Globally prefer podman and better cross platform support #627
Conversation
There were some targets in the Makefile that were hardcoded to use the docker binary. They have been changed to use `$(CONTAINER_ENGINE)`, which will prefer podman and fall back to docker. In order to better support non-Linux platforms, some auto-detection is done for the OS and if Linux is detected, container volumes will be mounted with `:z` to facilicate SELinux labels (which are not supported on MacOS with Podman). There are two ways to override the auto-detection. To pretend to _not_ be Linux: `make UNAME=Unknown` (or whichever platform). To remain Linux (for example) but disable SELinux mount: `make SELINUX_MOUNT_CHAR=` Signed-off-by: Lisa Seelye <[email protected]>
| -v $(PWD)/schemas:/schemas$(SELINUX_MOUNT_CHAR) \ | ||
| -v $(PWD)/graphql-schemas:/graphql$(SELINUX_MOUNT_CHAR) \ | ||
| -v $(PWD)/fake_data:/data$(SELINUX_MOUNT_CHAR) \ | ||
| -v $(PWD)/fake_resources:/resources$(SELINUX_MOUNT_CHAR) \ |
There was a problem hiding this comment.
:z means to share with multiple containers, I don't see where are we using that feature, all volume binds in this file are just read only mount, a simple :ro should be good enough.
There was a problem hiding this comment.
@hemslo With regard to :z, while you are correct, the container engine facilitates the sharing through SELinux labels, which aren't available outside a SELinux-enabled environment (such as MacOS).
If we want to change the flag to :ro later, we can do that at a later date. I want this change to be minimal in scope without potentially breaking changes.
There was a problem hiding this comment.
Then can we only keep @$(CONTAINER_ENGINE) changes in this pr, or just remove :z in both cases? :ro is a good to have suffix to indicate readonly, then that system check is also not needed anymore, seems small enough to be included all in one change.
There were some targets in the Makefile that were hardcoded to use the docker binary. They have been changed to use
$(CONTAINER_ENGINE), which will prefer podman and fall back to docker.In order to better support non-Linux platforms, some auto-detection is done for the OS and if Linux is detected, container volumes will be mounted with
:zto facilicate SELinux labels (which are not supported on MacOS with Podman). There are two ways to override the auto-detection. To pretend to not be Linux:make UNAME=Unknown(or whichever platform). To remain Linux (for example) but disable SELinux mount:make SELINUX_MOUNT_CHAR=