diff --git a/builder/builder.go b/builder/builder.go index e009701e..c58d35a5 100644 --- a/builder/builder.go +++ b/builder/builder.go @@ -183,11 +183,11 @@ func (b *Builder) runStep(ctx context.Context, step *graph.Step) error { step.Run = replacePositionalContext(step.Run, ".") } - args = b.getDockerRunArgs(volName, step.ID, workDir, step.Ports, true, step.Detach) + args = b.getDockerRunArgs(volName, workDir, step) args = append(args, "docker") args = append(args, strings.Fields(step.Run)...) } else { - args = b.getDockerRunArgs(b.workspaceDir, step.ID, step.WorkDir, step.Ports, step.Rm, step.Detach) + args = b.getDockerRunArgs(b.workspaceDir, step.WorkDir, step) for _, env := range step.Envs { args = append(args, "--env", env) } diff --git a/builder/context.go b/builder/context.go index 2cdcb466..b0520311 100644 --- a/builder/context.go +++ b/builder/context.go @@ -13,6 +13,7 @@ import ( "regexp" "strings" + "github.com/Azure/acr-builder/graph" "github.com/Azure/acr-builder/util" "github.com/Azure/acr-builder/baseimages/scanner/models" @@ -26,27 +27,32 @@ var ( // getDockerRunArgs populates the args for running a Docker container. func (b *Builder) getDockerRunArgs( volName string, - stepID string, stepWorkDir string, - ports []string, - rmContainer bool, - detach bool) []string { + step *graph.Step) []string { args := []string{"docker", "run"} - if rmContainer { + if step.Rm { args = append(args, "--rm") } - if detach { + if step.Detach { args = append(args, "--detach") } - for _, port := range ports { + for _, port := range step.Ports { args = append(args, "-p", port) } + if step.Privileged { + args = append(args, "--privileged") + } + + if step.User != "" { + args = append(args, "--user", step.User) + } + args = append(args, - "--name", stepID, + "--name", step.ID, "--volume", volName+":"+containerWorkspaceDir, // Mount home diff --git a/graph/dag_test.go b/graph/dag_test.go index 826515c9..31a9e669 100644 --- a/graph/dag_test.go +++ b/graph/dag_test.go @@ -77,6 +77,8 @@ func TestDagCreation_ValidFile(t *testing.T) { Run: "azure/images/acr-builder build -f Dockerfile https://github.com/ehotinger/qaz --cache-from=ubuntu", StepStatus: Skipped, Timeout: defaultStepTimeoutInSeconds, + Privileged: true, + User: "root", } dict := make(map[string]*Step) diff --git a/graph/step.go b/graph/step.go index 06d1ac96..2a481c7e 100644 --- a/graph/step.go +++ b/graph/step.go @@ -39,6 +39,8 @@ type Step struct { Rm bool `yaml:"rm"` Detach bool `yaml:"detach"` StartDelay int `yaml:"startDelay"` + Privileged bool `yaml:"privileged"` + User string `yaml:"user"` StartTime time.Time EndTime time.Time @@ -95,7 +97,9 @@ func (s *Step) Equals(t *Step) bool { s.StartDelay != t.StartDelay || s.StartTime != t.StartTime || s.EndTime != t.EndTime || - s.StepStatus != t.StepStatus { + s.StepStatus != t.StepStatus || + s.Privileged != t.Privileged || + s.User != t.User { return false } diff --git a/graph/testdata/rally.yaml b/graph/testdata/rally.yaml index 57beabdd..77518340 100644 --- a/graph/testdata/rally.yaml +++ b/graph/testdata/rally.yaml @@ -49,4 +49,6 @@ steps: secretEnvs: [someAkvSecretEnv] - id: build-qaz - run: "azure/images/acr-builder build -f Dockerfile https://github.com/ehotinger/qaz --cache-from=ubuntu" \ No newline at end of file + run: "azure/images/acr-builder build -f Dockerfile https://github.com/ehotinger/qaz --cache-from=ubuntu" + privileged: true + user: root \ No newline at end of file