From a2a0c17554078cacaa488c29f13da93d7438e93f Mon Sep 17 00:00:00 2001 From: alafanechere Date: Thu, 16 Jan 2025 16:46:48 +0100 Subject: [PATCH] airbyte-ci: mount /tmp with the current user as owner --- .../connectors/test/steps/python_connectors.py | 2 +- .../pipelines/airbyte_ci/steps/gradle.py | 2 +- .../pipelines/dagger/actions/system/docker.py | 15 ++++++++------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/test/steps/python_connectors.py b/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/test/steps/python_connectors.py index a967bcaefdf10..dba751bba041c 100644 --- a/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/test/steps/python_connectors.py +++ b/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/connectors/test/steps/python_connectors.py @@ -83,7 +83,7 @@ async def _run(self, connector_under_test: Container) -> StepResult: pytest_command = self.get_pytest_command(test_config_file_name) if self.bind_to_docker_host: - test_environment = pipelines.dagger.actions.system.docker.with_bound_docker_host(self.context, test_environment) + test_environment = await pipelines.dagger.actions.system.docker.with_bound_docker_host(self.context, test_environment) test_execution = test_environment.with_exec(pytest_command) diff --git a/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/steps/gradle.py b/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/steps/gradle.py index 8dfdb42bbbd72..8c5e008a80d56 100644 --- a/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/steps/gradle.py +++ b/airbyte-ci/connectors/pipelines/pipelines/airbyte_ci/steps/gradle.py @@ -201,7 +201,7 @@ async def _run(self, *args: Any, **kwargs: Any) -> StepResult: gradle_container = gradle_container.with_(await secrets.mounted_connector_secrets(self.context, secrets_dir, self.secrets)) if self.bind_to_docker_host: # If this GradleTask subclass needs docker, then install it and bind it to the existing global docker host container. - gradle_container = pipelines.dagger.actions.system.docker.with_bound_docker_host(self.context, gradle_container) + gradle_container = await pipelines.dagger.actions.system.docker.with_bound_docker_host(self.context, gradle_container) # This installation should be cheap, as the package has already been downloaded, and its dependencies are already installed. gradle_container = gradle_container.with_exec(["yum", "install", "-y", "docker"], use_entrypoint=True) diff --git a/airbyte-ci/connectors/pipelines/pipelines/dagger/actions/system/docker.py b/airbyte-ci/connectors/pipelines/pipelines/dagger/actions/system/docker.py index 72f1827c9939b..f2886a28329d0 100644 --- a/airbyte-ci/connectors/pipelines/pipelines/dagger/actions/system/docker.py +++ b/airbyte-ci/connectors/pipelines/pipelines/dagger/actions/system/docker.py @@ -152,7 +152,7 @@ def with_global_dockerd_service( ).as_service() -def with_bound_docker_host( +async def with_bound_docker_host( context: ConnectorContext, container: Container, ) -> Container: @@ -165,21 +165,22 @@ def with_bound_docker_host( Container: The container bound to the docker host. """ assert context.dockerd_service is not None + current_user = (await container.with_exec(["whoami"]).stdout()).strip() return ( container.with_env_variable("DOCKER_HOST", f"tcp://{DOCKER_HOST_NAME}:{DOCKER_HOST_PORT}") .with_service_binding(DOCKER_HOST_NAME, context.dockerd_service) - .with_mounted_cache("/tmp", context.dagger_client.cache_volume(DOCKER_TMP_VOLUME_NAME)) + .with_mounted_cache("/tmp", context.dagger_client.cache_volume(DOCKER_TMP_VOLUME_NAME), owner=current_user) ) def bound_docker_host(context: ConnectorContext) -> Callable[[Container], Container]: - def bound_docker_host_inner(container: Container) -> Container: - return with_bound_docker_host(context, container) + async def bound_docker_host_inner(container: Container) -> Container: + return await with_bound_docker_host(context, container) return bound_docker_host_inner -def with_docker_cli(context: ConnectorContext) -> Container: +async def with_docker_cli(context: ConnectorContext) -> Container: """Create a container with the docker CLI installed and bound to a persistent docker host. Args: @@ -189,7 +190,7 @@ def with_docker_cli(context: ConnectorContext) -> Container: Container: A docker cli container bound to a docker host. """ docker_cli = context.dagger_client.container().from_(consts.DOCKER_CLI_IMAGE) - return with_bound_docker_host(context, docker_cli) + return await with_bound_docker_host(context, docker_cli) async def load_image_to_docker_host(context: ConnectorContext, tar_file: File, image_tag: str) -> str: @@ -202,7 +203,7 @@ async def load_image_to_docker_host(context: ConnectorContext, tar_file: File, i """ # Hacky way to make sure the image is always loaded tar_name = f"{str(uuid.uuid4())}.tar" - docker_cli = with_docker_cli(context).with_mounted_file(tar_name, tar_file) + docker_cli = await with_docker_cli(context).with_mounted_file(tar_name, tar_file) image_load_output = await docker_cli.with_exec(["docker", "load", "--input", tar_name], use_entrypoint=True).stdout() # Not tagged images only have a sha256 id the load output shares.