2023-11-22 11:49:51 +00:00
|
|
|
/*
|
|
|
|
Copyright 2023 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
import * as os from "os";
|
|
|
|
import * as crypto from "crypto";
|
|
|
|
import * as childProcess from "child_process";
|
|
|
|
import * as fse from "fs-extra";
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
/**
|
|
|
|
* @param cmd - command to execute
|
|
|
|
* @param args - arguments to pass to executed command
|
|
|
|
* @param suppressOutput - whether to suppress the stdout and stderr resulting from this command.
|
|
|
|
* @return Promise which resolves to an object containing the string value of what was
|
|
|
|
* written to stdout and stderr by the executed command.
|
|
|
|
*/
|
|
|
|
const exec = (cmd: string, args: string[], suppressOutput = false): Promise<{ stdout: string; stderr: string }> => {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
if (!suppressOutput) {
|
|
|
|
const log = ["Running command:", cmd, ...args, "\n"].join(" ");
|
|
|
|
// When in CI mode we combine reports from multiple runners into a single HTML report
|
|
|
|
// which has separate files for stdout and stderr, so we print the executed command to both
|
|
|
|
process.stdout.write(log);
|
|
|
|
if (process.env.CI) process.stderr.write(log);
|
|
|
|
}
|
|
|
|
const { stdout, stderr } = childProcess.execFile(cmd, args, { encoding: "utf8" }, (err, stdout, stderr) => {
|
|
|
|
if (err) reject(err);
|
|
|
|
resolve({ stdout, stderr });
|
|
|
|
if (!suppressOutput) {
|
|
|
|
process.stdout.write("\n");
|
|
|
|
if (process.env.CI) process.stderr.write("\n");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
if (!suppressOutput) {
|
|
|
|
stdout.pipe(process.stdout);
|
|
|
|
stderr.pipe(process.stderr);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2023-11-22 11:49:51 +00:00
|
|
|
export class Docker {
|
|
|
|
public id: string;
|
|
|
|
|
|
|
|
async run(opts: { image: string; containerName: string; params?: string[]; cmd?: string[] }): Promise<string> {
|
|
|
|
const userInfo = os.userInfo();
|
|
|
|
const params = opts.params ?? [];
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
const isPodman = await Docker.isPodman();
|
|
|
|
if (params.includes("-v") && userInfo.uid >= 0) {
|
2023-11-22 11:49:51 +00:00
|
|
|
// Run the docker container as our uid:gid to prevent problems with permissions.
|
2024-02-20 14:21:10 +00:00
|
|
|
if (isPodman) {
|
2023-11-22 11:49:51 +00:00
|
|
|
// Note: this setup is for podman rootless containers.
|
|
|
|
|
|
|
|
// In podman, run as root in the container, which maps to the current
|
|
|
|
// user on the host. This is probably the default since Synapse's
|
|
|
|
// Dockerfile doesn't specify, but we're being explicit here
|
|
|
|
// because it's important for the permissions to work.
|
|
|
|
params.push("-u", "0:0");
|
|
|
|
|
|
|
|
// Tell Synapse not to switch UID
|
|
|
|
params.push("-e", "UID=0");
|
|
|
|
params.push("-e", "GID=0");
|
|
|
|
} else {
|
|
|
|
params.push("-u", `${userInfo.uid}:${userInfo.gid}`);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
// Make host.containers.internal work to allow the container to talk to other services via host ports.
|
|
|
|
if (isPodman) {
|
|
|
|
params.push("--network");
|
|
|
|
params.push("slirp4netns:allow_host_loopback=true");
|
|
|
|
} else {
|
|
|
|
// Docker for Desktop includes a host-gateway mapping on host.docker.internal but to simplify the config
|
|
|
|
// we use the Podman variant host.containers.internal in all environments.
|
|
|
|
params.push("--add-host");
|
|
|
|
params.push("host.containers.internal:host-gateway");
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provided we are not running in CI, add a `--rm` parameter.
|
|
|
|
// There is no need to remove containers in CI (since they are automatically removed anyway), and
|
|
|
|
// `--rm` means that if a container crashes this means its logs are wiped out.
|
|
|
|
if (!process.env.CI) params.unshift("--rm");
|
|
|
|
|
2023-11-22 11:49:51 +00:00
|
|
|
const args = [
|
|
|
|
"run",
|
|
|
|
"--name",
|
|
|
|
`${opts.containerName}-${crypto.randomBytes(4).toString("hex")}`,
|
|
|
|
"-d",
|
|
|
|
...params,
|
|
|
|
opts.image,
|
|
|
|
];
|
|
|
|
|
|
|
|
if (opts.cmd) args.push(...opts.cmd);
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
const { stdout } = await exec("docker", args);
|
|
|
|
this.id = stdout.trim();
|
2023-11-22 11:49:51 +00:00
|
|
|
return this.id;
|
|
|
|
}
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
async stop(): Promise<void> {
|
|
|
|
try {
|
|
|
|
await exec("docker", ["stop", this.id]);
|
|
|
|
} catch (err) {
|
|
|
|
console.error(`Failed to stop docker container`, this.id, err);
|
|
|
|
}
|
2023-11-22 11:49:51 +00:00
|
|
|
}
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
/**
|
|
|
|
* @param params - list of parameters to pass to `docker exec`
|
|
|
|
* @param suppressOutput - whether to suppress the stdout and stderr resulting from this command.
|
|
|
|
*/
|
|
|
|
async exec(params: string[], suppressOutput = true): Promise<void> {
|
|
|
|
await exec("docker", ["exec", this.id, ...params], suppressOutput);
|
2023-11-22 11:49:51 +00:00
|
|
|
}
|
|
|
|
|
2024-02-20 14:21:10 +00:00
|
|
|
async getContainerIp(): Promise<string> {
|
|
|
|
const { stdout } = await exec("docker", ["inspect", "-f", "{{ .NetworkSettings.IPAddress }}", this.id]);
|
|
|
|
return stdout.trim();
|
2023-11-22 11:49:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async persistLogsToFile(args: { stdoutFile?: string; stderrFile?: string }): Promise<void> {
|
|
|
|
const stdoutFile = args.stdoutFile ? await fse.open(args.stdoutFile, "w") : "ignore";
|
|
|
|
const stderrFile = args.stderrFile ? await fse.open(args.stderrFile, "w") : "ignore";
|
|
|
|
await new Promise<void>((resolve) => {
|
|
|
|
childProcess
|
|
|
|
.spawn("docker", ["logs", this.id], {
|
|
|
|
stdio: ["ignore", stdoutFile, stderrFile],
|
|
|
|
})
|
|
|
|
.once("close", resolve);
|
|
|
|
});
|
|
|
|
if (args.stdoutFile) await fse.close(<number>stdoutFile);
|
|
|
|
if (args.stderrFile) await fse.close(<number>stderrFile);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Detects whether the docker command is actually podman.
|
|
|
|
* To do this, it looks for "podman" in the output of "docker --help".
|
|
|
|
*/
|
2024-02-20 14:21:10 +00:00
|
|
|
static async isPodman(): Promise<boolean> {
|
|
|
|
const { stdout } = await exec("docker", ["--help"], true);
|
|
|
|
return stdout.toLowerCase().includes("podman");
|
2023-11-22 11:49:51 +00:00
|
|
|
}
|
|
|
|
}
|