You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by aledsage <gi...@git.apache.org> on 2018/09/24 13:04:48 UTC
[GitHub] brooklyn-library pull request #159: Jenkins docker: use non-root user
GitHub user aledsage opened a pull request:
https://github.com/apache/brooklyn-library/pull/159
Jenkins docker: use non-root user
Implementing part of the advice from infra in https://issues.apache.org/jira/browse/INFRA-16417
---
They advised we use `-u 910:910`, rather than the mvn command running as root in the container.
Note that running the docker build on my local (mac) laptop, the user ids are interesting! In the container, (which use bind mounts for `.m2` and and the workspace) are owned by root:root. However, on my laptop, the files created are still owned by my own user.
Magic?! I'm therefore not sure whether this change will make much difference.
---
The other big change we need (not done here - I'll look at that next), recommended in INFRA-16417, is to STOP bind mounting .m2. They said: "Please don't use a bind mount for filesystems you intend to write to".
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/brooklyn-library fix-jenkins-build
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-library/pull/159.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #159
----
commit 5a9fc95a99cd7b21fe2de9707e4a3286a358635f
Author: Aled Sage <al...@...>
Date: 2018-09-24T12:32:07Z
Jenkins docker: use non-root user
----
---
[GitHub] brooklyn-library issue #159: Jenkins docker: use non-root user
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on the issue:
https://github.com/apache/brooklyn-library/pull/159
@tbouron will do, but will first confirm that brooklyn-library master build works, and will also look to see if/how we can avoid the bind mount of the writable directories.
---
[GitHub] brooklyn-library issue #159: Jenkins docker: use non-root user
Posted by tbouron <gi...@git.apache.org>.
Github user tbouron commented on the issue:
https://github.com/apache/brooklyn-library/pull/159
One thing though, could you port the change to the other submodule @aledsage ?
---
[GitHub] brooklyn-library pull request #159: Jenkins docker: use non-root user
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/brooklyn-library/pull/159
---
[GitHub] brooklyn-library issue #159: Jenkins docker: use non-root user
Posted by tbouron <gi...@git.apache.org>.
Github user tbouron commented on the issue:
https://github.com/apache/brooklyn-library/pull/159
LGTM and follow what docs for the maven image: https://hub.docker.com/_/maven/ "Running as non-root"
As Jenkins seems happy, I'm happy and I'll merge this. Thanks @aledsage
---