upgpkg: woodpecker-agent-sudo 2.0.0-1
This commit is contained in:
parent
b81d053a48
commit
db46f8945a
|
@ -1,7 +1,7 @@
|
|||
pkgbase = woodpecker-agent-sudo
|
||||
pkgdesc = A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines
|
||||
pkgver = 1.0.2
|
||||
pkgrel = 2
|
||||
pkgver = 2.0.0
|
||||
pkgrel = 1
|
||||
url = https://woodpecker-ci.org
|
||||
arch = x86_64
|
||||
license = Apache
|
||||
|
@ -15,7 +15,7 @@ pkgbase = woodpecker-agent-sudo
|
|||
replaces = woodpecker-agent
|
||||
options = !lto
|
||||
backup = etc/woodpecker/agent.env
|
||||
source = woodpecker::git+https://github.com/woodpecker-ci/woodpecker#commit=d9e06696bf85f260a0550d58301ac396874b32e3
|
||||
source = woodpecker::git+https://github.com/woodpecker-ci/woodpecker#commit=0fc428aa8eb8152aafd186d5232f27008c78add8
|
||||
source = agent-systemd.service
|
||||
source = agent-sysusers.conf
|
||||
source = agent-tmpfiles.conf
|
||||
|
@ -27,7 +27,7 @@ pkgbase = woodpecker-agent-sudo
|
|||
b2sums = 373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3
|
||||
b2sums = b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab
|
||||
b2sums = 9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8
|
||||
b2sums = 3f7cb5620859d171b0fc9c177c09388a830bdc2343f8182bb794c18544070a78f6fd692c699c5c9fda262bf4919bb53a696ea7396c4e9c7e987788f052e9f19f
|
||||
b2sums = 85b75986c0df0853126eb20ce80861337654646bb3df02666b6c77962090df12be35eac11dab724d96c4c4b1e6c373ce0a8d6b99843232be0311273bddb1141a
|
||||
b2sums = 1e586f4ef03c0928a9371c24c222b3dbe08cf11fd3ea912eff86103085faf04b5c19391d16bfb6d5ec67e5cb5556485825b3bee8124359bbaa89c6e6ea3357b8
|
||||
b2sums = 86cbff1c5554c4426b3de872696cae6eed093987ccec940283e340e6cc23d226d268b38f0843b19d2706167f13ac4e20d9340f47ce5dc8ad3cbdb80d501c4fc4
|
||||
|
||||
pkgname = woodpecker-agent-sudo
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
|
||||
_pkgname='woodpecker-agent'
|
||||
pkgname=$_pkgname-sudo
|
||||
pkgver=1.0.2
|
||||
pkgrel=2
|
||||
pkgver=2.0.0
|
||||
pkgrel=1
|
||||
pkgdesc='A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines'
|
||||
arch=('x86_64')
|
||||
url='https://woodpecker-ci.org'
|
||||
|
@ -17,7 +17,7 @@ optdepends=(
|
|||
)
|
||||
makedepends=('git' 'go')
|
||||
options=('!lto')
|
||||
_commit='d9e06696bf85f260a0550d58301ac396874b32e3'
|
||||
_commit='0fc428aa8eb8152aafd186d5232f27008c78add8'
|
||||
replaces=($_pkgname)
|
||||
conflicts=($_pkgname)
|
||||
backup=('etc/woodpecker/agent.env')
|
||||
|
@ -35,8 +35,8 @@ b2sums=('SKIP'
|
|||
'373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3'
|
||||
'b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab'
|
||||
'9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8'
|
||||
'3f7cb5620859d171b0fc9c177c09388a830bdc2343f8182bb794c18544070a78f6fd692c699c5c9fda262bf4919bb53a696ea7396c4e9c7e987788f052e9f19f'
|
||||
'85b75986c0df0853126eb20ce80861337654646bb3df02666b6c77962090df12be35eac11dab724d96c4c4b1e6c373ce0a8d6b99843232be0311273bddb1141a')
|
||||
'1e586f4ef03c0928a9371c24c222b3dbe08cf11fd3ea912eff86103085faf04b5c19391d16bfb6d5ec67e5cb5556485825b3bee8124359bbaa89c6e6ea3357b8'
|
||||
'86cbff1c5554c4426b3de872696cae6eed093987ccec940283e340e6cc23d226d268b38f0843b19d2706167f13ac4e20d9340f47ce5dc8ad3cbdb80d501c4fc4')
|
||||
|
||||
pkgver() {
|
||||
cd woodpecker
|
||||
|
|
|
@ -1,21 +1,46 @@
|
|||
diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go
|
||||
index b659a090a..82ae5c5cc 100644
|
||||
--- a/pipeline/backend/local/clone.go
|
||||
+++ b/pipeline/backend/local/clone.go
|
||||
@@ -94,14 +94,13 @@ func (e *local) execClone(ctx context.Context, step *types.Step, state *workflow
|
||||
}
|
||||
cmd = exec.CommandContext(ctx, pwsh, "-Command", fmt.Sprintf("%s ; $code=$? ; %s ; if (!$code) {[Environment]::Exit(1)}", state.pluginGitBinary, rmCmd))
|
||||
} else {
|
||||
- cmd = exec.CommandContext(ctx, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
||||
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
||||
}
|
||||
} else {
|
||||
// if we have NO netrc, we can just exec the clone directly
|
||||
- cmd = exec.CommandContext(ctx, state.pluginGitBinary)
|
||||
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, state.pluginGitBinary)
|
||||
}
|
||||
cmd.Env = env
|
||||
- cmd.Dir = state.workspaceDir
|
||||
|
||||
// Get output and redirect Stderr to Stdout
|
||||
e.output, _ = cmd.StdoutPipe()
|
||||
diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
|
||||
index 2405c19bb..50321b8e7 100644
|
||||
index 698a3f0f9..5bef80857 100644
|
||||
--- a/pipeline/backend/local/local.go
|
||||
+++ b/pipeline/backend/local/local.go
|
||||
@@ -44,7 +44,7 @@ var notAllowedEnvVarOverwrites = []string{
|
||||
@@ -36,7 +36,7 @@ import (
|
||||
|
||||
type workflowState struct {
|
||||
stepCMDs map[string]*exec.Cmd
|
||||
- baseDir string
|
||||
+ user string
|
||||
homeDir string
|
||||
workspaceDir string
|
||||
stepCMDs map[string]*exec.Cmd
|
||||
- baseDir string
|
||||
+ user string
|
||||
homeDir string
|
||||
workspaceDir string
|
||||
pluginGitBinary string
|
||||
@@ -80,26 +80,20 @@ func (e *local) Load(ctx context.Context) (*types.EngineInfo, error) {
|
||||
}
|
||||
@@ -79,23 +79,17 @@ func (e *local) Load(context.Context) error {
|
||||
func (e *local) SetupWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
|
||||
|
||||
// SetupWorkflow the pipeline environment.
|
||||
-func (e *local) SetupWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
||||
+func (e *local) SetupWorkflow(ctx context.Context, conf *types.Config, taskUUID string) error {
|
||||
log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
|
||||
|
||||
- baseDir, err := os.MkdirTemp("", "woodpecker-local-*")
|
||||
- baseDir, err := os.MkdirTemp(e.tempDir, "woodpecker-local-*")
|
||||
- if err != nil {
|
||||
- return err
|
||||
- }
|
||||
|
@ -26,36 +51,48 @@ index 2405c19bb..50321b8e7 100644
|
|||
- baseDir: baseDir,
|
||||
- workspaceDir: filepath.Join(baseDir, "workspace"),
|
||||
- homeDir: filepath.Join(baseDir, "home"),
|
||||
- }
|
||||
-
|
||||
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
|
||||
- return err
|
||||
+ user: user,
|
||||
+ workspaceDir: filepath.Join("/tmp", user, conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
|
||||
+ workspaceDir: filepath.Join("/home", user, ".cache", "woodpecker", conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
|
||||
+ homeDir: filepath.Join("/home", user),
|
||||
}
|
||||
|
||||
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
|
||||
- return err
|
||||
- }
|
||||
-
|
||||
- if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
|
||||
+ err := exec.Command("sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
|
||||
+ err := exec.CommandContext(ctx, "sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
|
||||
+ if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -132,7 +126,8 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string
|
||||
// Set HOME
|
||||
env = append(env, "HOME="+state.homeDir)
|
||||
@@ -152,9 +146,8 @@ func (e *local) execCommands(ctx context.Context, step *types.Step, state *workf
|
||||
}
|
||||
|
||||
- var command []string
|
||||
+ // Run command as commit author user
|
||||
+ command := []string{"sudo", "-E", "-u", state.user}
|
||||
if step.Image == constant.DefaultCloneImage {
|
||||
// Default clone step
|
||||
// TODO: use tmp HOME and insert netrc and delete it after clone
|
||||
@@ -209,16 +204,6 @@ func (e *local) TailStep(_ context.Context, step *types.Step, taskUUID string) (
|
||||
func (e *local) DestroyWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
|
||||
// Use "image name" as run command (indicate shell)
|
||||
- cmd := exec.CommandContext(ctx, step.Image, args...)
|
||||
+ cmd := exec.CommandContext(ctx, "sudo", append([]string{"-E", "-u", state.user, "-D", state.workspaceDir, step.Image}, args...)...)
|
||||
cmd.Env = env
|
||||
- cmd.Dir = state.workspaceDir
|
||||
|
||||
// Get output and redirect Stderr to Stdout
|
||||
e.output, _ = cmd.StdoutPipe()
|
||||
@@ -178,9 +171,8 @@ func (e *local) execPlugin(ctx context.Context, step *types.Step, state *workflo
|
||||
return fmt.Errorf("lookup plugin binary: %w", err)
|
||||
}
|
||||
|
||||
- cmd := exec.CommandContext(ctx, binary)
|
||||
+ cmd := exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, binary)
|
||||
cmd.Env = env
|
||||
- cmd.Dir = state.workspaceDir
|
||||
|
||||
// Get output and redirect Stderr to Stdout
|
||||
e.output, _ = cmd.StdoutPipe()
|
||||
@@ -237,19 +229,9 @@ func (e *local) DestroyStep(_ context.Context, _ *types.Step, _ string) error {
|
||||
func (e *local) DestroyWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
||||
log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
|
||||
|
||||
- state, err := e.getWorkflowStateFromConfig(conf)
|
||||
- state, err := e.getState(taskUUID)
|
||||
- if err != nil {
|
||||
- return err
|
||||
- }
|
||||
|
@ -65,6 +102,10 @@ index 2405c19bb..50321b8e7 100644
|
|||
- return err
|
||||
- }
|
||||
-
|
||||
workflowID, err := e.getWorkflowIDFromConfig(conf)
|
||||
if err != nil {
|
||||
return err
|
||||
e.deleteState(taskUUID)
|
||||
|
||||
- return err
|
||||
+ return nil
|
||||
}
|
||||
|
||||
func (e *local) getState(taskUUID string) (*workflowState, error) {
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue