From 16e18662a01078a90a4ad77c642ad4de2e21d087 Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 13:34:18 -0700 Subject: [PATCH] add a root-user check, clean up some formatting --- entrypoint.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index a11508c..bed8152 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,13 @@ set -e -## Initial setup +# Check if the script is run as root +if [ "$EUID" -ne 0 ]; then + echo "This script must be run as root" + exit 1 +fi + +# Initial setup if [[ ! -d /data ]]; then mkdir -p /data fi @@ -10,7 +16,7 @@ cd /data RUNNER_USERID="${RUNNER_USERID:-1000}" -## Setup User +# Setup User if id "forgejo-runner" &>/dev/null; then if [[ ! -z "${RUNNER_USERID}" ]]; then echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" @@ -20,9 +26,11 @@ else echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner fi + +# Ensure /data is owned by the runner user chown -R forgejo-runner:forgejo-runner /data -## Handle and alter the config file +# Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then CONFIG_FILE="/data/config.yml" fi @@ -37,12 +45,12 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE} sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE} - # apply default values for docker + # Apply default values for docker sed -i "/\"labels\":/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} - sed -i "/^ network:/c\ network: host" config.yml + sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" config.yml + sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} fi @@ -51,6 +59,7 @@ if [[ ! -z "${ENV_FILE}" ]]; then else ENV_FILE="/data/.env" fi + if [[ ! -f "${ENV_FILE}" ]]; then echo "Creating ${ENV_FILE} and populating with default values" cat < ${ENV_FILE} @@ -59,7 +68,6 @@ if [[ ! -f "${ENV_FILE}" ]]; then EOF fi - EXTRA_ARGS="" if [[ ! -z "${RUNNER_LABELS}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}" @@ -101,6 +109,7 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then fi done fi + # Prevent reading the token from the forgejo-runner process unset RUNNER_TOKEN