Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
preprocessor: do not honour CUE_UNSAFE_NETWORK_HOST in multi-step
In the general case in a mult-step script, we could run a process that does an arbitrary amount of networking. Right now, setting CUE_UNSAFE_NETWORK_HOST to non-empty adds the --network=host flag to the running of a multi-step script. This means, however, that whenever a multi-step script does do something networking-related (for example in a later CL we run the 'cue mod registry' server) then this "interferes" and is impacted by the host network situation. (Note this comment is potentially even true for code blocks, but for now we fairly carefully "control" the commands that are run in that situation so we "know" it isn't a problem. Even if something skipped through review, it would quickly become clear there is a clash/similar). Therefore, we stop honouring CUE_UNSAFE_NETWORK_HOST being set for multi-step scripts to ensure we do not create any network clashes. This change ensures that for those docker runs which do not require networking they remain fast (establishing a separate network stack is expensive), and that multi-step script runs are safe from conflicts. Note: the cost of establishing a per-container network stack could be somewhat/entirely amortised in the case where that container does not require any networking by using a newly created, empty stack that is shared between all such containers (rather than sharing with the host). Such a temporary stack could be created once, used by many containers (that don't require a network stack) and then torn down at the end to avoid leaving any artefacts around. We will test/explore this in a later CL. Preprocessor-No-Write-Cache: true Signed-off-by: Paul Jolly <[email protected]> Change-Id: I64664fb836cbfe1f7f0e1e94e417595d102e84ed Dispatch-Trailer: {"type":"trybot","CL":1176742,"patchset":7,"ref":"refs/changes/42/1176742/7","targetBranch":"alpha"}
- Loading branch information