Commit 3c884cc3 by Patrick Steinhardt

azure: avoid building and testing in Docker as root

Right now, all tests in libgit2's CI are being executed as root
user. As libgit2 will usually not run as a root user in "normal"
usecases and furthermore as there are tests that rely on the
ability to _not_ be able to create certain paths, let's instead
create an unprivileged user "libgit2" and use that across all
docker images.
parent 9cd5240e
...@@ -152,7 +152,7 @@ jobs: ...@@ -152,7 +152,7 @@ jobs:
git config user.name 'Documentation Generation' git config user.name 'Documentation Generation'
git config user.email 'libgit2@users.noreply.github.com' git config user.email 'libgit2@users.noreply.github.com'
git branch gh-pages origin/gh-pages git branch gh-pages origin/gh-pages
docker run --rm -v $(Build.SourcesDirectory):/src -w /src libgit2/docurium:latest cm doc api.docurium docker run --rm -v $(Build.SourcesDirectory):/home/libgit2/source -w /home/libgit2/source libgit2/docurium:latest cm doc api.docurium
git checkout gh-pages git checkout gh-pages
cp -R * '$(Build.BinariesDirectory)' cp -R * '$(Build.BinariesDirectory)'
displayName: 'Generate Documentation' displayName: 'Generate Documentation'
......
...@@ -15,12 +15,12 @@ jobs: ...@@ -15,12 +15,12 @@ jobs:
image: xenial image: xenial
base: xenial base: xenial
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: | envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN) COVERITY_TOKEN=$(COVERITY_TOKEN)
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/coverity-build.sh' containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
detached: false detached: false
- task: Docker@0 - task: Docker@0
displayName: Publish displayName: Publish
...@@ -28,11 +28,11 @@ jobs: ...@@ -28,11 +28,11 @@ jobs:
action: 'Run an image' action: 'Run an image'
imageName: 'libgit2/trusty-openssl:latest' imageName: 'libgit2/trusty-openssl:latest'
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: | envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN) COVERITY_TOKEN=$(COVERITY_TOKEN)
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/coverity-publish.sh' containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
detached: false detached: false
continueOnError: true continueOnError: true
...@@ -14,11 +14,11 @@ steps: ...@@ -14,11 +14,11 @@ steps:
action: 'Run an image' action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }} imageName: libgit2/${{ parameters.docker.image }}
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }} envVars: ${{ parameters.environmentVariables }}
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/build.sh' containerCommand: '/home/libgit2/source/azure-pipelines/build.sh'
detached: false detached: false
- task: docker@0 - task: docker@0
displayName: Test displayName: Test
...@@ -26,11 +26,11 @@ steps: ...@@ -26,11 +26,11 @@ steps:
action: 'Run an image' action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }} imageName: libgit2/${{ parameters.docker.image }}
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }} envVars: ${{ parameters.environmentVariables }}
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/test.sh' containerCommand: '/home/libgit2/source/azure-pipelines/test.sh'
detached: false detached: false
- task: publishtestresults@2 - task: publishtestresults@2
displayName: Publish Test Results displayName: Publish Test Results
......
...@@ -7,6 +7,7 @@ RUN apt-get update && \ ...@@ -7,6 +7,7 @@ RUN apt-get update && \
curl \ curl \
gcc \ gcc \
git \ git \
gosu \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libpcre3-dev \ libpcre3-dev \
libssh2-1-dev \ libssh2-1-dev \
...@@ -33,3 +34,8 @@ RUN cd /tmp && \ ...@@ -33,3 +34,8 @@ RUN cd /tmp && \
ninja install && \ ninja install && \
cd .. && \ cd .. && \
rm -rf mbedtls-2.16.2 rm -rf mbedtls-2.16.2
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod a+x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
#!/bin/bash
useradd --shell /bin/bash --create-home libgit2
chown -R $(id -u libgit2) /home/libgit2
exec gosu libgit2 "$@"
...@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai ...@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai
curl \ curl \
gcc \ gcc \
git \ git \
gosu \
libcurl4-gnutls-dev \ libcurl4-gnutls-dev \
libpcre3-dev \ libpcre3-dev \
libssh2-1-dev \ libssh2-1-dev \
...@@ -45,3 +46,8 @@ RUN cd /tmp && \ ...@@ -45,3 +46,8 @@ RUN cd /tmp && \
ninja install && \ ninja install && \
cd .. && \ cd .. && \
rm -rf libssh2-1.8.2 rm -rf libssh2-1.8.2
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod a+x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment