oss/forgejo-runner
oss/forgejo-runner
1
0
Fork 0
mirror of https://code.forgejo.org/forgejo/runner.git synced 2025-09-15 18:57:01 +00:00
Code Wiki Activity

Add support for container kernel capabilities (#716)

Browse source 
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
This commit is contained in:
Joseph Benden 2021-06-04 09:06:59 -07:00 committed by GitHub
parent aa283f5cd3
commit 160016b5fa
6 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cmd/root.go
View file

@ -50,6 +50,8 @@ func Execute(ctx context.Context, version string) {
rootCmd.Flags().BoolVar(&input.privileged, "privileged", false, "use privileged mode")
rootCmd.Flags().StringVar(&input.usernsMode, "userns", "", "user namespace to use")
rootCmd.Flags().BoolVar(&input.useGitIgnore, "use-gitignore", true, "Controls whether paths specified in .gitignore should be copied into container")
rootCmd.Flags().StringArrayVarP(&input.containerCapAdd, "container-cap-add", "", []string{}, "kernel capabilities to add to the workflow containers (e.g. --container-cap-add SYS_PTRACE)")
rootCmd.Flags().StringArrayVarP(&input.containerCapDrop, "container-cap-drop", "", []string{}, "kernel capabilities to remove from the workflow containers (e.g. --container-cap-drop SYS_PTRACE)")
rootCmd.PersistentFlags().StringVarP(&input.actor, "actor", "a", "nektos/act", "user that triggered the event")
rootCmd.PersistentFlags().StringVarP(&input.workflowsPath, "workflows", "W", "./.github/workflows/", "path to workflow file(s)")
rootCmd.PersistentFlags().BoolVarP(&input.noWorkflowRecurse, "no-recurse", "", false, "Flag to disable running workflows from subdirectories of specified path in '--workflows'/'-W' flag")
@ -259,6 +261,8 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
ContainerDaemonSocket: input.containerDaemonSocket,
UseGitIgnore: input.useGitIgnore,
GitHubInstance: input.githubInstance,
ContainerCapAdd: input.containerCapAdd,
ContainerCapDrop: input.containerCapDrop,
}
r, err := runner.New(config)
if err != nil {