More docker backend test remove more undocumented (#3156)

remove Sysctls and IpcMode
2025-02-20 21:26:18 +00:00 · 2024-01-11 19:30:13 +01:00 · 2024-01-11 19:30:13 +01:00 · f8fb28e651
commit f8fb28e651
parent b0a2b1cf2d
7 changed files with 67 additions and 22 deletions
--- a/pipeline/backend/docker/convert.go
+++ b/pipeline/backend/docker/convert.go
@ -79,15 +79,11 @@ func toHostConfig(step *types.Step) *container.HostConfig {
 		},
 		Privileged: step.Privileged,
 		ShmSize:    step.ShmSize,
-		Sysctls:    step.Sysctls,
 	}

 	if len(step.NetworkMode) != 0 {
 		config.NetworkMode = container.NetworkMode(step.NetworkMode)
 	}
-	if len(step.IpcMode) != 0 {
-		config.IpcMode = container.IpcMode(step.IpcMode)
-	}
 	if len(step.DNS) != 0 {
 		config.DNS = step.DNS
 	}
--- a/pipeline/backend/docker/convert_test.go
+++ b/pipeline/backend/docker/convert_test.go
@ -114,9 +114,75 @@ func TestToConfigSmall(t *testing.T) {
 			"wp_uuid": "09238932",
 		},
 		Env: []string{
-			"CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==",
+			"CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" +
+				"5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9" +
+				"GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JE" +
+				"CnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==",
 			"HOME=/root",
 			"SHELL=/bin/sh",
 		},
 	}, conf)
 }
+
+func TestToConfigFull(t *testing.T) {
+	engine := docker{info: types.Info{OSType: "linux/riscv64"}}
+
+	conf := engine.toConfig(&backend.Step{
+		Name:         "test",
+		UUID:         "09238932",
+		Type:         backend.StepTypeCommands,
+		Image:        "golang:1.2.3",
+		Pull:         true,
+		Detached:     true,
+		Privileged:   true,
+		WorkingDir:   "/src/abc",
+		Environment:  map[string]string{"TAGS": "sqlite"},
+		Commands:     []string{"go test", "go vet ./..."},
+		ExtraHosts:   []backend.HostAlias{{Name: "t", IP: "1.2.3.4"}},
+		Volumes:      []string{"/cache:/cache"},
+		Tmpfs:        []string{"/tmp"},
+		Devices:      []string{"/dev/sdc"},
+		Networks:     []backend.Conn{{Name: "extra-net", Aliases: []string{"extra.net"}}},
+		DNS:          []string{"9.9.9.9", "8.8.8.8"},
+		DNSSearch:    nil,
+		MemSwapLimit: 12,
+		MemLimit:     13,
+		ShmSize:      14,
+		CPUQuota:     15,
+		CPUShares:    16,
+		OnFailure:    true,
+		OnSuccess:    true,
+		Failure:      "fail",
+		AuthConfig:   backend.Auth{Username: "user", Password: "123456", Email: "user@example.com"},
+		NetworkMode:  "bridge",
+		Ports:        []uint16{21, 22},
+	})
+
+	assert.NotNil(t, conf)
+	sort.Strings(conf.Env)
+	assert.EqualValues(t, &container.Config{
+		Image:        "golang:1.2.3",
+		WorkingDir:   "/src/abc",
+		AttachStdout: true,
+		AttachStderr: true,
+		Cmd:          []string{"echo $CI_SCRIPT | base64 -d | /bin/sh -e"},
+		Entrypoint:   []string{"/bin/sh", "-c"},
+		Labels: map[string]string{
+			"wp_step": "test",
+			"wp_uuid": "09238932",
+		},
+		Env: []string{
+			"CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" +
+				"5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU" +
+				"9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1" +
+				"JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0CgplY2hvICsgJ2dvIHZldCAuLy4uLicKZ28gdmV0IC" +
+				"4vLi4uCg==",
+			"HOME=/root",
+			"SHELL=/bin/sh",
+			"TAGS=sqlite",
+		},
+		Volumes: map[string]struct{}{
+			"/cache": {},
+		},
+	}, conf)
+}
--- a/pipeline/backend/types/step.go
+++ b/pipeline/backend/types/step.go
@ -45,8 +45,6 @@ type Step struct {
 	Failure        string            `json:"failure,omitempty"`
 	AuthConfig     Auth              `json:"auth_config,omitempty"`
 	NetworkMode    string            `json:"network_mode,omitempty"`
-	IpcMode        string            `json:"ipc_mode,omitempty"`
-	Sysctls        map[string]string `json:"sysctls,omitempty"`
 	Ports          []uint16          `json:"ports,omitempty"`
 	BackendOptions BackendOptions    `json:"backend_options,omitempty"`
 }
--- a/pipeline/frontend/yaml/compiler/convert.go
+++ b/pipeline/frontend/yaml/compiler/convert.go
@ -39,7 +39,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe
 		workspace   = fmt.Sprintf("%s_default:%s", c.prefix, c.base)
 		privileged  = container.Privileged
 		networkMode = container.NetworkMode
-		ipcMode     = container.IpcMode
 		// network    = container.Network
 	)

@ -191,7 +190,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe
 		MemSwapLimit:   memSwapLimit,
 		MemLimit:       memLimit,
 		ShmSize:        shmSize,
-		Sysctls:        container.Sysctls,
 		CPUQuota:       cpuQuota,
 		CPUShares:      cpuShares,
 		CPUSet:         cpuSet,
@ -200,7 +198,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe
 		OnFailure:      onFailure,
 		Failure:        failure,
 		NetworkMode:    networkMode,
-		IpcMode:        ipcMode,
 		Ports:          ports,
 		BackendOptions: backendOptions,
 	}, nil
--- a/pipeline/frontend/yaml/linter/linter.go
+++ b/pipeline/frontend/yaml/linter/linter.go
@ -169,12 +169,6 @@ func (l *Linter) lintTrusted(config *WorkflowConfig, c *types.Container, area st
 	if len(c.NetworkMode) != 0 {
 		err = "Insufficient privileges to use network_mode"
 	}
-	if len(c.IpcMode) != 0 {
-		err = "Insufficient privileges to use ipc_mode"
-	}
-	if len(c.Sysctls) != 0 {
-		err = "Insufficient privileges to use sysctls"
-	}
 	if c.Networks.Networks != nil && len(c.Networks.Networks) != 0 {
 		err = "Insufficient privileges to use networks"
 	}
--- a/pipeline/frontend/yaml/linter/linter_test.go
+++ b/pipeline/frontend/yaml/linter/linter_test.go
@ -152,10 +152,6 @@ func TestLintErrors(t *testing.T) {
 			from: "steps: { build: { image: golang, network_mode: 'container:name' }  }",
 			want: "Insufficient privileges to use network_mode",
 		},
-		{
-			from: "steps: { build: { image: golang, sysctls: [ net.core.somaxconn=1024 ] }  }",
-			want: "Insufficient privileges to use sysctls",
-		},
 	}

 	for _, test := range testdata {
--- a/pipeline/frontend/yaml/types/container.go
+++ b/pipeline/frontend/yaml/types/container.go
@ -61,13 +61,11 @@ type (
 		DNSSearch    base.StringOrSlice  `yaml:"dns_search,omitempty"`
 		DNS          base.StringOrSlice  `yaml:"dns,omitempty"`
 		ExtraHosts   []string            `yaml:"extra_hosts,omitempty"`
-		IpcMode      string              `yaml:"ipc_mode,omitempty"`
 		MemLimit     base.MemStringOrInt `yaml:"mem_limit,omitempty"`
 		MemSwapLimit base.MemStringOrInt `yaml:"memswap_limit,omitempty"`
 		NetworkMode  string              `yaml:"network_mode,omitempty"`
 		Networks     Networks            `yaml:"networks,omitempty"`
 		ShmSize      base.MemStringOrInt `yaml:"shm_size,omitempty"`
-		Sysctls      base.SliceOrMap     `yaml:"sysctls,omitempty"`
 		Tmpfs        []string            `yaml:"tmpfs,omitempty"`
 	}
 )