From 73d04b0398e7d62113351a8a94db0e8919029e83 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Fri, 21 Jul 2017 17:52:52 -0400 Subject: [PATCH] implement fix for #2124 --- .../frontend/yaml/compiler/compiler.go | 12 ++-- .../frontend/yaml/compiler/convert.go | 42 +++++------- .../pipeline/frontend/yaml/linter/linter.go | 65 +++++++++++++------ vendor/vendor.json | 56 ++++++++-------- 4 files changed, 94 insertions(+), 81 deletions(-) diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go index c6c1ae066..95798eef0 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/compiler.go @@ -103,7 +103,7 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config { container.Image = "plugins/git:linux-arm64" } name := fmt.Sprintf("%s_clone", c.prefix) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "clone") stage := new(backend.Stage) stage.Name = name @@ -121,7 +121,7 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config { stage.Alias = container.Name name := fmt.Sprintf("%s_clone_%d", c.prefix, i) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "clone") stage.Steps = append(stage.Steps, step) config.Stages = append(config.Stages, stage) @@ -142,7 +142,7 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config { } name := fmt.Sprintf("%s_services_%d", c.prefix, i) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "services") stage.Steps = append(stage.Steps, step) } @@ -172,7 +172,7 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config { } name := fmt.Sprintf("%s_step_%d", c.prefix, i) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "pipeline") stage.Steps = append(stage.Steps, step) } @@ -188,7 +188,7 @@ func (c *Compiler) setupCache(conf *yaml.Config, ir *backend.Config) { container := c.cacher.Restore(c.metadata.Repo.Name, c.metadata.Curr.Commit.Branch, conf.Cache) name := fmt.Sprintf("%s_restore_cache", c.prefix) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "cache") stage := new(backend.Stage) stage.Name = name @@ -205,7 +205,7 @@ func (c *Compiler) setupCacheRebuild(conf *yaml.Config, ir *backend.Config) { container := c.cacher.Rebuild(c.metadata.Repo.Name, c.metadata.Curr.Commit.Branch, conf.Cache) name := fmt.Sprintf("%s_rebuild_cache", c.prefix) - step := c.createProcess(name, container) + step := c.createProcess(name, container, "cache") stage := new(backend.Stage) stage.Name = name diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go index 527efe3ae..d6f8b442c 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/compiler/convert.go @@ -9,7 +9,7 @@ import ( "github.com/cncd/pipeline/pipeline/frontend/yaml" ) -func (c *Compiler) createProcess(name string, container *yaml.Container) *backend.Step { +func (c *Compiler) createProcess(name string, container *yaml.Container, section string) *backend.Step { var ( detached bool workingdir string @@ -62,25 +62,19 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen // TODO: This is here for backward compatibility and will eventually be removed. environment["DRONE_WORKSPACE"] = path.Join(c.base, c.path) - if !isService(container) { - workingdir = path.Join(c.base, c.path) - } - - if isService(container) { + if section == "services" || container.Detached { detached = true } - if isPlugin(container) { - paramsToEnv(container.Vargs, environment) - - if matchImage(container.Image, c.escalated...) { - privileged = true - entrypoint = []string{} - command = []string{} - } + if detached == false || len(container.Commands) != 0 { + workingdir = path.Join(c.base, c.path) } - if isShell(container) { + if detached == false { + paramsToEnv(container.Vargs, environment) + } + + if len(container.Commands) != 0 { entrypoint = []string{"/bin/sh", "-c"} command = []string{"echo $CI_SCRIPT | base64 -d | /bin/sh -e"} environment["CI_SCRIPT"] = generateScriptPosix(container.Commands) @@ -88,6 +82,12 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen environment["SHELL"] = "/bin/sh" } + if matchImage(container.Image, c.escalated...) { + privileged = true + entrypoint = []string{} + command = []string{} + } + authConfig := backend.Auth{ Username: container.AuthConfig.Username, Password: container.AuthConfig.Password, @@ -166,15 +166,3 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen NetworkMode: network_mode, } } - -func isPlugin(c *yaml.Container) bool { - return len(c.Vargs) != 0 -} - -func isShell(c *yaml.Container) bool { - return len(c.Commands) != 0 -} - -func isService(c *yaml.Container) bool { - return c.Detached || (isPlugin(c) == false && isShell(c) == false) -} diff --git a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/linter/linter.go b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/linter/linter.go index 150184d2a..ff8f76e1d 100644 --- a/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/linter/linter.go +++ b/vendor/github.com/cncd/pipeline/pipeline/frontend/yaml/linter/linter.go @@ -6,6 +6,12 @@ import ( "github.com/cncd/pipeline/pipeline/frontend/yaml" ) +const ( + blockClone uint8 = iota + blockPipeline + blockServices +) + // A Linter lints a pipeline configuration. type Linter struct { trusted bool @@ -22,10 +28,22 @@ func New(opts ...Option) *Linter { // Lint lints the configuration. func (l *Linter) Lint(c *yaml.Config) error { - var containers []*yaml.Container - containers = append(containers, c.Pipeline.Containers...) - containers = append(containers, c.Services.Containers...) + if len(c.Pipeline.Containers) == 0 { + return fmt.Errorf("Invalid or missing pipeline section") + } + if err := l.lint(c.Clone.Containers, blockClone); err != nil { + return err + } + if err := l.lint(c.Pipeline.Containers, blockPipeline); err != nil { + return err + } + if err := l.lint(c.Services.Containers, blockServices); err != nil { + return err + } + return nil +} +func (l *Linter) lint(containers []*yaml.Container, block uint8) error { for _, container := range containers { if err := l.lintImage(container); err != nil { return err @@ -35,15 +53,14 @@ func (l *Linter) Lint(c *yaml.Config) error { return err } } - if isService(container) == false { + if block != blockServices && !container.Detached { if err := l.lintEntrypoint(container); err != nil { return err } } - } - - if len(c.Pipeline.Containers) == 0 { - return fmt.Errorf("Invalid or missing pipeline section") + if err := l.lintCommands(container); err != nil { + return err + } } return nil } @@ -55,6 +72,26 @@ func (l *Linter) lintImage(c *yaml.Container) error { return nil } +func (l *Linter) lintCommands(c *yaml.Container) error { + if len(c.Commands) == 0 { + return nil + } + if len(c.Vargs) != 0 { + var keys []string + for key := range c.Vargs { + keys = append(keys, key) + } + return fmt.Errorf("Cannot configure both commands and custom attributes %v", keys) + } + if len(c.Entrypoint) != 0 { + return fmt.Errorf("Cannot configure both commands and entrypoint attributes") + } + if len(c.Command) != 0 { + return fmt.Errorf("Cannot configure both commands and command attributes") + } + return nil +} + func (l *Linter) lintEntrypoint(c *yaml.Container) error { if len(c.Entrypoint) != 0 { return fmt.Errorf("Cannot override container entrypoint") @@ -95,15 +132,3 @@ func (l *Linter) lintTrusted(c *yaml.Container) error { } return nil } - -func isService(c *yaml.Container) bool { - return !isScript(c) && !isPlugin(c) -} - -func isScript(c *yaml.Container) bool { - return len(c.Commands) != 0 -} - -func isPlugin(c *yaml.Container) bool { - return len(c.Vargs) != 0 -} diff --git a/vendor/vendor.json b/vendor/vendor.json index d6fa74353..8bda8e4c9 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -39,80 +39,80 @@ { "checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=", "path": "github.com/cncd/pipeline/pipeline", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "rO+djTfB4LrT+FBbpotyUUobOtU=", "path": "github.com/cncd/pipeline/pipeline/backend", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "DzP4c915B+gJTE5RCKQHzxwrUg4=", "path": "github.com/cncd/pipeline/pipeline/backend/docker", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "8Hj/OZnYZyz5N2hqENCTTaGtkNQ=", "path": "github.com/cncd/pipeline/pipeline/frontend", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "9KYIsY8WlWbrRAP7caEpWT70P9c=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { - "checksumSHA1": "k+JVxks9V84qd+3kefHEtlqLEAA=", + "checksumSHA1": "EgCQ0v0mExUBHMoxA6+8J8zWqFE=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { - "checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=", + "checksumSHA1": "xBjAqRhLsJyh+8rbaKdPYOntTHw=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "L7Q5qJmPITNmvFEEaj5MPwCWFRk=", "path": "github.com/cncd/pipeline/pipeline/frontend/yaml/types", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=", "path": "github.com/cncd/pipeline/pipeline/interrupt", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=", "path": "github.com/cncd/pipeline/pipeline/multipart", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "YlIaMsvB5fFXRolugambNzkSu4I=", "path": "github.com/cncd/pipeline/pipeline/rpc", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "WAQJYKWUIFBnL1s8AnY4fePnzJ8=", "path": "github.com/cncd/pipeline/pipeline/rpc/proto", - "revision": "d98623616df20e535445b08baef41bde554454e3", - "revisionTime": "2017-07-20T13:40:08Z" + "revision": "ab22744b29732792a53fe22e322a7408ba04d758", + "revisionTime": "2017-07-21T21:40:10Z" }, { "checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=",