kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-09 19:05:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor CI container deploy wrapper: add modes, rebuild/no-cache flags, and transparent inventory/deploy arg forwarding; update tests accordingly (see ChatGPT conversation: https://chatgpt.com/share/6931e58c-2ddc-800f-88d2-f7887ec13e25)

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-12-04 20:49:04 +01:00
parent 1d7f1d4bb2
commit d0aac64c67
2 changed files with 356 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
cli/deploy/container.py
View File

@@ -5,13 +5,30 @@ import subprocess
import sys import sys
import time import time
import uuid import uuid
from typing import List from typing import List, Tuple
def ensure_image(image: str) -> None: WORKDIR_DEFAULT = "/opt/infinito-src"
def ensure_image(image: str, rebuild: bool = False, no_cache: bool = False) -> None:
""" """
Ensure the Docker image exists locally. If not, build it with docker build. Handle Docker image creation rules:
- rebuild=True => always rebuild
- rebuild=False & image missing => build once
- no_cache=True => add '--no-cache' to docker build
""" """
build_args = ["docker", "build", "--network=host", "--pull"]
if no_cache:
build_args.append("--no-cache")
build_args += ["-t", image, "."]
if rebuild:
print(f">>> Forcing rebuild of Docker image '{image}'...")
subprocess.run(build_args, check=True)
print(f">>> Docker image '{image}' rebuilt (forced).")
return
print(f">>> Checking if Docker image '{image}' exists...") print(f">>> Checking if Docker image '{image}' exists...")
result = subprocess.run( result = subprocess.run(
["docker", "image", "inspect", image], ["docker", "image", "inspect", image],
@@ -23,14 +40,16 @@ def ensure_image(image: str) -> None:
return return
print(f">>> Docker image '{image}' not found. Building it...") print(f">>> Docker image '{image}' not found. Building it...")
subprocess.run( subprocess.run(build_args, check=True)
["docker", "build", "--network=host", "--pull", "-t", image, "."],
check=True,
)
print(f">>> Docker image '{image}' successfully built.") print(f">>> Docker image '{image}' successfully built.")
def docker_exec(container: str, args: List[str], workdir: str | None = None, check: bool = True) -> subprocess.CompletedProcess: def docker_exec(
container: str,
args: List[str],
workdir: str | None = None,
check: bool = True,
) -> subprocess.CompletedProcess:
""" """
Helper to run `docker exec` with optional working directory. Helper to run `docker exec` with optional working directory.
""" """
@@ -48,7 +67,7 @@ def wait_for_inner_docker(container: str, timeout: int = 60) -> None:
Poll `docker exec <container> docker info` until inner dockerd is ready. Poll `docker exec <container> docker info` until inner dockerd is ready.
""" """
print(">>> Waiting for inner Docker daemon inside CI container...") print(">>> Waiting for inner Docker daemon inside CI container...")
for i in range(timeout): for _ in range(timeout):
result = subprocess.run( result = subprocess.run(
["docker", "exec", container, "docker", "info"], ["docker", "exec", container, "docker", "info"],
stdout=subprocess.DEVNULL, stdout=subprocess.DEVNULL,
@@ -62,72 +81,97 @@ def wait_for_inner_docker(container: str, timeout: int = 60) -> None:
raise RuntimeError("Inner Docker daemon did not become ready in time") raise RuntimeError("Inner Docker daemon did not become ready in time")
def start_ci_container(
image: str,
build: bool,
rebuild: bool,
no_cache: bool,
name: str | None = None,
) -> str:
"""
Start a CI container running dockerd inside.
Returns the container name.
"""
if build or rebuild:
ensure_image(image, rebuild=rebuild, no_cache=no_cache)
if not name:
name = f"infinito-ci-{uuid.uuid4().hex[:8]}"
print(f">>> Starting CI container '{name}' with inner dockerd...")
subprocess.run(
[
"docker",
"run",
"-d",
"--name",
name,
"--network=host",
"--privileged",
"--cgroupns=host",
image,
"dockerd",
"--debug",
"--host=unix:///var/run/docker.sock",
"--storage-driver=vfs",
],
check=True,
)
wait_for_inner_docker(name)
print(f">>> CI container '{name}' started and inner dockerd is ready.")
return name
def run_in_container( def run_in_container(
image: str, image: str,
exclude: str,
forwarded_args: List[str],
build: bool, build: bool,
rebuild: bool,
no_cache: bool,
inventory_args: List[str],
deploy_args: List[str],
name: str | None = None,
) -> None: ) -> None:
""" """
Orchestrate everything from the *host*: Full CI "run" mode:
- start CI container with inner dockerd - start CI container with dockerd
- wait for inner docker - run cli.create.inventory (with forwarded inventory_args)
- create inventory (cli.create.inventory) - ensure CI vault password file
- ensure vault password file - run cli.deploy.dedicated (with forwarded deploy_args)
- run cli.deploy.dedicated - always remove container at the end
All heavy lifting inside the container happens via direct `docker exec` calls.
""" """
if build: container_name = None
ensure_image(image)
container_name = f"infinito-ci-{uuid.uuid4().hex[:8]}"
workdir = "/opt/infinito-src"
try: try:
# 1) Start CI container with dockerd as PID 1 container_name = start_ci_container(
print(f">>> Starting CI container '{container_name}' with inner dockerd...") image=image,
subprocess.run( build=build,
[ rebuild=rebuild,
"docker", no_cache=no_cache,
"run", name=name,
"-d",
"--name",
container_name,
"--network=host",
"--privileged",
"--cgroupns=host",
image,
"dockerd",
"--debug",
"--host=unix:///var/run/docker.sock",
"--storage-driver=vfs",
],
check=True,
) )
# 2) Wait until inner docker responds # 1) Create CI inventory
wait_for_inner_docker(container_name)
# 3) Create CI inventory via Python module
print(">>> Creating CI inventory inside container (cli.create.inventory)...") print(">>> Creating CI inventory inside container (cli.create.inventory)...")
inventory_cmd: List[str] = [
"python3",
"-m",
"cli.create.inventory",
"inventories/github-ci",
"--host",
"localhost",
"--ssl-disabled",
]
inventory_cmd.extend(inventory_args)
docker_exec( docker_exec(
container_name, container_name,
[ inventory_cmd,
"python3", workdir=WORKDIR_DEFAULT,
"-m",
"cli.create.inventory",
"inventories/github-ci",
"--host",
"localhost",
"--exclude",
exclude,
"--ssl-disabled",
],
workdir=workdir,
check=True, check=True,
) )
# 4) Ensure vault password file exists # 2) Ensure vault password file exists
print(">>> Ensuring CI vault password file exists...") print(">>> Ensuring CI vault password file exists...")
docker_exec( docker_exec(
container_name, container_name,
@@ -138,11 +182,11 @@ def run_in_container(
"[ -f inventories/github-ci/.password ] || " "[ -f inventories/github-ci/.password ] || "
"printf '%s\n' 'ci-vault-password' > inventories/github-ci/.password", "printf '%s\n' 'ci-vault-password' > inventories/github-ci/.password",
], ],
workdir=workdir, workdir=WORKDIR_DEFAULT,
check=True, check=True,
) )
# 5) Run dedicated deploy # 3) Run dedicated deploy
print(">>> Running cli.deploy.dedicated inside CI container...") print(">>> Running cli.deploy.dedicated inside CI container...")
cmd = [ cmd = [
"python3", "python3",
@@ -151,96 +195,179 @@ def run_in_container(
"inventories/github-ci/servers.yml", "inventories/github-ci/servers.yml",
"-p", "-p",
"inventories/github-ci/.password", "inventories/github-ci/.password",
*forwarded_args, *deploy_args,
] ]
result = docker_exec(container_name, cmd, workdir=workdir, check=False) result = docker_exec(container_name, cmd, workdir=WORKDIR_DEFAULT, check=False)
if result.returncode != 0: if result.returncode != 0:
raise subprocess.CalledProcessError( raise subprocess.CalledProcessError(result.returncode, cmd)
result.returncode, cmd
)
print(">>> Deployment finished successfully inside CI container.") print(">>> Deployment finished successfully inside CI container.")
finally: finally:
print(f">>> Cleaning up CI container '{container_name}'...") if container_name:
subprocess.run( print(f">>> Cleaning up CI container '{container_name}'...")
["docker", "rm", "-f", container_name], subprocess.run(
stdout=subprocess.DEVNULL, ["docker", "rm", "-f", container_name],
stderr=subprocess.DEVNULL, stdout=subprocess.DEVNULL,
) stderr=subprocess.DEVNULL,
)
def stop_container(name: str) -> None:
print(f">>> Stopping container '{name}'...")
subprocess.run(["docker", "stop", name], check=True)
print(f">>> Container '{name}' stopped.")
def remove_container(name: str) -> None:
print(f">>> Removing container '{name}'...")
subprocess.run(["docker", "rm", "-f", name], check=True)
print(f">>> Container '{name}' removed.")
def exec_in_container(name: str, cmd_args: List[str], workdir: str | None = WORKDIR_DEFAULT) -> int:
if not cmd_args:
print("Error: exec mode requires a command to run inside the container.", file=sys.stderr)
return 1
print(f">>> Executing command in container '{name}': {' '.join(cmd_args)}")
result = docker_exec(name, cmd_args, workdir=workdir, check=False)
return result.returncode
def split_inventory_and_deploy_args(rest: List[str]) -> Tuple[List[str], List[str]]:
"""
Split remaining arguments into:
- inventory_args: passed to cli.create.inventory
- deploy_args: passed to cli.deploy.dedicated
Convention:
- [inventory-args ...] -- [deploy-args ...]
- If no '--' is present: inventory_args = [], deploy_args = all rest.
"""
if not rest:
return [], []
if "--" in rest:
idx = rest.index("--")
inventory_args = rest[:idx]
deploy_args = rest[idx + 1 :]
else:
inventory_args = []
deploy_args = rest
return inventory_args, deploy_args
def main() -> int: def main() -> int:
# Capture raw arguments without program name
raw_argv = sys.argv[1:]
# Split container-args vs forwarded args using first "--"
if "--" in raw_argv:
sep_index = raw_argv.index("--")
container_argv = raw_argv[:sep_index]
rest = raw_argv[sep_index + 1:]
else:
container_argv = raw_argv
rest = []
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
prog="infinito-deploy-container", prog="infinito-deploy-container",
description=( description=(
"Run cli.deploy.dedicated inside an infinito Docker image with an inner " "Run Ansible deploy inside an infinito Docker image with an inner "
"Docker daemon (dockerd + vfs) and auto-generated CI inventory." "Docker daemon (dockerd + vfs) and auto-generated CI inventory.\n\n"
), "Usage (run mode):\n"
) " python -m cli.deploy.container run [container-opts] -- \\\n"
" [inventory-args ...] -- [deploy-args ...]\n\n"
parser.add_argument( "Example:\n"
"--image", " python -m cli.deploy.container run --build -- \\\n"
default=os.environ.get("INFINITO_IMAGE", "infinito:latest"), " --include svc-db-mariadb -- \\\n"
help="Docker image to use (default: %(default)s, overridable via INFINITO_IMAGE).", " -T server --debug\n"
)
parser.add_argument(
"--exclude",
default=os.environ.get("EXCLUDED_ROLES", ""),
help=(
"Comma-separated list of roles to exclude when creating the CI inventory "
"(default taken from EXCLUDED_ROLES env var)."
),
)
parser.add_argument(
"--build",
action="store_true",
help="If set, ensure the Docker image exists by building it when missing.",
)
parser.add_argument(
"forwarded",
nargs=argparse.REMAINDER,
help=(
"Arguments to forward to cli.deploy.dedicated. "
"Use '--' to separate wrapper options from dedicated options."
),
)
args = parser.parse_args()
forwarded_args = list(args.forwarded)
if forwarded_args and forwarded_args[0] == "--":
forwarded_args = forwarded_args[1:]
if not forwarded_args:
print(
"Error: no arguments forwarded to dedicated deploy script.\n"
"Hint: use '--' to separate wrapper options from dedicated options, e.g.\n"
" python -m cli.deploy.container --build -- -T server --debug --skip-tests",
file=sys.stderr,
) )
)
parser.add_argument(
"mode",
choices=["run", "start", "stop", "exec", "remove"],
help="Container mode: run, start, stop, exec, remove."
)
parser.add_argument("--image", default=os.environ.get("INFINITO_IMAGE", "infinito:latest"))
parser.add_argument("--build", action="store_true")
parser.add_argument("--rebuild", action="store_true")
parser.add_argument("--no-cache", action="store_true")
parser.add_argument("--name")
# Parse only container-level arguments
args = parser.parse_args(container_argv)
mode = args.mode
# --- RUN MODE ---
if mode == "run":
inventory_args, deploy_args = split_inventory_and_deploy_args(rest)
if not deploy_args:
print(
"Error: missing deploy arguments in run mode.\n"
"Use: container run [opts] -- [inventory args] -- [deploy args]",
file=sys.stderr
)
return 1
try:
run_in_container(
image=args.image,
build=args.build,
rebuild=args.rebuild,
no_cache=args.no_cache,
inventory_args=inventory_args,
deploy_args=deploy_args,
name=args.name,
)
except subprocess.CalledProcessError as exc:
print(f"[ERROR] Deploy failed with exit code {exc.returncode}", file=sys.stderr)
return exc.returncode
return 0
# --- START MODE ---
if mode == "start":
try:
name = start_ci_container(
image=args.image,
build=args.build,
rebuild=args.rebuild,
no_cache=args.no_cache,
name=args.name,
)
except Exception as exc:
print(f"[ERROR] {exc}", file=sys.stderr)
return 1
print(f">>> Started CI container: {name}")
return 0
# For stop/remove/exec, a container name is mandatory
if not args.name:
print(f"Error: '{mode}' requires --name", file=sys.stderr)
return 1 return 1
try: if mode == "stop":
run_in_container( stop_container(args.name)
image=args.image, return 0
exclude=args.exclude,
forwarded_args=forwarded_args,
build=args.build,
)
except subprocess.CalledProcessError as exc:
print(f"[ERROR] Container run failed with exit code {exc.returncode}", file=sys.stderr)
return exc.returncode
except RuntimeError as exc:
print(f"[ERROR] {exc}", file=sys.stderr)
return 1
return 0 if mode == "remove":
remove_container(args.name)
return 0
if mode == "exec":
return exec_in_container(args.name, rest)
print(f"Unknown mode: {mode}", file=sys.stderr)
return 1
if __name__ == "__main__": if __name__ == "__main__":
raise SystemExit(main()) raise SystemExit(main())

136
tests/unit/cli/deploy/test_container.py
View File

@@ -11,22 +11,26 @@ from cli.deploy import container as deploy_container
class TestEnsureImage(unittest.TestCase): class TestEnsureImage(unittest.TestCase):
@mock.patch("subprocess.run") @mock.patch("subprocess.run")
def test_ensure_image_skips_build_when_image_exists(self, mock_run): def test_ensure_image_skips_build_when_image_exists(self, mock_run):
# docker image inspect → returncode 0 means "image exists" """
If the image already exists, ensure_image should only call
`docker image inspect` and NOT run `docker build`.
"""
# docker image inspect → rc=0 (image exists)
mock_run.return_value = subprocess.CompletedProcess( mock_run.return_value = subprocess.CompletedProcess(
["docker", "image", "inspect", "infinito:latest"], args=["docker", "image", "inspect", "infinito:latest"],
0, returncode=0,
stdout=b"", stdout="",
stderr=b"", stderr="",
) )
deploy_container.ensure_image("infinito:latest") deploy_container.ensure_image("infinito:latest")
# Only one call: docker image inspect # Exactly one call: docker image inspect
self.assertEqual(mock_run.call_count, 1) self.assertEqual(mock_run.call_count, 1)
cmd = mock_run.call_args_list[0].args[0] cmd = mock_run.call_args_list[0].args[0]
self.assertEqual(cmd[:3], ["docker", "image", "inspect"]) self.assertEqual(cmd[:3], ["docker", "image", "inspect"])
# No docker build command # Ensure docker build was never called
self.assertFalse( self.assertFalse(
any( any(
call.args[0][:2] == ["docker", "build"] call.args[0][:2] == ["docker", "build"]
@@ -37,17 +41,40 @@ class TestEnsureImage(unittest.TestCase):
@mock.patch("subprocess.run") @mock.patch("subprocess.run")
def test_ensure_image_builds_when_missing(self, mock_run): def test_ensure_image_builds_when_missing(self, mock_run):
"""
If the image does not exist, ensure_image should call
`docker image inspect` first and then `docker build`.
"""
calls: List[List[str]] = [] calls: List[List[str]] = []
def _side_effect(cmd, *args, **kwargs): def _side_effect(cmd, *args, **kwargs):
calls.append(cmd) calls.append(cmd)
# First inspect fails → triggers build
# First: docker image inspect → rc=1 (missing)
if cmd[:3] == ["docker", "image", "inspect"]: if cmd[:3] == ["docker", "image", "inspect"]:
return subprocess.CompletedProcess(cmd, 1, b"", b"missing") return subprocess.CompletedProcess(
# Build succeeds args=cmd,
returncode=1,
stdout="",
stderr="missing",
)
# Then: docker build → rc=0 (success)
if cmd[:2] == ["docker", "build"]: if cmd[:2] == ["docker", "build"]:
return subprocess.CompletedProcess(cmd, 0, b"", b"") return subprocess.CompletedProcess(
return subprocess.CompletedProcess(cmd, 0, b"", b"") args=cmd,
returncode=0,
stdout="",
stderr="",
)
# Any other commands (should not happen here)
return subprocess.CompletedProcess(
args=cmd,
returncode=0,
stdout="",
stderr="",
)
mock_run.side_effect = _side_effect mock_run.side_effect = _side_effect
@@ -55,44 +82,53 @@ class TestEnsureImage(unittest.TestCase):
self.assertTrue( self.assertTrue(
any(c[:3] == ["docker", "image", "inspect"] for c in calls), any(c[:3] == ["docker", "image", "inspect"] for c in calls),
"Expected docker image inspect to be called", "Expected 'docker image inspect' to be called",
) )
self.assertTrue( self.assertTrue(
any(c[:2] == ["docker", "build"] for c in calls), any(c[:2] == ["docker", "build"] for c in calls),
"Expected docker build to run when image is missing", "Expected 'docker build' to run when image is missing",
) )
class TestRunInContainer(unittest.TestCase): class TestRunInContainer(unittest.TestCase):
@mock.patch("subprocess.run") @mock.patch("subprocess.run")
def test_run_in_container_calls_single_docker_run(self, mock_run): def test_run_in_container_calls_single_docker_run(self, mock_run):
""" """
Current container.py starts exactly one Docker container via run_in_container should start exactly one 'docker run' CI container,
'docker run' to launch the inner dockerd daemon. All further work then use docker exec for everything else.
(inventory creation + dedicated deploy) happens via docker exec.
""" """
calls: List[List[str]] = [] calls: List[List[str]] = []
def _side_effect(cmd, *args, **kwargs): def _side_effect(cmd, *args, **kwargs):
calls.append(cmd) calls.append(cmd)
return subprocess.CompletedProcess(cmd, 0, b"", b"") # Always succeed → wait_for_inner_docker stops on first call
return subprocess.CompletedProcess(
args=cmd,
returncode=0,
stdout="",
stderr="",
)
mock_run.side_effect = _side_effect mock_run.side_effect = _side_effect
image = "infinito:latest" image = "infinito:latest"
exclude = "foo,bar" inventory_args = ["--include", "svc-db-mariadb"]
forwarded = ["-T", "server", "--debug", "--skip-tests"] deploy_args = ["-T", "server", "--debug", "--skip-tests"]
deploy_container.run_in_container( deploy_container.run_in_container(
image=image, image=image,
exclude=exclude,
forwarded_args=forwarded,
build=False, build=False,
rebuild=False,
no_cache=False,
inventory_args=inventory_args,
deploy_args=deploy_args,
name=None,
) )
# We expect at least one subprocess.run call # At least one command must have been executed
self.assertGreaterEqual(len(calls), 1) self.assertGreaterEqual(len(calls), 1)
# Only count *docker run* invocations, not docker exec / image / build # Filter all docker run invocations
docker_run_calls = [ docker_run_calls = [
c c
for c in calls for c in calls
@@ -105,16 +141,12 @@ class TestRunInContainer(unittest.TestCase):
self.assertEqual( self.assertEqual(
len(docker_run_calls), len(docker_run_calls),
1, 1,
"Expected exactly one 'docker run' call", "Expected exactly one 'docker run' call (for the CI container)",
) )
cmd = docker_run_calls[0] cmd = docker_run_calls[0]
# Basic structure of the docker run call
self.assertEqual(cmd[0], "docker") self.assertEqual(cmd[0], "docker")
self.assertEqual(cmd[1], "run") self.assertEqual(cmd[1], "run")
# New behavior: container runs dockerd in detached mode
self.assertIn("-d", cmd) self.assertIn("-d", cmd)
self.assertIn("--name", cmd) self.assertIn("--name", cmd)
self.assertIn("--network=host", cmd) self.assertIn("--network=host", cmd)
@@ -123,17 +155,23 @@ class TestRunInContainer(unittest.TestCase):
self.assertIn(image, cmd) self.assertIn(image, cmd)
self.assertIn("dockerd", cmd) self.assertIn("dockerd", cmd)
# We *no longer* expect '--rm', '/bin/sh', or '-lc' here,
# because all higher-level logic is executed by docker exec.
class TestMain(unittest.TestCase): class TestMain(unittest.TestCase):
@mock.patch("cli.deploy.container.run_in_container") @mock.patch("cli.deploy.container.run_in_container")
def test_main_requires_forwarded_args(self, mock_run_in_container): def test_main_requires_forwarded_args(self, mock_run_in_container):
""" """
If no arguments follow '--', main() must return exit code 1 and not call run_in_container(). In 'run' mode, main() must return 1 and not call run_in_container()
if no deploy arguments are provided after the first '--'.
""" """
argv = ["cli.deploy.container"] # realistic argv from `python -m ...` argv = [
"cli.deploy.container",
"run",
"--image",
"myimage:latest",
"--build",
"--",
# no inventory/deploy args here
]
with mock.patch.object(sys, "argv", argv): with mock.patch.object(sys, "argv", argv):
rc = deploy_container.main() rc = deploy_container.main()
@@ -143,15 +181,21 @@ class TestMain(unittest.TestCase):
@mock.patch("cli.deploy.container.run_in_container") @mock.patch("cli.deploy.container.run_in_container")
def test_main_passes_arguments_to_run_in_container(self, mock_run_in_container): def test_main_passes_arguments_to_run_in_container(self, mock_run_in_container):
""" """
Ensure CLI args are parsed and forwarded correctly. Ensure that main() correctly splits container args vs inventory/deploy
args and passes them to run_in_container().
""" """
argv = [ argv = [
"cli.deploy.container", "cli.deploy.container",
"--image", "myimage:latest", "run",
"--exclude", "foo,bar", "--image",
"myimage:latest",
"--build", "--build",
"--", "--",
"-T", "server", "--exclude",
"foo,bar",
"--",
"-T",
"server",
"--debug", "--debug",
] ]
@@ -161,14 +205,24 @@ class TestMain(unittest.TestCase):
self.assertEqual(rc, 0) self.assertEqual(rc, 0)
mock_run_in_container.assert_called_once() mock_run_in_container.assert_called_once()
# access kwargs passed to run_in_container
kwargs = mock_run_in_container.call_args.kwargs kwargs = mock_run_in_container.call_args.kwargs
# Container-level options
self.assertEqual(kwargs["image"], "myimage:latest") self.assertEqual(kwargs["image"], "myimage:latest")
self.assertEqual(kwargs["exclude"], "foo,bar") # <-- fixed key
self.assertTrue(kwargs["build"]) self.assertTrue(kwargs["build"])
self.assertFalse(kwargs["rebuild"])
self.assertFalse(kwargs["no_cache"])
self.assertIsNone(kwargs["name"])
# Inventory args: first segment after first '--' until second '--'
self.assertEqual( self.assertEqual(
kwargs["forwarded_args"], kwargs["inventory_args"],
["--exclude", "foo,bar"],
)
# Deploy args: everything after the second '--'
self.assertEqual(
kwargs["deploy_args"],
["-T", "server", "--debug"], ["-T", "server", "--debug"],
) )