mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-10-23 02:23:53 +00:00
Code Issues Projects Releases Wiki Activity

simplify

Browse source
This commit is contained in:
pat-s 2024-10-02 11:16:35 +02:00
parent 866039360c
commit 34fd3849d9
No known key found for this signature in database
GPG key ID: 3C6318841EF78925
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pipeline/backend/kubernetes/pod.go
View file

@ -382,7 +382,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
user *int64
group *int64
fsGroup *int64
fsGroupChangePolicy *string
// fsGroupChangePolicy *v1.PodFSGroupChangePolicy
seccomp *v1.SeccompProfile
apparmor *v1.AppArmorProfile
)
@ -414,11 +414,12 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
// if unset, set fsGroup to 1000 by default to support non-root images
if sc.FSGroup == nil {
fsGroup = 1000
fsGroup = newInt64(1000)
// do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
if sc.FSGroupChangePolicy == nil {
fsGroupChangePolicy = "OnRootMismatch"
}
// if sc.FSGroupChangePolicy == nil {
// policy := v1.PodFSGroupChangePolicyOnRootMismatch
// fsGroupChangePolicy = &policy
// }
}
seccomp = seccompProfile(sc.SeccompProfile)
@ -434,7 +435,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
RunAsUser: user,
RunAsGroup: group,
FSGroup: fsGroup,
FSGroupChangePolicy: fsGroupChangePolicy,
// FSGroupChangePolicy: fsGroupChangePolicy,
SeccompProfile: seccomp,
AppArmorProfile: apparmor,
}