Skip to content

Commit

Permalink
Merge pull request #699 from opendevstack/fix/safe-dir-everywhere
Browse files Browse the repository at this point in the history
Mark /workspace/source as safe dir for Git
  • Loading branch information
michaelsauter authored Jun 1, 2023
2 parents ecde517 + 1c21bfd commit e817ca5
Show file tree
Hide file tree
Showing 11 changed files with 35 additions and 0 deletions.
2 changes: 2 additions & 0 deletions build/package/Dockerfile.aqua-scan
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,6 @@ COPY --from=builder /usr/local/bin/ods-aqua-scan /usr/local/bin/ods-aqua-scan
# Add scripts
COPY build/package/scripts/download-aqua-scanner.sh /usr/local/bin/download-aqua-scanner

VOLUME /workspace/source

USER 1001
1 change: 1 addition & 0 deletions build/package/Dockerfile.finish
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,5 @@ RUN cd cmd/finish && CGO_ENABLED=0 go build -o /usr/local/bin/ods-finish
# ubi-micro cannot be used as it misses the ca-certificates package.
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4
COPY --from=builder /usr/local/bin/ods-finish /usr/local/bin/ods-finish
VOLUME /workspace/source
USER 1001
5 changes: 5 additions & 0 deletions build/package/Dockerfile.go-toolset
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,9 @@ RUN chmod +x /usr/local/bin/build-go && \
# Add sonar-project.properties
COPY build/package/sonar-project.properties.d/go.properties /usr/local/default-sonar-project.properties

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

USER 1001
3 changes: 3 additions & 0 deletions build/package/Dockerfile.gradle-toolset
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ RUN cd /opt && \
chmod -R g=u /workspace/source $HOME

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

# Add scripts
COPY build/package/scripts/cache-build.sh /usr/local/bin/cache-build
Expand Down
5 changes: 5 additions & 0 deletions build/package/Dockerfile.helm
Original file line number Diff line number Diff line change
Expand Up @@ -65,4 +65,9 @@ RUN mkdir -p $HELM_PLUGINS \
&& sops --version \
&& age --version

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

USER 1001
5 changes: 5 additions & 0 deletions build/package/Dockerfile.node16-npm-toolset
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,9 @@ RUN chmod +x /usr/local/bin/build-npm && \
# Add sonar-project.properties
COPY build/package/sonar-project.properties.d/npm.properties /usr/local/default-sonar-project.properties

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

USER 1001
5 changes: 5 additions & 0 deletions build/package/Dockerfile.node18-npm-toolset
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,9 @@ RUN chmod +x /usr/local/bin/build-npm && \
# Add sonar-project.properties
COPY build/package/sonar-project.properties.d/npm.properties /usr/local/default-sonar-project.properties

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

USER 1001
1 change: 1 addition & 0 deletions build/package/Dockerfile.package-image
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot

VOLUME /var/lib/containers
VOLUME /home/build/.local/share/containers
VOLUME /workspace/source

# Install Trivy
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${TRIVY_VERSION}"
5 changes: 5 additions & 0 deletions build/package/Dockerfile.python-toolset
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,9 @@ RUN chmod +x /usr/local/bin/build-python && \
# Add sonar-project.properties
COPY build/package/sonar-project.properties.d/python.properties /usr/local/default-sonar-project.properties

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'

USER 1001
2 changes: 2 additions & 0 deletions build/package/Dockerfile.sonar
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,6 @@ COPY build/package/scripts/configure-truststore.sh /usr/local/bin/configure-trus

ENV PATH=/usr/local/sonar-scanner-cli/bin:$PATH

VOLUME /workspace/source

USER 1001
1 change: 1 addition & 0 deletions build/package/Dockerfile.start
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ COPY --from=builder /usr/local/bin/ods-start /usr/local/bin/ods-start
COPY --from=builder /usr/local/bin/git-lfs /usr/local/bin/git-lfs
RUN git lfs version

VOLUME /workspace/source
# Ensure that file permissions do not prevent Git checkout into workspace.
# See https://git-scm.com/docs/git-config/#Documentation/git-config.txt-safedirectory.
RUN git config --system --add safe.directory '/workspace/source'
Expand Down

0 comments on commit e817ca5

Please sign in to comment.