Merge pull request #5239 from pks-t/pks/docker-non-root-builds azure: avoid building and testing in Docker as root
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 5e28d2b..00cca7e 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -152,7 +152,7 @@ jobs:
git config user.name 'Documentation Generation'
git config user.email 'libgit2@users.noreply.github.com'
git branch gh-pages origin/gh-pages
- docker run --rm -v $(Build.SourcesDirectory):/src -w /src libgit2/docurium:latest cm doc api.docurium
+ docker run --rm -v $(Build.SourcesDirectory):/home/libgit2/source -w /home/libgit2/source libgit2/docurium:latest cm doc api.docurium
git checkout gh-pages
cp -R * '$(Build.BinariesDirectory)'
displayName: 'Generate Documentation'
diff --git a/azure-pipelines/coverity.yml b/azure-pipelines/coverity.yml
index 28ab5ab..3ff285d 100644
--- a/azure-pipelines/coverity.yml
+++ b/azure-pipelines/coverity.yml
@@ -15,12 +15,12 @@ jobs:
image: xenial
base: xenial
volumes: |
- $(Build.SourcesDirectory):/src
- $(Build.BinariesDirectory):/build
+ $(Build.SourcesDirectory):/home/libgit2/source
+ $(Build.BinariesDirectory):/home/libgit2/build
envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN)
- workDir: '/build'
- containerCommand: '/src/azure-pipelines/coverity-build.sh'
+ workDir: '/home/libgit2/build'
+ containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
detached: false
- task: Docker@0
displayName: Publish
@@ -28,11 +28,11 @@ jobs:
action: 'Run an image'
imageName: 'libgit2/trusty-openssl:latest'
volumes: |
- $(Build.SourcesDirectory):/src
- $(Build.BinariesDirectory):/build
+ $(Build.SourcesDirectory):/home/libgit2/source
+ $(Build.BinariesDirectory):/home/libgit2/build
envVars: |
COVERITY_TOKEN=$(COVERITY_TOKEN)
- workDir: '/build'
- containerCommand: '/src/azure-pipelines/coverity-publish.sh'
+ workDir: '/home/libgit2/build'
+ containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
detached: false
continueOnError: true
diff --git a/azure-pipelines/docker.yml b/azure-pipelines/docker.yml
index ce1e73d..dea1ce5 100644
--- a/azure-pipelines/docker.yml
+++ b/azure-pipelines/docker.yml
@@ -14,11 +14,11 @@ steps:
action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }}
volumes: |
- $(Build.SourcesDirectory):/src
- $(Build.BinariesDirectory):/build
+ $(Build.SourcesDirectory):/home/libgit2/source
+ $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }}
- workDir: '/build'
- containerCommand: '/src/azure-pipelines/build.sh'
+ workDir: '/home/libgit2/build'
+ containerCommand: '/home/libgit2/source/azure-pipelines/build.sh'
detached: false
- task: docker@0
displayName: Test
@@ -26,11 +26,11 @@ steps:
action: 'Run an image'
imageName: libgit2/${{ parameters.docker.image }}
volumes: |
- $(Build.SourcesDirectory):/src
- $(Build.BinariesDirectory):/build
+ $(Build.SourcesDirectory):/home/libgit2/source
+ $(Build.BinariesDirectory):/home/libgit2/build
envVars: ${{ parameters.environmentVariables }}
- workDir: '/build'
- containerCommand: '/src/azure-pipelines/test.sh'
+ workDir: '/home/libgit2/build'
+ containerCommand: '/home/libgit2/source/azure-pipelines/test.sh'
detached: false
- task: publishtestresults@2
displayName: Publish Test Results
diff --git a/azure-pipelines/docker/bionic b/azure-pipelines/docker/bionic
index f59cf34..83d96ab 100644
--- a/azure-pipelines/docker/bionic
+++ b/azure-pipelines/docker/bionic
@@ -7,6 +7,7 @@ RUN apt-get update && \
curl \
gcc \
git \
+ gosu \
libcurl4-openssl-dev \
libpcre3-dev \
libssh2-1-dev \
@@ -33,3 +34,8 @@ RUN cd /tmp && \
ninja install && \
cd .. && \
rm -rf mbedtls-2.16.2
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/azure-pipelines/docker/entrypoint.sh b/azure-pipelines/docker/entrypoint.sh
new file mode 100644
index 0000000..2118a2b
--- /dev/null
+++ b/azure-pipelines/docker/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+useradd --shell /bin/bash --create-home libgit2
+chown -R $(id -u libgit2) /home/libgit2
+exec gosu libgit2 "$@"
diff --git a/azure-pipelines/docker/xenial b/azure-pipelines/docker/xenial
index db52a75..62d42b2 100644
--- a/azure-pipelines/docker/xenial
+++ b/azure-pipelines/docker/xenial
@@ -9,6 +9,7 @@ RUN echo 'deb http://ppa.launchpad.net/hola-launchpad/valgrind/ubuntu xenial mai
curl \
gcc \
git \
+ gosu \
libcurl4-gnutls-dev \
libpcre3-dev \
libssh2-1-dev \
@@ -45,3 +46,8 @@ RUN cd /tmp && \
ninja install && \
cd .. && \
rm -rf libssh2-1.8.2
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]