Allow running the annotate script outside of Docker #239
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
**Why** This might be a weird request, but I'm curious if it's reasonable to provide a non Docker in Docker (dind) option to run this junit-annotate-buildkite-plugin? We have a usecase where we don't have sysbox in the container's runtime environment and there isn't a secure way to run dind (We used to mount docker socket but we've removed it due to the the nature of the sensitive workload). However, we still want to use the plugin. Perhaps it makes sense to add an additional option, assuming that Ruby is in the runtime, to run the junit xml analysis and annotation in the runtime environment w/o dind.
toote
approved these changes
Dec 10, 2024
tests/command.bats
Outdated
Comment on lines
532
to
558
| @test "runs in docker by default" { | ||
| export BUILDKITE_PLUGIN_JUNIT_ANNOTATE_ARTIFACTS="junits/*.xml" | ||
| export BUILDKITE_PLUGIN_JUNIT_ANNOTATE_FAIL_BUILD_ON_ERROR=false | ||
|
|
||
| stub mktemp \ | ||
| "-d \* : mkdir -p '$artifacts_tmp'; echo '$artifacts_tmp'" \ | ||
| "-d \* : mkdir -p '$annotation_tmp'; echo '$annotation_tmp'" | ||
|
|
||
| stub buildkite-agent \ | ||
| "artifact download \* \* : echo Downloaded artifact \$3 to \$4" \ | ||
| "annotate --context \* --style \* : cat >'${annotation_input}'; echo Annotation added with context \$3 and style \$5, content saved" | ||
|
|
||
| stub docker \ | ||
| "${DOCKER_STUB_DEFAULT_OPTIONS} ruby /src/bin/annotate /junits : echo '<details>Failure</details>' && exit 64" | ||
|
|
||
| run "$PWD/hooks/command" | ||
|
|
||
| assert_success | ||
|
|
||
| assert_output --partial "Annotation added with context junit and style error" | ||
| assert_equal "$(cat "${annotation_input}")" '<details>Failure</details>' | ||
|
|
||
| unstub mktemp | ||
| unstub buildkite-agent | ||
| unstub docker | ||
| rm "${annotation_input}" | ||
| } |
There was a problem hiding this comment.
while not against it, this test is implied by every other test that does not include the BUILDKITE_PLUGIN_JUNIT_ANNOTATE_RUN_IN_DOCKER environment variable
There was a problem hiding this comment.
Good call! I just removed the test!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why
This might be a weird request, but I'm curious if it's reasonable to provide a non Docker in Docker (dind) option to run this junit-annotate-buildkite-plugin?
We have a usecase where we don't have sysbox in the container's runtime environment and there isn't a secure way to run dind (We used to mount docker socket but we've removed it due to the the nature of the sensitive workload). However, we still want to use the plugin. Perhaps it makes sense to add an additional option, assuming that Ruby is in the runtime, to run the junit xml analysis and annotation in the runtime environment w/o dind.