如何检查分支是否在Docker映像中创建了文件? [英] How to checkout branches if there are files created in docker image?

问题描述

在我的宠物项目中，我设置了docker-compose进行开发.问题是我已经在dockerimage中创建了django迁移并创建了commit.签出到主分支后，我看到一个错误.这些文件无法跟踪，因此我无法将sub分支合并到main中.

In my pet project I set up docker-compose for development. The issue is that I've create django migration inside dockerimage and created commit. After checkout to main branch I see an error. These files become untracked and I cannot merge sub branch into the main.

git checkout master

warning: unable to unlink 'apps/app_name/migrations/0001_initial.py': Permission denied
warning: unable to unlink 'apps/app_name/migrations/0002_auto_20190127_1815.py': Permission denied
warning: unable to unlink 'apps/app_name/migrations/__init__.py': Permission denied
Switched to branch 'master'

我也尝试过使用sudo.所有新文件将在主分支中显示为未跟踪，但不会添加新提交(基于git log)

Also I tried to it with sudo. All new files will appear untracked in main branch but no new commits will be added(based on git log)

docker-compose.yml

docker-compose.yml

version: '3'

services:
  db:
    image: postgres
  web:
    build:
      dockerfile: ./compose/Dockerfile.dev
      context: .
    command: /start
    volumes:
      - .:/code
    ports:
      - "8000:8000"
    depends_on:
      - db
    links:
      - db:db

Dockerfile

Dockerfile

FROM python:3.6.8-alpine

ENV PYTHONUNBUFFERED 1

RUN apk update \
  # psycopg2 dependencies
  && apk add --virtual build-deps gcc python3-dev musl-dev \
  && apk add postgresql-dev \
  # Pillow dependencies
  && apk add jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-dev tk-dev tcl-dev \
  # CFFI dependencies
  && apk add libffi-dev py-cffi \
  # Translations dependencies
  && apk add gettext \
  # https://docs.djangoproject.com/en/dev/ref/django-admin/#dbshell
  && apk add postgresql-client

RUN mkdir /code

WORKDIR /code

COPY /requirements /code/requirements/

RUN pip install -r requirements/dev.txt

COPY . /code/

COPY ./compose/start /start
RUN sed -i 's/\r//' /start
RUN chmod +x /start

start.sh

#!/bin/sh

set -o errexit
set -o pipefail
set -o nounset


python manage.py migrate
python manage.py runserver_plus 0.0.0.0:8000

推荐答案

Dockerfile

FROM python:3.6.8-alpine

ENV PYTHONUNBUFFERED 1

ARG CONTAINER_USER="python"
ARG CONTAINER_UID="1000"
ARG CONTAINER_GID="1000"
ARG WORKSPACE=/home/"${CONTAINER_USER}"/code

RUN apk update \
  # psycopg2 dependencies
  && apk add --virtual build-deps gcc python3-dev musl-dev \
  && apk add postgresql-dev \
  # Pillow dependencies
  && apk add jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-dev tk-dev tcl-dev \
  # CFFI dependencies
  && apk add libffi-dev py-cffi \
  # Translations dependencies
  && apk add gettext \
  # https://docs.djangoproject.com/en/dev/ref/django-admin/#dbshell
  && apk add postgresql-client && \

  addgroup -g "${CONTAINER_GID}" -S "${CONTAINER_USER}" && \
  adduser -s /bin/ash -u "${CONTAINER_UID}" -G  "${CONTAINER_USER}" -h /home/"${CONTAINER_USER}" -D "${CONTAINER_USER}"

USER "${CONTAINER_USER}"

WORKDIR "${WORKSPACE}"

COPY  ./requirements/dev.txt "${WORKSPACE}"/requirements.txt

RUN pip install -r requirements.txt

以root用户身份在docker容器中运行任何方法都是不明智的做法，就像您不会在计算机中执行该操作一样.我添加了一个用户python，该用户将与您的计算机具有相同的uid，并假设您的操作系统用户与uid 1000一样，这在Linux计算机中是正常的.如果您使用的是其他操作系统，则可能无法正常工作，因此您需要为特定的操作系统找到解决方案.

Is bad practice to run whatsoever in a docker container as the root user, just like you wouldn't do it in your computer. I added a user python that will have the same uid of your computer, assuming your operating system user as the uid 1000 as it is normal in Linux machines. If you are in another OS than this may not work and you will need to find the solution for your specific OS.

docker-compose.yml

version: '3'

services:
  db:
    image: postgres
  web:
    build:
      dockerfile: ./compose/Dockerfile.dev
      context: .
      args:
        CONTAINER_UID: ${UID:-1000}
        CONTAINER_GID: ${GID:-1000}
    command: ./compose/start
    volumes:
      - .:/home/python/code
    ports:
      - "8000:8000"
    depends_on:
      - db

links已过时，并已被depends_on取代，因此不必同时使用两者.

links is deprecated and was replaced by depends_on, thus not necessary to use both.

为了为您的用户使用与您的文件系统相同的权限来构建容器，我在dockerfile build部分中添加了args，并且使用了$UID和$GID的OS值，但是如果不是设置将默认为1000.

In order to build the container with the same permissions of your filesystem for your user I have added args to de dockerfile build section and I use the OS values for $UID and $GID, but if they are not set will default to 1000.

您可以在Linux操作系统中看到什么，对于$UID使用id -u，对于$GID使用id -g.

You can see what are the ones in your Linux OS with id -u for $UID and id -g for the $GID.

Shell脚本

将其设置为可在您的仓库中执行并提交更改，以使您无需在每次构建Docker映像时都进行此操作.

Make it executable in your repo and commit the change so that you don't need to do it each time you build the docker image.

chmod 700 ./compose/start

我不使用+ x，因为一旦您允许所有人执行脚本，就安全性而言，这是不好的做法.

I don't use +x because that is a bad practice in terms of security, once you will allow everyone to execute the script.

摘要

现在在容器内部创建的任何文件都将具有uid和gid的1000，因此权限不会再发生冲突.

Any files created now inside of the container will have the uid and gid of 1000, thus no more conflict should occur with permissions.

这篇关于如何检查分支是否在Docker映像中创建了文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！