1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
package config
import (
"gerrit.wikimedia.org/r/blubber/build"
)
// VariantConfig holds configuration fields for each defined build variant.
//
type VariantConfig struct {
Includes []string `yaml:"includes" validate:"dive,variantref"` // other variants
Copies string `yaml:"copies" validate:"omitempty,variantref"` // copy artifacts from variant
Artifacts []ArtifactsConfig `yaml:"artifacts" validate:"dive"` // artifact configuration
CommonConfig `yaml:",inline"`
}
// Merge takes another VariantConfig and overwrites this struct's fields.
// Artifacts are merged additively.
//
func (vc *VariantConfig) Merge(vc2 VariantConfig) {
vc.Copies = vc2.Copies
vc.Artifacts = append(vc.Artifacts, vc2.Artifacts...)
vc.CommonConfig.Merge(vc2.CommonConfig)
}
// InstructionsForPhase injects build instructions related to artifact
// copying, copying of application files, and all common configuration.
//
// PhaseInstall
//
// If VariantConfig.Copies is not set, copy in application files. Otherwise,
// delegate to ArtifactsConfig.InstructionsForPhase.
//
func (vc *VariantConfig) InstructionsForPhase(phase build.Phase) []build.Instruction {
instructions := vc.CommonConfig.InstructionsForPhase(phase)
var switchUser string
var uid, gid uint
switch phase {
case build.PhasePrivileged:
switchUser = "root"
case build.PhasePrivilegeDropped:
switchUser = vc.Lives.As
uid, gid = vc.Lives.UID, vc.Lives.GID
case build.PhasePreInstall:
uid, gid = vc.Lives.UID, vc.Lives.GID
case build.PhaseInstall:
uid, gid = vc.Lives.UID, vc.Lives.GID
if vc.Copies == "" {
instructions = append(instructions, build.Copy{[]string{"."}, "."})
}
case build.PhasePostInstall:
if vc.Runs.Insecurely.True {
uid, gid = vc.Lives.UID, vc.Lives.GID
} else {
switchUser = vc.Runs.As
uid, gid = vc.Runs.UID, vc.Runs.GID
}
if len(vc.EntryPoint) > 0 {
instructions = append(instructions, build.EntryPoint{vc.EntryPoint})
}
}
for _, artifact := range vc.allArtifacts() {
instructions = append(instructions, artifact.InstructionsForPhase(phase)...)
}
if switchUser != "" {
instructions = append(
[]build.Instruction{
build.User{switchUser},
build.Home(switchUser),
},
instructions...,
)
}
if uid != 0 {
instructions = build.ApplyUser(uid, gid, instructions)
}
return instructions
}
// VariantDependencies returns all unique names of other variants that are
// referenced in the VariantConfig.Artifacts configuration.
//
func (vc *VariantConfig) VariantDependencies() []string {
// get unique set of variant dependencies based on artifacts
existing := map[string]bool{}
dependencies := []string{}
for _, artifact := range vc.allArtifacts() {
if dependency := artifact.From; dependency != "" && !existing[dependency] {
existing[dependency] = true
dependencies = append(dependencies, dependency)
}
}
return dependencies
}
func (vc *VariantConfig) allArtifacts() []ArtifactsConfig {
return append(vc.defaultArtifacts(), vc.Artifacts...)
}
func (vc *VariantConfig) defaultArtifacts() []ArtifactsConfig {
if vc.Copies != "" {
return []ArtifactsConfig{
{
From: vc.Copies,
Source: vc.Lives.In,
Destination: vc.Lives.In,
},
{
From: vc.Copies,
Source: LocalLibPrefix,
Destination: LocalLibPrefix,
},
}
}
return []ArtifactsConfig{}
}
|
