fix: trying to get docker-in-docker working

shakefu · Nov 17, 2023 · 76f477b · 76f477b
1 parent ad6a614
commit 76f477b
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 101 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -4,7 +4,12 @@
  "name": "shakefu/home",
  // Not used while we have a build spec
  // "image": "mcr.microsoft.com/devcontainers/universal:latest"
- "image": "shakefu/home:build-6752584781.21.1"
+ "image": "shakefu/home:build-6752584781.21.1",
+
+ // Mounting in the host docker socket for docker-in-docker
+ "mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ],
+ // Needed to support non-root user
+ "overrideCommand": false,
 
  // "build": {
  // "dockerfile": "Dockerfile"
@@ -24,4 +29,10 @@
 
  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
  // "remoteUser": "root"
+ // TODO: Decide if we want this to be shakefu instead?
+ "remoteUser": "vscode",
+
+ // Used by docker-in-docker for host mounting filesystem
+ // ref: https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker#using-bind-mounts-when-working-with-docker-inside-the-container
+ "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }
 }
diff --git a/Dockerfile b/Dockerfile
@@ -37,27 +37,6 @@ RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor
  apt-get install -yqq code && \
  rm -rf /var/lib/apt/lists/*
 
-# Kubectl apt repository
-RUN curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg && \
- echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' > /etc/apt/sources.list.d/kubernetes.list && \
- apt-get update -yqq && \
- apt-get install -yqq kubectl && \
- rm -rf /var/lib/apt/lists/*
-
-# Docker apt repository
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker-apt-keyring.gpg && \
- echo "deb [signed-by=/etc/apt/keyrings/docker-apt-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable" > /etc/apt/sources.list.d/docker.list && \
- apt-get update -yqq && \
- apt-get install -yqq docker-ce && \
- rm -rf /var/lib/apt/lists/*
-
-# Terraform apt repository
-RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /etc/apt/keyrings/hashicorp-apt-keyring.gpg && \
- echo "deb [signed-by=/etc/apt/keyrings/hashicorp-apt-keyring.gpg] https://apt.releases.hashicorp.com jammy main" > /etc/apt/sources.list.d/hashicorp.list && \
- apt-get update -yqq && \
- apt-get install -yqq terraform && \
- rm -rf /var/lib/apt/lists/*
-
 # A GitHub token is required to use the gh cli tool
 ARG GITHUB_TOKEN
 
@@ -83,14 +62,6 @@ ARG GITHUB_TOKEN
 # tar -xzf $RELEASE_GLOB && \
 # rm $RELEASE_GLOB
 
-# Install Go with GO_VERSION
-# TODO: This is incompatible with a multi-arch build
-ARG GO_VERSION=1.20.5
-RUN curl -fsSL https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz \
- -o go${GO_VERSION}.linux-amd64.tar.gz && \
- tar -C /usr/local -xzf go${GO_VERSION}.linux-amd64.tar.gz && \
- rm go${GO_VERSION}.linux-amd64.tar.gz && \
- ln -s /usr/local/go/bin/* /usr/local/bin/
 
 
 # Create a vscode user with uid 1000 (this user may already exist)
@@ -105,6 +76,25 @@ RUN useradd \
 # Set the shell to zsh
 RUN chsh --shell "/usr/bin/zsh" "${USER}"
 
+# Install Docker CE CLI
+RUN apt-get update \
+ apt-get install -y apt-transport-https ca-certificates curl gnupg2 lsb-release && \
+ curl -fsSL https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg | apt-key add - 2>/dev/null && \
+ echo "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list && \
+ apt-get update && \
+ apt-get install -y docker-ce-cli
+
+# Create docker-init script which configures user group permissions
+RUN echo -e "#!/bin/sh\n\
+ sudoIf() { if [ \"\$(id -u)\" -ne 0 ]; then sudo \"\$@\"; else \"\$@\"; fi }\n\
+ SOCKET_GID=\$(stat -c '%g' /var/run/docker.sock) \n\
+ if [ \"${SOCKET_GID}\" != '0' ]; then\n\
+ if [ \"\$(cat /etc/group | grep :\${SOCKET_GID}:)\" = '' ]; then sudoIf groupadd --gid \${SOCKET_GID} docker-host; fi \n\
+ if [ \"\$(id ${USER} | grep -E \"groups=.*(=|,)\${SOCKET_GID}\(\")\" = '' ]; then sudoIf usermod -aG \${SOCKET_GID} ${USER}; fi\n\
+ fi\n\
+ exec \"\$@\"" > /usr/local/share/docker-init.sh \
+ && chmod +x /usr/local/share/docker-init.sh
+
 # Install vscode extensions
 WORKDIR /tmp/shakefu
 COPY .devcontainer/extensions.sh ./extensions.sh
@@ -129,13 +119,21 @@ RUN ./home setup --debug
 # Revert to our default user directory
 WORKDIR /workspaces/home
 
+# VS Code overrides ENTRYPOINT and CMD when executing `docker run` by default.
+# Setting the ENTRYPOINT to docker-init.sh will configure non-root access to
+# the Docker socket if "overrideCommand": false is set in devcontainer.json.
+# The script will also execute CMD if you need to alter startup behaviors.
+# ref: https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker#enabling-non-root-access-to-docker-in-the-container
+ENTRYPOINT [ "/usr/local/share/docker-init.sh" ]
+CMD [ "sleep", "infinity" ]
+
 # Final output image
-FROM scratch AS final
+# FROM scratch AS final
 
-ARG USER=vscode
+# ARG USER=vscode
 
 # Copy over the whole filesystem in one whack
-COPY --from=base / /
+# COPY --from=base / /
 
 # Set the user
-USER ${USER}
+# USER ${USER}
diff --git a/files/.zshrc b/files/.zshrc
@@ -1,7 +1,8 @@
 # shellcheck shell=zsh
 
 # Add homebrew env required for some inits to work
-eval "$(/opt/homebrew/bin/brew shellenv)"
+# This is the Mac default install
+[[ ! -x /opt/homebrew/bin ]] || eval "$(/opt/homebrew/bin/brew shellenv)"
 
 # Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc.
 # Initialization code that may require console input (password prompts, [y/n]
@@ -166,6 +167,16 @@ SAVEHIST=100000
 # PATH
 
 
+_paths=(
+ "$HOME/.bin"
+ "$HOME/.local/bin"
+ "$HOME/go/bin"
+ "$HOME/.pyenv/bin"
+ "$HOME/.nodenv/bin"
+ "/usr/local/bin"
+ "/usr/local/go/bin"
+)
+
 # If you come from bash you might have to change your $PATH.
 # export PATH=$HOME/bin:/usr/local/bin:$PATH
 # Append language specific paths in search order
@@ -200,7 +211,8 @@ export LANG=en_US.UTF-8
 # Toggle editor based on SSH status
 if [[ -n $SSH_CONNECTION ]]; then
  # Default to vi for easy CLI usage
- export EDITOR='vi'
+ # export EDITOR='vi'
+ export EDITOR="code"
 else
  # This causes issues when opening files automatically, e.g. with git or
  # fotingo, so we fall back to just vi
@@ -211,12 +223,14 @@ fi
 ####################
 # Python Virtualenvs
 
+# Deprecated in favor of poetry venv management
+
 # Use the default directory, explicitly
-export WORKON_HOME=$HOME/.virtualenvs
+# export WORKON_HOME=$HOME/.virtualenvs
 # Anything that is done with mkproject ends up in tmp
-export PROJECT_HOME=$HOME/tmp
+#export PROJECT_HOME=$HOME/tmp
 # Lazy load virtualenvwrapper commands for quicker shells
-[ ! -x "$(command -v virtualenvwrapper.sh)" ] || \. "$(which virtualenvwrapper_lazy.sh)"
+# [ ! -x "$(command -v virtualenvwrapper.sh)" ] || \. "$(which virtualenvwrapper_lazy.sh)"
 # Don't need this, script is on our path
 # export VIRTUALENVWRAPPER_SCRIPT=/usr/local/bin/virtualenvwrapper.sh
 
@@ -781,62 +795,31 @@ fi
 # THis has to be loaded before the devops alias because otherwise it won't find
 # fotingo on the path
 
-# Load goenv
-if command -v goenv &>/dev/null; then eval "$(goenv init - )"; fi
 
 # To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
 [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
 
 # Load in the profile baybee
 [[ ! -f ~/.profile ]] || source ~/.profile
 
-# Load pyenv
-if ! command -v pyenv &>/dev/null; then
- eval "$(pyenv init --path)"
- eval "$(pyenv init -)"
- eval "$(pyenv init virtualenv-init)"
-fi
-
-# Make sure nodenv is fully configured
-if ! command -v nodenv &>/dev/null; then
- export PATH="$HOME/.nodenv/bin:$PATH"
- eval "$(nodenv init -)"
-fi
+# Load goenv
+if command -v goenv &>/dev/null; then eval "$(goenv init - )"; fi
 
-# Configure tfenv because it don't play nice with M1
+# Load pyenv
+if command -v pyenv &>/dev/null; then eval "$(pyenv init - )"; fi
+# if ! command -v pyenv &>/dev/null; then
+# eval "$(pyenv init --path)"
+# eval "$(pyenv init -)"
+# eval "$(pyenv init virtualenv-init)"
+# fi
+
+# Load nodenv
+if command -v nodenv &>/dev/null; then eval "$(nodenv init - )"; fi
+# if ! command -v nodenv &>/dev/null; then
+# export PATH="$HOME/.nodenv/bin:$PATH"
+# eval "$(nodenv init -)"
+# fi
+
+# Configure tfenv because it don't play nice with Mac aarch64
 export TFENV_ARCH=amd64
 export TFENV_AUTO_INSTALL=true
-
-##############
-# JIRA related
-#
-# Helpers for managing JIRA tickets
-if [ -x "$(command -v fotingo)" ]; then
- function devops {
- local title="$1"; shift
- local description="$1"; shift
- local type="${3:-task}"
- [ -n "$3" ] && shift
- local labels="${4:-}"
-
- [ -n "$title" ] || { echo "Title is required"; return 1; }
- [ -n "$description" ] || { echo "Description is required"; return 1; }
-
-
- local args
- args=(
- start
- --project DEVOPS
- --kind "$type"
- --title "$title"
- --description "$description"
- )
- [ -n "$labels" ] && args+=( --labels "$labels" )
-
- fotingo ${args[@]}
- }
-else
- function devops {
- echo "Error: missing dependency fotingo"
- }
-fi
diff --git a/install/linux_amd64/03-pyenv b/install/linux_amd64/03-pyenv
@@ -0,0 +1,6 @@
+#!/bin/dash -e
+# Install or upgrade
+$RUN brew "$( { [ -z "$UPGRADE" ] && echo "install"; } || echo "upgrade" )" "$NAME"
+# Enable dash to use pyenv
+$RUN echo "PYENV_ROOT=$(pyenv root)" | sudo tee -a /etc/profile
+$RUN echo "eval \"\$(pyenv init -)\"" | sudo tee -a /etc/profile
diff --git a/install/linux_amd64/03-python3 b/install/linux_amd64/03-python3
diff --git a/install/linux_amd64/04-nodenv b/install/linux_amd64/04-nodenv
@@ -0,0 +1,6 @@
+#!/bin/dash -e
+# Install or upgrade
+$RUN brew "$( { [ -z "$UPGRADE" ] && echo "install"; } || echo "upgrade" )" "$NAME"
+# Enable dash to use nodenv
+$RUN echo "NODENV_ROOT=$(nodenv root)" | sudo tee -a /etc/profile
+$RUN echo "eval \"\$(nodenv init -)\"" | sudo tee -a /etc/profile
diff --git a/install/linux_amd64/04-nvm b/install/linux_amd64/04-nvm
diff --git a/install/linux_amd64/05-goenv b/install/linux_amd64/05-goenv
@@ -0,0 +1,6 @@
+#!/bin/dash -e
+# Install or upgrade
+$RUN brew "$( { [ -z "$UPGRADE" ] && echo "install"; } || echo "upgrade" )" "$NAME"
+# Enable dash to use goenv
+$RUN echo "GOENV_ROOT=$(goenv root)" | sudo tee -a /etc/profile
+$RUN echo "eval \"\$(goenv init -)\"" | sudo tee -a /etc/profile