diff options
| author | Lars Wirzenius <liw@liw.fi> | 2021-02-10 10:38:24 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2021-02-10 10:38:24 +0200 |
| commit | 4f27820ecdf940617eceab891e493f66151c18b1 (patch) | |
| tree | 8c6062396d899f5cdeb76a9b0e4d9e6abbe6fe4c /ci-prod-obnam.ick | |
| parent | aa59f767a0703d4daa52b9f98ae1b9a4c2e879ec (diff) | |
| download | liw-ci-4f27820ecdf940617eceab891e493f66151c18b1.tar.gz | |
fix: don't run Obnam build as root
Diffstat (limited to 'ci-prod-obnam.ick')
| -rw-r--r-- | ci-prod-obnam.ick | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/ci-prod-obnam.ick b/ci-prod-obnam.ick index ac0e69f..eb11c94 100644 --- a/ci-prod-obnam.ick +++ b/ci-prod-obnam.ick @@ -268,6 +268,21 @@ pipelines: export TMPDIR=/workspace cd /workspace/src + + apt-get install -y sudo + adduser --disabled-password --gecos worker worker + chown -R worker:worker /workspace + rustup show + rustup default 1.48.0 + + if ! sudo -u worker bash -x ./check --save-on-failure=fail.tar.gz "unreadable file" + then + rustc --version + cat test.log + tar tvf fail.tar.gz + exit 1 + fi + name="$(dpkg-parsechangelog -S Source)" version="$(dpkg-parsechangelog -S Version)" distribution="$(dpkg-parsechangelog -S Distribution)" @@ -292,7 +307,7 @@ pipelines: dch --no-conf -v "$civersion" -D "${distribution}-ci" --force-distribution "CI build" - dpkg-buildpackage -us -uc -sa || cat /tmp/subplot_*.diff.* 2>&1 + sudo -u worker dpkg-buildpackage -us -uc -sa || cat /tmp/subplot_*.diff.* 2>&1 apt-get update apt-get install -y subplot \ @@ -313,17 +328,17 @@ pipelines: echo looking for new releases to # TEMPORARILY get the latest release tag - rm -f /workspace/built_tags # FIXME - touch /workspace/built_tags # FIXME - python3 ./list_new_release_tags /workspace/built_tags - tac < /workspace/built_tags | tail +2 > foo - mv foo /workspace/built_tags + #rm -f /workspace/built_tags # FIXME + #touch /workspace/built_tags # FIXME + #python3 ./list_new_release_tags /workspace/built_tags + #tac < /workspace/built_tags | tail +2 > foo + #mv foo /workspace/built_tags python3 ./list_new_release_tags /workspace/built_tags | while read tag do echo ---------------------------------------- echo "New release tag: $tag" - bash ./build_release_deb.sh /workspace "$tag" + sudo -u worker bash ./build_release_deb.sh /workspace "$tag" echo "Finished building tag $tag" done echo ======================================== |