chore: review

Author: ndrpp

src/components/c2d/compute_engine_docker.ts

@@ -1520,59 +1520,6 @@ export class C2DEngineDocker extends C2DEngine {
     }
   }
 
-  // private async ensureImage(image: string): Promise<void> {
-  //   try {
-  //     await this.docker.getImage(image).inspect()
-  //   } catch {
-  //     CORE_LOGGER.info(`Image ${image} not found locally, pulling...`)
-  //     const pullStream = await this.docker.pull(image)
-  //     await new Promise<void>((resolve, reject) => {
-  //       this.docker.modem.followProgress(pullStream, (err: any) => {
-  //         if (err) reject(err)
-  //         else resolve()
-  //       })
-  //     })
-  //   }
-  // }
-
-  // private async initializeVolumePermissions(volumeName: string): Promise<boolean> {
-  //   let initContainer: Dockerode.Container | null = null
-  //   try {
-  //     await this.ensureImage('busybox')
-  //     initContainer = await this.docker.createContainer({
-  //       Image: 'busybox',
-  //       Cmd: [
-  //         'sh',
-  //         '-c',
-  //         'mkdir -p /data/inputs /data/outputs /data/transformations /data/ddos /data/logs && chmod 777 /data /data/inputs /data/outputs /data/transformations /data/ddos /data/logs'
-  //       ],
-  //       HostConfig: {
-  //         NetworkMode: 'none',
-  //         Mounts: [{ Type: 'volume', Source: volumeName, Target: '/data' }]
-  //       }
-  //     })
-  //     await initContainer.start()
-  //     const { StatusCode } = await initContainer.wait()
-  //     if (StatusCode !== 0) {
-  //       CORE_LOGGER.error(
-  //         `Volume permission init container exited with code ${StatusCode} for volume ${volumeName}`
-  //       )
-  //       return false
-  //     }
-  //     CORE_LOGGER.info(`Volume permissions initialized successfully for ${volumeName}`)
-  //     return true
-  //   } catch (e) {
-  //     CORE_LOGGER.error(`Failed to initialize volume permissions: ${e.message}`)
-  //     return false
-  //   } finally {
-  //     if (initContainer) {
-  //       try {
-  //         await initContainer.remove()
-  //       } catch {}
-  //     }
-  //   }
-  // }
-
   private async createDockerVolume(
     volume: VolumeCreateOptions,
     retry: boolean = false
@@ -1689,26 +1636,18 @@ export class C2DEngineDocker extends C2DEngine {
         await this.cleanupJob(job)
         return
       }
-      // if (!(await this.initializeVolumePermissions(volume.Name))) {
-      //  job.status = C2DStatusNumber.VolumeCreationFailed
-      //  job.statusText = C2DStatusText.VolumeCreationFailed
-      //  job.isRunning = false
-      //  job.dateFinished = String(Date.now() / 1000)
-      //  await this.db.updateJob(job)
-      //  await this.cleanupJob(job)
-      //  return
-      // }
 
       // create the container
       const mountVols: any = { '/data': {} }
       const hostConfig: HostConfig = {
         NetworkMode: 'none', // no network inside the container
         ReadonlyRootfs: true,
+        // limit number of Pids container can spawn, to avoid flooding
         PidsLimit: 512,
         Tmpfs: {
+          '/home/ubuntu/.cache': 'rw,noexec,nosuid,size=512m',
           '/tmp': 'rw,noexec,nosuid,size=256m',
-          '/run': 'rw,noexec,nosuid,size=64m',
-          '/home/ubuntu/.cache': 'rw,noexec,nosuid,size=256m'
+          '/run': 'rw,noexec,nosuid,size=64m'
         },
         Mounts: [
           {
@@ -2812,23 +2751,12 @@ export class C2DEngineDocker extends C2DEngine {
     const destination = jobFolderPath + '/tarData/upload.tar.gz'
     try {
       tar.create(
-        // map is a valid runtime option but missing from type definitions
         {
           gzip: true,
           file: destination,
           sync: true,
           C: folderToTar
-          // map: (header: any) => {
-          //  header.uid = C2D_CONTAINER_UID
-          //  header.gid = C2D_CONTAINER_GID
-          //  // Docker's putArchive applies chmod but not chown — set directories
-          //  // world-writable so the container user (uid 1000) can write to them
-          //  if (header.type === 'Directory') {
-          //    header.mode = 0o777
-          //  }
-          //  return header
-          // }
-        } as any,
+        },
         ['./']
       )
       // check if tar.gz actually exists