From 2ce774a249d9d3fec31f0c6e950ea0b2bace38e6 Mon Sep 17 00:00:00 2001
From: Marc Cataford <mcat@riseup.net>
Date: Sun, 9 Jun 2024 00:23:53 -0400
Subject: [PATCH] feat: support read-only volume annotations

---
 podman/main.go             | 16 +++++++++++-----
 service_definition/main.go |  1 +
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/podman/main.go b/podman/main.go
index bcb7a50..7a70ca3 100644
--- a/podman/main.go
+++ b/podman/main.go
@@ -11,9 +11,9 @@ import (
 // Creates a Podman volume of name `name` if it does not exist.
 //
 // If the volume exists, then behaviour depends on `existsOk`:
-// - If `existsOk` is truthy, then the already-exists error is ignored and
-//   nothing is done;
-// - Else, an error is returned.
+//   - If `existsOk` is truthy, then the already-exists error is ignored and
+//     nothing is done;
+//   - Else, an error is returned.
 func CreateVolume(name string, existsOk bool) error {
 	args := []string{"volume", "create", name}
 
@@ -75,7 +75,7 @@ func StopPod(name string) error {
 }
 
 // Creates individual containers.
-// 
+//
 // Individual containers do not expose any ports by themselves, these
 // are handled by the pod that wraps the containers.
 func CreateContainer(definition service_definition.ContainerDefinition, knownVolumes map[string]string, service string) error {
@@ -93,6 +93,8 @@ func CreateContainer(definition service_definition.ContainerDefinition, knownVol
 
 	for _, volume := range definition.Volumes {
 		var host string
+		var suffix string
+
 		container := volume.Container
 
 		if volume.Name != "" {
@@ -104,7 +106,11 @@ func CreateContainer(definition service_definition.ContainerDefinition, knownVol
 			log.Fatal("Invalid volume source configuration")
 		}
 
-		arg := []string{"-v", host + ":" + container}
+		if volume.ReadOnly == true {
+			suffix = ":ro"
+		}
+
+		arg := []string{"-v", host + ":" + container + suffix}
 
 		args = append(args, arg...)
 	}
diff --git a/service_definition/main.go b/service_definition/main.go
index f69084b..713a474 100644
--- a/service_definition/main.go
+++ b/service_definition/main.go
@@ -20,6 +20,7 @@ type VolumeConfiguration struct {
 	Name      string `yaml:"name"`
 	Container string `yaml:"container"`
 	Host      string `yaml:"host"`
+	ReadOnly  bool   `yaml:"readonly"`
 }
 
 type ContainerDefinition struct {