search

firecow / gitlab-ci-local

Tired of pushing to test your .gitlab-ci.yml?
MIT License
2.05k stars 118 forks source link

docker container running incorrect user #1149

Closed sh-cau closed 4 months ago

sh-cau commented 4 months ago

Minimal .gitlab-ci.yml illustrating the issue

---
job:
  image: my-local-image-with-"USER: test"-in-dockerfile
  script: whoami

Expected behavior whoami should return test but it returns root, even though I explicitly set USER test in the Dockerfile that built the image.

Host information Ubuntu 20.04 gitlab-ci-local 4.47.0

Containerd binary I am using docker

Additional context I need the docker container to have a specific user, since (as described in #1144) I use a license that is also linked to the user name next to the MAC address. Unfortunately, I don't quite understand how the docker container is run. But since my Dockerfile includes USER test, why is this ignored? Is my image pulled from any registry (in which case the error would make sense) or is a local image used (which would make more sense to me given that its calles gitlab-ci-local but in that case, the image defines the user to be non-root!). So I guess a --container-user option would solve this problem.

I tried gcl --umask 1000:1000 which is what I get when I run id -u/-g in the docker container.

firecow commented 4 months ago

You need to run gitlab-ci-local --no-umask if you don't want all containers to be run as root.

Thats how default configured gitlab-runners does it.