labels et al to Docker... (already done in GHA workflow)
|
|
|
|
display_alert "Creating" ".dockerignore" "info"
|
|
cat <<- DOCKERIGNORE > "${SRC}"/.dockerignore
|
|
# Start by ignoring everything
|
|
*
|
|
|
|
# Include certain files and directories; mostly the build system, and some of the config. when run, those are bind-mounted in.
|
|
!/VERSION
|
|
!/LICENSE
|
|
!/compile.sh
|
|
!/lib
|
|
!/extensions
|
|
!/config/sources
|
|
!/config/templates
|
|
${un_ignore_dot_git}
|
|
|
|
# Ignore unnecessary files inside include directories
|
|
# This should go after the include directories
|
|
**/*~
|
|
**/*.log
|
|
**/.DS_Store
|
|
DOCKERIGNORE
|
|
|
|
#############################################################################################################
|
|
# Prepare some dependencies; these will be used on the Dockerfile
|
|
|
|
# @TODO: this might be unified with prepare_basic_deps
|
|
declare -g -a BASIC_DEPS=("bash" "git" "psmisc" "uuid-runtime")
|
|
|
|
# initialize the extension manager; enable all extensions; only once..
|
|
if [[ "${docker_prepare_cli_skip_exts:-no}" != "yes" ]]; then
|
|
display_alert "Docker launcher" "enabling all extensions looking for Docker dependencies" "info"
|
|
enable_all_extensions_builtin_and_user
|
|
initialize_extension_manager
|
|
fi
|
|
declare -a -g host_dependencies=()
|
|
|
|
declare wanted_release_tag="${DOCKER_ARMBIAN_BASE_IMAGE##*:}"
|
|
host_release="${wanted_release_tag}" early_prepare_host_dependencies
|
|
display_alert "Pre-game host dependencies" "${host_dependencies[*]}" "debug"
|
|
|
|
# This includes apt install equivalent to install_host_dependencies()
|
|
display_alert "Creating" "Dockerfile; FROM ${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
|
|
declare c="" # Nothing; commands will run.
|
|
if [[ "${DOCKER_SIMULATE_CLEAN}" == "yes" ]]; then
|
|
display_alert "Simulating" "clean build, due to DOCKER_SIMULATE_CLEAN=yes -- this is wasteful and slow and only for debugging" "warn"
|
|
c="## Disabled by DOCKER_SIMULATE_CLEAN #" # Add comment to simulate clean env
|
|
elif [[ "${DOCKER_SKIP_UPDATE}" == "yes" && "${DOCKERFILE_USE_ARMBIAN_IMAGE_AS_BASE}" != "no" ]]; then
|
|
display_alert "Skipping Docker updates" "make sure base image '${DOCKER_ARMBIAN_BASE_IMAGE}' is up-to-date" "" "info"
|
|
c="## Disabled by DOCKER_SKIP_UPDATE # " # Add comment to simulate clean env
|
|
fi
|
|
|
|
declare c_req="# " # Nothing; commands will run.
|
|
if [[ "${DOCKERFILE_USE_ARMBIAN_IMAGE_AS_BASE}" == "no" ]]; then
|
|
display_alert "Dockerfile build will include tooling/requirements" "due to DOCKERFILE_USE_ARMBIAN_IMAGE_AS_BASE=no" "info"
|
|
c_req=""
|
|
fi
|
|
|
|
cat <<- INITIAL_DOCKERFILE > "${SRC}"/Dockerfile
|
|
${c}# PLEASE DO NOT MODIFY THIS FILE. IT IS AUTOGENERATED AND WILL BE OVERWRITTEN. Please don't build this Dockerfile yourself either. Use Armbian ./compile.sh instead.
|
|
FROM ${DOCKER_ARMBIAN_BASE_IMAGE}
|
|
${c}# PLEASE DO NOT MODIFY THIS FILE. IT IS AUTOGENERATED AND WILL BE OVERWRITTEN. Please don't build this Dockerfile yourself either. Use Armbian ./compile.sh instead.
|
|
${c}RUN echo "--> CACHE MISS IN DOCKERFILE: apt packages." && \\
|
|
${c} DEBIAN_FRONTEND=noninteractive apt-get -y update && \\
|
|
${c} DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ${BASIC_DEPS[@]} ${host_dependencies[@]}
|
|
${c}RUN sed -i 's/# en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
|
|
${c}RUN locale-gen
|
|
WORKDIR ${DOCKER_ARMBIAN_TARGET_PATH}
|
|
ENV ARMBIAN_RUNNING_IN_CONTAINER=yes
|
|
ADD . ${DOCKER_ARMBIAN_TARGET_PATH}/
|
|
${c}${c_req}RUN echo "--> CACHE MISS IN DOCKERFILE: running Armbian requirements initialization." && \\
|
|
${c}${c_req} ARMBIAN_INSIDE_DOCKERFILE_BUILD="yes" /bin/bash "${DOCKER_ARMBIAN_TARGET_PATH}/compile.sh" requirements SHOW_LOG=yes && \\
|
|
${c}${c_req} rm -rf "${DOCKER_ARMBIAN_TARGET_PATH}/output" "${DOCKER_ARMBIAN_TARGET_PATH}/.tmp" "${DOCKER_ARMBIAN_TARGET_PATH}/cache"
|
|
${include_dot_git_dir}
|
|
INITIAL_DOCKERFILE
|
|
# For debugging: RUN rm -fv /usr/bin/pip3 # Remove pip3 symlink to make sure we're not depending on it; non-Dockers may not have it
|
|
}
|
|
|
|
function docker_cli_build_dockerfile() {
|
|
local do_force_pull="no"
|
|
local local_image_sha
|
|
|
|
declare docker_marker_dir="${SRC}"/cache/docker
|
|
|
|
# If cache dir exists, but we can't write to cache dir...
|
|
if [[ -d "${SRC}"/cache ]] && [[ ! -w "${SRC}"/cache ]]; then
|
|
display_alert "Cannot write to cache/docker" "probably trying to share a cache with 'sudo' version" "err"
|
|
display_alert "Sharing a cache directory between sudo and Docker is not tested." "Proceed at your own risk" "warn"
|
|
countdown_and_continue_if_not_aborted 10
|
|
# Use fake marker in .tmp, which should be writable always.
|
|
docker_marker_dir="${SRC}"/.tmp/docker
|
|
fi
|
|
|
|
run_host_command_logged mkdir -p "${docker_marker_dir}"
|
|
|
|
# Find files under "${SRC}"/cache/docker that are older than a full 24-hour period.
|
|
EXPIRED_MARKER="$(find "${docker_marker_dir}" -type f -mtime +1 -exec echo -n {} \;)"
|
|
display_alert "Expired marker?" "${EXPIRED_MARKER}" "debug"
|
|
|
|
if [[ "x${EXPIRED_MARKER}x" != "xx" ]]; then
|
|
display_alert "More than" "12 hours since last pull, pulling again" "info"
|
|
do_force_pull="yes"
|
|
fi
|
|
|
|
if [[ "${do_force_pull}" == "no" ]]; then
|
|
# Check if the base image is up to date.
|
|
local_image_sha="$(docker images --no-trunc --quiet "${DOCKER_ARMBIAN_BASE_IMAGE}")"
|
|
display_alert "Checking if base image exists at all" "local_image_sha: '${local_image_sha}'" "debug"
|
|
if [[ -n "${local_image_sha}" ]]; then
|
|
display_alert "Armbian docker image" "already exists: ${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
else
|
|
display_alert "Armbian docker image" "does not exist: ${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
do_force_pull="yes"
|
|
fi
|
|
fi
|
|
|
|
if [[ "${do_force_pull:-yes}" == "yes" ]]; then
|
|
display_alert "Pulling" "${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
local pull_failed="yes"
|
|
run_host_command_logged docker pull "${DOCKER_ARMBIAN_BASE_IMAGE}" && pull_failed="no"
|
|
|
|
if [[ "${pull_failed}" == "no" ]]; then
|
|
local_image_sha="$(docker images --no-trunc --quiet "${DOCKER_ARMBIAN_BASE_IMAGE}")"
|
|
display_alert "New local image sha after pull" "local_image_sha: ${local_image_sha}" "debug"
|
|
# print current date and time in epoch format; touches mtime of file
|
|
echo "${DOCKER_ARMBIAN_BASE_IMAGE}|${local_image_sha}|$(date +%s)" >> "${docker_marker_dir}"/last-pull
|
|
else
|
|
display_alert "Failed to pull" "${DOCKER_ARMBIAN_BASE_IMAGE}; will build from scratch instead" "wrn"
|
|
fi
|
|
fi
|
|
|
|
# If we get here without a local_image_sha, we need to build from scratch, so we need to re-create the Dockerfile.
|
|
if [[ -z "${local_image_sha}" ]]; then
|
|
display_alert "Base image not in local cache, building from scratch" "${DOCKER_ARMBIAN_BASE_IMAGE}" "info"
|
|
declare -g DOCKERFILE_USE_ARMBIAN_IMAGE_AS_BASE=no
|
|
declare -g DOCKER_ARMBIAN_BASE_IMAGE="${DOCKER_ARMBIAN_BASE_IMAGE_SCRATCH}"
|
|
docker_prepare_cli_skip_exts="yes" docker_cli_prepare
|
|
display_alert "Re-created" "Dockerfile, proceeding, build from scratch" "debug"
|
|
fi
|
|
|
|
display_alert "Building" "Dockerfile via '${DOCKER_BUILDX_OR_BUILD[*]}'" "info"
|
|
|
|
BUILDKIT_COLORS="run=123,20,245:error=yellow:cancel=blue:warning=white" \
|
|
run_host_command_logged docker "${DOCKER_BUILDX_OR_BUILD[@]}" -t "${DOCKER_ARMBIAN_INITIAL_IMAGE_TAG}" -f "${SRC}"/Dockerfile "${SRC}"
|
|
}
|
|
|
|
function docker_cli_prepare_launch() {
|
|
display_alert "Preparing" "common Docker arguments" "debug"
|
|
declare -g -a DOCKER_ARGS=(
|
|
"--rm" # side effect - named volumes are considered not attached to anything and are removed on "docker volume prune", since container was removed.
|
|
|
|
"--privileged" # Yep. Armbian needs /dev/loop access, device access, etc. Don't even bother trying without it.
|
|
"--cap-add=SYS_ADMIN" # add only required capabilities instead
|
|
"--cap-add=MKNOD" # (though MKNOD should be already present)
|
|
"--cap-add=SYS_PTRACE" # CAP_SYS_PTRACE is required for systemd-detect-virt in some cases @TODO: rpardini: so lets eliminate it @TODO: rpardini maybe it's dead already?
|
|
|
|
# Pass env var ARMBIAN_RUNNING_IN_CONTAINER to indicate we're running under Docker. This is also set in the Dockerfile; make sure.
|
|
"--env" "ARMBIAN_RUNNING_IN_CONTAINER=yes"
|
|
|
|
# Change the ccache directory to the named volume or bind created. @TODO: this needs more love. it works for Docker, but not sudo
|
|
"--env" "CCACHE_DIR=${DOCKER_ARMBIAN_TARGET_PATH}/cache/ccache"
|
|
|
|
# Pass down the TERM and the COLUMNS
|
|
"--env" "TERM=${TERM}"
|
|
"--env" "COLUMNS=${COLUMNS:-"160"}"
|
|
|
|
# Pass down the CI env var (GitHub Actions, Jenkins, etc)
|
|
"--env" "CI=${CI}" # All CI's, hopefully
|
|
"--env" "GITHUB_ACTIONS=${GITHUB_ACTIONS}" # GHA
|
|
# All known valid Github Actions env vars
|
|
"--env" "GITHUB_ACTION=${GITHUB_ACTION}"
|
|
"--env" "GITHUB_ACTOR=${GITHUB_ACTOR}"
|
|
"--env" "GITHUB_API_URL=${GITHUB_API_URL}"
|
|
"--env" "GITHUB_BASE_REF=${GITHUB_BASE_REF}"
|
|
"--env" "GITHUB_ENV=${GITHUB_ENV}"
|
|
"--env" "GITHUB_EVENT_NAME=${GITHUB_EVENT_NAME}"
|
|
"--env" "GITHUB_EVENT_PATH=${GITHUB_EVENT_PATH}"
|
|
"--env" "GITHUB_GRAPHQL_URL=${GITHUB_GRAPHQL_URL}"
|
|
"--env" "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}"
|
|
"--env" "GITHUB_JOB=${GITHUB_JOB}"
|
|
"--env" "GITHUB_PATH=${GITHUB_PATH}"
|
|
"--env" "GITHUB_REF=${GITHUB_REF}"
|
|
"--env" "GITHUB_REPOSITORY=${GITHUB_REPOSITORY}"
|
|
"--env" "GITHUB_REPOSITORY_OWNER=${GITHUB_REPOSITORY_OWNER}"
|
|
"--env" "GITHUB_RETENTION_DAYS=${GITHUB_RETENTION_DAYS}"
|
|
"--env" "GITHUB_RUN_ID=${GITHUB_RUN_ID}"
|
|
"--env" "GITHUB_RUN_NUMBER=${GITHUB_RUN_NUMBER}"
|
|
"--env" "GITHUB_SERVER_URL=${GITHUB_SERVER_URL}"
|
|
"--env" "GITHUB_SHA=${GITHUB_SHA}"
|
|
"--env" "GITHUB_WORKFLOW=${GITHUB_WORKFLOW}"
|
|
"--env" "GITHUB_WORKSPACE=${GITHUB_WORKSPACE}"
|
|
)
|
|
|
|
# This env var is used super early (in entrypoint.sh), so set it as an env to current value.
|
|
if [[ "${DOCKER_ARMBIAN_ENABLE_CALL_TRACING:-no}" == "yes" ]]; then
|
|
DOCKER_ARGS+=("--env" "ARMBIAN_ENABLE_CALL_TRACING=yes")
|
|
fi
|
|
|
|
# If set, pass down git_info_ansi as an env var
|
|
if [[ -n "${GIT_INFO_ANSI}" ]]; then
|
|
display_alert "Git info" "Passing down GIT_INFO_ANSI as an env var..." "debug"
|
|
DOCKER_ARGS+=("--env" "GIT_INFO_ANSI=${GIT_INFO_ANSI}")
|
|
fi
|
|
|
|
if [[ -n "${BUILD_REPOSITORY_URL}" ]]; then
|
|
display_alert "Git info" "Passing down BUILD_REPOSITORY_URL as an env var..." "debug"
|
|
DOCKER_ARGS+=("--env" "BUILD_REPOSITORY_URL=${BUILD_REPOSITORY_URL}")
|
|
fi
|
|
|
|
if [[ -n "${BUILD_REPOSITORY_COMMIT}" ]]; then
|
|
display_alert "Git info" "Passing down BUILD_REPOSITORY_COMMIT as an env var..." "debug"
|
|
DOCKER_ARGS+=("--env" "BUILD_REPOSITORY_COMMIT=${BUILD_REPOSITORY_COMMIT}")
|
|
fi
|
|
|
|
if [[ "${DOCKER_PASS_SSH_AGENT}" == "yes" ]]; then
|
|
declare ssh_socket_path="${SSH_AUTH_SOCK}"
|
|
if [[ "${OSTYPE}" == "darwin"* ]]; then # but probably only Docker Inc, not Rancher...
|
|
declare ssh_socket_path="/run/host-services/ssh-auth.sock" # this doesn't exist on-disk, it's "magic" from Docker Desktop
|
|
fi
|
|
if [[ "${ssh_socket_path}" != "" ]]; then
|
|
display_alert "Socket ${ssh_socket_path}" "SSH agent forwarding into Docker" "info"
|
|
DOCKER_ARGS+=("--env" "SSH_AUTH_SOCK=${ssh_socket_path}")
|
|
DOCKER_ARGS+=("--volume" "${ssh_socket_path}:${ssh_socket_path}")
|
|
else
|
|
display_alert "SSH agent forwarding" "not possible, SSH_AUTH_SOCK is not set" "wrn"
|
|
fi
|
|
fi
|
|
|
|
if [[ "${CARD_DEVICE}" != "" && "${DOCKER_SKIP_CARD_DEVICE:-"no"}" != "yes" ]]; then
|
|
display_alert "Passing device down to Docker" "CARD_DEVICE: '${CARD_DEVICE}'" "warn"
|
|
DOCKER_ARGS+=("--device=${CARD_DEVICE}")
|
|
fi
|
|
|
|
# If running on GitHub Actions, mount & forward some paths, so they're accessible inside Docker.
|
|
if [[ "${CI}" == "true" ]] && [[ "${GITHUB_ACTIONS}" == "true" ]]; then
|
|
display_alert "Passing down to Docker" "GITHUB_OUTPUT: '${GITHUB_OUTPUT}'" "info"
|
|
DOCKER_ARGS+=("--mount" "type=bind,source=${GITHUB_OUTPUT},target=${GITHUB_OUTPUT}")
|
|
DOCKER_ARGS+=("--env" "GITHUB_OUTPUT=${GITHUB_OUTPUT}")
|
|
|
|
display_alert "Passing down to Docker" "GITHUB_STEP_SUMMARY: '${GITHUB_STEP_SUMMARY}'" "info"
|
|
DOCKER_ARGS+=("--mount" "type=bind,source=${GITHUB_STEP_SUMMARY},target=${GITHUB_STEP_SUMMARY}")
|
|
DOCKER_ARGS+=("--env" "GITHUB_STEP_SUMMARY=${GITHUB_STEP_SUMMARY}")
|
|
|
|
# For pushing/pulling from OCI/ghcr.io; if OCI_TARGET_BASE is set:
|
|
# - bind-mount the Docker config file (if it exists)
|
|
if [[ -n "${OCI_TARGET_BASE}" ]]; then
|
|
display_alert "Detected" "OCI_TARGET_BASE: '${OCI_TARGET_BASE}'" "debug"
|
|
DOCKER_ARGS+=("--env" "OCI_TARGET_BASE=${OCI_TARGET_BASE}")
|
|
fi
|
|
|
|
# Mount the Docker config file (if it exists) -- always, even if OCI_TARGET_BASE is not set; @TODO: why only in GitHub actions?
|
|
local docker_config_file_host="${HOME}/.docker/config.json"
|
|
local docker_config_file_docker="/root/.docker/config.json" # inside Docker
|
|
if [[ -f "${docker_config_file_host}" ]]; then
|
|
display_alert "Passing down to Docker" "Docker config file: '${docker_config_file_host}' -> '${docker_config_file_docker}'" "debug"
|
|
DOCKER_ARGS+=("--mount" "type=bind,source=${docker_config_file_host},target=${docker_config_file_docker}")
|
|
fi
|
|
fi
|
|
|
|
# If set, pass down the Windows Terminal Session, so the existance of Windows Terminal can be detected later
|
|
if [[ -n "${WT_SESSION}" ]]; then
|
|
DOCKER_ARGS+=("--env" "WT_SESSION=${WT_SESSION}")
|
|
fi
|
|
|
|
# This will receive the mountpoint as $1 and the mountpoint vars in the environment.
|
|
function prepare_docker_args_for_mountpoint() {
|
|
local MOUNT_DIR="$1"
|
|
# shellcheck disable=SC2154 # $docker_kind: the kind of volume to mount on this OS; see mountpoints.sh
|
|
#display_alert "Handling Docker mountpoint" "${MOUNT_DIR} id: ${volume_id} - docker_kind: ${docker_kind}" "debug"
|
|
|
|
case "${docker_kind}" in
|
|
anonymous)
|
|
display_alert "Mounting" "anonymous volume for '${MOUNT_DIR}'" "debug"
|
|
# type=volume, without source=, is an anonymous volume -- will be auto cleaned up together with the container;
|
|
# this could also be a type=tmpfs if you had enough ram - but armbian already does tmpfs for you if you
|
|
# have enough RAM (inside the container) so don't bother.
|
|
DOCKER_ARGS+=("--mount" "type=volume,destination=${DOCKER_ARMBIAN_TARGET_PATH}/${MOUNT_DIR}")
|
|
;;
|
|
bind)
|
|
display_alert "Mounting" "bind mount for '${MOUNT_DIR}'" "debug"
|
|
mkdir -p "${SRC}/${MOUNT_DIR}"
|
|
DOCKER_ARGS+=("--mount" "type=bind,source=${SRC}/${MOUNT_DIR},target=${DOCKER_ARMBIAN_TARGET_PATH}/${MOUNT_DIR}")
|
|
;;
|
|
namedvolume)
|
|
display_alert "Mounting" "named volume id '${volume_id}' for '${MOUNT_DIR}'" "debug"
|
|
DOCKER_ARGS+=("--mount" "type=volume,source=armbian-${volume_id},destination=${DOCKER_ARMBIAN_TARGET_PATH}/${MOUNT_DIR}")
|
|
;;
|
|
*)
|
|
display_alert "Unknown Mountpoint Type" "unknown volume type '${docker_kind}' for '${MOUNT_DIR}'" "err"
|
|
exit 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
loop_over_armbian_mountpoints prepare_docker_args_for_mountpoint
|
|
|
|
# @TODO: auto-compute this list; just get the dirs and filter some out?
|
|
for MOUNT_DIR in "lib" "config" "extensions" "packages" "patch" "tools" "userpatches"; do
|
|
mkdir -p "${SRC}/${MOUNT_DIR}"
|
|
DOCKER_ARGS+=("--mount" "type=bind,source=${SRC}/${MOUNT_DIR},target=${DOCKER_ARMBIAN_TARGET_PATH}/${MOUNT_DIR}")
|
|
done
|
|
|
|
if [[ "${DOCKER_SERVER_REQUIRES_LOOP_HACKS}" == "yes" ]]; then
|
|
display_alert "Adding /dev/loop* hacks for" "${DOCKER_ARMBIAN_HOST_OS_UNAME}" "debug"
|
|
DOCKER_ARGS+=("--security-opt=apparmor:unconfined") # mounting things inside the container on Ubuntu won't work without this https://github.com/moby/moby/issues/16429#issuecomment-217126586
|
|
DOCKER_ARGS+=(--device-cgroup-rule='b 7:* rmw') # allow loop devices (not required)
|
|
DOCKER_ARGS+=(--device-cgroup-rule='b 259:* rmw') # allow loop device partitions
|
|
DOCKER_ARGS+=(-v /dev:/tmp/dev:ro) # this is an ugly hack (CONTAINER_COMPAT=y), but it is required to get /dev/loopXpY minor number for mknod inside the container, and container itself still uses private /dev internally
|
|
|
|
if [[ "${DOCKER_SERVER_USE_STATIC_LOOPS}" == "yes" ]]; then
|
|
for loop_device_host in "/dev/loop-control" "/dev/loop0" "/dev/loop1" "/dev/loop2" "/dev/loop3" "/dev/loop4" "/dev/loop5" "/dev/loop6" "/dev/loop7"; do # static list; "host" is not real, there's a VM intermediary
|
|
display_alert "Passing through host loop device to Docker" "static: ${loop_device_host}" "debug"
|
|
DOCKER_ARGS+=("--device=${loop_device_host}")
|
|
done
|
|
else
|
|
for loop_device_host in /dev/loop*; do # pass through loop devices from host to container; includes `loop-control`
|
|
display_alert "Passing through host loop device to Docker" "host: ${loop_device_host}" "debug"
|
|
DOCKER_ARGS+=("--device=${loop_device_host}")
|
|
done
|
|
fi
|
|
|
|
else
|
|
display_alert "Skipping /dev/loop* hacks for" "${DOCKER_ARMBIAN_HOST_OS_UNAME}" "debug"
|
|
fi
|
|
|
|
if [[ -t 0 ]]; then
|
|
display_alert "Running in a terminal" "passing through stdin" "debug"
|
|
DOCKER_ARGS+=("-it")
|
|
else
|
|
display_alert "Not running in a terminal" "not passing through stdin to Docker" "debug"
|
|
fi
|
|
|
|
# if DOCKER_EXTRA_ARGS is an array and has more than zero elements, add its contents to the DOCKER_ARGS array
|
|
if [[ "${DOCKER_EXTRA_ARGS[*]+isset}" == "isset" && "${#DOCKER_EXTRA_ARGS[@]}" -gt 0 ]]; then
|
|
display_alert "Adding extra Docker arguments" "${DOCKER_EXTRA_ARGS[*]}" "debug"
|
|
DOCKER_ARGS+=("${DOCKER_EXTRA_ARGS[@]}")
|
|
fi
|
|
|
|
}
|
|
|
|
function docker_cli_launch() {
|
|
# rpardini: This debug, although useful, might include very long/multiline strings, which make it very confusing.
|
|
# display_alert "Showing Docker cmdline" "Docker args: '${DOCKER_ARGS[*]}'" "debug"
|
|
|
|
# Hack: if we're running on a Mac/Darwin, get rid of .DS_Store files in critical directories.
|
|
if [[ "${OSTYPE}" == "darwin"* ]]; then
|
|
display_alert "Removing .DS_Store files from source directories" "for Mac/Darwin compatibility" "debug"
|
|
run_host_command_logged find "${SRC}/config" -name ".DS_Store" -type f -delete "||" true
|
|
run_host_command_logged find "${SRC}/packages" -name ".DS_Store" -type f -delete "||" true
|
|
run_host_command_logged find "${SRC}/patch" -name ".DS_Store" -type f -delete "||" true
|
|
run_host_command_logged find "${SRC}/userpatches" -name ".DS_Store" -type f -delete "||" true
|
|
fi
|
|
|
|
# Produce the re-launch params.
|
|
declare -g ARMBIAN_CLI_FINAL_RELAUNCH_ARGS=()
|
|
declare -g ARMBIAN_CLI_FINAL_RELAUNCH_ENVS=()
|
|
produce_relaunch_parameters # produces ARMBIAN_CLI_FINAL_RELAUNCH_ARGS and ARMBIAN_CLI_FINAL_RELAUNCH_ENVS
|
|
|
|
# Add the relaunch envs to DOCKER_ARGS.
|
|
for env in "${ARMBIAN_CLI_FINAL_RELAUNCH_ENVS[@]}"; do
|
|
display_alert "Adding Docker env" "${env}" "debug"
|
|
DOCKER_ARGS+=("--env" "${env}")
|
|
done
|
|
|
|
display_alert "-----------------Relaunching in Docker after ${SECONDS}s------------------" "here comes the 🐳" "info"
|
|
|
|
local -i docker_build_result
|
|
if docker run "${DOCKER_ARGS[@]}" "${DOCKER_ARMBIAN_INITIAL_IMAGE_TAG}" /bin/bash "${DOCKER_ARMBIAN_TARGET_PATH}/compile.sh" "${ARMBIAN_CLI_FINAL_RELAUNCH_ARGS[@]}"; then
|
|
docker_build_result=$? # capture exit code of test done in the line above.
|
|
display_alert "-------------Docker run finished after ${SECONDS}s------------------------" "🐳 successfull" "info"
|
|
else
|
|
docker_build_result=$? # capture exit code of test done 4 lines above.
|
|
# No use polluting GHA/CI with notices about Docker failure (real failure, inside Docker, generated enough errors already) skip_ci_special="yes"
|
|
skip_ci_special="yes" display_alert "-------------Docker run failed after ${SECONDS}s--------------------------" "🐳 failed" "err"
|
|
fi
|
|
|
|
# Find and show the path to the log file for the ARMBIAN_BUILD_UUID.
|
|
local logs_path="${DEST}/logs" log_file
|
|
log_file="$(find "${logs_path}" -type f -name "*${ARMBIAN_BUILD_UUID}*.*" -print -quit)"
|
|
docker_produced_logs=0 # outer scope variable
|
|
if [[ -f "${log_file}" ]]; then
|
|
docker_produced_logs=1 # outer scope variable
|
|
display_alert "Build log done inside Docker" "${log_file}" "debug"
|
|
else
|
|
display_alert "Docker Log file for this run" "not found" "err"
|
|
fi
|
|
|
|
docker_exit_code="${docker_build_result}" # set outer scope variable -- do NOT exit with error.
|
|
|
|
# return ${docker_build_result}
|
|
return 0 # always exit with success. caller (CLI) will handle the exit code
|
|
}
|
|
|
|
function docker_purge_deprecated_volumes() {
|
|
prepare_armbian_mountpoints_description_dict
|
|
local mountpoint=""
|
|
for mountpoint in "${ARMBIAN_MOUNTPOINTS_DEPRECATED[@]}"; do
|
|
local volume_id="armbian-${mountpoint//\//-}"
|
|
display_alert "Purging deprecated Docker volume" "${volume_id}" "info"
|
|
if docker volume inspect "${volume_id}" &> /dev/null; then
|
|
run_host_command_logged docker volume rm "${volume_id}"
|
|
display_alert "Purged deprecated Docker volume" "${volume_id} OK" "info"
|
|
else
|
|
display_alert "Deprecated Docker volume not found" "${volume_id} OK" "info"
|
|
fi
|
|
done
|
|
}
|