Skip to content

Commit

Permalink
fix: thread UID/GID through Docker
Browse files Browse the repository at this point in the history
When running Git commands inside this Docker container (i.e., commands
that the `version.py` script needs for determining version information),
the Docker build would run into issues like:

```
fatal: detected dubious ownership in repository at '/workspace'
To add an exception for this directory, call:
    git config --global --add safe.directory /workspace
```

This is due to an extra Git check that detects that the Docker user is
not the same one who owns the `.git` directory of this project. After
looking into this, the best solution the internet has to offer is to
thread the current user's UID and GID through the Docker image (i.e.,
the new `builder` user) and then `docker run --user ...`. This both
avoids the Git check but also seems to be considered a best practice in
some circles (?).
  • Loading branch information
abrown committed Mar 16, 2024
1 parent 91c48f0 commit ce47f32
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 13 deletions.
32 changes: 21 additions & 11 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,32 @@
# Here we choose Bionic 18.04.
FROM ubuntu:bionic

# We want to use the same UID/GID of the external user to avoid permission
# issues. See the user setup at the end of the file.
ARG UID=1000
ARG GID=1000

RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ccache \
curl \
ca-certificates \
build-essential \
clang \
python3 \
git \
ninja-build \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
&& apt-get install -y --no-install-recommends \
ccache \
curl \
ca-certificates \
build-essential \
clang \
python3 \
git \
ninja-build \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

RUN curl -sSLO https://github.com/Kitware/CMake/releases/download/v3.25.1/cmake-3.25.1-linux-x86_64.tar.gz \
&& tar xf cmake-3.25.1-linux-x86_64.tar.gz \
&& rm cmake-3.25.1-linux-x86_64.tar.gz \
&& mkdir -p /opt \
&& mv cmake-3.25.1-linux-x86_64 /opt/cmake
ENV PATH /opt/cmake/bin:$PATH

RUN groupadd -g ${GID} builder && \
useradd --create-home --uid ${UID} --gid ${GID} builder
USER builder
WORKDIR /workspace
13 changes: 11 additions & 2 deletions docker_build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,17 @@
set -ex

echo "Building the docker image"
docker build -t wasi-sdk-builder:latest .
docker build \
--build-arg UID=$(id -u) --build-arg GID=$(id -g) \
-t wasi-sdk-builder:latest .

echo "Building the package in docker image"
mkdir -p ~/.ccache
docker run --rm --user $(id -u):$(id -g) -v "$PWD":/workspace:Z -v ~/.ccache:/root/.ccache:Z -e NINJA_FLAGS=-v --workdir /workspace --tmpfs /tmp:exec wasi-sdk-builder:latest make package LLVM_CMAKE_FLAGS=-DLLVM_CCACHE_BUILD=ON
docker run --rm \
--user $(id -u):$(id -g) \
-v "$PWD":/workspace:Z \
-v ~/.ccache:/home/builder/.ccache:Z \
-e NINJA_FLAGS=-v \
--tmpfs /tmp:exec \
wasi-sdk-builder:latest \
make package LLVM_CMAKE_FLAGS=-DLLVM_CCACHE_BUILD=ON

0 comments on commit ce47f32

Please sign in to comment.