make runner secure

This commit is contained in:
uazo 2021-06-29 13:50:31 +00:00
parent decf957c61
commit 7af7d7ec10
3 changed files with 9 additions and 7 deletions

View File

@ -1,5 +1,5 @@
ARG VERSION ARG VERSION
FROM localhost:5000/uazo/build-deps:$VERSION FROM uazo/build-deps:$VERSION
ARG REMOTEEXEC_ADDR ARG REMOTEEXEC_ADDR
@ -9,10 +9,12 @@ ENV DEBIAN_FRONTEND=noninteractive
USER lg USER lg
COPY buildbox-casd . COPY buildbox-casd .
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\ RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
sudo chmod +x buildbox-casd sudo chmod +x buildbox-casd
CMD ./buildbox-casd \ CMD sudo rm -rf /wrk-cache/* &&\
bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
./buildbox-casd \
--instance=default_instance \ --instance=default_instance \
--cas-instance=default_instance \ --cas-instance=default_instance \
--cas-remote=http://$REMOTEEXEC_ADDR \ --cas-remote=http://$REMOTEEXEC_ADDR \

View File

@ -1,5 +1,5 @@
ARG VERSION ARG VERSION
FROM localhost:5000/uazo/build-deps:$VERSION FROM uazo/build-deps:$VERSION
ARG REMOTEEXEC_ADDR ARG REMOTEEXEC_ADDR
@ -17,8 +17,8 @@ RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
CMD PATH=.:$PATH &&\ CMD PATH=.:$PATH &&\
./buildbox-worker \ ./buildbox-worker \
--instance=default_instance \ --instance=default_instance \
--bots-remote=http://$REMOTEEXEC_ADDR \ --bots-remote=unix:/wrk-cache/bots.sock \
--bots-retry-limit=10 \ --bots-retry-limit=5 \
--buildbox-run=buildbox-run-hosttools \ --buildbox-run=buildbox-run-hosttools \
--cas-remote=unix:/wrk-cache/casd.sock \ --cas-remote=unix:/wrk-cache/casd.sock \
--logstream-remote=unix:/wrk-cache/casd.sock \ --logstream-remote=unix:/wrk-cache/casd.sock \

View File

@ -1,6 +1,6 @@
ARG VERSION ARG VERSION
FROM localhost:5000/uazo/build-deps:$VERSION FROM uazo/build-deps:$VERSION
ARG VERSION ARG VERSION
ENV VERSION=$VERSION ENV VERSION=$VERSION