Bless Earthly Docker Image (#1050)

* Remove old entrypoint.

* Entrypoint Progress

* Progress 2

* All tests work with new image

* Move to make consistent.

* Test if privileged. More assumptions around SRC_DIR. Use exec to get Ctrl-C when running docker container.

* Shellcheck lint.

* Use the first device in the case that there are multiple interfaces. This usually happens when `--network=host`

* Default BASE_DIR is /workspace, remove option for using username/password for logging in to secrets, and do not require privileged mode if using an external buildkit.

* Add ability to mount OR use env vars to specify config.

Earthfile

@@ -73,7 +73,7 @@ lint-scripts-base:
 
 lint-scripts-misc:
     FROM +lint-scripts-base
-    COPY ./earthly ./scripts/install-all-versions.sh ./buildkitd/entrypoint.sh ./earthly-buildkitd-wrapper.sh \
+    COPY ./earthly ./scripts/install-all-versions.sh ./buildkitd/entrypoint.sh ./earthly-entrypoint.sh \
         ./buildkitd/dockerd-wrapper.sh ./buildkitd/docker-auto-install.sh \
         ./release/envcredhelper.sh ./.buildkite/*.sh \
         ./scripts/tests/*.sh \
@@ -271,11 +271,10 @@ earthly-all:
 earthly-docker:
     ARG BUILDKIT_PROJECT
     FROM ./buildkitd+buildkitd --BUILDKIT_PROJECT="$BUILDKIT_PROJECT"
-    RUN apk add --update --no-cache docker-cli
-    ENV NETWORK_MODE=host
+    RUN apk add --update --no-cache docker-cli libcap-ng-utils
     ENV EARTHLY_IMAGE=true
-    COPY earthly-buildkitd-wrapper.sh /usr/bin/earthly-buildkitd-wrapper.sh
-    ENTRYPOINT ["/usr/bin/earthly-buildkitd-wrapper.sh"]
+    COPY earthly-entrypoint.sh /usr/bin/earthly-entrypoint.sh
+    ENTRYPOINT ["/usr/bin/earthly-entrypoint.sh"]
     ARG EARTHLY_TARGET_TAG_DOCKER
     ARG TAG=$EARTHLY_TARGET_TAG_DOCKER
     COPY --build-arg VERSION=$TAG +earthly/earthly /usr/bin/earthly
@@ -284,12 +283,15 @@ earthly-docker:
 earthly-integration-test-base:
     FROM +earthly-docker
     ENV EARTHLY_CONVERSION_PARALLELISM=5
-    RUN earthly config global.disable_analytics true
-    RUN earthly config global.local_registry_host 'tcp://127.0.0.1:8371'
+    ENV GLOBAL_CONFIG={disable_analytics: true, local_registry_host: 'tcp://127.0.0.1:8371'}
+    ENV NO_DOCKER=1
+    ENV SRC_DIR=/test
+    ENV NETWORK_MODE=host
     # The inner buildkit requires Docker hub creds to prevent rate-limiting issues.
     ARG DOCKERHUB_AUTH=true
     ARG DOCKERHUB_USER_SECRET=+secrets/earthly-technologies/dockerhub/user
     ARG DOCKERHUB_TOKEN_SECRET=+secrets/earthly-technologies/dockerhub/token
+
     IF $DOCKERHUB_AUTH
         RUN --secret USERNAME=$DOCKERHUB_USER_SECRET \
             --secret TOKEN=$DOCKERHUB_TOKEN_SECRET \
@@ -441,3 +443,4 @@ examples2:
     BUILD ./examples/multiplatform+all
     BUILD ./examples/multiplatform-cross-compile+build-all-platforms
     BUILD github.com/earthly/hello-world:main+hello
+

buildkitd/entrypoint.sh

@@ -65,7 +65,7 @@ fi
 
 #Set up CNI
 if [ -z "$CNI_MTU" ]; then
-  device=$(ip route show | grep default | cut -d' ' -f5)
+  device=$(ip route show | grep default | cut -d' ' -f5 | head -n 1)
   CNI_MTU=$(cat /sys/class/net/"$device"/mtu)
   export CNI_MTU
 fi

earthly-entrypoint.sh

@@ -0,0 +1,71 @@
+#!/bin/sh
+
+set -e
+
+earthly_config="/etc/.earthly/config.yml"
+if [ ! -f "$earthly_config" ]; then
+  # Missing config, generate it and use the env vars
+  # Do not do both, since that would write to the mounted config
+  mkdir -p "$(dirname $earthly_config)" && touch $earthly_config
+
+  # Apply global configuration
+  if [ -n "$GLOBAL_CONFIG" ]; then
+    earthly --config $earthly_config config global "$GLOBAL_CONFIG"
+  fi
+
+  # Apply git configuration
+  if [ -n "$GIT_CONFIG" ]; then
+    earthly --config $earthly_config config git "$GIT_CONFIG"
+  fi
+fi
+
+# Skip docker if you are not exporting any images.
+if [ -z "$NO_DOCKER" ]; then
+  # Right now, this container is BYOD - Bring Your Own Docker.
+  if [ -z "$DOCKER_HOST" ]; then
+    echo "DOCKER_HOST is not set"
+  fi
+
+  # Light check if docker is functional
+  if ! docker images > /dev/null 2>&1; then
+    echo "Docker appears not to be connected. Please check your DOCKER_HOST variable, and try again."
+    exit 1
+  fi
+fi
+
+# If no host specified, start an internal buildkit. If it is specified, rely on external setup
+if [ -z "$BUILDKIT_HOST" ]; then
+
+  # Is container running as privileged? This is currently required when starting up and using buildkit
+  if ! captest --text | grep sys_admin > /dev/null; then
+    echo "Container appears to be running unprivileged. Currently, privileged mode is required when buildkit runs inside the container."
+    exit 1
+  fi
+
+  export BUILDKIT_TCP_TRANSPORT_ENABLED=true
+
+  /usr/bin/entrypoint.sh \
+    buildkitd \
+      --config=/etc/buildkitd.toml \
+      >/var/log/buildkitd.log 2>&1 \
+      &
+
+  EARTHLY_BUILDKIT_HOST="tcp://$(hostname):8372" # hostname is not recognized as local for this reason
+  export EARTHLY_BUILDKIT_HOST
+else
+  export EARTHLY_BUILDKIT_HOST="$BUILDKIT_HOST"
+fi
+
+echo "Using $EARTHLY_BUILDKIT_HOST as buildkit daemon"
+
+# Use the desired target dir for running a target, saves typing if you use the convention
+BASE_DIR="/workspace"
+if [ -n "$SRC_DIR" ]; then
+  BASE_DIR="$SRC_DIR"
+fi
+
+cd "$BASE_DIR"
+
+# Run earthly with given args.
+# Exec so we don't have to trap and manage signal propagation
+exec earthly --config $earthly_config "$@"

examples/tests/Earthfile

@@ -16,6 +16,7 @@ ga:
     BUILD ./with-docker-compose+all
     BUILD ./dockerfile+test
     BUILD ./dockerfile2/subdir+test
+    BUILD ./version+test-all
     BUILD +privileged-test
     BUILD +copy-test
     BUILD +cache-test
@@ -71,7 +72,6 @@ ga:
     BUILD +infinite-recursion
     BUILD +from-dockerfile-arg
     BUILD +cache-mount-arg
-    BUILD ./version+test-all
 
 experimental:
     BUILD ./dind-auto-install+all
@@ -237,8 +237,7 @@ star-test-todo:
         test "$cached_lines" == "6"
 
 dockerfile-test:
-    COPY --dir dockerfile ./
-    WORKDIR /test/dockerfile
+    COPY dockerfile/* ./
     RUN --privileged \
         --entrypoint \
         --mount=type=tmpfs,target=/tmp/earthly \
@@ -374,13 +373,13 @@ end-comment:
 if-exists:
     DO +RUN_EARTHLY --earthfile=if-exists.earth --target=+save-exist-local
     DO +RUN_EARTHLY --earthfile=if-exists.earth --target=+save-not-exist \
-        --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /save-not-exist/;'"
+      --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /save-not-exist/;'"
     DO +RUN_EARTHLY --earthfile=if-exists.earth --target=+copy-not-exist \
-        --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /copy-not-exist/;'"
+      --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /copy-not-exist/;'"
     DO +RUN_EARTHLY --earthfile=if-exists.earth --target=+bad-wildcard-copy \
-        --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /bad-wildcard-copy/;'"
+      --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /bad-wildcard-copy/;'"
     DO +RUN_EARTHLY --earthfile=if-exists.earth --target=+bad-wildcard-save \
-        --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /bad-wildcard-save/;'"
+      --post_command="2>&1 | perl -pe 'BEGIN {\\\$status=1} END {exit \\\$status} \\\$status=0 if /bad-wildcard-save/;'"
 
 file-copying:
     DO +RUN_EARTHLY --earthfile=file-copying.earth
@@ -551,7 +550,7 @@ RUN_EARTHLY:
             export EARTHLY_TMP_DIR=/tmp/earthly-tmpfs
         fi
         echo running earthly with $target
-        eval \"/usr/bin/earthly-buildkitd-wrapper.sh $extra_args $target $post_command\"
+        eval \"/usr/bin/earthly-entrypoint.sh $extra_args $target $post_command\"
         exit_code=\$?
         if $should_fail; then
             if [ \$exit_code -eq 0 ]; then

examples/tests/version/Earthfile

@@ -3,6 +3,8 @@ FROM ../../..+earthly-integration-test-base --DOCKERHUB_AUTH=$DOCKERHUB_AUTH
 
 IMPORT .. AS tests
 
+WORKDIR /test
+
 test-single-line:
     DO tests+RUN_EARTHLY --earthfile=single-line.earth --target=+test