-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathentrypoint.sh
89 lines (77 loc) · 3.41 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env sh
# Copyright (c) 2022 Miso Robotics, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# This script is intended for use on Google Cloud Build.
network=cloudbuild
binfmt_version=v0.8
buildkit_version=v0.12.4
builder="${BUILDER:-mybuilder}"
run_args="--privileged"
driver_opts="image=moby/buildkit:${buildkit_version}"
if [ -n "${network}" ]; then
run_args="${run_args} --network=${network}"
driver_opts="${driver_opts},network=${network}"
fi
if [ -n "${MULTIARCH}" ]; then
echo "Running user mode emulation of selected binfmt(s) with QEMU."
docker run ${run_args} "linuxkit/binfmt:${binfmt_version}"
docker run ${run_args} --rm multiarch/qemu-user-static --reset -p yes
fi
echo "Creating BuildKit builder on ${network} network."
export DOCKER_BUILDKIT=1 DOCKER_CLI_EXPERIMENTAL=enabled
buildx create --use --name="${builder}" \
--driver-opt="${driver_opts}" \
--buildkitd-flags '--allow-insecure-entitlement network.host'
buildx inspect --builder "${builder}" --bootstrap
# Buildkit creates the builder on the cloudbuild network, so use host-mode
# networking to reuse the network stack of the builder container.
# When invoking build, explicitly pass the address of the GCE Metadata service
# because otherwise it ends up with the wrong address which does resolve but
# does not authenticate properly.
metadata_host=metadata.google.internal
metadata_ip="$(dig +short "${metadata_host}")"
if [ -z "${DISABLE_SSH}" ]; then
# Use SSH for all GitHub authentication if not disabled.
git config --global url."git@github.com:".insteadOf "https://github.com/"
if [ -n "${SSH_SECRET_ID}" ]; then
args="--secret=${SSH_SECRET_ID}"
if [ -n "${SSH_SECRET_PROJECT}" ]; then
args="${args} --project=${SSH_SECRET_PROJECT}"
fi
mkdir -m0700 -p ~/.ssh
gcloud secrets versions access latest ${args} >~/.ssh/id_rsa
chmod 400 ~/.ssh/id_rsa
fi
if [ -z "${SSH_AUTH_SOCK}" ]; then
echo "Instantiating ssh-agent and adding default key."
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
ssh-keyscan github.com >/etc/ssh/ssh_known_hosts
dig -t a +short github.com | grep ^[0-9] | xargs -r -n1 ssh-keyscan \
>>/etc/ssh/ssh_known_hosts
git submodule update --init --recursive || true
fi
ssh_args="--ssh=default"
fi
echo "Invoking docker build with host entry ${metadata_host}:${metadata_ip}"
buildx build \
--builder "${builder}" \
--add-host "${metadata_host}:${metadata_ip}" \
"${ssh_args}" --allow=network.host --network=host "$@"