Skip to content
This repository has been archived by the owner on Dec 26, 2022. It is now read-only.

Commit

Permalink
Merge pull request #31 from grapl-security/addUserToDockerRun
Browse files Browse the repository at this point in the history 
Add a --user= to docker run, to enable codecov on files that are rwx------
  • Loading branch information
@christophermaier
christophermaier authored Mar 28, 2022
2 parents be299b5 + 350b1e7 commit 97c4d90
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
5 changes: 5 additions & 0 deletions hooks/post-command
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ readonly file_glob="${BUILDKITE_PLUGIN_CODECOV_FILE:-${default_file}}"

readonly default_fail_job_on_error="true"

# (--user, --group - but busybox doesn't support the long-form)
docker_user="$(id -u):$(id -g)"
readonly docker_user

codecov_args=(--verbose --file="${file_glob}" --rootDir=/workdir)

if [ "${BUILDKITE_PLUGIN_CODECOV_FAIL_JOB_ON_ERROR:-${default_fail_job_on_error}}" = "true" ]; then
Expand All @@ -29,6 +33,7 @@ docker run \
--interactive \
--tty \
--rm \
--user="${docker_user}" \
--label="com.buildkite.job-id=${BUILDKITE_JOB_ID}" \
--mount=type=bind,source="$(pwd)",destination=/workdir,readonly \
--workdir=/workdir \
Expand Down
4 changes: 3 additions & 1 deletion tests/post-command.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,15 @@ setup() {

export DEFAULT_IMAGE="docker.cloudsmith.io/grapl/releases/codecov"
export DEFAULT_TAG="latest"
docker_user="$(id -u):$(id -g)"
readonly docker_user

# This is the default docker run command that we use, up to the
# point where we specify the specific container to use, and the
# arguments to it. This much of the command is constant, so we're
# just defining it up front to make stubbing out `docker` less
# verbose.
export docker_run_cmd="run --init --interactive --tty --rm --label=\"com.buildkite.job-id=${BUILDKITE_JOB_ID}\" --mount=type=bind,source=\"$(pwd)\",destination=/workdir,readonly --workdir=/workdir --env=CODECOV_TOKEN --env=BUILDKITE --env=BUILDKITE_BRANCH --env=BUILDKITE_BUILD_NUMBER --env=BUILDKITE_BUILD_URL --env=BUILDKITE_COMMIT --env=BUILDKITE_JOB_ID --env=BUILDKITE_PROJECT_SLUG --"
export docker_run_cmd="run --init --interactive --tty --rm --user=${docker_user} --label=\"com.buildkite.job-id=${BUILDKITE_JOB_ID}\" --mount=type=bind,source=\"$(pwd)\",destination=/workdir,readonly --workdir=/workdir --env=CODECOV_TOKEN --env=BUILDKITE --env=BUILDKITE_BRANCH --env=BUILDKITE_BUILD_NUMBER --env=BUILDKITE_BUILD_URL --env=BUILDKITE_COMMIT --env=BUILDKITE_JOB_ID --env=BUILDKITE_PROJECT_SLUG --"
}

teardown() {
Expand Down

0 comments on commit 97c4d90

Please sign in to comment.