mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-23 17:53:23 +02:00
Move id_rsa outside docker build #PR1
This commit is contained in:
parent
5539f63ba5
commit
82f6b77baf
@ -218,10 +218,6 @@ func (b *Builder) setup() error {
|
||||
b.services = append(b.services, info)
|
||||
}
|
||||
|
||||
if err := b.writeIdentifyFile(dir); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := b.writeBuildScript(dir); err != nil {
|
||||
return err
|
||||
}
|
||||
@ -455,11 +451,8 @@ func (b *Builder) writeDockerfile(dir string) error {
|
||||
dockerfile.WriteEnv("LOGNAME", "ubuntu")
|
||||
dockerfile.WriteEnv("TERM", "xterm")
|
||||
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
||||
dockerfile.WriteAdd("id_rsa", "/home/ubuntu/.ssh/id_rsa")
|
||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /home/ubuntu/.ssh")
|
||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone")
|
||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone")
|
||||
dockerfile.WriteRun("sudo chmod 600 /home/ubuntu/.ssh/id_rsa")
|
||||
default:
|
||||
// all other images are assumed to use
|
||||
// the root user.
|
||||
@ -471,9 +464,6 @@ func (b *Builder) writeDockerfile(dir string) error {
|
||||
dockerfile.WriteEnv("TERM", "xterm")
|
||||
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
||||
dockerfile.WriteEnv("GOPATH", "/var/cache/drone")
|
||||
dockerfile.WriteAdd("id_rsa", "/root/.ssh/id_rsa")
|
||||
dockerfile.WriteRun("chmod 600 /root/.ssh/id_rsa")
|
||||
dockerfile.WriteRun("echo 'StrictHostKeyChecking no' > /root/.ssh/config")
|
||||
}
|
||||
|
||||
dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/")
|
||||
@ -512,6 +502,8 @@ func (b *Builder) writeBuildScript(dir string) error {
|
||||
f.WriteHost(mapping)
|
||||
}
|
||||
|
||||
f.WriteFile("$HOME/.ssh/id_rsa", b.Key, 600)
|
||||
|
||||
// if the repository is remote then we should
|
||||
// add the commands to the build script to
|
||||
// clone the repository
|
||||
@ -554,11 +546,3 @@ func (b *Builder) writeProxyScript(dir string) error {
|
||||
proxyfilePath := filepath.Join(dir, "proxy.sh")
|
||||
return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755)
|
||||
}
|
||||
|
||||
// writeIdentifyFile is a helper function that
|
||||
// will generate the id_rsa file in the builder's
|
||||
// temp directory to be added to the Image.
|
||||
func (b *Builder) writeIdentifyFile(dir string) error {
|
||||
keyfilePath := filepath.Join(dir, "id_rsa")
|
||||
return ioutil.WriteFile(keyfilePath, b.Key, 0700)
|
||||
}
|
||||
|
@ -477,26 +477,6 @@ func TestRunErrorWait(t *testing.T) {
|
||||
t.Skip()
|
||||
}
|
||||
|
||||
func TestWriteIdentifyFile(t *testing.T) {
|
||||
// temporary directory to store file
|
||||
dir, _ := ioutil.TempDir("", "drone-test-")
|
||||
defer os.RemoveAll(dir)
|
||||
|
||||
b := Builder{}
|
||||
b.Key = []byte("ssh-rsa AAA...")
|
||||
b.writeIdentifyFile(dir)
|
||||
|
||||
// persist a dummy id_rsa keyfile to disk
|
||||
keyfile, err := ioutil.ReadFile(filepath.Join(dir, "id_rsa"))
|
||||
if err != nil {
|
||||
t.Errorf("Expected id_rsa file saved to disk")
|
||||
}
|
||||
|
||||
if string(keyfile) != string(b.Key) {
|
||||
t.Errorf("Expected id_rsa value saved as %s, got %s", b.Key, keyfile)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWriteProxyScript(t *testing.T) {
|
||||
// temporary directory to store file
|
||||
dir, _ := ioutil.TempDir("", "drone-test-")
|
||||
@ -541,6 +521,7 @@ func TestWriteBuildScript(t *testing.T) {
|
||||
b := Builder{}
|
||||
b.Build = &script.Build{
|
||||
Hosts: []string{"127.0.0.1"}}
|
||||
b.Key = []byte("ssh-rsa AAA...")
|
||||
b.Repo = &repo.Repo{
|
||||
Path: "git://github.com/drone/drone.git",
|
||||
Branch: "master",
|
||||
@ -570,6 +551,7 @@ func TestWriteBuildScript(t *testing.T) {
|
||||
f.WriteEnv("CI_BRANCH", "master")
|
||||
f.WriteEnv("CI_PULL_REQUEST", "123")
|
||||
f.WriteHost("127.0.0.1")
|
||||
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
|
||||
f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone")
|
||||
f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123")
|
||||
f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123")
|
||||
|
@ -52,6 +52,12 @@ func (b *Buildfile) WriteHost(mapping string) {
|
||||
b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping))
|
||||
}
|
||||
|
||||
// WriteFile add files as part of the script.
|
||||
func (b *Buildfile) WriteFile(path string, file []byte, i int) {
|
||||
b.WriteString(fmt.Sprintf("echo %q | tee %s > /dev/null\n", string(file), path))
|
||||
b.WriteCmdSilent(fmt.Sprintf("chmod %d %s", i, path))
|
||||
}
|
||||
|
||||
// every build script starts with the following
|
||||
// code at the start.
|
||||
var base = `
|
||||
@ -70,6 +76,13 @@ if [ -d /etc/drone.d ]; then
|
||||
unset i
|
||||
fi
|
||||
|
||||
if [ ! -d $HOME/.ssh ]; then
|
||||
mkdir -p $HOME/.ssh
|
||||
fi
|
||||
|
||||
chmod 0700 $HOME/.ssh
|
||||
echo 'StrictHostKeyChecking no' | tee $HOME/.ssh/config > /dev/null
|
||||
|
||||
# be sure to exit on error and print out
|
||||
# our bash commands, so we can which commands
|
||||
# are executing and troubleshoot failures.
|
||||
|
@ -46,4 +46,11 @@ func TestWrite(t *testing.T) {
|
||||
if got != want {
|
||||
t.Errorf("Exepected WriteHost returned %s, got %s", want, got)
|
||||
}
|
||||
|
||||
f = &Buildfile{}
|
||||
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
|
||||
got, want = f.String(), "echo \"ssh-rsa AAA...\" | tee $HOME/.ssh/id_rsa > /dev/null\nchmod 600 $HOME/.ssh/id_rsa\n"
|
||||
if got != want {
|
||||
t.Errorf("Exepected WriteFile returned \n%s, \ngot\n%s", want, got)
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user