Shell-less containers

[wneirynck]

Currently the OCI container driver requires that /bin/sh is present in the image to execute the job along with the sidecar. This poses a problem for minimal images that do not provide this (like Kaniko). The OCI container instances currently have no way to create init containers, only simultaneously started containers. Possible solutions to this problem could be:

• Run these containers using another driver, like Kubernetes, that do allow init containers to prepare the workspace
• Don't support this and have the user use another (possibly derived) image that contains /bin/sh.
• Create a custom image at runtime (e.g. using buildah that adds the workspace files and then run this container.

All of the above require some intervention from the user, at the minimum by setting some flag to indicate to MonkeyCI that there is special treatment required. It is however possible to "inspect" image contents without executing it, to see if the shell executable is present. See this StackOverflow answer. This would at least allow us to avoid user intervention, at the cost of more complexity and performance.

[wneirynck]

Using buildah again requires privileged containers, or perhaps a lot of fiddling with permissions and setuid/setgid stuff. This could be possible if we set up some microservice whose responsability would be creating these custom containers.