Add proxy mode to run_container_operation (#34)

pavelzw · beckermr · web-flow · commit 5b6efafb2a8e · 2025-01-26T13:54:09.000Z
* Add proxy mode to `run_container_operation`

* add proxy_in_container

* format

---------

Co-authored-by: Matthew R. Becker &lt;beckermr@users.noreply.github.com&gt;
diff --git a/conda_forge_feedstock_ops/container_utils.py b/conda_forge_feedstock_ops/container_utils.py
@@ -12,6 +12,26 @@
 
 DEFAULT_CONTAINER_TMPFS_SIZE_MB = 6000
 
+CONTAINER_PROXY_MODE = os.environ.get(
+    "CF_FEEDSTOCK_OPS_CONTAINER_PROXY_MODE", "false"
+).lower() in ("yes", "true", "t", "1")
+"""
+Whether to use a proxy that is locally configured for all requests inside the container.
+Set the environment variable `CF_FEEDSTOCK_OPS_CONTAINER_PROXY_MODE` to 'true' to enable this feature.
+"""
+
+PROXY_IN_CONTAINER = os.environ.get(
+    "CF_FEEDSTOCK_OPS_PROXY_IN_CONTAINER", "http://host.docker.internal:8080"
+)
+"""
+The hostname of the proxy to use in the container.
+The default value of 'http://host.docker.internal:8080' is the default value for Docker Desktop on Windows and macOS.
+It also works for OrbStack.
+
+For podman, use http://host.containers.internal:8080.
+For GitHub Actions, use http://172.17.0.1:8080, see https://stackoverflow.com/a/65505308
+"""
+
 
 def get_default_container_name():
     """Get the default container name for feedstock ops.
@@ -97,6 +117,28 @@ def get_default_log_level_args(logger):
     ]
 
 
+def _get_proxy_mode_container_args():
+    if not CONTAINER_PROXY_MODE:
+        return []
+    assert os.environ["SSL_CERT_FILE"] == os.environ["REQUESTS_CA_BUNDLE"]
+    return [
+        "-e",
+        f"http_proxy={PROXY_IN_CONTAINER}",
+        "-e",
+        f"https_proxy={PROXY_IN_CONTAINER}",
+        "-e",
+        f"no_proxy={os.environ.get('no_proxy', '')}",
+        "-e",
+        "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt",
+        "-e",
+        "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt",
+        "--network",
+        "host",
+        "-v",
+        f"{os.environ['SSL_CERT_FILE']}:/etc/ssl/certs/ca-certificates.crt:ro",
+    ]
+
+
 def run_container_operation(
     args: Iterable[str],
     json_loads: Callable = json.loads,
@@ -146,6 +188,7 @@ def run_container_operation(
     cmd = [
         *get_default_container_run_args(tmpfs_size_mb=tmpfs_size_mb),
         *mnt_args,
+        *_get_proxy_mode_container_args(),
         *extra_container_args,
         get_default_container_name(),
         *args,
