diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go index b659a090a..82ae5c5cc 100644 --- a/pipeline/backend/local/clone.go +++ b/pipeline/backend/local/clone.go @@ -94,14 +94,13 @@ func (e *local) execClone(ctx context.Context, step *types.Step, state *workflow } cmd = exec.CommandContext(ctx, pwsh, "-Command", fmt.Sprintf("%s ; $code=$? ; %s ; if (!$code) {[Environment]::Exit(1)}", state.pluginGitBinary, rmCmd)) } else { - cmd = exec.CommandContext(ctx, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd)) + cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd)) } } else { // if we have NO netrc, we can just exec the clone directly - cmd = exec.CommandContext(ctx, state.pluginGitBinary) + cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, state.pluginGitBinary) } cmd.Env = env - cmd.Dir = state.workspaceDir // Get output and redirect Stderr to Stdout e.output, _ = cmd.StdoutPipe() diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go index 698a3f0f9..5bef80857 100644 --- a/pipeline/backend/local/local.go +++ b/pipeline/backend/local/local.go @@ -36,7 +36,7 @@ import ( type workflowState struct { stepCMDs map[string]*exec.Cmd - baseDir string + user string homeDir string workspaceDir string pluginGitBinary string @@ -80,26 +80,20 @@ func (e *local) Load(ctx context.Context) (*types.EngineInfo, error) { } // SetupWorkflow the pipeline environment. -func (e *local) SetupWorkflow(_ context.Context, _ *types.Config, taskUUID string) error { +func (e *local) SetupWorkflow(ctx context.Context, conf *types.Config, taskUUID string) error { log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment") - baseDir, err := os.MkdirTemp(e.tempDir, "woodpecker-local-*") - if err != nil { - return err - } + user := conf.Stages[0].Steps[0].Environment["CI_COMMIT_AUTHOR"] state := &workflowState{ stepCMDs: make(map[string]*exec.Cmd), - baseDir: baseDir, - workspaceDir: filepath.Join(baseDir, "workspace"), - homeDir: filepath.Join(baseDir, "home"), + user: user, + workspaceDir: filepath.Join("/home", user, ".cache", "woodpecker", conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]), + homeDir: filepath.Join("/home", user), } - if err := os.Mkdir(state.homeDir, 0o700); err != nil { - return err - } - - if err := os.Mkdir(state.workspaceDir, 0o700); err != nil { + err := exec.CommandContext(ctx, "sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run() + if err != nil { return err } @@ -152,9 +146,8 @@ func (e *local) execCommands(ctx context.Context, step *types.Step, state *workf } // Use "image name" as run command (indicate shell) - cmd := exec.CommandContext(ctx, step.Image, args...) + cmd := exec.CommandContext(ctx, "sudo", append([]string{"-E", "-u", state.user, "-D", state.workspaceDir, step.Image}, args...)...) cmd.Env = env - cmd.Dir = state.workspaceDir // Get output and redirect Stderr to Stdout e.output, _ = cmd.StdoutPipe() @@ -178,9 +171,8 @@ func (e *local) execPlugin(ctx context.Context, step *types.Step, state *workflo return fmt.Errorf("lookup plugin binary: %w", err) } - cmd := exec.CommandContext(ctx, binary) + cmd := exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, binary) cmd.Env = env - cmd.Dir = state.workspaceDir // Get output and redirect Stderr to Stdout e.output, _ = cmd.StdoutPipe() @@ -237,19 +229,9 @@ func (e *local) DestroyStep(_ context.Context, _ *types.Step, _ string) error { func (e *local) DestroyWorkflow(_ context.Context, _ *types.Config, taskUUID string) error { log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment") - state, err := e.getState(taskUUID) - if err != nil { - return err - } - - err = os.RemoveAll(state.baseDir) - if err != nil { - return err - } - e.deleteState(taskUUID) - return err + return nil } func (e *local) getState(taskUUID string) (*workflowState, error) {