更改gradle Dockerfile以root用户身份执行

时间:2018-01-05 13:01:19

标签: docker gradle gitlab dockerfile

我在gitlab工作并希望使用gradle来构建我的java项目,但是我遇到了gitlab runner的错误:https://gitlab.com/gitlab-org/gitlab-runner/issues/2570

一条评论是:我可以确认它在v9.1.3中有效,但v9.2.0已被破坏。只有当我在容器内使用root用户时,我才能继续。真的应该修复,因为这种回归严重影响了安全性。

所以我的问题是我必须将哪些地方更改为以root用户身份执行的Dockerfile? https://github.com/keeganwitt/docker-gradle/blob/b0419babd3271f6c8e554fbc8bbd8dc909936763/jdk8-alpine/Dockerfile

所以我的想法是更改它作为root执行的dockerfile将其推送到我的注册表并在gitlab中使用它。但我不知道linux / docker,我知道用户在文件中定义的位置。也许我完全错了?

build_java:
  image: gradle:4.4.1-jdk8-alpine-root
  stage: build_java
  script:
    - gradle build
  artifacts:
    expire_in: 1 hour # Workaround to delete artifacts after build, we only artifacts it to keep it between stages (but not after the build)
    paths:
    - build/
    - .gradle/

Dockerfile 

FROM openjdk:8-jdk-alpine

CMD ["gradle"]

ENV GRADLE_HOME /opt/gradle
ENV GRADLE_VERSION 4.4.1

ARG GRADLE_DOWNLOAD_SHA256=e7cf7d1853dfc30c1c44f571d3919eeeedef002823b66b6a988d27e919686389
RUN set -o errexit -o nounset \
    && echo "Installing build dependencies" \
    && apk add --no-cache --virtual .build-deps \
        ca-certificates \
        openssl \
        unzip \
    \
    && echo "Downloading Gradle" \
    && wget -O gradle.zip "https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" \
    \
    && echo "Checking download hash" \
    && echo "${GRADLE_DOWNLOAD_SHA256} *gradle.zip" | sha256sum -c - \
    \
    && echo "Installing Gradle" \
    && unzip gradle.zip \
    && rm gradle.zip \
    && mkdir /opt \
    && mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}/" \
    && ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle \
    \
    && apk del .build-deps \
    \
    && echo "Adding gradle user and group" \
    && addgroup -S -g 1000 gradle \
    && adduser -D -S -G gradle -u 1000 -s /bin/ash gradle \
    && mkdir /home/gradle/.gradle \
    && chown -R gradle:gradle /home/gradle \
    \
    && echo "Symlinking root Gradle cache to gradle Gradle cache" \
    && ln -s /home/gradle/.gradle /root/.gradle

# Create Gradle volume
USER gradle
VOLUME "/home/gradle/.gradle"
WORKDIR /home/gradle

RUN set -o errexit -o nounset \
    && echo "Testing Gradle installation" \
    && gradle --version

编辑: 好吧如何在将它作为图像下载并在gitlab中提供后在docker中使用gradle。

build_java:
  image: docker:dind
  stage: build_java
  script:
    - docker images
    - docker login -u _json_key -p "$(echo $GCR_SERVICE_ACCOUNT | base64 -d)" https://eu.gcr.io
    - docker pull eu.gcr.io/test/gradle:4.4.1-jdk8-alpine-root
    - docker images
    - ??WHAT COMMAND TO CALL GRADLE BUILD??

0 个答案:

没有答案
相关问题
最新问题