111 lines
4.2 KiB
Diff
111 lines
4.2 KiB
Diff
diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go
|
|
index b659a090a..82ae5c5cc 100644
|
|
--- a/pipeline/backend/local/clone.go
|
|
+++ b/pipeline/backend/local/clone.go
|
|
@@ -94,14 +94,13 @@ func (e *local) execClone(ctx context.Context, step *types.Step, state *workflow
|
|
}
|
|
cmd = exec.CommandContext(ctx, pwsh, "-Command", fmt.Sprintf("%s ; $code=$? ; %s ; if (!$code) {[Environment]::Exit(1)}", state.pluginGitBinary, rmCmd))
|
|
} else {
|
|
- cmd = exec.CommandContext(ctx, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
|
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd))
|
|
}
|
|
} else {
|
|
// if we have NO netrc, we can just exec the clone directly
|
|
- cmd = exec.CommandContext(ctx, state.pluginGitBinary)
|
|
+ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, state.pluginGitBinary)
|
|
}
|
|
cmd.Env = env
|
|
- cmd.Dir = state.workspaceDir
|
|
|
|
// Get output and redirect Stderr to Stdout
|
|
e.output, _ = cmd.StdoutPipe()
|
|
diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
|
|
index 698a3f0f9..5bef80857 100644
|
|
--- a/pipeline/backend/local/local.go
|
|
+++ b/pipeline/backend/local/local.go
|
|
@@ -36,7 +36,7 @@ import (
|
|
|
|
type workflowState struct {
|
|
stepCMDs map[string]*exec.Cmd
|
|
- baseDir string
|
|
+ user string
|
|
homeDir string
|
|
workspaceDir string
|
|
pluginGitBinary string
|
|
@@ -80,26 +80,20 @@ func (e *local) Load(ctx context.Context) (*types.EngineInfo, error) {
|
|
}
|
|
|
|
// SetupWorkflow the pipeline environment.
|
|
-func (e *local) SetupWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
|
+func (e *local) SetupWorkflow(ctx context.Context, conf *types.Config, taskUUID string) error {
|
|
log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
|
|
|
|
- baseDir, err := os.MkdirTemp(e.tempDir, "woodpecker-local-*")
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
+ user := conf.Stages[0].Steps[0].Environment["CI_COMMIT_AUTHOR"]
|
|
|
|
state := &workflowState{
|
|
stepCMDs: make(map[string]*exec.Cmd),
|
|
- baseDir: baseDir,
|
|
- workspaceDir: filepath.Join(baseDir, "workspace"),
|
|
- homeDir: filepath.Join(baseDir, "home"),
|
|
+ user: user,
|
|
+ workspaceDir: filepath.Join("/home", user, ".cache", "woodpecker", conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
|
|
+ homeDir: filepath.Join("/home", user),
|
|
}
|
|
|
|
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
- if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
|
|
+ err := exec.CommandContext(ctx, "sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
|
|
+ if err != nil {
|
|
return err
|
|
}
|
|
|
|
@@ -152,9 +146,8 @@ func (e *local) execCommands(ctx context.Context, step *types.Step, state *workf
|
|
}
|
|
|
|
// Use "image name" as run command (indicate shell)
|
|
- cmd := exec.CommandContext(ctx, step.Image, args...)
|
|
+ cmd := exec.CommandContext(ctx, "sudo", append([]string{"-E", "-u", state.user, "-D", state.workspaceDir, step.Image}, args...)...)
|
|
cmd.Env = env
|
|
- cmd.Dir = state.workspaceDir
|
|
|
|
// Get output and redirect Stderr to Stdout
|
|
e.output, _ = cmd.StdoutPipe()
|
|
@@ -178,9 +171,8 @@ func (e *local) execPlugin(ctx context.Context, step *types.Step, state *workflo
|
|
return fmt.Errorf("lookup plugin binary: %w", err)
|
|
}
|
|
|
|
- cmd := exec.CommandContext(ctx, binary)
|
|
+ cmd := exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, binary)
|
|
cmd.Env = env
|
|
- cmd.Dir = state.workspaceDir
|
|
|
|
// Get output and redirect Stderr to Stdout
|
|
e.output, _ = cmd.StdoutPipe()
|
|
@@ -237,19 +229,9 @@ func (e *local) DestroyStep(_ context.Context, _ *types.Step, _ string) error {
|
|
func (e *local) DestroyWorkflow(_ context.Context, _ *types.Config, taskUUID string) error {
|
|
log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
|
|
|
|
- state, err := e.getState(taskUUID)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
- err = os.RemoveAll(state.baseDir)
|
|
- if err != nil {
|
|
- return err
|
|
- }
|
|
-
|
|
e.deleteState(taskUUID)
|
|
|
|
- return err
|
|
+ return nil
|
|
}
|
|
|
|
func (e *local) getState(taskUUID string) (*workflowState, error) {
|