Closed benbridts closed 2 years ago
benbridts
commented
2 years ago Another way to work with external tools, (on top of making it executable with other users), is to add a script that takes a --rules parameter and runs guard for every other file that is passed on the command line (pre-commit will call with multiple files in the argument)
grolston
commented
2 years ago The docker build for this repo uses the root user to install and configure cfn-guard. The image was really setup to work with GitHub Actions and Gitlab CI; however, it is possible to build an image for more use-cases here. If you want to attempt a PR for a new build we could move it to being published if all works out.
github-actions[bot]
commented
2 years ago Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Description
This is mostly a problem in other tools I'm using, but:
when I run cfn-guard via pre-commit, I always get an error, because that tool runs docker under a non-root user (in the container). It believe it does this because it will also mount a local directory (and tries to match the user id of those files)
Use Case
If this didn't fail it would be easier to use cfn-guard(-registry) with CI/CD tools that don't let you specify the whole docker command, but that do support docker as en engine
Proposed Solution
The docker build could maybe copy the binary to /opt/guard and make sure that's world readable and executable
Other information
No response
Acknowledge