forgejo/act
Archived
24
5
Fork 16
Code Issues Pull requests Releases Activity Actions

fix: filter job container options with an allow list #83

Merged
earl-warren merged 3 commits from earl-warren/act:wip-pid into main 2025-01-10 08:02:12 +00:00
Conversation 14 Commits 3 Files changed 5 +135 -41
earl-warren commented 2024-12-25 14:25:21 +00:00
Contributor
Copy link

The workflow can only contain the following options for a container:

  • --volume
  • --tmpfs

Note to reviewers: there are three commits to facilitate review. The first two are refactor and change nothing functionally. The third one is where the change happen.

The workflow can only contain the following options for a container: - --volume - --tmpfs Note to reviewers: there are three commits to facilitate review. The first two are refactor and change nothing functionally. The third one is where the change happen.
cascading-pr commented 2024-12-25 14:26:37 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
earl-warren force-pushed wip-pid from 715ded4491
All checks were successful
checks / unit (pull_request) Successful in 1m17s
Details
checks / integration (pull_request) Successful in 59s
Details
/ cascade (pull_request_target) Successful in 27m42s
Details
to 5c99e63e9a
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 39s
Details
checks / integration (pull_request) Successful in 32s
Details
2024-12-25 14:27:15 +00:00 Compare
earl-warren changed title from fix: make --pids in container options a noop to fix: make --pid in container options a noop 2024-12-25 14:34:20 +00:00
viceice approved these changes 2024-12-26 10:05:02 +00:00
Dismissed
earl-warren force-pushed wip-pid from 5c99e63e9a
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 39s
Details
checks / integration (pull_request) Successful in 32s
Details
to ee45496cf7
All checks were successful
checks / unit (pull_request) Successful in 28s
Details
checks / integration (pull_request) Successful in 26s
Details
/ cascade (pull_request_target) Successful in 26m34s
Details
2024-12-27 07:26:28 +00:00 Compare
earl-warren dismissed viceice's review 2024-12-27 07:26:28 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

cascading-pr commented 2024-12-27 07:27:08 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
viceice approved these changes 2024-12-27 08:08:04 +00:00
Dismissed
viceice reviewed 2024-12-27 08:09:06 +00:00
viceice left a comment
Owner

🤔 pr title and content discrepancy

🤔 pr title and content discrepancy
viceice dismissed viceice's review 2024-12-27 08:09:45 +00:00
Reason:

Should not be merged as is

earl-warren force-pushed wip-pid from ee45496cf7
All checks were successful
checks / unit (pull_request) Successful in 28s
Details
checks / integration (pull_request) Successful in 26s
Details
/ cascade (pull_request_target) Successful in 26m34s
Details
to 647f32b6a1
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 1m3s
Details
checks / integration (pull_request) Successful in 35s
Details
2024-12-27 09:27:40 +00:00 Compare
earl-warren changed title from fix: make --pid in container options a noop to WIP: fix: make --pid in container options a noop 2024-12-27 09:29:06 +00:00
earl-warren force-pushed wip-pid from 647f32b6a1
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 1m3s
Details
checks / integration (pull_request) Successful in 35s
Details
to 25bb41a0a3
Some checks failed
checks / unit (pull_request) Successful in 1m3s
Details
checks / integration (pull_request) Successful in 33s
Details
/ cascade (pull_request_target) Failing after 7m19s
Details
2024-12-27 09:54:27 +00:00 Compare
cascading-pr commented 2024-12-27 09:57:45 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
earl-warren commented 2024-12-27 09:58:07 +00:00
Author
Contributor
Copy link

@viceice sorry about that, marked as WIP now.

#84 is ready for review though 😇

@viceice sorry about that, marked as WIP now. https://code.forgejo.org/forgejo/act/pulls/84 is ready for review though 😇
earl-warren force-pushed wip-pid from 25bb41a0a3
Some checks failed
checks / unit (pull_request) Successful in 1m3s
Details
checks / integration (pull_request) Successful in 33s
Details
/ cascade (pull_request_target) Failing after 7m19s
Details
to 92d04f24f1
All checks were successful
checks / unit (pull_request) Successful in 1m9s
Details
checks / integration (pull_request) Successful in 33s
Details
/ cascade (pull_request_target) Successful in 27m54s
Details
2024-12-27 11:40:42 +00:00 Compare
cascading-pr commented 2024-12-27 11:43:51 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
earl-warren changed title from WIP: fix: make --pid in container options a noop to WIP: fix: filter job container options with an allow list 2024-12-27 11:44:29 +00:00
earl-warren force-pushed wip-pid from 92d04f24f1
All checks were successful
checks / unit (pull_request) Successful in 1m9s
Details
checks / integration (pull_request) Successful in 33s
Details
/ cascade (pull_request_target) Successful in 27m54s
Details
to 05b15cfe12
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 1m6s
Details
checks / integration (pull_request) Successful in 29s
Details
2024-12-27 11:48:10 +00:00 Compare
earl-warren force-pushed wip-pid from 05b15cfe12
All checks were successful
/ cascade (pull_request_target) Has been skipped
Details
checks / unit (pull_request) Successful in 1m6s
Details
checks / integration (pull_request) Successful in 29s
Details
to ada5210a84
All checks were successful
checks / unit (pull_request) Successful in 1m7s
Details
checks / integration (pull_request) Successful in 31s
Details
/ cascade (pull_request_target) Successful in 4m58s
Details
2025-01-02 08:51:37 +00:00 Compare
earl-warren changed title from WIP: fix: filter job container options with an allow list to fix: filter job container options with an allow list 2025-01-02 08:51:58 +00:00
cascading-pr commented 2025-01-02 08:52:21 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
earl-warren commented 2025-01-02 08:54:24 +00:00
Author
Contributor
Copy link

Note to reviewers: there are three commits to facilitate review. The first two are refactor and change nothing functionally. The third one is where the change happen.

Note to reviewers: there are three commits to facilitate review. The first two are refactor and change nothing functionally. The third one is where the change happen.
viceice reviewed 2025-01-09 10:37:52 +00:00
pkg/container/docker_run_test.go Outdated
@ -250,0 +263,4 @@
Volumes: map[string]struct{}{"somevolume": {}},
},
hostConfig: &container.HostConfig{
Binds: []string{"/foo:/bar", "/frob:/nitz"},
viceice commented 2025-01-09 10:37:52 +00:00
Owner

those are filtered on a later stage if not allowed by runner config?

those are filtered on a later stage if not allowed by runner config?
earl-warren commented 2025-01-09 11:09:24 +00:00
Author
Contributor

Yes, in sanitizeConfig

Yes, in `sanitizeConfig`
earl-warren marked this conversation as resolved
Kwonunn requested changes 2025-01-09 11:04:26 +00:00
Dismissed
Kwonunn left a comment
Member

i'm confused about one bit of code, otherwise it looks good to me ^-^

i'm confused about one bit of code, otherwise it looks good to me ^-^
pkg/container/docker_run.go
@ -409,3 +397,3 @@
return nil, nil, fmt.Errorf("Cannot merge container.HostConfig options: '%s': '%w'", input.Options, err)
return nil, nil, fmt.Errorf("Cannot merge container.HostConfig options: '%s': '%w'", input.ConfigOptions, err)
}
hostConfig.Binds = binds
Kwonunn commented 2025-01-09 11:02:18 +00:00
Member

i don't really understand what's going in from L390 to L402.

first, hostConfig.Binds is assigned to, then that value is also assigned to binds, and then binds is assigned to hostConfig.Binds again?

i don't really understand what's going in from L390 to L402. first, `hostConfig.Binds` is assigned to, then that value is also assigned to `binds`, and then `binds` is assigned to `hostConfig.Binds` again?
earl-warren commented 2025-01-09 11:13:55 +00:00
Author
Contributor

Binds, Mounts and NetworkMode are exceptions to the merge. binds save the value before mergo.Merge which has a side effect potentially modifying it and then restores the original value. Same for the other two.

Does that make sense?

Binds, Mounts and NetworkMode are exceptions to the merge. binds save the value before mergo.Merge which has a side effect potentially modifying it and then restores the original value. Same for the other two. Does that make sense?
Kwonunn commented 2025-01-09 13:19:35 +00:00
Member

got it, i think this is good to merge then

got it, i think this is good to merge then
earl-warren marked this conversation as resolved
earl-warren force-pushed wip-pid from ada5210a84
All checks were successful
checks / unit (pull_request) Successful in 1m7s
Details
checks / integration (pull_request) Successful in 31s
Details
/ cascade (pull_request_target) Successful in 4m58s
Details
to 928120bf6a
Some checks failed
checks / unit (pull_request) Successful in 1m46s
Details
checks / integration (pull_request) Successful in 28s
Details
/ cascade (pull_request_target) Failing after 17s
Details
2025-01-09 11:10:32 +00:00 Compare
cascading-pr commented 2025-01-09 11:11:22 +00:00
Contributor
Copy link

cascading-pr updated at forgejo/runner#399

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/399
Kwonunn approved these changes 2025-01-09 13:19:43 +00:00
earl-warren deleted branch wip-pid 2025-01-10 08:02:12 +00:00
Commenting is not possible because the repository is archived.
Reviewers
No reviewers
viceice
Kwonunn
Labels
Clear labels   
Compat/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind
Chore
Housekeeping, cleanup and chores

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No labels
Compat/Breaking
Kind/Bug
Kind
Chore
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
earl-warren
4 participants
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/act!83
No description provided.