Avoid using sudo if on happy path
This commit is contained in:
sebthom
parent
14e718454a
commit
19f8e34ad0
|
|
@ -83,6 +83,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
||||||
echo "#################################################"
|
echo "#################################################"
|
||||||
addgroup --gid 1000 act
|
addgroup --gid 1000 act
|
||||||
adduser --uid 1000 --ingroup act --home /data --shell /bin/bash --disabled-password --gecos "" act
|
adduser --uid 1000 --ingroup act --home /data --shell /bin/bash --disabled-password --gecos "" act
|
||||||
|
adduser act users
|
||||||
adduser act sudo
|
adduser act sudo
|
||||||
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
||||||
echo "#################################################"
|
echo "#################################################"
|
||||||
addgroup --gid 1000 act
|
addgroup --gid 1000 act
|
||||||
adduser --uid 1000 --ingroup act --home /data --shell /bin/bash --disabled-password --gecos "" act
|
adduser --uid 1000 --ingroup act --home /data --shell /bin/bash --disabled-password --gecos "" act
|
||||||
|
adduser act users
|
||||||
adduser act sudo
|
adduser act sudo
|
||||||
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
|
|
||||||
44
image/run.sh
44
image/run.sh
|
|
@ -7,9 +7,10 @@
|
||||||
#
|
#
|
||||||
source /opt/bash-init.sh
|
source /opt/bash-init.sh
|
||||||
|
|
||||||
#################################################
|
#################################################################
|
||||||
# print header
|
# print header
|
||||||
#################################################
|
#################################################################
|
||||||
|
if [[ ${1:-} == "" ]]; then
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
_____ _ _ _ _____
|
_____ _ _ _ _____
|
||||||
/ ____(_) | /\ | | | __ \
|
/ ____(_) | /\ | | | __ \
|
||||||
|
|
@ -26,5 +27,44 @@ log INFO "Timezone is $(date +"%Z %z")"
|
||||||
log INFO "Hostname: $(hostname -f)"
|
log INFO "Hostname: $(hostname -f)"
|
||||||
log INFO "IP Addresses: "
|
log INFO "IP Addresses: "
|
||||||
awk '/32 host/ { if(uniq[ip]++ && ip != "127.0.0.1") print " - " ip } {ip=$2}' /proc/net/fib_trie
|
awk '/32 host/ { if(uniq[ip]++ && ip != "127.0.0.1") print " - " ip } {ip=$2}' /proc/net/fib_trie
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#################################################################
|
||||||
|
# start docker deamon (if installed = DinD)
|
||||||
|
#################################################################
|
||||||
|
if [[ -f /usr/bin/dockerd ]]; then
|
||||||
|
[[ $EUID -eq 0 ]] || sudo -E bash ${BASH_SOURCE[0]}
|
||||||
|
log INFO "Starting docker engine..."
|
||||||
|
sudo service docker start
|
||||||
|
while [[ ! -e /var/run/docker.sock ]]; do sleep 2; done
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#################################################################
|
||||||
|
# check if act user UID/GID needs adjustment
|
||||||
|
#################################################################
|
||||||
|
fixids=false
|
||||||
|
if [ -n "${GITEA_RUNNER_UID:-}" ]; then
|
||||||
|
effective_uid=$(id -u act)
|
||||||
|
if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
|
||||||
|
fixids=true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${GITEA_RUNNER_GID:-}" ]; then
|
||||||
|
effective_gid=$(id -g act)
|
||||||
|
if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then
|
||||||
|
fixids=true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#################################################################
|
||||||
|
# adjust act user UID/GID if required
|
||||||
|
#################################################################
|
||||||
|
if [[ $fixids == "true" ]]; then
|
||||||
exec sudo -E bash /opt/run_fixids.sh
|
exec sudo -E bash /opt/run_fixids.sh
|
||||||
|
else
|
||||||
|
bash /opt/run_runner.sh
|
||||||
|
fi
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ source /opt/bash-init.sh
|
||||||
if [ -n "${GITEA_RUNNER_UID:-}" ]; then
|
if [ -n "${GITEA_RUNNER_UID:-}" ]; then
|
||||||
effective_uid=$(id -u act)
|
effective_uid=$(id -u act)
|
||||||
if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
|
if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
|
||||||
|
[[ $EUID -eq 0 ]] || sudo -E bash ${BASH_SOURCE[0]}
|
||||||
log INFO "Changing UID of user [act] from $effective_uid to $GITEA_RUNNER_UID..."
|
log INFO "Changing UID of user [act] from $effective_uid to $GITEA_RUNNER_UID..."
|
||||||
usermod -o -u "$GITEA_RUNNER_UID" act
|
usermod -o -u "$GITEA_RUNNER_UID" act
|
||||||
fi
|
fi
|
||||||
|
|
@ -21,31 +22,13 @@ fi
|
||||||
if [ -n "${GITEA_RUNNER_GID:-}" ]; then
|
if [ -n "${GITEA_RUNNER_GID:-}" ]; then
|
||||||
effective_gid=$(id -g act)
|
effective_gid=$(id -g act)
|
||||||
if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then
|
if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then
|
||||||
|
[[ $EUID -eq 0 ]] || sudo -E bash ${BASH_SOURCE[0]}
|
||||||
log INFO "Changing GID of user [act] from $effective_gid to $GITEA_RUNNER_GID..."
|
log INFO "Changing GID of user [act] from $effective_gid to $GITEA_RUNNER_GID..."
|
||||||
groupmod -o -g "$GITEA_RUNNER_GID" act
|
groupmod -o -g "$GITEA_RUNNER_GID" act
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
chown -R act:act /data
|
chown -R act:act /data
|
||||||
|
|
||||||
if [[ -f /usr/bin/dockerd ]]; then
|
|
||||||
log INFO "Starting docker engine..."
|
|
||||||
service docker start
|
|
||||||
while [[ ! -e /var/run/docker.sock ]]; do sleep 2; done
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker_group=$(stat -c '%G' /var/run/docker.sock)
|
|
||||||
if [[ $docker_group == "UNKNOWN" ]]; then
|
|
||||||
docker_gid=$(stat -c '%g' /var/run/docker.sock)
|
|
||||||
docker_group="docker$docker_gid"
|
|
||||||
log INFO "Creating group [$docker_group]..."
|
|
||||||
addgroup --gid $docker_gid $docker_group
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! id -nG act | grep -qw "$docker_group"; then
|
|
||||||
log INFO "Adding user [act] to group [$docker_group]..."
|
|
||||||
usermod -aG $docker_group act
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
#################################################################
|
#################################################################
|
||||||
# Launch the runner with adjusted UID/GID
|
# Launch the runner with adjusted UID/GID
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,26 @@ log INFO "Effective user: $(id)"
|
||||||
|
|
||||||
cd /data
|
cd /data
|
||||||
|
|
||||||
|
|
||||||
|
#################################################################
|
||||||
|
# ensure act user has read/write access to /var/run/docker.sock
|
||||||
|
#################################################################
|
||||||
|
if [[ ! -w /var/run/docker.sock || ! -r /var/run/docker.sock ]]; then
|
||||||
|
docker_group=$(stat -c '%G' /var/run/docker.sock)
|
||||||
|
if [[ $docker_group == "UNKNOWN" ]]; then
|
||||||
|
docker_gid=$(stat -c '%g' /var/run/docker.sock)
|
||||||
|
docker_group="docker$docker_gid"
|
||||||
|
log INFO "Creating group [$docker_group]..."
|
||||||
|
sudo addgroup --gid $docker_gid $docker_group
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! id -nG act | grep -qw "$docker_group"; then
|
||||||
|
log INFO "Adding user [act] to docker group [$(getent group $docker_group)]..."
|
||||||
|
sudo usermod -aG $docker_group act
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
#################################################
|
#################################################
|
||||||
# load custom init script if specified
|
# load custom init script if specified
|
||||||
#################################################
|
#################################################
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue