devcontainer/supervisor/rootfs/usr/bin/supervisor_run at b4d84be62740a5aeb777a2b6cf3cb8ea7f5720de · home-assistant/devcontainer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash

set -e

source /etc/supervisor_scripts/common

WD="${WORKSPACE_DIRECTORY:=/workspaces/supervisor}"
DOCKERFILE_PATH="${WD}/Dockerfile"
SUPERVISOR_IMAGE_LOCAL="ghcr.io/home-assistant/${HA_ARCH}-hassio-supervisor:latest"

function get_build_from() {
    local build_from

    build_from=$(sed -n 's/^ARG BUILD_FROM=//p' "${DOCKERFILE_PATH}" | head -n 1)

    if [ -z "${build_from}" ]; then
        echo "Unable to determine BUILD_FROM from ${DOCKERFILE_PATH}" >&2
        exit 1
    fi

    echo "${build_from}"
}

echo "Run Supervisor"

function build_supervisor() {
    local base_image
    base_image="$(get_build_from)"

    docker pull "${base_image}"
    cosign verify \
          --certificate-oidc-issuer https://token.actions.githubusercontent.com \
          --certificate-identity-regexp https://github.com/home-assistant/docker-base/.* \
          "${base_image}"

    docker buildx build \
        --load \
        --no-cache \
        --tag "${SUPERVISOR_IMAGE_LOCAL}" \
        "${WD}"
}

function run_supervisor() {
    validate_devcontainer "supervisor"

    local apparmor_profile="hassio-supervisor"
    if [ -n "${SUPERVISOR_UNCONFINED}" ]; then
        apparmor_profile="unconfined"
    fi

    echo "Start Supervisor"
    docker run --rm --privileged \
        --name hassio_supervisor \
        --privileged \
        --security-opt seccomp=unconfined \
        --security-opt "apparmor=${apparmor_profile}" \
        -v /run/docker.sock:/run/docker.sock:rw \
        -v /run/dbus:/run/dbus:ro \
        -v /run/supervisor:/run/os:rw \
        -v /run/udev:/run/udev:ro \
        -v "/mnt/supervisor":/data:rw \
        -v /etc/machine-id:/etc/machine-id:ro \
        -v "${WD}:/usr/src/supervisor" \
        -e SUPERVISOR_SHARE="/mnt/supervisor" \
        -e SUPERVISOR_NAME=hassio_supervisor \
        -e SUPERVISOR_DEV=1 \
        -e SUPERVISOR_MACHINE="qemu${QEMU_ARCH}" \
        -e SUPERVISOR_SYSTEMD_JOURNAL_GATEWAYD_URL="http://172.30.32.1:19531/" \
        "${SUPERVISOR_IMAGE_LOCAL}"
}


if [ "$( docker container inspect -f '{{.State.Status}}' hassio_supervisor )" == "running" ]; then
    echo "Restarting Supervisor"
    docker rm -f hassio_supervisor
    cleanup_lastboot
    run_supervisor
else
    echo "Starting Supervisor"
    docker system prune -f
    build_supervisor
    cleanup_lastboot
    cleanup_docker
    run_supervisor
fi