| #!/usr/bin/env bash |
| |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # This script is a wrapper creating the same user inside container as the one |
| # running the docker/build.sh outside the container. It also set the home directory |
| # for the user inside container to match the same absolute path as the workspace |
| # outside of container. Do not run this manually. It does not make sense. It is |
| # intended to be called by ci_build.sh only. |
| |
| set -e |
| |
| # NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum. |
| # The --preserve-env option below passes those variables through to the invoked process; however, |
| # this appears not to affect the environment used with execve, so we resolve the binary to run |
| # in this file using the $PATH specified in the Dockerfile. |
| COMMAND=( "$(which "$1")" ) |
| shift |
| COMMAND=( "${COMMAND[@]}" "$@" ) |
| |
| if ! touch /this_is_writable_file_system; then |
| echo "You can't write to your filesystem!" |
| echo "If you are in Docker you should check you do not have too many images" \ |
| "with too many files in them. Docker has some issue with it." |
| exit 1 |
| else |
| rm /this_is_writable_file_system |
| fi |
| |
| getent group "${CI_BUILD_GID}" || ( |
| # Ensure "${CI_BUILD_GROUP}" is not already some other gid inside container. |
| if grep -q "^${CI_BUILD_GROUP}:" /etc/group; then |
| CI_BUILD_GROUP="${CI_BUILD_GROUP}2" |
| fi |
| addgroup --force-badname --gid "${CI_BUILD_GID}" "${CI_BUILD_GROUP}" >/dev/null) |
| |
| getent group tvm-venv || (addgroup tvm-venv >/dev/null) |
| getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID}" --uid "${CI_BUILD_UID}" \ |
| --gecos "${CI_BUILD_USER} (generated by with_the_same_user script)" \ |
| --disabled-password --home "${CI_BUILD_HOME}" --quiet "${CI_BUILD_USER}" |
| usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}" |
| usermod -a -G sudo -G dialout "${CI_BUILD_USER}" |
| |
| # Add user to video group for ROCm |
| if [[ ! -z "${ROCM_ENABLED-}" ]]; then |
| usermod -a -G video "${CI_BUILD_USER}" |
| fi |
| |
| # This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts. |
| echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo |
| |
| if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then |
| CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}" |
| else |
| CUDA_ENV="" |
| fi |
| |
| if [[ "$CI_IMAGE_NAME" == *"hexagon"* ]] && [[ ${CI:-false} != "true" ]]; then |
| PATH=$(echo "$PATH" | sed 's/\/opt\/sccache://g') |
| fi |
| |
| sudo -u "#${CI_BUILD_UID}" --preserve-env \ |
| ${CUDA_ENV} \ |
| PATH=${PATH} \ |
| JAVA_HOME=${JAVA_HOME} \ |
| LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \ |
| PYTHONPATH="${PYTHONPATH-}" \ |
| CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \ |
| HOME="${CI_BUILD_HOME-}" \ |
| "${COMMAND[@]}" |