Adjust docker script when using podman

In podman, a user namespace is setup with IDs mapped such that the executing user is root in the container. When that's the case (or if docker is in use and the executing user is root), don't override the container user or the HOME environment variable. In that case, the container user's home directory will be /root, so mount the cache there instead of the predefined /cache.
endlessm · Jun 22, 2022 · e70a05e · e70a05e
1 parent 941d963
commit e70a05e
Showing 1 changed file with 34 additions and 11 deletions.
diff --git a/scripts/rundocker.sh b/scripts/rundocker.sh
@@ -8,27 +8,20 @@ DOCKER=${DOCKER:-"docker"}
 
 BUILD_CACHE_VOLUME=kolibri-android-cache
 BUILD_CACHE_PATH=/cache
-BUILD_UID=$(id -u)
-BUILD_GID=$(id -g)
+
+docker_is_podman() {
+    "${DOCKER}" --version 2>/dev/null | grep -q "^podman"
+}
 
 # Build array of options to pass to docker run.
 RUN_OPTS=(
   -it --rm
 
-  # Mount the cache volume.
-  --mount "type=volume,src=${BUILD_CACHE_VOLUME},dst=${BUILD_CACHE_PATH}"
-
   # Bind mount the source directory into the container and make it the
   # working dirctory.
   --mount "type=bind,src=${SRCDIR},dst=${SRCDIR}"
   --workdir "${SRCDIR}"
 
-  # Run as the calling user and make the cache volume the user's home
-  # directory so all the intermediate build outputs (e.g.,
-  # ~/.local/share/python-for-android and ~/.gradle) are stored.
-  --user "${BUILD_UID}:${BUILD_GID}"
-  --env HOME="${BUILD_CACHE_PATH}"
-
   # Pass through other environment variables.
   --env BUILDKITE_BUILD_NUMBER
   --env P4A_RELEASE_KEYALIAS
@@ -37,6 +30,36 @@ RUN_OPTS=(
   --env ARCHES
 )
 
+# If we're running in podman, assume the user namespace is setup so that
+# root inside the container is the same as the outside user. Otherwise,
+# get the UID and GID to run as.
+if docker_is_podman; then
+  BUILD_UID=0
+  BUILD_GID=0
+else
+  BUILD_UID=$(id -u)
+  BUILD_GID=$(id -g)
+fi
+
+# If the container user is root, mount the cache at /root. Otherwise,
+# set HOME since there's likely no account with that UID in the image.
+# The user's home directory is where all the intermediate build outputs
+# (e.g., ~/.local/share/python-for-android and ~/.gradle) are stored.
+if [ "$BUILD_UID" -eq 0 ]; then
+  BUILD_CACHE_PATH=/root
+else
+  BUILD_CACHE_PATH=/cache
+  RUN_OPTS+=(
+    --user "${BUILD_UID}:${BUILD_GID}"
+    --env HOME="${BUILD_CACHE_PATH}"
+  )
+fi
+
+# Mount the cache volume.
+RUN_OPTS+=(
+  --mount "type=volume,src=${BUILD_CACHE_VOLUME},dst=${BUILD_CACHE_PATH}"
+)
+
 # If the release signing key has been specified and exists, ensure the
 # path is absolute and bind mount it readonly into the container.
 if [ -e "${P4A_RELEASE_KEYSTORE}" ]; then