- 
                Notifications
    You must be signed in to change notification settings 
- Fork 69
batch_exec: inject docker container registry as a prefix #945
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | 
|---|---|---|
|  | @@ -8,6 +8,7 @@ import ( | |
| "io" | ||
| "os" | ||
| "path/filepath" | ||
| "strings" | ||
| "time" | ||
|  | ||
| "github.com/sourcegraph/src-cli/internal/batches/docker" | ||
|  | @@ -174,6 +175,28 @@ func executeBatchSpecInWorkspaces(ctx context.Context, flags *executorModeFlags) | |
| return errors.New("invalid execution, no steps to process") | ||
| } | ||
|  | ||
| // Pass the os.Environ to run steps to allow access to the secrets set | ||
| // in the executor environment. | ||
| // The executor runtime takes care of not forwarding any sensitive secrets | ||
| // from the host, so this is safe. | ||
| globalEnv := os.Environ() | ||
|  | ||
| // If the docker prefix registry is set, inject it into each step's container | ||
| // to fully qualify the container name | ||
| environ := map[string]string{} | ||
| for _, e := range globalEnv { | ||
| pair := strings.SplitN(e, "=", 2) | ||
| environ[pair[0]] = pair[1] | ||
| } | ||
|  | ||
| dockerPrefix, ok := environ["DOCKER_PREFIX_REGISTRY_URL"] | ||
| if ok { | ||
| for i := 0; i < len(task.Steps); i++ { | ||
| step := &task.Steps[i] | ||
| step.Container = fmt.Sprintf("%s/%s", dockerPrefix, step.Container) | ||
| There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Changing the step might change the cache key, which which would case a mismatch between backend and src-cli 🤔 I'd need to validate that, but if that's the case we should only change it when we actually use the images, not on the step element itself. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If you want to validate that yourself, you'd want to run a spec with 2 steps, execute, change the 2nd step command or whatever, and see if a re-execution would hit a cache result for step1 and then if src-cli correctly sees it and skips step 1 in execution. | ||
| } | ||
| } | ||
|  | ||
| imageCache := docker.NewImageCache() | ||
|  | ||
| ui.PreparingContainerImages() | ||
|  | @@ -194,12 +217,6 @@ func executeBatchSpecInWorkspaces(ctx context.Context, flags *executorModeFlags) | |
| taskExecUI.Start([]*executor.Task{task}) | ||
| taskExecUI.TaskStarted(task) | ||
|  | ||
| // Pass the os.Environ to run steps to allow access to the secrets set | ||
| // in the executor environment. | ||
| // The executor runtime takes care of not forwarding any sensitive secrets | ||
| // from the host, so this is safe. | ||
| globalEnv := os.Environ() | ||
|  | ||
| opts := &executor.RunStepsOpts{ | ||
| Logger: &log.NoopTaskLogger{}, | ||
| WC: workspace.NewExecutorWorkspaceCreator(tempDir, repoDir), | ||
|  | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we instead make this a flag that the server passes? Or do we want to configure this per-executor?
That way we wouldn't need to parse the env here.