1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
index 2405c19bb..50321b8e7 100644
--- a/pipeline/backend/local/local.go
+++ b/pipeline/backend/local/local.go
@@ -44,7 +44,7 @@ var notAllowedEnvVarOverwrites = []string{
type workflowState struct {
stepCMDs map[string]*exec.Cmd
- baseDir string
+ user string
homeDir string
workspaceDir string
}
@@ -79,23 +79,17 @@ func (e *local) Load(context.Context) error {
func (e *local) SetupWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
- baseDir, err := os.MkdirTemp("", "woodpecker-local-*")
- if err != nil {
- return err
- }
+ user := conf.Stages[0].Steps[0].Environment["CI_COMMIT_AUTHOR"]
state := &workflowState{
stepCMDs: make(map[string]*exec.Cmd),
- baseDir: baseDir,
- workspaceDir: filepath.Join(baseDir, "workspace"),
- homeDir: filepath.Join(baseDir, "home"),
- }
-
- if err := os.Mkdir(state.homeDir, 0o700); err != nil {
- return err
+ user: user,
+ workspaceDir: filepath.Join("/tmp", user, conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
+ homeDir: filepath.Join("/home", user),
}
- if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
+ err := exec.Command("sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
+ if err != nil {
return err
}
@@ -132,7 +126,8 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string
// Set HOME
env = append(env, "HOME="+state.homeDir)
- var command []string
+ // Run command as commit author user
+ command := []string{"sudo", "-E", "-u", state.user}
if step.Image == constant.DefaultCloneImage {
// Default clone step
// TODO: use tmp HOME and insert netrc and delete it after clone
@@ -209,16 +204,6 @@ func (e *local) TailStep(_ context.Context, step *types.Step, taskUUID string) (
func (e *local) DestroyWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
- state, err := e.getWorkflowStateFromConfig(conf)
- if err != nil {
- return err
- }
-
- err = os.RemoveAll(state.baseDir)
- if err != nil {
- return err
- }
-
workflowID, err := e.getWorkflowIDFromConfig(conf)
if err != nil {
return err
|