Allow non-root user to run git clone plugin

2021-05-06 19:12:05 +05:30 · 2021-05-06 19:12:05 +05:30 · 79700f47fe
commit 79700f47fe
parent 41c2120a63
2 changed files with 16 additions and 7 deletions
--- a/docker/Dockerfile.linux.amd64
+++ b/docker/Dockerfile.linux.amd64
@ -1,5 +1,9 @@
 FROM alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
-ENTRYPOINT ["/usr/local/bin/clone"]
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+
+ENTRYPOINT ["/usr/local/bin/clone"]
--- a/posix/clone
+++ b/posix/clone
@ -1,15 +1,20 @@
 #!/bin/sh

 if [[ ! -z "${DRONE_WORKSPACE}" ]]; then
+	if [[ -n "${CI}" ]]; then
+		sudo mkdir -p ${DRONE_WORKSPACE}
+		sudo chown drone:drone ${DRONE_WORKSPACE}
+	else
+		mkdir -p ${DRONE_WORKSPACE}
+	fi
 	cd ${DRONE_WORKSPACE}
 fi

-# if the home directory is not set (which should
-# never be the case) we default to /root
+# we default home directory to /home/drone

-if [[ -z "${HOME}" ]]; then
-	echo "HOME directory not set; default to /root"
-	export HOME=/root
+if [ "$HOME" != "/home/drone" ]; then
+	export HOME=/home/drone
+	sudo chmod 766 /home/drone
 fi

 # if the home directory does not exist it should