diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml index b7f3704f3e..c756d1dd2f 100644 --- a/.github/workflows/core.yml +++ b/.github/workflows/core.yml @@ -7,7 +7,7 @@ on: paths: - 'ci/**' - 'core/**' - - 'docker/build_env/cpu/**' + - 'docker/build_env/**' - '.github/workflows/core.yml' - docker-compose.yml - '!**.md' diff --git a/.github/workflows/cpplint.yml b/.github/workflows/cpplint.yml index 79281be4e4..29f0651a13 100644 --- a/.github/workflows/cpplint.yml +++ b/.github/workflows/cpplint.yml @@ -7,7 +7,7 @@ on: paths: - 'ci/**' - 'core/**' - - 'docker/build_env/cpu/**' + - 'docker/build_env/**' - '.github/workflows/cpplint.yml' - docker-compose.yml - '!**.md' diff --git a/docker-compose.yml b/docker-compose.yml index ab269aedc6..270ccfa9d2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,7 @@ services: networks: - milvus command: &ubuntu-command - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} --with_fiu --coverage -u && + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} --with_fiu --coverage -u && /milvus/ci/scripts/run_unittest.sh -i ${MILVUS_INSTALL_PREFIX}"] centos-core: @@ -43,7 +43,7 @@ services: networks: - milvus command: ¢os-command - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} --with_fiu --coverage -u && + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} --with_fiu --coverage -u && /milvus/ci/scripts/run_unittest.sh -i ${MILVUS_INSTALL_PREFIX}"] ubuntu-cuda-core: @@ -62,7 +62,7 @@ services: networks: - milvus command: &ubuntu-cuda-command - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -g"] + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -g"] centos-cuda-core: image: ${REPO}:${ARCH}-centos-${CENTOS}-cuda-core @@ -80,7 +80,7 @@ services: networks: - milvus command: ¢os-cuda-command - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -g"] + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -g"] cpplint: image: ${REPO}:${ARCH}-centos-${CENTOS}-core @@ -95,7 +95,7 @@ services: networks: - milvus command: - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -l --tidy -n"] + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -l --tidy -n"] cpplint-gpu: image: ${REPO}:${ARCH}-centos-${CENTOS}-cuda-core @@ -110,7 +110,7 @@ services: networks: - milvus command: - ["/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -l -g --tidy -n"] + ["/bin/bash", "-l", "-c", "/milvus/ci/scripts/build.sh -t Release -j2 -i ${MILVUS_INSTALL_PREFIX} -l -g --tidy -n"] networks: milvus: diff --git a/docker/build_env/cpu/centos7/Dockerfile b/docker/build_env/cpu/centos7/Dockerfile index 333c594224..90431e5d12 100644 --- a/docker/build_env/cpu/centos7/Dockerfile +++ b/docker/build_env/cpu/centos7/Dockerfile @@ -36,8 +36,10 @@ RUN yum install -y ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"] diff --git a/docker/build_env/cpu/ubuntu16.04/Dockerfile b/docker/build_env/cpu/ubuntu16.04/Dockerfile index 5ebeff9822..a9948c4176 100644 --- a/docker/build_env/cpu/ubuntu16.04/Dockerfile +++ b/docker/build_env/cpu/ubuntu16.04/Dockerfile @@ -46,8 +46,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"] diff --git a/docker/build_env/cpu/ubuntu18.04/Dockerfile b/docker/build_env/cpu/ubuntu18.04/Dockerfile index 899063f516..87dbb37ade 100644 --- a/docker/build_env/cpu/ubuntu18.04/Dockerfile +++ b/docker/build_env/cpu/ubuntu18.04/Dockerfile @@ -48,8 +48,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"] diff --git a/docker/build_env/docker-compose.yaml b/docker/build_env/docker-compose.yaml deleted file mode 100644 index 4f0e6c8f4f..0000000000 --- a/docker/build_env/docker-compose.yaml +++ /dev/null @@ -1,45 +0,0 @@ -version: '2.3' - -services: - cpu_centos7: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: cpu/centos7/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} - gpu_centos7: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: gpu/centos7/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} - cpu_ubuntu16.04: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: cpu/ubuntu16.04/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} - gpu_ubuntu16.04: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: gpu/ubuntu16.04/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} - cpu_ubuntu18.04: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: cpu/ubuntu18.04/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} - gpu_ubuntu18.04: - image: ${TARGET_REPO}:${TARGET_TAG} - build: - context: ./ - dockerfile: gpu/ubuntu18.04/Dockerfile - cache_from: - - ${SOURCE_REPO}:${SOURCE_TAG} diff --git a/docker/build_env/entrypoint.sh b/docker/build_env/entrypoint.sh new file mode 100755 index 0000000000..c42fafedee --- /dev/null +++ b/docker/build_env/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e + +# Ensure $HOME exists when starting +if [ ! -d "${HOME}" ]; then + mkdir -p "${HOME}" +fi + +# Setup $PS1 for a consistent and reasonable prompt +if [ -w "${HOME}" ] && [ ! -f "${HOME}"/.bashrc ]; then + echo "PS1='\s-\v \w \$ '" > "${HOME}"/.bashrc + echo -e 'if [ -f /etc/bashrc ]; then\n . /etc/bashrc\nfi' >> "${HOME}"/.bashrc +fi + +# Add current (arbitrary) user to /etc/passwd and /etc/group +if ! whoami &> /dev/null; then + if [ -w /etc/passwd ]; then + echo "${USER_NAME:-user}:x:$(id -u):0:${USER_NAME:-user} user:${HOME}:/bin/bash" >> /etc/passwd + echo "${USER_NAME:-user}:x:$(id -u):" >> /etc/group + fi +fi + +exec "$@" diff --git a/docker/build_env/gpu/centos7/Dockerfile b/docker/build_env/gpu/centos7/Dockerfile index 221e7a3b32..78f1900e6c 100644 --- a/docker/build_env/gpu/centos7/Dockerfile +++ b/docker/build_env/gpu/centos7/Dockerfile @@ -38,8 +38,10 @@ RUN yum install -y ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"] diff --git a/docker/build_env/gpu/ubuntu16.04/Dockerfile b/docker/build_env/gpu/ubuntu16.04/Dockerfile index 161db89e46..6f131d3d19 100644 --- a/docker/build_env/gpu/ubuntu16.04/Dockerfile +++ b/docker/build_env/gpu/ubuntu16.04/Dockerfile @@ -44,8 +44,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"] diff --git a/docker/build_env/gpu/ubuntu18.04/Dockerfile b/docker/build_env/gpu/ubuntu18.04/Dockerfile index 142714ce45..ad8008e371 100644 --- a/docker/build_env/gpu/ubuntu18.04/Dockerfile +++ b/docker/build_env/gpu/ubuntu18.04/Dockerfile @@ -44,8 +44,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends ccache && \ ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib" -# use login shell to activate environment un the RUN commands -SHELL [ "/bin/bash", "-c", "-l" ] +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +COPY --chown=0:0 docker/build_env/entrypoint.sh / +RUN mkdir -p /home/user && chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home && chmod +x /entrypoint.sh -# use login shell when running the container -ENTRYPOINT [ "/bin/bash", "-c", "-l" ] +ENV HOME=/home/user +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["tail", "-f", "/dev/null"]