Bug 1394883: use /builds/worker in image building; r=gps

This includes adding TASKCLUSTER_VOLUMES to docker image builds directly.  The
env variable is not added as part of the task transform because `run-task` is
not in payload.command.  In fact, build-image.sh calls run-task after doing
some other housekeeping.

Ideally image builds would be turned into jobs and all of this would occur
automatically, but that turns out to be quite a bit too complex for this
incidental fix -- perhaps best solved in another bug.

MozReview-Commit-ID: FYHvafJras7

--HG--
extra : rebase_source : 4e3b9ae9900727e7932c13ced34b3f8596d755d9

taskcluster/docker/image_builder/Dockerfile

@@ -22,12 +22,12 @@ ADD setup.sh            /setup/setup.sh
 RUN bash /setup/setup.sh
 
 # Setup a workspace that won't use AUFS.
-VOLUME /home/worker/checkouts
-VOLUME /home/worker/workspace
+VOLUME /builds/worker/checkouts
+VOLUME /builds/worker/workspace
 
 # Set variable normally configured at login, by the shells parent process, these
 # are taken from GNU su manual
-ENV           HOME          /home/worker
+ENV           HOME          /builds/worker
 ENV           SHELL         /bin/bash
 ENV           USER          worker
 ENV           LOGNAME       worker
@@ -35,8 +35,8 @@ ENV           HOSTNAME      taskcluster-worker
 ENV           LC_ALL        C
 
 # Create worker user
-RUN useradd -d /home/worker -s /bin/bash -m worker
+RUN useradd -d /builds/worker -s /bin/bash -m worker
 
 # Set some sane defaults
-WORKDIR /home/worker/
+WORKDIR /builds/worker/
 CMD     build-image.sh

taskcluster/docker/image_builder/HASH

@@ -1 +1 @@
-sha256:ceaaf92511cfbff711598005585127953873332c62f245dcf1892510c4eb371f
+sha256:24ce54a1602453bc93515aecd9d4ad25a22115fbc4b209ddb5541377e9a37315

taskcluster/docker/image_builder/VERSION

@@ -1 +1 @@
-1.3.0
+2.0.0

taskcluster/docker/image_builder/build-image.sh

@@ -18,21 +18,21 @@ test -n "$PROJECT"    || raise_error "PROJECT must be provided."
 test -n "$HASH"       || raise_error "Context HASH must be provided."
 test -n "$IMAGE_NAME" || raise_error "IMAGE_NAME must be provided."
 
-# Create artifact folder
-mkdir -p /home/worker/workspace/artifacts
-
 # Construct a CONTEXT_FILE
-CONTEXT_FILE=/home/worker/workspace/context.tar
+CONTEXT_FILE=/builds/worker/workspace/context.tar
 
 # Run ./mach taskcluster-build-image with --context-only to build context
 run-task \
-  --vcs-checkout "/home/worker/checkouts/gecko" \
+  --vcs-checkout "/builds/worker/checkouts/gecko" \
   -- \
-  /home/worker/checkouts/gecko/mach taskcluster-build-image \
+  /builds/worker/checkouts/gecko/mach taskcluster-build-image \
   --context-only "$CONTEXT_FILE" \
   "$IMAGE_NAME"
 test -f "$CONTEXT_FILE" || raise_error "Context file wasn't created"
 
+# Create artifact folder (note that this must occur after run-task)
+mkdir -p /builds/worker/workspace/artifacts
+
 # Post context tar-ball to docker daemon
 # This interacts directly with the docker remote API, see:
 # https://docs.docker.com/engine/reference/api/docker_remote_api_v1.18/
@@ -63,5 +63,5 @@ fi
 # The script will retry up to 10 times.
 /usr/local/bin/download-and-compress \
     http+unix://%2Fvar%2Frun%2Fdocker.sock/images/${IMAGE_NAME}:${HASH}/get \
-    /home/worker/workspace/image.tar.zst.tmp \
-    /home/worker/workspace/artifacts/image.tar.zst
+    /builds/worker/workspace/image.tar.zst.tmp \
+    /builds/worker/workspace/artifacts/image.tar.zst

taskcluster/docker/image_builder/setup.sh

@@ -29,7 +29,7 @@ chmod +x /usr/local/bin/run-task
 chmod +x /usr/local/bin/download-and-compress
 
 # Create workspace
-mkdir -p /home/worker/workspace
+mkdir -p /builds/worker/workspace
 
 # Install python-zstandard.
 cd /setup

taskcluster/taskgraph/transforms/docker_image.py

@@ -100,20 +100,20 @@ def fill_template(config, tasks):
                 'caches': [{
                     'type': 'persistent',
                     'name': 'level-{}-imagebuilder-v1'.format(config.params['level']),
-                    'mount-point': '/home/worker/checkouts',
+                    'mount-point': '/builds/worker/checkouts',
                 }],
                 'volumes': [
-                    # Keep in sync with Dockerfile.
-                    '/home/worker/checkouts',
-                    '/home/worker/workspace',
+                    # Keep in sync with Dockerfile and TASKCLUSTER_VOLUMES
+                    '/builds/worker/checkouts',
+                    '/builds/worker/workspace',
                 ],
                 'artifacts': [{
                     'type': 'file',
-                    'path': '/home/worker/workspace/artifacts/image.tar.zst',
+                    'path': '/builds/worker/workspace/artifacts/image.tar.zst',
                     'name': 'public/image.tar.zst',
                 }],
                 'env': {
-                    'HG_STORE_PATH': '/home/worker/checkouts/hg-store',
+                    'HG_STORE_PATH': '/builds/worker/checkouts/hg-store',
                     'HASH': context_hash,
                     'PROJECT': config.params['project'],
                     'IMAGE_NAME': image_name,
@@ -121,6 +121,7 @@ def fill_template(config, tasks):
                     'GECKO_BASE_REPOSITORY': config.params['base_repository'],
                     'GECKO_HEAD_REPOSITORY': config.params['head_repository'],
                     'GECKO_HEAD_REV': config.params['head_rev'],
+                    'TASKCLUSTER_VOLUMES': '/builds/worker/checkouts;/builds/worker/workspace',
                 },
                 'chain-of-trust': True,
                 'docker-in-docker': True,