diff --git a/pipeline/backend/common/script_posix_test.go b/pipeline/backend/common/script_posix_test.go index 497932ed8..b7ef70f61 100644 --- a/pipeline/backend/common/script_posix_test.go +++ b/pipeline/backend/common/script_posix_test.go @@ -39,6 +39,8 @@ fi unset CI_NETRC_USERNAME unset CI_NETRC_PASSWORD unset CI_SCRIPT +mkdir -p $CI_WORKSPACE +cd $CI_WORKSPACE echo + 'echo ${PATH}' echo ${PATH} diff --git a/pipeline/backend/common/script_test.go b/pipeline/backend/common/script_test.go index d91141fbb..e43eff19f 100644 --- a/pipeline/backend/common/script_test.go +++ b/pipeline/backend/common/script_test.go @@ -22,7 +22,7 @@ import ( const ( windowsScriptBase64 = "CiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAnU3RvcCc7CiZjbWQgL2MgIm1rZGlyIGM6XHJvb3QiOwppZiAoJEVudjpDSV9ORVRSQ19NQUNISU5FKSB7CiRuZXRyYz1bc3RyaW5nXTo6Rm9ybWF0KCJ7MH1cX25ldHJjIiwkRW52OkhPTUUpOwoibWFjaGluZSAkRW52OkNJX05FVFJDX01BQ0hJTkUiID4+ICRuZXRyYzsKImxvZ2luICRFbnY6Q0lfTkVUUkNfVVNFUk5BTUUiID4+ICRuZXRyYzsKInBhc3N3b3JkICRFbnY6Q0lfTkVUUkNfUEFTU1dPUkQiID4+ICRuZXRyYzsKfTsKW0Vudmlyb25tZW50XTo6U2V0RW52aXJvbm1lbnRWYXJpYWJsZSgiQ0lfTkVUUkNfUEFTU1dPUkQiLCRudWxsKTsKW0Vudmlyb25tZW50XTo6U2V0RW52aXJvbm1lbnRWYXJpYWJsZSgiQ0lfU0NSSVBUIiwkbnVsbCk7CgpXcml0ZS1PdXRwdXQgKCcrICJlY2hvIGhlbGxvIHdvcmxkIicpOwomIGVjaG8gaGVsbG8gd29ybGQ7IGlmICgkTEFTVEVYSVRDT0RFIC1uZSAwKSB7ZXhpdCAkTEFTVEVYSVRDT0RFfQoK" - posixScriptBase64 = "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdlY2hvIGhlbGxvIHdvcmxkJwplY2hvIGhlbGxvIHdvcmxkCg==" + posixScriptBase64 = "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVApta2RpciAtcCAkQ0lfV09SS1NQQUNFCmNkICRDSV9XT1JLU1BBQ0UKCmVjaG8gKyAnZWNobyBoZWxsbyB3b3JsZCcKZWNobyBoZWxsbyB3b3JsZAo=" ) func TestGenerateContainerConf(t *testing.T) { diff --git a/pipeline/backend/docker/convert_test.go b/pipeline/backend/docker/convert_test.go index 70f83620e..d634ab221 100644 --- a/pipeline/backend/docker/convert_test.go +++ b/pipeline/backend/docker/convert_test.go @@ -185,10 +185,7 @@ func TestToConfigSmall(t *testing.T) { "wp_uuid": "09238932", }, Env: []string{ - "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" + - "5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9" + - "GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JE" + - "CnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==", + "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVApta2RpciAtcCAkQ0lfV09SS1NQQUNFCmNkICRDSV9XT1JLU1BBQ0UKCmVjaG8gKyAnZ28gdGVzdCcKZ28gdGVzdAo=", "SHELL=/bin/sh", }, }, conf) @@ -248,11 +245,7 @@ func TestToConfigFull(t *testing.T) { "wp_uuid": "09238932", }, Env: []string{ - "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" + - "5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU" + - "9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1" + - "JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0CgplY2hvICsgJ2dvIHZldCAuLy4uLicKZ28gdmV0IC" + - "4vLi4uCg==", + "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVApta2RpciAtcCAkQ0lfV09SS1NQQUNFCmNkICRDSV9XT1JLU1BBQ0UKCmVjaG8gKyAnZ28gdGVzdCcKZ28gdGVzdAoKZWNobyArICdnbyB2ZXQgLi8uLi4nCmdvIHZldCAuLy4uLgo=", "SHELL=/bin/sh", "TAGS=sqlite", }, diff --git a/pipeline/backend/kubernetes/pod_test.go b/pipeline/backend/kubernetes/pod_test.go index 9a4dbe515..93701d78a 100644 --- a/pipeline/backend/kubernetes/pod_test.go +++ b/pipeline/backend/kubernetes/pod_test.go @@ -93,7 +93,6 @@ func TestTinyPod(t *testing.T) { "-c", "echo $CI_SCRIPT | base64 -d | /bin/sh -e" ], - "workingDir": "/woodpecker/src", "env": [ "<>", { @@ -106,7 +105,7 @@ func TestTinyPod(t *testing.T) { }, { "name": "CI_SCRIPT", - "value": "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdncmFkbGUgYnVpbGQnCmdyYWRsZSBidWlsZAo=" + "value": "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVApta2RpciAtcCAkQ0lfV09SS1NQQUNFCmNkICRDSV9XT1JLU1BBQ0UKCmVjaG8gKyAnZ3JhZGxlIGJ1aWxkJwpncmFkbGUgYnVpbGQK" } ], "resources": {}, @@ -178,7 +177,6 @@ func TestFullPod(t *testing.T) { "/bin/sh", "-c" ], - "workingDir": "/woodpecker/src", "ports": [ { "containerPort": 1234 @@ -200,7 +198,7 @@ func TestFullPod(t *testing.T) { }, { "name": "CI_SCRIPT", - "value": "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyBnZXQnCmdvIGdldAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==" + "value": "CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVApta2RpciAtcCAkQ0lfV09SS1NQQUNFCmNkICRDSV9XT1JLU1BBQ0UKCmVjaG8gKyAnZ28gZ2V0JwpnbyBnZXQKCmVjaG8gKyAnZ28gdGVzdCcKZ28gdGVzdAo=" }, { "name": "SHELL", @@ -402,8 +400,21 @@ func TestPodPrivilege(t *testing.T) { } pod, err = createTestPod(false, false, secCtx) assert.NoError(t, err) - assert.Nil(t, pod.Spec.SecurityContext) - assert.Nil(t, pod.Spec.Containers[0].SecurityContext) + assert.NotNil(t, pod.Spec.SecurityContext) + assert.Equal(t, &v1.PodSecurityContext{ + SELinuxOptions: (*v1.SELinuxOptions)(nil), + WindowsOptions: (*v1.WindowsSecurityContextOptions)(nil), + RunAsUser: (*int64)(nil), + RunAsGroup: (*int64)(nil), + RunAsNonRoot: (*bool)(nil), + SupplementalGroups: []int64(nil), + SupplementalGroupsPolicy: (*v1.SupplementalGroupsPolicy)(nil), + FSGroup: newInt64(1000), + Sysctls: []v1.Sysctl(nil), + FSGroupChangePolicy: (*v1.PodFSGroupChangePolicy)(nil), + SeccompProfile: (*v1.SeccompProfile)(nil), + AppArmorProfile: (*v1.AppArmorProfile)(nil), + }, pod.Spec.SecurityContext) // step is privileged and security context is requesting privileged secCtx = SecurityContext{ diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index 82c68b9db..b985a200b 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -90,15 +90,16 @@ func TestCompilerCompile(t *testing.T) { defaultCloneStage := &backend_types.Stage{ Steps: []*backend_types.Step{{ - Name: "clone", - Type: backend_types.StepTypeClone, - Image: constant.DefaultClonePlugin, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/woodpecker"}, - WorkingDir: "/woodpecker/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"clone"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "clone", + Type: backend_types.StepTypeClone, + Image: constant.DefaultClonePlugin, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/woodpecker"}, + WorkingDir: "/woodpecker/src/github.com/octocat/hello-world", + WorkSpaceBase: "/woodpecker", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"clone"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, } @@ -143,6 +144,7 @@ func TestCompilerCompile(t *testing.T) { Failure: "fail", Volumes: []string{defaultVolumes[0].Name + ":/woodpecker"}, WorkingDir: "/woodpecker/src/github.com/octocat/hello-world", + WorkSpaceBase: "/woodpecker", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"dummy"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -170,42 +172,45 @@ func TestCompilerCompile(t *testing.T) { Stages: []*backend_types.Stage{ defaultCloneStage, { Steps: []*backend_types.Step{{ - Name: "echo env", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"env"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "echo env", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"env"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, }, { Steps: []*backend_types.Step{{ - Name: "parallel echo 1", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"echo 1"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 1"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "parallel echo 1", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"echo 1"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 1"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, }, { Steps: []*backend_types.Step{{ - Name: "parallel echo 2", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"echo 2"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 2"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "parallel echo 2", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"echo 2"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 2"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, }, }, @@ -232,40 +237,43 @@ func TestCompilerCompile(t *testing.T) { Volumes: defaultVolumes, Stages: []*backend_types.Stage{defaultCloneStage, { Steps: []*backend_types.Step{{ - Name: "echo env", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"env"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "echo env", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"env"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, + ExtraHosts: []backend_types.HostAlias{}, }, { - Name: "echo 2", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"echo 2"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 2"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "echo 2", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"echo 2"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 2"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, }, { Steps: []*backend_types.Step{{ - Name: "echo 1", - Type: backend_types.StepTypeCommands, - Image: "bash", - Commands: []string{"echo 1"}, - OnSuccess: true, - Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/test"}, - WorkingDir: "/test/src/github.com/octocat/hello-world", - Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 1"}}}, - ExtraHosts: []backend_types.HostAlias{}, + Name: "echo 1", + Type: backend_types.StepTypeCommands, + Image: "bash", + Commands: []string{"echo 1"}, + OnSuccess: true, + Failure: "fail", + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", + WorkSpaceBase: "/test", + Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 1"}}}, + ExtraHosts: []backend_types.HostAlias{}, }}, }}, },