Move id_rsa outside docker build #PR1
This commit is contained in:
parent
5539f63ba5
commit
82f6b77baf
4 changed files with 24 additions and 38 deletions
|
@ -218,10 +218,6 @@ func (b *Builder) setup() error {
|
||||||
b.services = append(b.services, info)
|
b.services = append(b.services, info)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := b.writeIdentifyFile(dir); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := b.writeBuildScript(dir); err != nil {
|
if err := b.writeBuildScript(dir); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -455,11 +451,8 @@ func (b *Builder) writeDockerfile(dir string) error {
|
||||||
dockerfile.WriteEnv("LOGNAME", "ubuntu")
|
dockerfile.WriteEnv("LOGNAME", "ubuntu")
|
||||||
dockerfile.WriteEnv("TERM", "xterm")
|
dockerfile.WriteEnv("TERM", "xterm")
|
||||||
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
||||||
dockerfile.WriteAdd("id_rsa", "/home/ubuntu/.ssh/id_rsa")
|
|
||||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /home/ubuntu/.ssh")
|
|
||||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone")
|
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone")
|
||||||
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone")
|
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone")
|
||||||
dockerfile.WriteRun("sudo chmod 600 /home/ubuntu/.ssh/id_rsa")
|
|
||||||
default:
|
default:
|
||||||
// all other images are assumed to use
|
// all other images are assumed to use
|
||||||
// the root user.
|
// the root user.
|
||||||
|
@ -471,9 +464,6 @@ func (b *Builder) writeDockerfile(dir string) error {
|
||||||
dockerfile.WriteEnv("TERM", "xterm")
|
dockerfile.WriteEnv("TERM", "xterm")
|
||||||
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
dockerfile.WriteEnv("SHELL", "/bin/bash")
|
||||||
dockerfile.WriteEnv("GOPATH", "/var/cache/drone")
|
dockerfile.WriteEnv("GOPATH", "/var/cache/drone")
|
||||||
dockerfile.WriteAdd("id_rsa", "/root/.ssh/id_rsa")
|
|
||||||
dockerfile.WriteRun("chmod 600 /root/.ssh/id_rsa")
|
|
||||||
dockerfile.WriteRun("echo 'StrictHostKeyChecking no' > /root/.ssh/config")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/")
|
dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/")
|
||||||
|
@ -512,6 +502,8 @@ func (b *Builder) writeBuildScript(dir string) error {
|
||||||
f.WriteHost(mapping)
|
f.WriteHost(mapping)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
f.WriteFile("$HOME/.ssh/id_rsa", b.Key, 600)
|
||||||
|
|
||||||
// if the repository is remote then we should
|
// if the repository is remote then we should
|
||||||
// add the commands to the build script to
|
// add the commands to the build script to
|
||||||
// clone the repository
|
// clone the repository
|
||||||
|
@ -554,11 +546,3 @@ func (b *Builder) writeProxyScript(dir string) error {
|
||||||
proxyfilePath := filepath.Join(dir, "proxy.sh")
|
proxyfilePath := filepath.Join(dir, "proxy.sh")
|
||||||
return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755)
|
return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755)
|
||||||
}
|
}
|
||||||
|
|
||||||
// writeIdentifyFile is a helper function that
|
|
||||||
// will generate the id_rsa file in the builder's
|
|
||||||
// temp directory to be added to the Image.
|
|
||||||
func (b *Builder) writeIdentifyFile(dir string) error {
|
|
||||||
keyfilePath := filepath.Join(dir, "id_rsa")
|
|
||||||
return ioutil.WriteFile(keyfilePath, b.Key, 0700)
|
|
||||||
}
|
|
||||||
|
|
|
@ -477,26 +477,6 @@ func TestRunErrorWait(t *testing.T) {
|
||||||
t.Skip()
|
t.Skip()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestWriteIdentifyFile(t *testing.T) {
|
|
||||||
// temporary directory to store file
|
|
||||||
dir, _ := ioutil.TempDir("", "drone-test-")
|
|
||||||
defer os.RemoveAll(dir)
|
|
||||||
|
|
||||||
b := Builder{}
|
|
||||||
b.Key = []byte("ssh-rsa AAA...")
|
|
||||||
b.writeIdentifyFile(dir)
|
|
||||||
|
|
||||||
// persist a dummy id_rsa keyfile to disk
|
|
||||||
keyfile, err := ioutil.ReadFile(filepath.Join(dir, "id_rsa"))
|
|
||||||
if err != nil {
|
|
||||||
t.Errorf("Expected id_rsa file saved to disk")
|
|
||||||
}
|
|
||||||
|
|
||||||
if string(keyfile) != string(b.Key) {
|
|
||||||
t.Errorf("Expected id_rsa value saved as %s, got %s", b.Key, keyfile)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestWriteProxyScript(t *testing.T) {
|
func TestWriteProxyScript(t *testing.T) {
|
||||||
// temporary directory to store file
|
// temporary directory to store file
|
||||||
dir, _ := ioutil.TempDir("", "drone-test-")
|
dir, _ := ioutil.TempDir("", "drone-test-")
|
||||||
|
@ -541,6 +521,7 @@ func TestWriteBuildScript(t *testing.T) {
|
||||||
b := Builder{}
|
b := Builder{}
|
||||||
b.Build = &script.Build{
|
b.Build = &script.Build{
|
||||||
Hosts: []string{"127.0.0.1"}}
|
Hosts: []string{"127.0.0.1"}}
|
||||||
|
b.Key = []byte("ssh-rsa AAA...")
|
||||||
b.Repo = &repo.Repo{
|
b.Repo = &repo.Repo{
|
||||||
Path: "git://github.com/drone/drone.git",
|
Path: "git://github.com/drone/drone.git",
|
||||||
Branch: "master",
|
Branch: "master",
|
||||||
|
@ -570,6 +551,7 @@ func TestWriteBuildScript(t *testing.T) {
|
||||||
f.WriteEnv("CI_BRANCH", "master")
|
f.WriteEnv("CI_BRANCH", "master")
|
||||||
f.WriteEnv("CI_PULL_REQUEST", "123")
|
f.WriteEnv("CI_PULL_REQUEST", "123")
|
||||||
f.WriteHost("127.0.0.1")
|
f.WriteHost("127.0.0.1")
|
||||||
|
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
|
||||||
f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone")
|
f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone")
|
||||||
f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123")
|
f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123")
|
||||||
f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123")
|
f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123")
|
||||||
|
|
|
@ -52,6 +52,12 @@ func (b *Buildfile) WriteHost(mapping string) {
|
||||||
b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping))
|
b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WriteFile add files as part of the script.
|
||||||
|
func (b *Buildfile) WriteFile(path string, file []byte, i int) {
|
||||||
|
b.WriteString(fmt.Sprintf("echo %q | tee %s > /dev/null\n", string(file), path))
|
||||||
|
b.WriteCmdSilent(fmt.Sprintf("chmod %d %s", i, path))
|
||||||
|
}
|
||||||
|
|
||||||
// every build script starts with the following
|
// every build script starts with the following
|
||||||
// code at the start.
|
// code at the start.
|
||||||
var base = `
|
var base = `
|
||||||
|
@ -70,6 +76,13 @@ if [ -d /etc/drone.d ]; then
|
||||||
unset i
|
unset i
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! -d $HOME/.ssh ]; then
|
||||||
|
mkdir -p $HOME/.ssh
|
||||||
|
fi
|
||||||
|
|
||||||
|
chmod 0700 $HOME/.ssh
|
||||||
|
echo 'StrictHostKeyChecking no' | tee $HOME/.ssh/config > /dev/null
|
||||||
|
|
||||||
# be sure to exit on error and print out
|
# be sure to exit on error and print out
|
||||||
# our bash commands, so we can which commands
|
# our bash commands, so we can which commands
|
||||||
# are executing and troubleshoot failures.
|
# are executing and troubleshoot failures.
|
||||||
|
|
|
@ -46,4 +46,11 @@ func TestWrite(t *testing.T) {
|
||||||
if got != want {
|
if got != want {
|
||||||
t.Errorf("Exepected WriteHost returned %s, got %s", want, got)
|
t.Errorf("Exepected WriteHost returned %s, got %s", want, got)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
f = &Buildfile{}
|
||||||
|
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
|
||||||
|
got, want = f.String(), "echo \"ssh-rsa AAA...\" | tee $HOME/.ssh/id_rsa > /dev/null\nchmod 600 $HOME/.ssh/id_rsa\n"
|
||||||
|
if got != want {
|
||||||
|
t.Errorf("Exepected WriteFile returned \n%s, \ngot\n%s", want, got)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue