Bug 1247168 - Introduce scripts for running action and decision tasks; r?dustin
When we switch to use robustcheckout for version control foo, we'll
also be taking the opportunity to have the decision and action tasks
execute as the "worker" user.
Since caches are mounted and owned by root and since tasks initially
run as root, this makes defining the container command in YAML a bit
difficult because we have to do some work as root then switch users
and continue executing. Rather than shoehorning all that complicated
logic into YAML, we introduce bash scripts that do it. These will
be plugged into the task YAML when we formally switch the tasks
to use the new Docker image.
We provide one script for running Gecko decision tasks. We provide
another for running action tasks. These are the two consumers of
the decision image we care about.
We also sneak in a change to add the executable bit to checkout-gecko.
MozReview-Commit-ID: CXlyHZJSHcP
--- a/testing/docker/decision/Dockerfile
+++ b/testing/docker/decision/Dockerfile
@@ -4,16 +4,15 @@ MAINTAINER Greg Arndt <garndt@mozilla
# Add worker user
RUN useradd -d /home/worker -s /bin/bash -m worker
RUN mkdir /home/worker/artifacts && chown worker:worker /home/worker/artifacts
ADD system-setup.sh tooltool.py /tmp/
RUN bash /tmp/system-setup.sh
ADD bin /home/worker/bin
-RUN chmod +x /home/worker/bin/*
ENV PATH /home/worker/bin:$PATH
ENV SHELL /bin/bash
ENV HOME /home/worker
# Set a default command useful for debugging
CMD ["/bin/bash", "--login"]
old mode 100644
new mode 100755
new file mode 100755
--- /dev/null
+++ b/testing/docker/decision/bin/run-action
@@ -0,0 +1,19 @@
+#!/bin/bash
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+set -ex
+
+# The script starts executing as root. We need to change ownership
+# of the caches because they are initially owned by root:root.
+if [ $(id -u) = 0 ]; then
+ chown worker:worker /home/worker/hg-shared /home/worker/workspace
+
+ exec sudo -E -u worker /home/worker/bin/run-action "${@}"
+fi
+
+/home/worker/bin/checkout-gecko /home/worker/workspace/gecko
+cd /home/worker/workspace/gecko
+ln -s /home/worker/artifacts artifacts &&
+eval "./mach taskgraph action-task ${ACTION_ARGS}"
new file mode 100755
--- /dev/null
+++ b/testing/docker/decision/bin/run-decision
@@ -0,0 +1,19 @@
+#!/bin/bash
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+set -ex
+
+# The script starts executing as root. We need to change ownership
+# of the caches because they are initially owned by root:root.
+if [ $(id -u) = 0 ]; then
+ chown worker:worker /home/worker/hg-shared /home/worker/workspace
+
+ exec sudo -E -u worker /home/worker/bin/run-decision "${@}"
+fi
+
+/home/worker/bin/checkout-gecko /home/worker/workspace/gecko
+cd /home/worker/workspace/gecko
+ln -s /home/worker/artifacts artifacts
+eval "./mach taskgraph decision ${DECISION_ARGS}"
--- a/testing/docker/decision/system-setup.sh
+++ b/testing/docker/decision/system-setup.sh
@@ -4,17 +4,18 @@ set -v -e
test `whoami` == 'root'
apt-get update
apt-get install -y --force-yes --no-install-recommends \
ca-certificates \
curl \
jq \
- python
+ python \
+ sudo
BUILD=/root/build
mkdir $BUILD
tooltool_fetch() {
cat >manifest.tt
python2.7 /tmp/tooltool.py fetch
rm manifest.tt