From 69edc1b0beef8e38bbd94d1acd8c9b3b38831711 Mon Sep 17 00:00:00 2001 From: wilfriedroset Date: Thu, 6 Oct 2022 09:23:07 +0200 Subject: [PATCH] Allow to adjust mount options in Makefile (#3137) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Depending on how docker is installed and configured but also the hardening applied to the workstation, docker might not be able to mount the code base properly in the container. As such, the user could end up with a error similar to the following: ``` ❯ make lint --8<-- >>>> Entering build container: lint-packaging-scripts time docker run --rm --tty -i -v ~/.ssh/:/root/.ssh:delegated,z -v /workspace/github.com/grafana/mimir/.cache:/go/cache:delegated,z -v /workspace/github.com/grafana/mimir/.pkg:/go/pkg:delegated,z -v /workspace/github.com/grafana/mimir:/go/src/github.com/grafana/mimir:delegated,z grafana/mimir-build-image GOOS=darwin GOARCH=amd64 BINARY_SUFFIX="" lint-packaging-scripts; Error: error preparing container 9c7c78b35ac936b65510dec180a81f6f38ea98e027d7049012f73f7ac31f885d for attach: lsetxattr /workspace/github.com/grafana/mimir/.cache: operation not supported real 0m0,719s user 0m0,046s sys 0m0,021s ``` This error could also be trigger when using podman as an alternative for docker. See: /~https://github.com/containers/podman/issues/13631 Signed-off-by: Wilfried Roset Signed-off-by: Wilfried Roset --- Makefile | 11 ++++++----- docs/internal/contributing/README.md | 12 +++++++++++- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index c0db5c4c74b..d6ec4a87a3d 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ BINARY_SUFFIX ?= "" # All this must go at top of file I'm afraid. IMAGE_PREFIX ?= grafana/ BUILD_IMAGE ?= $(IMAGE_PREFIX)mimir-build-image +CONTAINER_MOUNT_OPTIONS ?= delegated,z # For a tag push, $GITHUB_REF will look like refs/tags/. # If finding refs/tags/ does not equal empty string, then use @@ -210,12 +211,12 @@ GO_FLAGS := -ldflags "\ ifeq ($(BUILD_IN_CONTAINER),true) -GOVOLUMES= -v $(shell pwd)/.cache:/go/cache:delegated,z \ - -v $(shell pwd)/.pkg:/go/pkg:delegated,z \ - -v $(shell pwd):/go/src/github.com/grafana/mimir:delegated,z +GOVOLUMES= -v $(shell pwd)/.cache:/go/cache:$(CONTAINER_MOUNT_OPTIONS) \ + -v $(shell pwd)/.pkg:/go/pkg:$(CONTAINER_MOUNT_OPTIONS) \ + -v $(shell pwd):/go/src/github.com/grafana/mimir:$(CONTAINER_MOUNT_OPTIONS) # Mount local ssh credentials to be able to clone private repos when doing `mod-check` -SSHVOLUME= -v ~/.ssh/:/root/.ssh:delegated,z +SSHVOLUME= -v ~/.ssh/:/root/.ssh:$(CONTAINER_MOUNT_OPTIONS) exes $(EXES) protos $(PROTO_GOS) lint lint-packaging-scripts test test-with-race cover shell mod-check check-protos doc format dist build-mixin format-mixin check-mixin-tests license check-license conftest-fmt check-conftest-fmt conftest-test conftest-verify: fetch-build-image @mkdir -p $(shell pwd)/.pkg @@ -598,7 +599,7 @@ packages: dist packaging/fpm/$(UPTODATE) @mkdir -p $(shell pwd)/.cache @echo ">>>> Entering build container: $@" $(SUDO) time docker run --rm $(TTY) \ - -v $(shell pwd):/go/src/github.com/grafana/mimir:delegated,z \ + -v $(shell pwd):/go/src/github.com/grafana/mimir:$(CONTAINER_MOUNT_OPTIONS) \ -i $(PACKAGE_IMAGE) $@; else diff --git a/docs/internal/contributing/README.md b/docs/internal/contributing/README.md index 7ac14302d73..f58a45a4032 100644 --- a/docs/internal/contributing/README.md +++ b/docs/internal/contributing/README.md @@ -37,7 +37,8 @@ make You can use `make help` to see the available targets. (By default, the build runs in a Docker container, using an image built with all the tools required. The source code is mounted from where you -run `make` into the build container as a Docker volume.) +run `make` into the build container as a Docker volume. +The mount options can be adjusted with `CONTAINER_MOUNT_OPTIONS`.) To run the unit tests suite: @@ -49,6 +50,15 @@ To run the integration tests suite please see "[How integration tests work](./ho If using macOS, make sure you have `gnu-sed` installed; otherwise, some make targets will not work properly. +Depending on how docker is installed, configured but also the hardening applied to your workstation using the docker mount options might not work properly. +This is also true if you are using an alternative to docker like for example podman. In such case, you can use `CONTAINER_MOUNT_OPTIONS` to adjust the mount option. + +Example: + +``` +make CONTAINER_MOUNT_OPTIONS=delegated +``` + ### Dependency management We uses [Go modules](https://golang.org/cmd/go/#hdr-Modules__module_versions__and_more) to manage dependencies on external packages.