我在gitlab工作并希望使用gradle来构建我的java项目,但是我遇到了gitlab runner的错误:https://gitlab.com/gitlab-org/gitlab-runner/issues/2570
一条评论是:我可以确认它在v9.1.3中有效,但v9.2.0已被破坏。只有当我在容器内使用root用户时,我才能继续。真的应该修复,因为这种回归严重影响了安全性。
所以我的问题是我必须将哪些地方更改为以root用户身份执行的Dockerfile? https://github.com/keeganwitt/docker-gradle/blob/b0419babd3271f6c8e554fbc8bbd8dc909936763/jdk8-alpine/Dockerfile
所以我的想法是更改它作为root执行的dockerfile将其推送到我的注册表并在gitlab中使用它。但我不知道linux / docker,我知道用户在文件中定义的位置。也许我完全错了?
build_java:
image: gradle:4.4.1-jdk8-alpine-root
stage: build_java
script:
- gradle build
artifacts:
expire_in: 1 hour # Workaround to delete artifacts after build, we only artifacts it to keep it between stages (but not after the build)
paths:
- build/
- .gradle/
Dockerfile
FROM openjdk:8-jdk-alpine
CMD ["gradle"]
ENV GRADLE_HOME /opt/gradle
ENV GRADLE_VERSION 4.4.1
ARG GRADLE_DOWNLOAD_SHA256=e7cf7d1853dfc30c1c44f571d3919eeeedef002823b66b6a988d27e919686389
RUN set -o errexit -o nounset \
&& echo "Installing build dependencies" \
&& apk add --no-cache --virtual .build-deps \
ca-certificates \
openssl \
unzip \
\
&& echo "Downloading Gradle" \
&& wget -O gradle.zip "https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" \
\
&& echo "Checking download hash" \
&& echo "${GRADLE_DOWNLOAD_SHA256} *gradle.zip" | sha256sum -c - \
\
&& echo "Installing Gradle" \
&& unzip gradle.zip \
&& rm gradle.zip \
&& mkdir /opt \
&& mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}/" \
&& ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle \
\
&& apk del .build-deps \
\
&& echo "Adding gradle user and group" \
&& addgroup -S -g 1000 gradle \
&& adduser -D -S -G gradle -u 1000 -s /bin/ash gradle \
&& mkdir /home/gradle/.gradle \
&& chown -R gradle:gradle /home/gradle \
\
&& echo "Symlinking root Gradle cache to gradle Gradle cache" \
&& ln -s /home/gradle/.gradle /root/.gradle
# Create Gradle volume
USER gradle
VOLUME "/home/gradle/.gradle"
WORKDIR /home/gradle
RUN set -o errexit -o nounset \
&& echo "Testing Gradle installation" \
&& gradle --version
编辑: 好吧如何在将它作为图像下载并在gitlab中提供后在docker中使用gradle。
build_java:
image: docker:dind
stage: build_java
script:
- docker images
- docker login -u _json_key -p "$(echo $GCR_SERVICE_ACCOUNT | base64 -d)" https://eu.gcr.io
- docker pull eu.gcr.io/test/gradle:4.4.1-jdk8-alpine-root
- docker images
- ??WHAT COMMAND TO CALL GRADLE BUILD??