Skip to content

G
git2
Commit 3c884cc3 by Patrick Steinhardt
Options

azure: avoid building and testing in Docker as root 

Right now, all tests in libgit2's CI are being executed as root
user. As libgit2 will usually not run as a root user in "normal"
usecases and furthermore as there are tests that rely on the
ability to _not_ be able to create certain paths, let's instead
create an unprivileged user "libgit2" and use that across all
docker images.
parent 9cd5240e
Showing with 33 additions and 17 deletions
azure-pipelines.yml
...@@ -152,7 +152,7 @@ jobs: ...@@ -152,7 +152,7 @@ jobs:
git config user.name 'Documentation Generation' git config user.name 'Documentation Generation'
git config user.email 'libgit2@users.noreply.github.com' git config user.email 'libgit2@users.noreply.github.com'
git branch gh-pages origin/gh-pages git branch gh-pages origin/gh-pages
docker run --rm -v $(Build.SourcesDirectory):/src -w /src libgit2/docurium:latest cm doc api.docurium docker run --rm -v $(Build.SourcesDirectory):/home/libgit2/source -w /home/libgit2/source libgit2/docurium:latest cm doc api.docurium
git checkout gh-pages git checkout gh-pages
cp -R * '$(Build.BinariesDirectory)' cp -R * '$(Build.BinariesDirectory)'
displayName: 'Generate Documentation' displayName: 'Generate Documentation'
......
azure-pipelines/coverity.yml
...@@ -15,12 +15,12 @@ jobs: ...@@ -15,12 +15,12 @@ jobs:
image: xenial image: xenial
base: xenial base: xenial
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: | envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN) COVERITY_TOKEN=$(COVERITY_TOKEN)
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/coverity-build.sh' containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
detached: false detached: false
- task: Docker@0 - task: Docker@0
displayName: Publish displayName: Publish
...@@ -28,11 +28,11 @@ jobs: ...@@ -28,11 +28,11 @@ jobs:
action: 'Run an image' action: 'Run an image'
imageName: 'libgit2/trusty-openssl:latest' imageName: 'libgit2/trusty-openssl:latest'
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: | envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN) COVERITY_TOKEN=$(COVERITY_TOKEN)
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/coverity-publish.sh' containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
detached: false detached: false
continueOnError: true continueOnError: true
azure-pipelines/docker.yml
...@@ -14,11 +14,11 @@ steps: ...@@ -14,11 +14,11 @@ steps:
action: 'Run an image' action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }} imageName: libgit2/${{ parameters.docker.image }}
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }} envVars: ${{ parameters.environmentVariables }}
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/build.sh' containerCommand: '/home/libgit2/source/azure-pipelines/build.sh'
detached: false detached: false
- task: docker@0 - task: docker@0
displayName: Test displayName: Test
...@@ -26,11 +26,11 @@ steps: ...@@ -26,11 +26,11 @@ steps:
action: 'Run an image' action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }} imageName: libgit2/${{ parameters.docker.image }}
volumes: | volumes: |
$(Build.SourcesDirectory):/src $(Build.SourcesDirectory):/home/libgit2/source
$(Build.BinariesDirectory):/build $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }} envVars: ${{ parameters.environmentVariables }}
workDir: '/build' workDir: '/home/libgit2/build'
containerCommand: '/src/azure-pipelines/test.sh' containerCommand: '/home/libgit2/source/azure-pipelines/test.sh'
detached: false detached: false
- task: publishtestresults@2 - task: publishtestresults@2
displayName: Publish Test Results displayName: Publish Test Results
......
azure-pipelines/docker/bionic
...@@ -7,6 +7,7 @@ RUN apt-get update && \ ...@@ -7,6 +7,7 @@ RUN apt-get update && \
curl \ curl \
gcc \ gcc \
git \ git \
gosu \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libpcre3-dev \ libpcre3-dev \
libssh2-1-dev \ libssh2-1-dev \
...@@ -33,3 +34,8 @@ RUN cd /tmp && \ ...@@ -33,3 +34,8 @@ RUN cd /tmp && \
ninja install && \ ninja install && \
cd .. && \ cd .. && \
rm -rf mbedtls-2.16.2 rm -rf mbedtls-2.16.2
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod a+x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
azure-pipelines/docker/entrypoint.sh 0 → 100644
#!/bin/bash
useradd --shell /bin/bash --create-home libgit2
chown -R $(id -u libgit2) /home/libgit2
exec gosu libgit2 "$@"
azure-pipelines/docker/xenial
...@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai ...@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai
curl \ curl \
gcc \ gcc \
git \ git \
gosu \
libcurl4-gnutls-dev \ libcurl4-gnutls-dev \
libpcre3-dev \ libpcre3-dev \
libssh2-1-dev \ libssh2-1-dev \
...@@ -45,3 +46,8 @@ RUN cd /tmp && \ ...@@ -45,3 +46,8 @@ RUN cd /tmp && \
ninja install && \ ninja install && \
cd .. && \ cd .. && \
rm -rf libssh2-1.8.2 rm -rf libssh2-1.8.2
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod a+x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment