diff --git a/.github/workflows/sycl-containers.yaml b/.github/workflows/sycl-containers.yaml index c80e344719238..5c39885bd7c1a 100644 --- a/.github/workflows/sycl-containers.yaml +++ b/.github/workflows/sycl-containers.yaml @@ -82,7 +82,6 @@ jobs: file: ${{ matrix.file }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - sycl_ci_passwd: ${{ secrets.DOCKER_SUDO_PASSWORD }} tags: | ghcr.io/${{ github.repository }}/${{ matrix.file }}:${{ matrix.tag }}-${{ github.sha }} ghcr.io/${{ github.repository }}/${{ matrix.file }}:${{ matrix.tag }} diff --git a/.github/workflows/sycl-linux-run-tests.yml b/.github/workflows/sycl-linux-run-tests.yml index 6a40dd683bf3a..e445386baa4ad 100644 --- a/.github/workflows/sycl-linux-run-tests.yml +++ b/.github/workflows/sycl-linux-run-tests.yml @@ -157,10 +157,10 @@ jobs: env: ${{ fromJSON(inputs.env) }} steps: - name: Reset Intel GPU - if: false + if: inputs.reset_intel_gpu == 'true' run: | - cat /run/secrets/sycl_passwd | sudo -S mount -t debugfs none /sys/kernel/debug - cat /run/secrets/sycl_passwd | sudo -S bash -c 'echo 1 > /sys/kernel/debug/dri/0/i915_wedged' + sudo -S mount -t debugfs none /sys/kernel/debug + sudo -S bash -c 'echo 1 > /sys/kernel/debug/dri/0/i915_wedged' - uses: actions/checkout@v4 with: ref: ${{ inputs.ref }} @@ -196,9 +196,9 @@ jobs: run: | if [ "${{ inputs.install_dev_igc_driver }}" = "true" ]; then # If libllvm14 is already installed (dev igc docker), still return true. - cat /run/secrets/sycl_passwd | sudo -S apt-get install -yqq libllvm14 || true; + sudo -S apt-get install -yqq libllvm14 || true; fi - cat /run/secrets/sycl_passwd | sudo -S -E bash devops/scripts/install_drivers.sh llvm/devops/dependencies.json ${{ inputs.install_dev_igc_driver == 'true' && 'llvm/devops/dependencies-igc-dev.json --use-dev-igc' || '' }} --all + sudo -S -E bash devops/scripts/install_drivers.sh llvm/devops/dependencies.json ${{ inputs.install_dev_igc_driver == 'true' && 'llvm/devops/dependencies-igc-dev.json --use-dev-igc' || '' }} --all - name: Source OneAPI TBB vars.sh shell: bash run: | diff --git a/devops/actions/build_container/action.yml b/devops/actions/build_container/action.yml index 8b992b5a2c050..5ff5f3e209bff 100644 --- a/devops/actions/build_container/action.yml +++ b/devops/actions/build_container/action.yml @@ -21,9 +21,6 @@ inputs: file: description: "Dockerfile" required: true - sycl_ci_passwd: - description: "Password to assign to sycl_ci user within a container" - required: true runs: using: "composite" @@ -44,4 +41,3 @@ runs: file: ${{ github.workspace }}/devops/containers/${{ inputs.file }}.Dockerfile secrets: | github_token=${{ github.token }} - sycl_ci_passwd=${{ inputs.sycl_ci_passwd }} diff --git a/devops/containers/ubuntu2204_base.Dockerfile b/devops/containers/ubuntu2204_base.Dockerfile index b694124c26f13..d08b6025e9908 100644 --- a/devops/containers/ubuntu2204_base.Dockerfile +++ b/devops/containers/ubuntu2204_base.Dockerfile @@ -9,13 +9,13 @@ COPY scripts/install_build_tools.sh /install.sh RUN /install.sh COPY scripts/create-sycl-user.sh /user-setup.sh -RUN --mount=type=secret,id=sycl_ci_passwd /user-setup.sh +RUN /user-setup.sh COPY actions/cached_checkout /actions/cached_checkout COPY actions/cleanup /actions/cleanup COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh COPY scripts/install_drivers.sh /opt/install_drivers.sh -USER sycl_ci +USER sycl ENTRYPOINT ["/docker_entrypoint.sh"] diff --git a/devops/containers/ubuntu2204_build.Dockerfile b/devops/containers/ubuntu2204_build.Dockerfile index ee8a32411f742..1aa814aaa775c 100644 --- a/devops/containers/ubuntu2204_build.Dockerfile +++ b/devops/containers/ubuntu2204_build.Dockerfile @@ -31,11 +31,11 @@ RUN apt update && apt install -yqq rocm-dev && \ rm -rf /var/lib/apt/lists/* COPY scripts/create-sycl-user.sh /user-setup.sh -RUN --mount=type=secret,id=sycl_ci_passwd /user-setup.sh +RUN /user-setup.sh COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh -USER sycl_ci +USER sycl ENTRYPOINT ["/docker_entrypoint.sh"] diff --git a/devops/containers/ubuntu2404_base.Dockerfile b/devops/containers/ubuntu2404_base.Dockerfile index adc1695ded6f7..7af9ccfec1e5f 100644 --- a/devops/containers/ubuntu2404_base.Dockerfile +++ b/devops/containers/ubuntu2404_base.Dockerfile @@ -9,13 +9,13 @@ COPY scripts/install_build_tools.sh /install.sh RUN /install.sh COPY scripts/create-sycl-user.sh /user-setup.sh -RUN --mount=type=secret,id=sycl_ci_passwd /user-setup.sh +RUN /user-setup.sh COPY actions/cached_checkout /actions/cached_checkout COPY actions/cleanup /actions/cleanup COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh COPY scripts/install_drivers.sh /opt/install_drivers.sh -USER sycl_ci +USER sycl ENTRYPOINT ["/docker_entrypoint.sh"] diff --git a/devops/containers/ubuntu2404_build_oneapi.Dockerfile b/devops/containers/ubuntu2404_build_oneapi.Dockerfile index 8f0d0b5d27bb3..48e617328539d 100644 --- a/devops/containers/ubuntu2404_build_oneapi.Dockerfile +++ b/devops/containers/ubuntu2404_build_oneapi.Dockerfile @@ -39,11 +39,11 @@ RUN apt update && apt install -yqq rocm-dev intel-oneapi-compiler-dpcpp-cpp && \ rm -rf /var/lib/apt/lists/* COPY scripts/create-sycl-user.sh /user-setup.sh -RUN --mount=type=secret,id=sycl_ci_passwd /user-setup.sh +RUN /user-setup.sh COPY scripts/docker_entrypoint.sh /docker_entrypoint.sh -USER sycl_ci +USER sycl ENTRYPOINT ["/docker_entrypoint.sh"] diff --git a/devops/scripts/create-sycl-user.sh b/devops/scripts/create-sycl-user.sh index 43633f4499adc..7199f1eaf10cd 100755 --- a/devops/scripts/create-sycl-user.sh +++ b/devops/scripts/create-sycl-user.sh @@ -2,28 +2,13 @@ set -e -if [[ $# -eq 0 ]]; then - # When launched without arguments, we assume that it was launched as part of - # CI workflow and therefore a different kind of user is created - USER_NAME=sycl_ci - SET_PASSWD=true +USER_NAME=sycl - # By default Ubuntu sets an arbitrary UID value, that is different from host - # system. When CI passes default UID value of 1001, some of LLVM tools fail to - # discover user home directory and fail a few LIT tests. Fixes UID and GID to - # 1001, that is used as default by GitHub Actions. - USER_ID=1001 -else - if [[ "${1:-}" != "--regular" ]]; then - echo "The only supported argument is --regular!" - exit 1 - fi - USER_NAME=sycl - SET_PASSWD=false - - # Some user id which is different from the one assigned to sycl_ci user - USER_ID=1234 -fi +# By default Ubuntu sets an arbitrary UID value, that is different from host +# system. When CI passes default UID value of 1001, some of LLVM tools fail to +# discover user home directory and fail a few LIT tests. Fixes UID and GID to +# 1001, that is used as default by GitHub Actions. +USER_ID=1001 groupadd -g $USER_ID $USER_NAME && useradd $USER_NAME -u $USER_ID -g $USER_ID -m -s /bin/bash # Add user to video/irc groups so that it can access GPU @@ -34,17 +19,5 @@ usermod -aG irc $USER_NAME groupadd -f -g 109 render usermod -aG render $USER_NAME -if [[ $SET_PASSWD == true ]]; then - if [[ ! -f /run/secrets/sycl_ci_passwd ]]; then - echo "Password is requested, but /run/secrets/sycl_ci_passwd doesn't exist!" - exit 2 - fi - - # Set password for user - echo "$USER_NAME:$(cat /run/secrets/sycl_ci_passwd)" | chpasswd - - # Allow user to run as sudo, but only with password - echo "$USER_NAME ALL=(ALL) PASSWD:ALL" >> /etc/sudoers -else - echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers -fi +# Allow user to run as sudo (without a password) +echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers diff --git a/sycl/doc/developer/DockerBKMs.md b/sycl/doc/developer/DockerBKMs.md index e36585c335090..83ced6fbbf220 100644 --- a/sycl/doc/developer/DockerBKMs.md +++ b/sycl/doc/developer/DockerBKMs.md @@ -143,23 +143,12 @@ instructions. ## Changing Docker user -By default all processes within our containers are run as the `sycl_ci` user. -Note: it **does not** have password-less `root` access. +By default all processes within our containers are run as the `sycl` user which +has password-less `sudo` access. If you want to change the user, you can do that by specifying the `-u ` option when running the container. -All containers come with the `/user-setup.sh` script which can used to create -the `sycl` user which has all the same groups as the `sycl_ci` user, but also -has password-less access to `root`. Use the script as follows: - -```bash -# Note: the script requires root permissions to create a new user -/user-setup.sh --regular -# Switch to the newly created user -su - sycl -``` - ## Managing downloaded Docker images List local images: