-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure pullrequest-init is based on a root image
The PullRequest Resource, when used as an output, is able to read in a pr.json to determine if there have been any changes that require syncing to github. pr.json may have been written by any prior Step with any ownership settings. If pr.json was written with root permissions then the PullRequest Resource needs to be have permissions to read that file. The PullRequest Resource image has been based on a nonroot image in our `.ko.yaml` since 0.13 of Tekton Pipelines ([`.ko.yaml` was updated here](#2606)). However, the published images did not match the configuration in the `.ko.yaml` until 0.15.0 ([our `tekton/publish.yaml` was brought into line with `.ko.yaml` here](#3018)). Given that copying or writing pr.json in a Step can result in the file being owned by root using a nonroot image is not a suitable choice of base image - the output PullRequest attempts to open pr.json and hits a permissions error. This commit updates the PullRequest image to be based on distroless static instead of nonroot and adds an example yaml file that should exercise the behaviour of copying the file from an input to output pullrequest resource.
- Loading branch information
Scott
committed
Aug 4, 2020
1 parent
c185296
commit 6d12d1e
Showing
3 changed files
with
52 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
examples/v1beta1/taskruns/pullrequest_input_copystep_output.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # This examples taskrun exercises the behaviour of the pullrequest | ||
| # resource when the output pullrequest resource matches exactly the | ||
| # input pullrequest resource. | ||
| # | ||
| # A step is used to copy the input resource's data directly to the | ||
| # output resource's workspace directory. The output resource should | ||
| # then read the copied data and skip sending any changes to GitHub. | ||
| # | ||
| # Importantly the output pullrequest should _not_ fail to read the | ||
| # data from its workspace directory, regardless of which user the | ||
| # copy step ran as and the ownership permissions attached to the | ||
| # pr.json file. | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: TaskRun | ||
| metadata: | ||
| generateName: pr-test-copy-prjson-from-input-to-output | ||
| spec: | ||
| taskSpec: | ||
| resources: | ||
| inputs: | ||
| - name: pr | ||
| type: pullRequest | ||
| outputs: | ||
| - name: pr | ||
| type: pullRequest | ||
| steps: | ||
| - name: copy-pr-to-output | ||
| image: busybox | ||
| script: | | ||
| #!/bin/sh | ||
| mkdir -p $(outputs.resources.pr.path) | ||
| cp -r $(inputs.resources.pr.path)/* $(outputs.resources.pr.path)/ | ||
| resources: | ||
| inputs: | ||
| - name: pr | ||
| resourceSpec: | ||
| type: pullRequest | ||
| params: | ||
| - name: url | ||
| value: https://github.com/tektoncd/pipeline/pull/100 | ||
| outputs: | ||
| - name: pr | ||
| resourceSpec: | ||
| type: pullRequest | ||
| params: | ||
| - name: url | ||
| value: https://github.com/tektoncd/pipeline/pull/100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters