devshell-docker/devshell at main · giddie/devshell-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#!/usr/bin/env bash

set -euo pipefail

script_dir=$(dirname $(readlink -f $0))
base_dir=$(git rev-parse --show-toplevel 2>/dev/null || pwd)

project_name="general"
default_variant="ubuntu"
default_container_name="none"
default_home_volume="none"
default_args=("/usr/bin/env" "zsh")
default_ro_paths=(".git" ".local")
default_masked_paths=()

variant=${DEVSHELL_VARIANT:-$default_variant}
dockerfile=Dockerfile.${variant}
container_name=${DEVSHELL_CONTAINER_NAME:-${default_container_name}}
home_volume=${DEVSHELL_HOME_VOLUME:-${default_home_volume}}
cache_enabled=${CACHE:-"yes"}

### Check dependencies
if (( BASH_VERSINFO[0] < 5 )); then
  echo >&2 "WARNING: Your bash version is quite old."
fi

required_tools=("docker" "jq" "sha256sum")
missing_tools=()
for tool in "${required_tools[@]}"; do
  if ! command -v "$tool" >/dev/null; then
    missing_tools+=("$tool")
  fi
done
if (( ${#missing_tools[@]} > 0 )); then
  echo >&2 "Please install the following and try again:"
  for tool in "${missing_tools[@]}"; do
    echo >&2 "* $tool"
  done
  exit 1
fi

### Figure out if we need to rebuild the docker image

image_source_files=(
  $dockerfile
  entrypoint.sh
  entrypoint-user.sh
)
image_source_hash=$(
  for file in ${image_source_files[@]}; do
    cat "$script_dir/$file"
  done | sha256sum
)
image_source_hash=${image_source_hash%% *}

image_name="${project_name}-devshell:${variant}"
need_to_build="yes"

if [[ $cache_enabled != "no" && -n $(docker images -q $image_name) ]]; then
  image_source_hash_label=$(
    docker image inspect $image_name | \
      jq -r '.[0].Config.Labels."org.opencontainers.image.devshell.source-hash"'
  )
  if [[ $image_source_hash_label == $image_source_hash ]]; then
    need_to_build="no"
  fi
fi

if [[ $need_to_build == "yes" ]]; then
  echo "Building docker image..."
  no_cache=$([[ $cache_enabled == "no" ]] && echo "--no-cache" || echo)
  docker build \
    $no_cache \
    --file "$script_dir/$dockerfile" \
    --build-arg SOURCE_HASH="${image_source_hash}" \
    --tag "$image_name" \
    "$script_dir"
fi

### Options

if [[ -v DEVSHELL_DOCKER_OPTS ]]; then
  docker_opts=($DEVSHELL_DOCKER_OPTS)
else
  docker_opts=("-i")
  if [[ -t 0 && -t 1 ]]; then
    docker_opts+=("-t")
  fi
fi

if (( $# > 0 )); then
  args=("$@")
else
  args=("${default_args[@]}")
fi

if [[ $container_name != "none" ]]; then
  container_id=$(docker container ls -q --filter=name=$container_name)
  if [[ -n $container_id ]]; then
    found_image_name=$(docker inspect $container_id --format="{{.Config.Image}}")
    if [[ $found_image_name != $image_name ]]; then
      echo >&2 "Running container \"${container_name}\" has a different image:" \
        "${found_image_name} vs ${image_name}."
      exit 1
    fi
  fi
fi

if [[ ${container_id:-} ]]; then
  exec docker exec "${docker_opts[@]}" "$container_id" /usr/local/bin/entrypoint.sh "${args[@]}"
else
  if [[ $container_name != "none" ]]; then
    docker_opts+=("--name" ${container_name})
  fi

  if [[ $home_volume != "none" ]]; then
    docker_opts+=("--volume" "${home_volume}:/home/user")
  fi

  if [[ ${DEVSHELL_SSH:-} == "yes" ]]; then
    if ssh_auth_sock=$(readlink -f ${SSH_AUTH_SOCK} 2>/dev/null); then
      docker_opts+=(
        "--volume" "${ssh_auth_sock}:/run/ssh-agent.sock"
        "--env" "SSH_AUTH_SOCK=/run/ssh-agent.sock"
      )
    else
      echo >&2 "DEVSHELL_SSH: Ensure that SSH_AUTH_SOCK is set. You may need" \
               "to set up ssh-agent."
      exit 1
    fi
  fi

  if [[ ${DEVSHELL_SUDO:-} == "no" ]]; then
    docker_opts+=("--security-opt" "no-new-privileges")
  fi

  if [[ ! -v DEVSHELL_RO_PATHS ]]; then
    ro_paths=("${default_ro_paths[@]}")
  else
    IFS=':' read -r -a ro_paths <<< ${DEVSHELL_RO_PATHS}
  fi
  for path_relative in "${ro_paths[@]}"; do
    path="${base_dir}/${path_relative}"
    if [[ -a $path ]]; then
      docker_opts+=("--volume" "${path}:${path}:ro")
    fi
  done

  if [[ ! -v DEVSHELL_MASKED_PATHS ]]; then
    masked_paths=("${default_masked_paths[@]}")
  else
    IFS=':' read -r -a masked_paths <<< ${DEVSHELL_MASKED_PATHS}
  fi
  for path in "${masked_paths[@]}"; do
    [[ "$path" != /* ]] && path="${base_dir}/${path}"
    if [[ -f $path ]]; then
      docker_opts+=("--volume" "/dev/null:${path}")
    elif [[ -d $path ]]; then
      docker_opts+=("--mount" "type=tmpfs,destination=${path}")
    fi
  done

  # Local ZSH config
  if [[ -d ${HOME}/.zprezto ]]; then
    docker_opts+=("--volume" "${HOME}/.zprezto:/usr/local/lib/prezto:ro")
  fi

  exec docker run --rm "${docker_opts[@]}" \
    --volume ${base_dir}:${base_dir} \
    --env TERM=${TERM} \
    --env DEVSHELL_VARIANT=${variant} \
    --env DEVSHELL_PROJECT_DIR=${base_dir} \
    "${image_name}" \
    "${args[@]}"
fi