The current approach is to run /bin/bash in a fully privilaged docker
container as the root user and exec the anteater command from this.
There are a couple of reasons this approach doesn't make sense:
1) anteater is not a long running service
2) anteater doesn't need any privilaged access to the host
3) anteater is already a compiled binary and can be ran directly
Because the anteater container doesn't need access to all the host
devices nor is it running docker containers inside of docker, the
`--privileged=true` flag can be removed.
Note: '--rm' is added as well to ensure volumes do not persist past the
container lifecycle and lead to build server running out of disk space.
JIRA: RELENG-250
Change-Id: I1ec90b3737abf591b6b3373fe2fc8f52cdcfb11a
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
docker pull opnfv/releng-anteater
echo "--------------------------------------------------------"
docker pull opnfv/releng-anteater
echo "--------------------------------------------------------"
-cmd="sudo docker run --privileged=true -id $envs $vols opnfv/releng-anteater /bin/bash"
-echo "Running docker command $cmd"
-container_id=$($cmd)
-echo "Container ID is $container_id"
-cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
-echo "Executing command inside container"
+cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \
+anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
+echo "Running docker container"
-echo "--------------------------------------------------------"
-docker exec $container_id $cmd > $WORKSPACE/securityaudit.log 2>&1
+$cmd > $WORKSPACE/securityaudit.log 2>&1
exit_code=$?
echo "--------------------------------------------------------"
exit_code=$?
echo "--------------------------------------------------------"
-echo "Stopping docker container with ID $container_id"
-docker stop $container_id
+echo "Docker container exited with code: $exit_code"
+echo "--------------------------------------------------------"
cat securityaudit.log
exit 0
cat securityaudit.log
exit 0