Move id_rsa outside docker build #PR1

This commit is contained in:
Kirill Zaitsev 2014-12-10 20:06:17 +03:00
parent 5539f63ba5
commit 82f6b77baf
4 changed files with 24 additions and 38 deletions

View file

@ -218,10 +218,6 @@ func (b *Builder) setup() error {
b.services = append(b.services, info) b.services = append(b.services, info)
} }
if err := b.writeIdentifyFile(dir); err != nil {
return err
}
if err := b.writeBuildScript(dir); err != nil { if err := b.writeBuildScript(dir); err != nil {
return err return err
} }
@ -455,11 +451,8 @@ func (b *Builder) writeDockerfile(dir string) error {
dockerfile.WriteEnv("LOGNAME", "ubuntu") dockerfile.WriteEnv("LOGNAME", "ubuntu")
dockerfile.WriteEnv("TERM", "xterm") dockerfile.WriteEnv("TERM", "xterm")
dockerfile.WriteEnv("SHELL", "/bin/bash") dockerfile.WriteEnv("SHELL", "/bin/bash")
dockerfile.WriteAdd("id_rsa", "/home/ubuntu/.ssh/id_rsa")
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /home/ubuntu/.ssh")
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone") dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /var/cache/drone")
dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone") dockerfile.WriteRun("sudo chown -R ubuntu:ubuntu /usr/local/bin/drone")
dockerfile.WriteRun("sudo chmod 600 /home/ubuntu/.ssh/id_rsa")
default: default:
// all other images are assumed to use // all other images are assumed to use
// the root user. // the root user.
@ -471,9 +464,6 @@ func (b *Builder) writeDockerfile(dir string) error {
dockerfile.WriteEnv("TERM", "xterm") dockerfile.WriteEnv("TERM", "xterm")
dockerfile.WriteEnv("SHELL", "/bin/bash") dockerfile.WriteEnv("SHELL", "/bin/bash")
dockerfile.WriteEnv("GOPATH", "/var/cache/drone") dockerfile.WriteEnv("GOPATH", "/var/cache/drone")
dockerfile.WriteAdd("id_rsa", "/root/.ssh/id_rsa")
dockerfile.WriteRun("chmod 600 /root/.ssh/id_rsa")
dockerfile.WriteRun("echo 'StrictHostKeyChecking no' > /root/.ssh/config")
} }
dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/") dockerfile.WriteAdd("proxy.sh", "/etc/drone.d/")
@ -512,6 +502,8 @@ func (b *Builder) writeBuildScript(dir string) error {
f.WriteHost(mapping) f.WriteHost(mapping)
} }
f.WriteFile("$HOME/.ssh/id_rsa", b.Key, 600)
// if the repository is remote then we should // if the repository is remote then we should
// add the commands to the build script to // add the commands to the build script to
// clone the repository // clone the repository
@ -554,11 +546,3 @@ func (b *Builder) writeProxyScript(dir string) error {
proxyfilePath := filepath.Join(dir, "proxy.sh") proxyfilePath := filepath.Join(dir, "proxy.sh")
return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755) return ioutil.WriteFile(proxyfilePath, proxyfile.Bytes(), 0755)
} }
// writeIdentifyFile is a helper function that
// will generate the id_rsa file in the builder's
// temp directory to be added to the Image.
func (b *Builder) writeIdentifyFile(dir string) error {
keyfilePath := filepath.Join(dir, "id_rsa")
return ioutil.WriteFile(keyfilePath, b.Key, 0700)
}

View file

@ -477,26 +477,6 @@ func TestRunErrorWait(t *testing.T) {
t.Skip() t.Skip()
} }
func TestWriteIdentifyFile(t *testing.T) {
// temporary directory to store file
dir, _ := ioutil.TempDir("", "drone-test-")
defer os.RemoveAll(dir)
b := Builder{}
b.Key = []byte("ssh-rsa AAA...")
b.writeIdentifyFile(dir)
// persist a dummy id_rsa keyfile to disk
keyfile, err := ioutil.ReadFile(filepath.Join(dir, "id_rsa"))
if err != nil {
t.Errorf("Expected id_rsa file saved to disk")
}
if string(keyfile) != string(b.Key) {
t.Errorf("Expected id_rsa value saved as %s, got %s", b.Key, keyfile)
}
}
func TestWriteProxyScript(t *testing.T) { func TestWriteProxyScript(t *testing.T) {
// temporary directory to store file // temporary directory to store file
dir, _ := ioutil.TempDir("", "drone-test-") dir, _ := ioutil.TempDir("", "drone-test-")
@ -541,6 +521,7 @@ func TestWriteBuildScript(t *testing.T) {
b := Builder{} b := Builder{}
b.Build = &script.Build{ b.Build = &script.Build{
Hosts: []string{"127.0.0.1"}} Hosts: []string{"127.0.0.1"}}
b.Key = []byte("ssh-rsa AAA...")
b.Repo = &repo.Repo{ b.Repo = &repo.Repo{
Path: "git://github.com/drone/drone.git", Path: "git://github.com/drone/drone.git",
Branch: "master", Branch: "master",
@ -570,6 +551,7 @@ func TestWriteBuildScript(t *testing.T) {
f.WriteEnv("CI_BRANCH", "master") f.WriteEnv("CI_BRANCH", "master")
f.WriteEnv("CI_PULL_REQUEST", "123") f.WriteEnv("CI_PULL_REQUEST", "123")
f.WriteHost("127.0.0.1") f.WriteHost("127.0.0.1")
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone") f.WriteCmd("git clone --depth=0 --recursive git://github.com/drone/drone.git /var/cache/drone/github.com/drone/drone")
f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123") f.WriteCmd("git fetch origin +refs/pull/123/head:refs/remotes/origin/pr/123")
f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123") f.WriteCmd("git checkout -qf -b pr/123 origin/pr/123")

View file

@ -52,6 +52,12 @@ func (b *Buildfile) WriteHost(mapping string) {
b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping)) b.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && echo %q | sudo tee -a /etc/hosts", mapping))
} }
// WriteFile add files as part of the script.
func (b *Buildfile) WriteFile(path string, file []byte, i int) {
b.WriteString(fmt.Sprintf("echo %q | tee %s > /dev/null\n", string(file), path))
b.WriteCmdSilent(fmt.Sprintf("chmod %d %s", i, path))
}
// every build script starts with the following // every build script starts with the following
// code at the start. // code at the start.
var base = ` var base = `
@ -70,6 +76,13 @@ if [ -d /etc/drone.d ]; then
unset i unset i
fi fi
if [ ! -d $HOME/.ssh ]; then
mkdir -p $HOME/.ssh
fi
chmod 0700 $HOME/.ssh
echo 'StrictHostKeyChecking no' | tee $HOME/.ssh/config > /dev/null
# be sure to exit on error and print out # be sure to exit on error and print out
# our bash commands, so we can which commands # our bash commands, so we can which commands
# are executing and troubleshoot failures. # are executing and troubleshoot failures.

View file

@ -46,4 +46,11 @@ func TestWrite(t *testing.T) {
if got != want { if got != want {
t.Errorf("Exepected WriteHost returned %s, got %s", want, got) t.Errorf("Exepected WriteHost returned %s, got %s", want, got)
} }
f = &Buildfile{}
f.WriteFile("$HOME/.ssh/id_rsa", []byte("ssh-rsa AAA..."), 600)
got, want = f.String(), "echo \"ssh-rsa AAA...\" | tee $HOME/.ssh/id_rsa > /dev/null\nchmod 600 $HOME/.ssh/id_rsa\n"
if got != want {
t.Errorf("Exepected WriteFile returned \n%s, \ngot\n%s", want, got)
}
} }