Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add custom docker image support #1193

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add custom docker image support #1193

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
34ae07e
Add custom docker image support
devsnek Nov 24, 2020
947bda1
patch dep
devsnek Nov 24, 2020
0c7d7e4
squash! fix dir
devsnek Nov 24, 2020
52e6065
delete image after build
devsnek Nov 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 24 additions & 3 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ schemamama = "0.3"
schemamama_postgres = "0.3"
systemstat = "0.1.4"
prometheus = { version = "0.10.0", default-features = false }
rustwide = "0.11"
rustwide = { git = "https://github.com/devsnek/rustwide.git", branch = "sandbox-image-override" }
mime_guess = "2"
dotenv = "0.15"
zstd = "0.5"
Expand Down
9 changes: 9 additions & 0 deletions crates/metadata/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ pub enum MetadataError {
/// targets = [ "x86_64-apple-darwin", "x86_64-pc-windows-msvc" ]
/// rustc-args = [ "--example-rustc-arg" ]
/// rustdoc-args = [ "--example-rustdoc-arg" ]
/// docker-image = "rustops/crates-build-env"
/// ```
///
/// You can define one or more fields in your `Cargo.toml`.
Expand Down Expand Up @@ -128,6 +129,9 @@ pub struct Metadata {
/// List of command line arguments for `rustdoc`.
#[serde(default)]
rustdoc_args: Vec<String>,

/// Custom docker image.
docker_image: Option<String>,
}

/// The targets that should be built for a crate.
Expand Down Expand Up @@ -277,6 +281,11 @@ impl Metadata {
map.insert("DOCS_RS", "1".into());
map
}

/// Return the custom docker image, if provided.
pub fn docker_image(&self) -> Option<&String> {
self.docker_image.as_ref()
}
}

impl std::str::FromStr for Metadata {
Expand Down
33 changes: 25 additions & 8 deletions src/docbuilder/rustwide_builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,15 @@ impl RustwideBuilder {
self.skip_build_if_exists = should;
}

fn prepare_sandbox(&self, limits: &Limits) -> SandboxBuilder {
SandboxBuilder::new()
fn prepare_sandbox(&self, metadata: &Metadata, limits: &Limits) -> Result<SandboxBuilder> {
let mut builder = SandboxBuilder::new()
.cpu_limit(self.config.build_cpu_limit.map(|limit| limit as f32))
.memory_limit(Some(limits.memory()))
.enable_networking(limits.networking())
.enable_networking(limits.networking());
if let Some(image) = metadata.docker_image() {
builder = builder.image(SandboxImage::remote(&image)?)
}
Ok(builder)
}

pub fn update_toolchain(&mut self) -> Result<()> {
Expand Down Expand Up @@ -208,11 +212,15 @@ impl RustwideBuilder {
let krate = Crate::crates_io(DUMMY_CRATE_NAME, DUMMY_CRATE_VERSION);
krate.fetch(&self.workspace)?;

let metadata = Metadata::from_crate_root(&build_dir.get_source_dir(&krate)?)?;

build_dir
.build(&self.toolchain, &krate, self.prepare_sandbox(&limits))
.build(
&self.toolchain,
&krate,
self.prepare_sandbox(&metadata, &limits)?,
)
.run(|build| {
let metadata = Metadata::from_crate_root(&build.host_source_dir())?;

let res = self.execute_build(HOST_TARGET, true, build, &limits, &metadata)?;
if !res.result.successful {
failure::bail!("failed to build dummy crate for {}", self.rustc_version);
Expand Down Expand Up @@ -322,14 +330,18 @@ impl RustwideBuilder {

let local_storage = tempfile::Builder::new().prefix("docsrs-docs").tempdir()?;

let metadata = Metadata::from_crate_root(&build_dir.get_source_dir(&krate)?)?;
let res = build_dir
.build(&self.toolchain, &krate, self.prepare_sandbox(&limits))
.build(
&self.toolchain,
&krate,
self.prepare_sandbox(&metadata, &limits)?,
)
.run(|build| {
use docsrs_metadata::BuildTargets;

let mut has_docs = false;
let mut successful_targets = Vec::new();
let metadata = Metadata::from_crate_root(&build.host_source_dir())?;
let BuildTargets {
default_target,
other_targets,
Expand Down Expand Up @@ -424,6 +436,11 @@ impl RustwideBuilder {
build_dir.purge()?;
krate.purge_from_cache(&self.workspace)?;
local_storage.close()?;
if let Some(image) = metadata.docker_image() {
std::process::Command::new("docker")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
std::process::Command::new("docker")
if image != "rustops/crates-build-env" {
std::process::Command::new("docker");
}

Otherwise someone could DOS the queue by publishing a bunch of crates with crates-build-env set.

Actually, I guess they could do that anyway, crates-build-env isn't special ... we just use it by default, so it will be redownloaded. But if you publish a bunch of crates in a row with the same image, it will redownload the image for each crate.

@pietroalbini what do you think, is that a threat model worth worrying about? It won't break the server, it will just make builds really slow.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some other ways to break this:

  • Make an enormous (like 100gb) docker image
  • Make small images which can download quickly enough to hit docker's new ratelimits

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd move this to rustwide's SandboxImage::purge_from_cache().

.args(&["image", "rm", image])
.status()?;
}
Ok(res.result.successful)
}

Expand Down