1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
#!/bin/bash
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Utility script to optionally run a command optionally in a new container.
#
# This script must be run from inside the Tink library to run the command for.
#
# NOTE: When running in a new container, this sctips mounts the parent folder of
# `pwd`. Other dependencies, if any, are assumed to be located there. For
# example, if running tink-py tests, this script assumes:
# - pwd => /path/to/parent/tink-py
# - mount path => /path/to/parent
# - ls /path/to/parent => tink_cc tink_py.
set -eo pipefail
usage() {
cat <<EOF
Usage: $0 [-c <container image>] [-k <service key file path>] <command>
-c: [Optional] Container image to run the command on.
-k: [Optional] Service key file path for pulling the image from the Google Artifact Registry (https://cloud.google.com/artifact-registry).
-e: [Optional] File containing a list of environment variables to pass to Docker using --env-file (see https://docs.docker.com/engine/reference/commandline/run/#env).
-h: Help. Print this usage information.
EOF
exit 1
}
# Args.
COMMAND=
# Options.
CONTAINER_IMAGE_NAME=
GCR_SERVICE_KEY_PATH=
DOCKER_ENV_FILE=
#######################################
# Process command line arguments.
#######################################
process_args() {
# Parse options.
while getopts "hc:k:e:" opt; do
case "${opt}" in
c) CONTAINER_IMAGE_NAME="${OPTARG}" ;;
k) GCR_SERVICE_KEY_PATH="${OPTARG}" ;;
e) DOCKER_ENV_FILE="${OPTARG}" ;;
*) usage ;;
esac
done
shift $((OPTIND - 1))
readonly CONTAINER_IMAGE_NAME
readonly GCR_SERVICE_KEY_PATH
readonly DOCKER_ENV_FILE
readonly COMMAND=("$@")
}
main() {
process_args "$@"
if [[ -z "${CONTAINER_IMAGE_NAME:-}" ]]; then
echo "Running command on the host"
time "${COMMAND[@]}"
else
echo "Running command on a new container from image ${CONTAINER_IMAGE_NAME}"
if [[ ! -z "${GCR_SERVICE_KEY_PATH:-}" ]]; then
# Activate service account to read from a private artifact registry repo.
gcloud auth activate-service-account --key-file="${GCR_SERVICE_KEY_PATH}"
gcloud config set project tink-test-infrastructure
gcloud auth configure-docker us-docker.pkg.dev --quiet
fi
local -r path_to_mount="$(dirname "$(pwd)")"
local -r library_to_test="$(basename "$(pwd)")"
time docker pull "${CONTAINER_IMAGE_NAME}"
local docker_opts=(
--network="host"
--mount type=bind,src="${path_to_mount}",dst=/deps
--workdir=/deps/"${library_to_test}"
--rm
)
if [[ -n "${DOCKER_ENV_FILE}" ]]; then
docker_opts+=( --env-file="${DOCKER_ENV_FILE}" )
fi
readonly docker_opts
time docker run "${docker_opts[@]}" "${CONTAINER_IMAGE_NAME}" \
bash -c "$(echo "${COMMAND[@]}")"
fi
}
main "$@"
|
