From 79700f47fe1b1ce34311654e7a7164a847c2cbe9 Mon Sep 17 00:00:00 2001 From: Shubham Agrawal Date: Thu, 6 May 2021 19:12:05 +0530 Subject: [PATCH] Allow non-root user to run git clone plugin --- docker/Dockerfile.linux.amd64 | 8 ++++++-- posix/clone | 15 ++++++++++----- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/docker/Dockerfile.linux.amd64 b/docker/Dockerfile.linux.amd64 index 6ffe938..f0c67ea 100644 --- a/docker/Dockerfile.linux.amd64 +++ b/docker/Dockerfile.linux.amd64 @@ -1,5 +1,9 @@ FROM alpine:3.12 -RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli +RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo ADD posix/* /usr/local/bin/ -ENTRYPOINT ["/usr/local/bin/clone"] +RUN adduser -g Drone -s /bin/sh -D -u 1000 drone +RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone +USER drone:drone + +ENTRYPOINT ["/usr/local/bin/clone"] \ No newline at end of file diff --git a/posix/clone b/posix/clone index b47a34b..2a1ddc0 100755 --- a/posix/clone +++ b/posix/clone @@ -1,15 +1,20 @@ #!/bin/sh if [[ ! -z "${DRONE_WORKSPACE}" ]]; then + if [[ -n "${CI}" ]]; then + sudo mkdir -p ${DRONE_WORKSPACE} + sudo chown drone:drone ${DRONE_WORKSPACE} + else + mkdir -p ${DRONE_WORKSPACE} + fi cd ${DRONE_WORKSPACE} fi -# if the home directory is not set (which should -# never be the case) we default to /root +# we default home directory to /home/drone -if [[ -z "${HOME}" ]]; then - echo "HOME directory not set; default to /root" - export HOME=/root +if [ "$HOME" != "/home/drone" ]; then + export HOME=/home/drone + sudo chmod 766 /home/drone fi # if the home directory does not exist it should