search

enterprise-contract / ec-cli

Enterprise Contract command line interface
https://enterprisecontract.dev/docs/ec-cli/main/index.html
Apache License 2.0
26 stars 25 forks source link

Use go-toolset golang base image for redhat builds #1608

Closed simonbaird closed 2 months ago

simonbaird commented 2 months ago

Use root user instead of the 'default' user from go-toolset to avoid an error like this:

fatal: detected dubious ownership in repository at '/build' To add an exception for this directory, call: git config --global --add safe.directory /build

Could also have solved the problem by doing a --chown=default:root when copying in the files.

Ref: https://issues.redhat.com/browse/EC-625

robnester-rh commented 2 months ago

Does this leave the working user as root and does that present any security concerns?

codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 87.39%. Comparing base (3ce6dd4) to head (5a8f39e). Report is 2 commits behind head on main.

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/graphs/tree.svg?width=650&height=150&src=pr&token=CY5ORXJB33&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract)](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) ```diff @@ Coverage Diff @@ ## main #1608 +/- ## ========================================== + Coverage 80.70% 87.39% +6.69% ========================================== Files 65 76 +11 Lines 4794 5134 +340 ========================================== + Hits 3869 4487 +618 + Misses 925 647 -278 ``` | [Flag](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) | Coverage Δ | | |---|---|---| | [acceptance](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) | `73.07% <ø> (?)` | | | [generative](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) | `80.70% <ø> (ø)` | | | [integration](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) | `80.70% <ø> (ø)` | | | [unit](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract) | `80.70% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract#carryforward-flags-in-the-pull-request-comment) to find out more. [see 43 files with indirect coverage changes](https://app.codecov.io/gh/enterprise-contract/ec-cli/pull/1608/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=enterprise-contract)
simonbaird commented 2 months ago

Does this leave the working user as root and does that present any security concerns?

No, because it's just the build step. In the final image we have USER 1001.

robnester-rh commented 2 months ago

Does this leave the working user as root and does that present any security concerns?

No, because it's just the build step. In the final image we have USER 1001.

Ack.