Support rootless mode for docker. (#34537)

In case docker is run in rootless mode, the host UID is mapped to root
user automatically and host user id is mapped to 100999 (unknown) so
changing ownership for created files in rootless mode is problematic
as it makes the generated files inaccessible

dev/breeze/src/airflow_breeze/utils/docker_command_utils.py

@@ -145,6 +145,16 @@ def get_extra_docker_flags(mount_sources: str, include_mypy_volume: bool = False
     return extra_docker_flags
 
 
+def is_docker_rootless():
+    response = run_command(
+        ["docker", "info", "-f", "{{println .SecurityOptions}}"], capture_output=True, check=True, text=True
+    )
+    if "rootless" in response.stdout.strip():
+        get_console().print("[info]Docker is running in rootless mode.[/]\n")
+        return True
+    return False
+
+
 def check_docker_resources(airflow_image_name: str) -> RunCommandResult:
     """
     Check if we have enough resources to run docker. This is done via running script embedded in our image.
@@ -571,6 +581,7 @@ def update_expected_environment_variables(env: dict[str, str]) -> None:
     set_value_to_default_if_not_set(env, "COLLECT_ONLY", "false")
     set_value_to_default_if_not_set(env, "DB_RESET", "false")
     set_value_to_default_if_not_set(env, "DEFAULT_BRANCH", AIRFLOW_BRANCH)
+    set_value_to_default_if_not_set(env, "DOCKER_IS_ROOTLESS", "false")
     set_value_to_default_if_not_set(env, "ENABLED_SYSTEMS", "")
     set_value_to_default_if_not_set(env, "ENABLE_TEST_COVERAGE", "false")
     set_value_to_default_if_not_set(env, "HELM_TEST_PACKAGE", "")
@@ -706,6 +717,8 @@ def prepare_broker_url(params, env_variables):
 def perform_environment_checks():
     check_docker_is_running()
     check_docker_version()
+    if is_docker_rootless():
+        os.environ["DOCKER_IS_ROOTLESS"] = "true"
     check_docker_compose_version()
 
 

scripts/ci/docker-compose/_docker.env

@@ -37,6 +37,7 @@ DB_RESET
 DEFAULT_BRANCH
 DEFAULT_CONSTRAINTS_BRANCH
 DEV_MODE
+DOCKER_IS_ROOTLESS
 ENABLED_SYSTEMS
 ENABLE_TEST_COVERAGE
 GITHUB_ACTIONS

scripts/ci/docker-compose/base.yml

@@ -47,6 +47,7 @@ services:
       - DEFAULT_BRANCH=${DEFAULT_BRANCH}
       - DEFAULT_CONSTRAINTS_BRANCH=${DEFAULT_CONSTRAINTS_BRANCH}
       - DEV_MODE=${DEV_MODE}
+      - DOCKER_IS_ROOTLESS=${DOCKER_IS_ROOTLESS}
       - ENABLED_SYSTEMS=${ENABLED_SYSTEMS}
       - ENABLE_TEST_COVERAGE=${ENABLE_TEST_COVERAGE}
       - GITHUB_ACTIONS=${GITHUB_ACTIONS}

scripts/ci/docker-compose/devcontainer.env

@@ -35,6 +35,7 @@ DB_RESET="false"
 DEFAULT_BRANCH="main"
 DEFAULT_CONSTRAINTS_BRANCH="constraints-main"
 DEV_MODE="true"
+DOCKER_IS_ROOTLESS="false"
 ENABLED_SYSTEMS=
 ENABLE_TEST_COVERAGE="false"
 GITHUB_ACTIONS="false"

scripts/in_container/_in_container_utils.sh

@@ -66,6 +66,10 @@ function in_container_script_start() {
 #
 function in_container_fix_ownership() {
     if [[ ${HOST_OS:=} == "linux" ]]; then
+        if [[ ${DOCKER_IS_ROOTLESS=} == "true" ]]; then
+             echo "${COLOR_YELLOW}Skip fixing ownership of generated files: Docker is rootless${COLOR_RESET}"
+             return
+        fi
         DIRECTORIES_TO_FIX=(
             "/dist"
             "/files"