upgpkg: woodpecker-agent-sudo 2.0.0-1
This commit is contained in:
parent
b81d053a48
commit
db46f8945a
|
@ -1,7 +1,7 @@
|
||||||
pkgbase = woodpecker-agent-sudo
|
pkgbase = woodpecker-agent-sudo
|
||||||
pkgdesc = A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines
|
pkgdesc = A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines
|
||||||
pkgver = 1.0.2
|
pkgver = 2.0.0
|
||||||
pkgrel = 2
|
pkgrel = 1
|
||||||
url = https://woodpecker-ci.org
|
url = https://woodpecker-ci.org
|
||||||
arch = x86_64
|
arch = x86_64
|
||||||
license = Apache
|
license = Apache
|
||||||
|
@ -15,7 +15,7 @@ pkgbase = woodpecker-agent-sudo
|
||||||
replaces = woodpecker-agent
|
replaces = woodpecker-agent
|
||||||
options = !lto
|
options = !lto
|
||||||
backup = etc/woodpecker/agent.env
|
backup = etc/woodpecker/agent.env
|
||||||
source = woodpecker::git+https://github.com/woodpecker-ci/woodpecker#commit=d9e06696bf85f260a0550d58301ac396874b32e3
|
source = woodpecker::git+https://github.com/woodpecker-ci/woodpecker#commit=0fc428aa8eb8152aafd186d5232f27008c78add8
|
||||||
source = agent-systemd.service
|
source = agent-systemd.service
|
||||||
source = agent-sysusers.conf
|
source = agent-sysusers.conf
|
||||||
source = agent-tmpfiles.conf
|
source = agent-tmpfiles.conf
|
||||||
|
@ -27,7 +27,7 @@ pkgbase = woodpecker-agent-sudo
|
||||||
b2sums = 373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3
|
b2sums = 373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3
|
||||||
b2sums = b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab
|
b2sums = b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab
|
||||||
b2sums = 9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8
|
b2sums = 9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8
|
||||||
b2sums = 3f7cb5620859d171b0fc9c177c09388a830bdc2343f8182bb794c18544070a78f6fd692c699c5c9fda262bf4919bb53a696ea7396c4e9c7e987788f052e9f19f
|
b2sums = 1e586f4ef03c0928a9371c24c222b3dbe08cf11fd3ea912eff86103085faf04b5c19391d16bfb6d5ec67e5cb5556485825b3bee8124359bbaa89c6e6ea3357b8
|
||||||
b2sums = 85b75986c0df0853126eb20ce80861337654646bb3df02666b6c77962090df12be35eac11dab724d96c4c4b1e6c373ce0a8d6b99843232be0311273bddb1141a
|
b2sums = 86cbff1c5554c4426b3de872696cae6eed093987ccec940283e340e6cc23d226d268b38f0843b19d2706167f13ac4e20d9340f47ce5dc8ad3cbdb80d501c4fc4
|
||||||
|
|
||||||
pkgname = woodpecker-agent-sudo
|
pkgname = woodpecker-agent-sudo
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
|
|
||||||
_pkgname='woodpecker-agent'
|
_pkgname='woodpecker-agent'
|
||||||
pkgname=$_pkgname-sudo
|
pkgname=$_pkgname-sudo
|
||||||
pkgver=1.0.2
|
pkgver=2.0.0
|
||||||
pkgrel=2
|
pkgrel=1
|
||||||
pkgdesc='A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines'
|
pkgdesc='A simple CI engine with great extensibility (agent), patched to use sudo to run local pipelines'
|
||||||
arch=('x86_64')
|
arch=('x86_64')
|
||||||
url='https://woodpecker-ci.org'
|
url='https://woodpecker-ci.org'
|
||||||
|
@ -17,7 +17,7 @@ optdepends=(
|
||||||
)
|
)
|
||||||
makedepends=('git' 'go')
|
makedepends=('git' 'go')
|
||||||
options=('!lto')
|
options=('!lto')
|
||||||
_commit='d9e06696bf85f260a0550d58301ac396874b32e3'
|
_commit='0fc428aa8eb8152aafd186d5232f27008c78add8'
|
||||||
replaces=($_pkgname)
|
replaces=($_pkgname)
|
||||||
conflicts=($_pkgname)
|
conflicts=($_pkgname)
|
||||||
backup=('etc/woodpecker/agent.env')
|
backup=('etc/woodpecker/agent.env')
|
||||||
|
@ -35,8 +35,8 @@ b2sums=('SKIP'
|
||||||
'373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3'
|
'373a5889c899445c4b583a48e6d0ff67d4572e30e0dfd0842b389e9338712771ec053ee3771202fe2874ee8bbfb7cb5965a04cf10d4071100c4f7c89cf2a14f3'
|
||||||
'b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab'
|
'b6479a7f3b3cf1ecaf0fc4e0653de10176af29b780ff716bf038077d70b0440e45a649ccd5ad9a12d5f52c9eecf9b5d8b5a01510a53eec7b664162c8bb9153ab'
|
||||||
'9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8'
|
'9d64fa22d5fcfb8634926220aeb89b0fa914d8e04ee39fe14abf3f170292ab2dc875fe3fe14b054ca8173c167cec4d93518d15d5f08698bd70d86dec7728dee8'
|
||||||
'3f7cb5620859d171b0fc9c177c09388a830bdc2343f8182bb794c18544070a78f6fd692c699c5c9fda262bf4919bb53a696ea7396c4e9c7e987788f052e9f19f'
|
'1e586f4ef03c0928a9371c24c222b3dbe08cf11fd3ea912eff86103085faf04b5c19391d16bfb6d5ec67e5cb5556485825b3bee8124359bbaa89c6e6ea3357b8'
|
||||||
'85b75986c0df0853126eb20ce80861337654646bb3df02666b6c77962090df12be35eac11dab724d96c4c4b1e6c373ce0a8d6b99843232be0311273bddb1141a')
|
'86cbff1c5554c4426b3de872696cae6eed093987ccec940283e340e6cc23d226d268b38f0843b19d2706167f13ac4e20d9340f47ce5dc8ad3cbdb80d501c4fc4')
|
||||||
|
|
||||||
pkgver() {
|
pkgver() {
|
||||||
cd woodpecker
|
cd woodpecker
|
||||||
|
|
|
@ -1,21 +1,46 @@
|
||||||
|
diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go
|
||||||
|
index b659a090a..82ae5c5cc 100644
|
||||||
|
--- a/pipeline/backend/local/clone.go
|
||||||
|
+++ b/pipeline/backend/local/clone.go
|
||||||
|
@@ -94,14 +94,13 @@ func (e *local) execClone(ctx context.Context, step *types.Step, state *workflow
|
||||||
|
}
|
||||||
|
cmd = exec.CommandContext(ctx, pwsh, "-Command", fmt.Sprintf("%s ; $code=$? ; %s ; if (!$code) {[Environment]::Exit(1)}", state.pluginGitBinary, rmCmd))
|
||||||
|
} else {
|
||||||
|
- cmd = exec.CommandContext(ctx, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
||||||
|
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// if we have NO netrc, we can just exec the clone directly
|
||||||
|
- cmd = exec.CommandContext(ctx, state.pluginGitBinary)
|
||||||
|
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, state.pluginGitBinary)
|
||||||
|
}
|
||||||
|
cmd.Env = env
|
||||||
|
- cmd.Dir = state.workspaceDir
|
||||||
|
|
||||||
|
// Get output and redirect Stderr to Stdout
|
||||||
|
e.output, _ = cmd.StdoutPipe()
|
||||||
diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
|
diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
|
||||||
index 2405c19bb..50321b8e7 100644
|
index 698a3f0f9..5bef80857 100644
|
||||||
--- a/pipeline/backend/local/local.go
|
--- a/pipeline/backend/local/local.go
|
||||||
+++ b/pipeline/backend/local/local.go
|
+++ b/pipeline/backend/local/local.go
|
||||||
@@ -44,7 +44,7 @@ var notAllowedEnvVarOverwrites = []string{
|
@@ -36,7 +36,7 @@ import (
|
||||||
|
|
||||||
type workflowState struct {
|
type workflowState struct {
|
||||||
stepCMDs map[string]*exec.Cmd
|
stepCMDs map[string]*exec.Cmd
|
||||||
- baseDir string
|
- baseDir string
|
||||||
+ user string
|
+ user string
|
||||||
homeDir string
|
homeDir string
|
||||||
workspaceDir string
|
workspaceDir string
|
||||||
|
pluginGitBinary string
|
||||||
|
@@ -80,26 +80,20 @@ func (e *local) Load(ctx context.Context) (*types.EngineInfo, error) {
|
||||||
}
|
}
|
||||||
@@ -79,23 +79,17 @@ func (e *local) Load(context.Context) error {
|
|
||||||
func (e *local) SetupWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
|
// SetupWorkflow the pipeline environment.
|
||||||
|
-func (e *local) SetupWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
||||||
|
+func (e *local) SetupWorkflow(ctx context.Context, conf *types.Config, taskUUID string) error {
|
||||||
log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
|
log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
|
||||||
|
|
||||||
- baseDir, err := os.MkdirTemp("", "woodpecker-local-*")
|
- baseDir, err := os.MkdirTemp(e.tempDir, "woodpecker-local-*")
|
||||||
- if err != nil {
|
- if err != nil {
|
||||||
- return err
|
- return err
|
||||||
- }
|
- }
|
||||||
|
@ -26,36 +51,48 @@ index 2405c19bb..50321b8e7 100644
|
||||||
- baseDir: baseDir,
|
- baseDir: baseDir,
|
||||||
- workspaceDir: filepath.Join(baseDir, "workspace"),
|
- workspaceDir: filepath.Join(baseDir, "workspace"),
|
||||||
- homeDir: filepath.Join(baseDir, "home"),
|
- homeDir: filepath.Join(baseDir, "home"),
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
|
|
||||||
- return err
|
|
||||||
+ user: user,
|
+ user: user,
|
||||||
+ workspaceDir: filepath.Join("/tmp", user, conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
|
+ workspaceDir: filepath.Join("/home", user, ".cache", "woodpecker", conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
|
||||||
+ homeDir: filepath.Join("/home", user),
|
+ homeDir: filepath.Join("/home", user),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
-
|
||||||
- if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
|
- if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
|
||||||
+ err := exec.Command("sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
|
+ err := exec.CommandContext(ctx, "sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
|
||||||
+ if err != nil {
|
+ if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -132,7 +126,8 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string
|
@@ -152,9 +146,8 @@ func (e *local) execCommands(ctx context.Context, step *types.Step, state *workf
|
||||||
// Set HOME
|
}
|
||||||
env = append(env, "HOME="+state.homeDir)
|
|
||||||
|
|
||||||
- var command []string
|
// Use "image name" as run command (indicate shell)
|
||||||
+ // Run command as commit author user
|
- cmd := exec.CommandContext(ctx, step.Image, args...)
|
||||||
+ command := []string{"sudo", "-E", "-u", state.user}
|
+ cmd := exec.CommandContext(ctx, "sudo", append([]string{"-E", "-u", state.user, "-D", state.workspaceDir, step.Image}, args...)...)
|
||||||
if step.Image == constant.DefaultCloneImage {
|
cmd.Env = env
|
||||||
// Default clone step
|
- cmd.Dir = state.workspaceDir
|
||||||
// TODO: use tmp HOME and insert netrc and delete it after clone
|
|
||||||
@@ -209,16 +204,6 @@ func (e *local) TailStep(_ context.Context, step *types.Step, taskUUID string) (
|
// Get output and redirect Stderr to Stdout
|
||||||
func (e *local) DestroyWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
|
e.output, _ = cmd.StdoutPipe()
|
||||||
|
@@ -178,9 +171,8 @@ func (e *local) execPlugin(ctx context.Context, step *types.Step, state *workflo
|
||||||
|
return fmt.Errorf("lookup plugin binary: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
- cmd := exec.CommandContext(ctx, binary)
|
||||||
|
+ cmd := exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, binary)
|
||||||
|
cmd.Env = env
|
||||||
|
- cmd.Dir = state.workspaceDir
|
||||||
|
|
||||||
|
// Get output and redirect Stderr to Stdout
|
||||||
|
e.output, _ = cmd.StdoutPipe()
|
||||||
|
@@ -237,19 +229,9 @@ func (e *local) DestroyStep(_ context.Context, _ *types.Step, _ string) error {
|
||||||
|
func (e *local) DestroyWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
||||||
log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
|
log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
|
||||||
|
|
||||||
- state, err := e.getWorkflowStateFromConfig(conf)
|
- state, err := e.getState(taskUUID)
|
||||||
- if err != nil {
|
- if err != nil {
|
||||||
- return err
|
- return err
|
||||||
- }
|
- }
|
||||||
|
@ -65,6 +102,10 @@ index 2405c19bb..50321b8e7 100644
|
||||||
- return err
|
- return err
|
||||||
- }
|
- }
|
||||||
-
|
-
|
||||||
workflowID, err := e.getWorkflowIDFromConfig(conf)
|
e.deleteState(taskUUID)
|
||||||
if err != nil {
|
|
||||||
return err
|
- return err
|
||||||
|
+ return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *local) getState(taskUUID string) (*workflowState, error) {
|
||||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue