infra/codestorage/hg-ssh
infra/codestorage/hg-ssh/Dockerfile
Update to be more modular. We updated our Mercurial serving architecture to be a bit more modular. The main difference is that we now are based off the secondbit/hg-repo-sync image, and don't need to do as much setup to get the basics (Mercurial, folders, etc.) We now have a pullkeys.ssh script, which pulls down the SSH keys stored in a specified GCS bucket, and creates users for them. This allows us to update who has push access, without modifying the docker image. We also have a custom run.sh script now, instead of starting sshd directly, because we need to do a few things when starting this up: 1. Modify the permissions on the mounted directories while we're root so SSH users can write and read the committed files. We have to do this at start time instead of at image build time because Kubernetes' volumes don't respect the permissions set at build time. 2. Pull all the repos backed up to GCS to local disk, which means that startup automatically picks up at the last known state. This script is built into the image by secondbit/hg-repo-sync. 3. Pull all the SSH keys from GCS, using the new script. This creates the new users and lets us SSH into the server, while keeping the user definitions separate from the image itself. 4. Finally, start the SSH daemon.