remove debug log entry

Merge remote-tracking branch 'origin/drone_non_root' into drone_non_root
update readme and annotate code with change
2026-06-13 18:42:15 +08:00 · 2021-05-06 14:40:28 -04:00 · 2021-05-06 14:39:26 -04:00 · 2021-05-06 14:39:13 -04:00 · 2021-05-06 20:10:24 +05:30 · 2021-05-06 19:39:42 +05:30
8 changed files with 57 additions and 40 deletions
@@ -16,6 +16,7 @@ Clone a commit:

 ```
 docker run --rm \
+  -e DRONE_WORKSPACE=/drone \
  -e DRONE_REMOTE_URL=https://github.com/drone/envsubst.git \
  -e DRONE_BUILD_EVENT=push \
  -e DRONE_COMMIT_SHA=15e3f9b7e16332eee3bbdff9ef31f95d23c5da2c \
@@ -1,31 +1,10 @@
 FROM alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
-
-ENV GLIBC_VER=2.31-r0
-RUN apk --no-cache add \
-        binutils \
-        curl \
-    && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
-    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \
-    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \
-    && apk add --no-cache \
-        glibc-${GLIBC_VER}.apk \
-        glibc-bin-${GLIBC_VER}.apk \
-    && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.1.24.zip -o awscliv2.zip \
-    && unzip awscliv2.zip \
-    && aws/install \
-    && rm -rf \
-        awscliv2.zip \
-        aws \
-        /usr/local/aws-cli/v2/*/dist/aws_completer \
-        /usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \
-        /usr/local/aws-cli/v2/*/dist/awscli/examples \
-    && apk --no-cache del \
-        binutils \
-        curl \
-    && rm glibc-${GLIBC_VER}.apk \
-    && rm glibc-bin-${GLIBC_VER}.apk \
-    && rm -rf /var/cache/apk/*
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
-ENTRYPOINT ["/usr/local/bin/clone"]
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
+
+ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,5 +1,9 @@
 FROM arm32v6/alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
 ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,5 +1,9 @@
 FROM arm32v6/alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
 ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,5 +1,9 @@
 FROM arm64v8/alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
 ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,5 +1,9 @@
 FROM arm32v6/alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
 ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,5 +1,9 @@
 FROM arm64v8/alpine:3.12
-RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl
+RUN apk add --no-cache ca-certificates git git-lfs openssh curl perl aws-cli sudo

 ADD posix/* /usr/local/bin/
+RUN adduser -g Drone -s /bin/sh -D -u 1000 drone
+RUN echo 'drone ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/drone
+USER drone:drone
+RUN chmod -R 777 /home/drone
 ENTRYPOINT ["/usr/local/bin/clone"]
@@ -1,14 +1,31 @@
 #!/bin/sh

-if [[ ! -z "${DRONE_WORKSPACE}" ]]; then
+if [[ -n "${DRONE_WORKSPACE}" ]]; then
+	# ensure the unprivileged drone user can write
+	# to the workspace. This is required because
+	# the workspace is a docker volume and is owned
+	# by root.
+	sudo mkdir -p ${DRONE_WORKSPACE}
+	sudo chown drone:drone ${DRONE_WORKSPACE}
+
+	# ensure the workspace is the current working
+	# directory. This should already be the case,
+	# but we cd just to be safe.
 	cd ${DRONE_WORKSPACE}
 fi

+# force the home directory path.
+
+if [ "$HOME" != "/home/drone" ]; then
+	echo "[DEBUG] setting default home directory"
+	export HOME=/home/drone
+fi
+
 # if the netrc enviornment variables exist, write
 # the netrc file.

 if [[ ! -z "${DRONE_NETRC_MACHINE}" ]]; then
-	cat <<EOF > /root/.netrc
+	cat <<EOF > ${HOME}/.netrc
 machine ${DRONE_NETRC_MACHINE}
 login ${DRONE_NETRC_USERNAME}
 password ${DRONE_NETRC_PASSWORD}
@@ -20,12 +37,12 @@ fi
 # known hosts file.

 if [[ ! -z "${DRONE_SSH_KEY}" ]]; then
-	mkdir /root/.ssh
-	echo -n "$DRONE_SSH_KEY" > /root/.ssh/id_rsa
-	chmod 600 /root/.ssh/id_rsa
+	mkdir ${HOME}/.ssh
+	echo -n "$DRONE_SSH_KEY" > ${HOME}/.ssh/id_rsa
+	chmod 600 ${HOME}/.ssh/id_rsa

-	touch /root/.ssh/known_hosts
-	chmod 600 /root/.ssh/known_hosts
+	touch ${HOME}/.ssh/known_hosts
+	chmod 600 ${HOME}/.ssh/known_hosts
 	ssh-keyscan -H ${DRONE_NETRC_MACHINE} > /etc/ssh/ssh_known_hosts 2> /dev/null
 fi
Author	SHA1	Message	Date
Brad Rydzewski	806bc25846	remove debug log entry	2021-05-06 14:40:28 -04:00
Brad Rydzewski	3d2cbbe9ba	Merge remote-tracking branch 'origin/drone_non_root' into drone_non_root	2021-05-06 14:39:26 -04:00
Brad Rydzewski	f7b49aaf9e	update readme and annotate code with change	2021-05-06 14:39:13 -04:00
Shubham Agrawal	be769618aa	updated dockerfile for arm	2021-05-06 20:10:24 +05:30
Shubham Agrawal	487521c8bc	provided 777 to /home/drone	2021-05-06 19:39:42 +05:30
Shubham Agrawal	79700f47fe	Allow non-root user to run git clone plugin	2021-05-06 19:12:05 +05:30
Brad Rydzewski	41c2120a63	improve logs indicating HOME directory created	2021-05-04 21:17:22 -04:00
Brad Rydzewski	9a0e8cc9d6	create HOME directory if not exists	2021-05-04 21:16:15 -04:00
Brad Rydzewski	16f4dd8829	revert to alpine 3.12 due to dns issue	2021-05-04 21:07:07 -04:00
Brad Rydzewski	e2f563e07f	Merge pull request #38 from drone/update_git_version Update git version to 2.30.2 to fix git clone vulnerability	2021-03-23 10:17:32 -04:00
Shubham Agrawal	56e4928d73	Update git version to 2.30.2	2021-03-19 20:31:24 +05:30
Shubham Agrawal	70fe2c5f68	Merge pull request #37 from drone/update_dockerfile Use alpine package to install aws cl1 v1.18	2021-02-16 11:28:58 +05:30
Shubham Agrawal	f006eebba3	addressed comments	2021-02-15 23:19:47 +05:30
Shubham Agrawal	937b910001	Using alpine package for aws cli	2021-02-10 17:11:16 +05:30
Shubham Agrawal	6647ff2107	Use pip to install aws cl1 v1.19.5	2021-02-10 16:06:42 +05:30
Shubham Agrawal	a0b9eebc4f	Merge pull request #36 from drone/aws_codecommit Added AWS codecommit support using access & secret keys	2021-02-05 21:10:09 +05:30