Put a regular user step first.

Put back in chown.
Switch to real mount path.
2025-02-23 13:18:10 -05:00 · 2025-02-23 13:15:24 -05:00 · 2025-02-23 13:11:15 -05:00 · 2025-02-23 13:06:38 -05:00 · 2025-02-23 13:05:37 -05:00
2 changed files with 32 additions and 63 deletions
--- a/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
+++ b/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
@@ -22,6 +22,11 @@ spec:
      description: Includes credentials for the docker image registry.
      optional: true
      mountPath: /home/user/.docker
+    - name: buildkit-cache
+      description: For preserving buildkit type=cache mounts between builds.
+      optional: true
+      # mountPath: /home/user/.local/share/foo
+      mountPath: /home/user/.local/share/buildkit
  params:
    - name: OUTPUT
      type: string
@@ -40,7 +45,8 @@ spec:
    - name: BUILDER_IMAGE
      type: string
      description: Docker image containing BuildKit.
-      default: "moby/buildkit:v0.29.0-rootless"
+      default: "moby/buildkit:v0.17.0-rc1-rootless"
+      # or v0.16.0-rootless
    - name: EXTRA_ARGS
      type: array
      description: Arguments passed to the build command.
@@ -63,6 +69,29 @@ spec:
    - name: metadata-out
      emptyDir: {}
  steps:
+    - name: run-as-user
+      image: $(params.BUILDER_IMAGE)
+      workingDir: "$(workspaces.source.path)"
+      script: |
+        #!/usr/bin/env sh
+        set -euo pipefail
+        echo "yo"
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+    - name: setup-cache-ownership
+      image: $(params.BUILDER_IMAGE)
+      workingDir: "$(workspaces.source.path)"
+      script: |
+        #!/usr/bin/env sh
+        set -euo pipefail
+        chown 1000:1000 /home/user/.local/share/buildkit
+        chmod 0777 /home/user/.local/share/buildkit
+      securityContext:
+        # runAsNonRoot: false
+        runAsUser: 0
+        runAsGroup: 0
    - name: write-config
      image: $(params.BUILDER_IMAGE)
      workingDir: "$(workspaces.source.path)"
@@ -87,7 +116,7 @@ spec:
        chmod +x /home/user/.config/buildkit/entrypoint.sh
      volumeMounts:
        - name: buildkitd
-          mountPath: /home/user/.local/share/buildkit
+          mountPath: /home/user/.local/share/buildkittwo
        - name: buildkitd-toml
          mountPath: /home/user/.config/buildkit
      securityContext:
@@ -112,7 +141,7 @@ spec:
        - $(params.EXTRA_ARGS)
      volumeMounts:
        - name: buildkitd
-          mountPath: /home/user/.local/share/buildkit
+          mountPath: /home/user/.local/share/buildkittwo
        - name: buildkitd-toml
          mountPath: /home/user/.config/buildkit
          readOnly: true
--- a/task/git-clone/0.1/git-clone.yaml
+++ b/task/git-clone/0.1/git-clone.yaml
@@ -1,60 +0,0 @@
-apiVersion: tekton.dev/v1
-kind: Task
-metadata:
-  name: git-clone
-  labels:
-    app.kubernetes.io/version: "0.1"
-  annotations:
-    tekton.dev/categories: SCM
-    tekton.dev/pipelines.minVersion: "1.12.1"
-    tekton.dev/tags: scm
-    tekton.dev/displayName: "Clone a git repository."
-    tekton.dev/platforms: "linux/amd64"
-spec:
-  description: >-
-    This task will clone a git repository.
-  workspaces:
-    - name: output
-      mountPath: /output
-      readOnly: false
-  params:
-    - name: url
-      type: string
-      description: The repository url to clone.
-    - name: revision
-      type: string
-      description: The revision to clone.
-    - name: IMAGE
-      type: string
-      description: Docker image to use for performing the clone.
-      default: "alpine/git:v2.54.0"
-  results:
-    - name: commit
-      type: string
-      description: The commit hash that was cloned.
-    - name: url
-      type: string
-      description: The URL to the git repo.
-    - name: committer-date
-      type: string
-      description: The time of the git commit in unix timestamp format.
-  steps:
-    - name: fetch-repository-step
-      image: $(params.IMAGE)
-      workingDir: "$(workspaces.output.path)"
-      script: |
-        #!/usr/bin/env sh
-        set -euo pipefail
-        export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"
-        git init --initial-branch=main
-        git remote add origin $(params.url)
-        git fetch -v origin $(params.revision)
-        git checkout FETCH_HEAD
-
-        git rev-parse HEAD > $(results.commit.path)
-        echo "$(params.url)" > $(results.url.path)
-        echo -n "$(git log -1 --pretty=%ct)" > $(results.committer-date.path)
-      # securityContext:
-      #   runAsNonRoot: true
-      #   runAsUser: 1000
-      #   runAsGroup: 1000
Author	SHA1	Message	Date
Tom Alexander	caf789e7af	Put a regular user step first.	2025-02-23 13:18:10 -05:00
Tom Alexander	23916baa61	Put back in chown.	2025-02-23 13:15:24 -05:00
Tom Alexander	8cf07d7693	Switch to real mount path.	2025-02-23 13:11:15 -05:00
Tom Alexander	bfa6d169e3	Add the buildkit-cache workspace at a dummy mount point.	2025-02-23 13:06:38 -05:00
Tom Alexander	e2ee912556	Change mount for buildkitd.	2025-02-23 13:05:37 -05:00