thodg/libgit2

Browse

Commit 0ec0b2bbd5c4ce5ccec172c63108d95057ec4c4d

Edward Thomson 2019-09-28T17:39:09

Merge pull request #5239 from pks-t/pks/docker-non-root-builds azure: avoid building and testing in Docker as root 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 5e28d2b..00cca7e 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -152,7 +152,7 @@ jobs:
       git config user.name 'Documentation Generation'
       git config user.email 'libgit2@users.noreply.github.com'
       git branch gh-pages origin/gh-pages
-      docker run --rm -v $(Build.SourcesDirectory):/src -w /src libgit2/docurium:latest cm doc api.docurium
+      docker run --rm -v $(Build.SourcesDirectory):/home/libgit2/source -w /home/libgit2/source libgit2/docurium:latest cm doc api.docurium
       git checkout gh-pages
       cp -R * '$(Build.BinariesDirectory)'
     displayName: 'Generate Documentation'
diff --git a/azure-pipelines/coverity.yml b/azure-pipelines/coverity.yml
index 28ab5ab..3ff285d 100644
--- a/azure-pipelines/coverity.yml
+++ b/azure-pipelines/coverity.yml
@@ -15,12 +15,12 @@ jobs:
         image: xenial
         base: xenial
       volumes: |
-       $(Build.SourcesDirectory):/src
-       $(Build.BinariesDirectory):/build
+       $(Build.SourcesDirectory):/home/libgit2/source
+       $(Build.BinariesDirectory):/home/libgit2/build
       envVars: |
        COVERITY_TOKEN=$(COVERITY_TOKEN)
-      workDir: '/build'
-      containerCommand: '/src/azure-pipelines/coverity-build.sh'
+      workDir: '/home/libgit2/build'
+      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
       detached: false
   - task: Docker@0
     displayName: Publish
@@ -28,11 +28,11 @@ jobs:
       action: 'Run an image'
       imageName: 'libgit2/trusty-openssl:latest'
       volumes: |
-       $(Build.SourcesDirectory):/src
-       $(Build.BinariesDirectory):/build
+       $(Build.SourcesDirectory):/home/libgit2/source
+       $(Build.BinariesDirectory):/home/libgit2/build
       envVars: |
        COVERITY_TOKEN=$(COVERITY_TOKEN)
-      workDir: '/build'
-      containerCommand: '/src/azure-pipelines/coverity-publish.sh'
+      workDir: '/home/libgit2/build'
+      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
       detached: false
     continueOnError: true
diff --git a/azure-pipelines/docker.yml b/azure-pipelines/docker.yml
index ce1e73d..dea1ce5 100644
--- a/azure-pipelines/docker.yml
+++ b/azure-pipelines/docker.yml
@@ -14,11 +14,11 @@ steps:
     action: 'Run an image'
     imageName: libgit2/${{ parameters.docker.image }}
     volumes: |
-     $(Build.SourcesDirectory):/src
-     $(Build.BinariesDirectory):/build
+     $(Build.SourcesDirectory):/home/libgit2/source
+     $(Build.BinariesDirectory):/home/libgit2/build
     envVars: ${{ parameters.environmentVariables }}
-    workDir: '/build'
-    containerCommand: '/src/azure-pipelines/build.sh'
+    workDir: '/home/libgit2/build'
+    containerCommand: '/home/libgit2/source/azure-pipelines/build.sh'
     detached: false
 - task: docker@0
   displayName: Test
@@ -26,11 +26,11 @@ steps:
     action: 'Run an image'
     imageName: libgit2/${{ parameters.docker.image }}
     volumes: |
-     $(Build.SourcesDirectory):/src
-     $(Build.BinariesDirectory):/build
+     $(Build.SourcesDirectory):/home/libgit2/source
+     $(Build.BinariesDirectory):/home/libgit2/build
     envVars: ${{ parameters.environmentVariables }}
-    workDir: '/build'
-    containerCommand: '/src/azure-pipelines/test.sh'
+    workDir: '/home/libgit2/build'
+    containerCommand: '/home/libgit2/source/azure-pipelines/test.sh'
     detached: false
 - task: publishtestresults@2
   displayName: Publish Test Results
diff --git a/azure-pipelines/docker/bionic b/azure-pipelines/docker/bionic
index f59cf34..83d96ab 100644
--- a/azure-pipelines/docker/bionic
+++ b/azure-pipelines/docker/bionic
@@ -7,6 +7,7 @@ RUN apt-get update && \
         curl \
         gcc \
         git \
+        gosu \
         libcurl4-openssl-dev \
         libpcre3-dev \
         libssh2-1-dev \
@@ -33,3 +34,8 @@ RUN cd /tmp && \
     ninja install && \
     cd .. && \
     rm -rf mbedtls-2.16.2
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/azure-pipelines/docker/entrypoint.sh b/azure-pipelines/docker/entrypoint.sh
new file mode 100644
index 0000000..2118a2b
--- /dev/null
+++ b/azure-pipelines/docker/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+useradd --shell /bin/bash --create-home libgit2
+chown -R $(id -u libgit2) /home/libgit2
+exec gosu libgit2 "$@"
diff --git a/azure-pipelines/docker/xenial b/azure-pipelines/docker/xenial
index db52a75..62d42b2 100644
--- a/azure-pipelines/docker/xenial
+++ b/azure-pipelines/docker/xenial
@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai
         curl \
         gcc \
         git \
+        gosu \
         libcurl4-gnutls-dev \
         libpcre3-dev \
         libssh2-1-dev \
@@ -45,3 +46,8 @@ RUN cd /tmp && \
     ninja install && \
     cd .. && \
     rm -rf libssh2-1.8.2
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
kmx.io     mail     discord kmxgit v0.4.0