86 lines
3.3 KiB
Bash
86 lines
3.3 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# This script is a wrapper creating the same user inside container as the one
|
|
# running the docker/build.sh outside the container. It also set the home directory
|
|
# for the user inside container to match the same absolute path as the workspace
|
|
# outside of container. Do not run this manually. It does not make sense. It is
|
|
# intended to be called by ci_build.sh only.
|
|
|
|
set -e
|
|
|
|
# NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
|
|
# The --preserve-env option below passes those variables through to the invoked process; however,
|
|
# this appears not to affect the environment used with execve, so we resolve the binary to run
|
|
# in this file using the $PATH specified in the Dockerfile.
|
|
COMMAND=( "$(which "$1")" )
|
|
shift
|
|
COMMAND=( "${COMMAND[@]}" "$@" )
|
|
|
|
if ! touch /this_is_writable_file_system; then
|
|
echo "You can't write to your filesystem!"
|
|
echo "If you are in Docker you should check you do not have too many images" \
|
|
"with too many files in them. Docker has some issue with it."
|
|
exit 1
|
|
else
|
|
rm /this_is_writable_file_system
|
|
fi
|
|
|
|
getent group "${CI_BUILD_GID}" || (
|
|
# Ensure "${CI_BUILD_GROUP}" is not already some other gid inside container.
|
|
if grep -q "^${CI_BUILD_GROUP}:" /etc/group; then
|
|
CI_BUILD_GROUP="${CI_BUILD_GROUP}2"
|
|
fi
|
|
addgroup --force-badname --gid "${CI_BUILD_GID}" "${CI_BUILD_GROUP}" >/dev/null)
|
|
|
|
getent group tvm-venv || (addgroup tvm-venv >/dev/null)
|
|
getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID}" --uid "${CI_BUILD_UID}" \
|
|
--gecos "${CI_BUILD_USER} (generated by with_the_same_user script)" \
|
|
--disabled-password --home "${CI_BUILD_HOME}" --quiet "${CI_BUILD_USER}"
|
|
usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
|
|
usermod -a -G sudo -G dialout "${CI_BUILD_USER}"
|
|
|
|
# Add user to video group for ROCm
|
|
if [[ ! -z "${ROCM_ENABLED-}" ]]; then
|
|
usermod -a -G video "${CI_BUILD_USER}"
|
|
fi
|
|
|
|
# This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
|
|
echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo
|
|
|
|
if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
|
|
CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
|
|
else
|
|
CUDA_ENV=""
|
|
fi
|
|
|
|
if [[ "$CI_IMAGE_NAME" == *"hexagon"* ]] && [[ ${CI:-false} != "true" ]]; then
|
|
PATH=$(echo "$PATH" | sed 's/\/opt\/sccache://g')
|
|
fi
|
|
|
|
sudo -u "#${CI_BUILD_UID}" --preserve-env \
|
|
${CUDA_ENV} \
|
|
PATH=${PATH} \
|
|
JAVA_HOME=${JAVA_HOME} \
|
|
LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
|
|
PYTHONPATH="${PYTHONPATH-}" \
|
|
CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
|
|
HOME="${CI_BUILD_HOME-}" \
|
|
"${COMMAND[@]}"
|