Use podman instead of docker
This commit is contained in:
parent
492d06b0d6
commit
91d5db6453
30
aocsync.py
30
aocsync.py
@ -88,7 +88,7 @@ class Config:
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def docker_config(self) -> dict:
|
def docker_config(self) -> dict:
|
||||||
"""Get Docker configuration with defaults"""
|
"""Get Podman configuration with defaults"""
|
||||||
docker_config = self.config.get('docker', {})
|
docker_config = self.config.get('docker', {})
|
||||||
return {
|
return {
|
||||||
'build_cache_dir': docker_config.get('build_cache_dir', ''),
|
'build_cache_dir': docker_config.get('build_cache_dir', ''),
|
||||||
@ -574,13 +574,13 @@ class CargoAOCRunner:
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _run_cargo_aoc_in_container(work_dir: Path, day: int, repo_root: Path, docker_config: dict) -> subprocess.CompletedProcess:
|
def _run_cargo_aoc_in_container(work_dir: Path, day: int, repo_root: Path, docker_config: dict) -> subprocess.CompletedProcess:
|
||||||
"""Run cargo aoc in a Docker container for security
|
"""Run cargo aoc in a Podman container for security
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
work_dir: Working directory (year directory) - can be absolute or relative
|
work_dir: Working directory (year directory) - can be absolute or relative
|
||||||
day: Day number to run
|
day: Day number to run
|
||||||
repo_root: Absolute path to repository root
|
repo_root: Absolute path to repository root
|
||||||
docker_config: Docker configuration dictionary
|
docker_config: Podman configuration dictionary
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
CompletedProcess with stdout, stderr, returncode
|
CompletedProcess with stdout, stderr, returncode
|
||||||
@ -617,9 +617,9 @@ class CargoAOCRunner:
|
|||||||
registry_cache_dir = docker_config.get('registry_cache_dir', '')
|
registry_cache_dir = docker_config.get('registry_cache_dir', '')
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Build Docker command
|
# Build Podman command
|
||||||
docker_cmd = [
|
podman_cmd = [
|
||||||
'docker', 'run',
|
'podman', 'run',
|
||||||
'--rm', # Remove container after execution
|
'--rm', # Remove container after execution
|
||||||
'--network=none', # No network access
|
'--network=none', # No network access
|
||||||
'--memory', docker_config.get('memory', '2g'), # Limit memory
|
'--memory', docker_config.get('memory', '2g'), # Limit memory
|
||||||
@ -636,14 +636,14 @@ class CargoAOCRunner:
|
|||||||
# Use persistent registry cache
|
# Use persistent registry cache
|
||||||
registry_cache_path = Path(registry_cache_dir).resolve()
|
registry_cache_path = Path(registry_cache_dir).resolve()
|
||||||
registry_cache_path.mkdir(parents=True, exist_ok=True)
|
registry_cache_path.mkdir(parents=True, exist_ok=True)
|
||||||
docker_cmd.extend(['-v', f'{registry_cache_path}:/root/.cargo/registry:rw'])
|
podman_cmd.extend(['-v', f'{registry_cache_path}:/root/.cargo/registry:rw'])
|
||||||
logger.info(f"Using persistent registry cache: {registry_cache_path}")
|
logger.info(f"Using persistent registry cache: {registry_cache_path}")
|
||||||
else:
|
else:
|
||||||
# Use tmpfs for registry cache (cleared after each run)
|
# Use tmpfs for registry cache (cleared after each run)
|
||||||
docker_cmd.extend(['--tmpfs', '/root/.cargo/registry:rw,noexec,nosuid,size=100m'])
|
podman_cmd.extend(['--tmpfs', '/root/.cargo/registry:rw,noexec,nosuid,size=100m'])
|
||||||
|
|
||||||
# Add Docker image and command
|
# Add Podman image and command
|
||||||
docker_cmd.extend([
|
podman_cmd.extend([
|
||||||
docker_config.get('image', 'rust:latest'),
|
docker_config.get('image', 'rust:latest'),
|
||||||
'cargo', 'aoc', '--day', str(day)
|
'cargo', 'aoc', '--day', str(day)
|
||||||
])
|
])
|
||||||
@ -653,7 +653,7 @@ class CargoAOCRunner:
|
|||||||
env['CARGO_TARGET_DIR'] = '/build/target'
|
env['CARGO_TARGET_DIR'] = '/build/target'
|
||||||
|
|
||||||
result = subprocess.run(
|
result = subprocess.run(
|
||||||
docker_cmd,
|
podman_cmd,
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
text=True,
|
text=True,
|
||||||
timeout=300, # 5 minute timeout
|
timeout=300, # 5 minute timeout
|
||||||
@ -714,8 +714,8 @@ class CargoAOCRunner:
|
|||||||
|
|
||||||
for day in days:
|
for day in days:
|
||||||
try:
|
try:
|
||||||
logger.info(f"Running cargo aoc for {user} year {year} day {day} in {work_dir} (in Docker container)")
|
logger.info(f"Running cargo aoc for {user} year {year} day {day} in {work_dir} (in Podman container)")
|
||||||
# Run cargo aoc in a Docker container for security
|
# Run cargo aoc in a Podman container for security
|
||||||
# Use default docker_config if not provided
|
# Use default docker_config if not provided
|
||||||
if docker_config is None:
|
if docker_config is None:
|
||||||
docker_config = {
|
docker_config = {
|
||||||
@ -737,7 +737,7 @@ class CargoAOCRunner:
|
|||||||
with open(log_file, 'a', encoding='utf-8') as f:
|
with open(log_file, 'a', encoding='utf-8') as f:
|
||||||
f.write(f"\n{'='*80}\n")
|
f.write(f"\n{'='*80}\n")
|
||||||
f.write(f"[{timestamp}] {user} - Year {year} - Day {day}\n")
|
f.write(f"[{timestamp}] {user} - Year {year} - Day {day}\n")
|
||||||
f.write(f"Command: cargo aoc --day {day} (in Docker container)\n")
|
f.write(f"Command: cargo aoc --day {day} (in Podman container)\n")
|
||||||
f.write(f"Working Directory: {work_dir}\n")
|
f.write(f"Working Directory: {work_dir}\n")
|
||||||
f.write(f"Return Code: {result.returncode}\n")
|
f.write(f"Return Code: {result.returncode}\n")
|
||||||
f.write(f"{'='*80}\n")
|
f.write(f"{'='*80}\n")
|
||||||
@ -2068,7 +2068,7 @@ class AOCSync:
|
|||||||
# Create log file path in output directory
|
# Create log file path in output directory
|
||||||
log_file = Path(self.config.output_dir) / 'cargo-aoc.log'
|
log_file = Path(self.config.output_dir) / 'cargo-aoc.log'
|
||||||
log_file.parent.mkdir(parents=True, exist_ok=True)
|
log_file.parent.mkdir(parents=True, exist_ok=True)
|
||||||
# Get Docker configuration
|
# Get Podman configuration
|
||||||
docker_config = self.config.docker_config
|
docker_config = self.config.docker_config
|
||||||
results = CargoAOCRunner.run_benchmarks(repo_path, year=year, user=user,
|
results = CargoAOCRunner.run_benchmarks(repo_path, year=year, user=user,
|
||||||
repo_url=repo_url, is_multi_year=is_multi_year,
|
repo_url=repo_url, is_multi_year=is_multi_year,
|
||||||
|
|||||||
@ -13,7 +13,7 @@ rsync:
|
|||||||
enabled: true
|
enabled: true
|
||||||
destination: "xinu.tv:/var/www/static/aoc/"
|
destination: "xinu.tv:/var/www/static/aoc/"
|
||||||
|
|
||||||
# Docker container configuration for running cargo aoc
|
# Podman container configuration for running cargo aoc
|
||||||
docker:
|
docker:
|
||||||
# Persistent directory for cargo build artifacts (speeds up rebuilds)
|
# Persistent directory for cargo build artifacts (speeds up rebuilds)
|
||||||
# If not specified, uses temporary directory that's cleaned up after each run
|
# If not specified, uses temporary directory that's cleaned up after each run
|
||||||
@ -27,7 +27,7 @@ docker:
|
|||||||
memory: "2g" # Memory limit
|
memory: "2g" # Memory limit
|
||||||
cpus: "2" # CPU limit
|
cpus: "2" # CPU limit
|
||||||
|
|
||||||
# Docker image to use
|
# Podman image to use
|
||||||
image: "rust:latest"
|
image: "rust:latest"
|
||||||
|
|
||||||
# Repositories to monitor
|
# Repositories to monitor
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user