Improve permissions and cleanup
Jekyll / jekyll (push) Successful in 24s Details

Signed-off-by: Benoit Donneaux <benoit@leastauthority.com>
This commit is contained in:
bEn 2024-05-23 11:21:02 +02:00
parent 444b318ee3
commit 4c11a160f4
3 changed files with 18 additions and 17 deletions

View File

@ -2,8 +2,11 @@ name: Jekyll
run-name: ${{ gitea.actor }} is running some Gitea Actions 🚀 run-name: ${{ gitea.actor }} is running some Gitea Actions 🚀
on: [push] on: [push]
env:
_UID: 1000
_GID: 1000
jobs: jobs:
test-ci-actions: jekyll:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out repository code - name: Check out repository code
@ -12,14 +15,7 @@ jobs:
- name: Fix file permissions - name: Fix file permissions
id: fix_permissions id: fix_permissions
run: | run: |
export uid=1000 chown -R ${_UID}:${_GID} .
export gid=1000
export user=ubuntu
export group=ubuntu
id ${user} > /dev/null 2>&1 && \
{ groupmod -g "${gid}" "${group}" && usermod -md /home/${user} -s /bin/bash -g "${group}" -u "${uid}" "${user}"; } || \
{ groupadd -g "${gid}" "${group}" && useradd -md /home/${user} -s /bin/bash -g "${group}" -u "${uid}" "${user}"; }
chown -R ubuntu:ubuntu .
- name: Install docker - name: Install docker
id: install_docker id: install_docker
run: | run: |
@ -37,17 +33,19 @@ jobs:
- name: Build Jekyll image - name: Build Jekyll image
id: build_image id: build_image
run: | run: |
# The environment variables _UID and _GID will impact this image
docker-compose build jekyll docker-compose build jekyll
- name: Verify Jekyll container - name: Verify Jekyll container
id: verify_image id: verify_image
run: | run: |
docker volume inspect "${JOB_CONTAINER_NAME}" docker-compose run --rm -v "/var/lib/docker/volumes/${JOB_CONTAINER_NAME}/_data:/home/ubuntu/workspace" \
docker-compose run --rm --entrypoint bash -v "${JOB_CONTAINER_NAME}:/home/ubuntu/workspace" jekyll -c "whoami; pwd; ls -lA ." --entrypoint bash \
jekyll -c "whoami; pwd; ls -lA ."
- name: Build Jekyll site - name: Build Jekyll site
id: build_site id: build_site
run: | run: |
docker volume inspect "${JOB_CONTAINER_NAME}" docker-compose run --rm -v "/var/lib/docker/volumes/${JOB_CONTAINER_NAME}/_data:/home/ubuntu/workspace" \
docker-compose run --rm -v "/var/lib/docker/volumes/${JOB_CONTAINER_NAME}/_data:/home/ubuntu/workspace" jekyll build --verbose jekyll build --verbose
- name: Verify site - name: Verify site
id: verify_site id: verify_site
# uses: LeastAuthority/broken-links-action@v1 # uses: LeastAuthority/broken-links-action@v1

View File

@ -5,7 +5,9 @@ services:
context: docker/jekyll context: docker/jekyll
args: args:
uid: "${_UID:-1000}" uid: "${_UID:-1000}"
user: "${_USER:-appuser}"
gid: "${_GID:-1000}" gid: "${_GID:-1000}"
group: "${_GROUP:-appgroup}"
volumes: volumes:
- .:/home/ubuntu/workspace - .:/home/ubuntu/workspace
working_dir: /home/ubuntu/workspace working_dir: /home/ubuntu/workspace

View File

@ -14,10 +14,11 @@ ARG user=ubuntu
ARG gid=1000 ARG gid=1000
ARG group=ubuntu ARG group=ubuntu
# Add or modify user and group for build and runtime (convenient) # Ensure desired user and group for build and runtime (convenient)
#RUN id ${user} > /dev/null 2>&1 && \ RUN userdel --force --remove $(getent passwd ${uid} | cut -d: -f1) || true; \
# { groupmod -g "${gid}" "${group}" && usermod -md /home/${user} -s /bin/bash -g "${group}" -u "${uid}" "${user}"; } || \ groupdel $(getent group ${gid} | cut -d: -f1) || true; \
# { groupadd -g "${gid}" "${group}" && useradd -md /home/${user} -s /bin/bash -g "${group}" -u "${uid}" "${user}"; } groupadd -g "${gid}" "${group}" && \
useradd -md /home/${user} -s /bin/bash -g "${group}" -u "${uid}" "${user}";
# Copy requirements in non-root user home directory # Copy requirements in non-root user home directory
COPY Gemfile Gemfile.lock "/home/${user}/" COPY Gemfile Gemfile.lock "/home/${user}/"