This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
Support daemonless, unprivileged Docker builds with img
#970
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Alter the entrypoint using "img"
mitchellh
commented
Jan 13, 2021
| "seccomp=unconfined", | ||
| "apparmor=unconfined", | ||
| }, | ||
| }, &network.NetworkingConfig{ |
There was a problem hiding this comment.
Note this is only modifying how we install the runner and not the server.
(And the runner install stuff is currently behind a hidden experimental flag)
evanphx
approved these changes
Jan 13, 2021
Previously, the step ID was calculated based on `len(sg.steps)` which ensured that it was always unique for each new step. But this is only true as long as there is only one step group ever created. In cases where multiple step groups are created, this caused old steps to be reused and it caused some confusing terminal behavior (old lines would be overwritten as the UI framework did its best to update them). This moves the step ID counter to the UI level so it is guaranteed to be monotonically increasing for all steps for that UI.
krantzinator
approved these changes
Jan 13, 2021
Daemonless, unprivileged Docker registry implementation
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This modifies the "docker" builder to support daemonless, unprivileged image builds using
img: https://github.com/genuinetools/imgThe fact we use
imgis encapsulated and not exposed to the user. This gives us the ability to use any tool in the future if we choose to go a different path. The important part is that the Docker builder does support a daemonless approach.This is important for the runner functionality coming up so that Waypoint runners that will likely be running in containerized environments are able to perform image builds.
This PR only modifies the "docker" builder and entrypoint injection.
A future PR will modify the registry,
docker-pull, and more`. I just didn't want to overwhelm reviewers.