Run tests in Docker as non-root user

2026-01-31 17:18:59 -03:30 · 2018-10-09 13:59:46 -04:00
parent 40602875e0
commit 7a5cfd05a3
4 changed files with 52 additions and 13 deletions
--- a/tools/docker-compose/Dockerfile
+++ b/tools/docker-compose/Dockerfile
@@ -1,24 +1,39 @@
 FROM centos:7

+ARG UID=0
+
 ADD Makefile /tmp/Makefile
+
 RUN mkdir /tmp/requirements
-ADD requirements/requirements.txt \
-requirements/requirements_git.txt \
-requirements/requirements_ansible.txt \
-requirements/requirements_ansible_git.txt \
-requirements/requirements_dev.txt \
-requirements/requirements_ansible_uninstall.txt \
-requirements/requirements_tower_uninstall.txt \
-/tmp/requirements/
+
 RUN yum -y update && yum -y install curl epel-release && yum -y install https://centos7.iuscommunity.org/ius-release.rpm
-RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
 RUN yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-3.noarch.rpm
-RUN yum -y update && yum -y install openssh-server ansible mg vim tmux git2u-core mercurial subversion python-devel python-psycopg2 make postgresql postgresql-devel nginx nodejs python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel zeromq-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server bubblewrap zanata-python-client gettext gcc-c++ libcurl-devel python-pycurl bzip2 python-crypto rsync
+RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
+
+RUN yum -y update && yum -y install openssh-server ansible mg vim tmux \
+  git2u-core mercurial subversion python-devel python-psycopg2 make postgresql \
+  postgresql-devel nginx nodejs python-psutil libxml2-devel libxslt-devel \
+  libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel \
+  zeromq-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 \
+  xmlsec1-openssl-devel libtool-ltdl-devel rabbitmq-server bubblewrap \
+  zanata-python-client gettext gcc-c++ libcurl-devel python-pycurl bzip2 \
+  python-crypto rsync
+
 RUN pip install virtualenv
 RUN /usr/bin/ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa
 RUN mkdir -p /data/db
 RUN pip2 install honcho
 RUN pip2 install supervisor
+
+ADD requirements/requirements.txt \
+  requirements/requirements_git.txt \
+  requirements/requirements_ansible.txt \
+  requirements/requirements_ansible_git.txt \
+  requirements/requirements_dev.txt \
+  requirements/requirements_ansible_uninstall.txt \
+  requirements/requirements_tower_uninstall.txt \
+  /tmp/requirements/
+
 ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link
 ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage
 ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info
@@ -30,6 +45,8 @@ RUN ln -s /awx_devel/tools/docker-compose/bootstrap_development.sh /bootstrap_de
 RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost"
 RUN openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt
 WORKDIR /tmp
+
+RUN mkdir -p /venv && chmod g+w /venv
 RUN CFLAGS="-DXMLSEC_NO_SIZE_T" SWIG_FEATURES="-cpperraswarn -includeall -D__`uname -m`__ -I/usr/include/openssl" VENV_BASE="/venv" make requirements_dev
 RUN localedef -c -i en_US -f UTF-8 en_US.UTF-8
 ENV LANG en_US.UTF-8
@@ -41,3 +58,11 @@ WORKDIR /
 EXPOSE 8043 8013 8080 22
 ENTRYPOINT ["/tini", "--"]
 CMD /start_development.sh
+
+RUN touch /venv/awx/lib/python2.7/site-packages/awx.egg-link
+RUN chmod g+rwx /venv/awx/lib/python2.7/site-packages/awx.egg-link
+
+RUN chmod g+w /etc/passwd
+RUN mkdir -p /projects && chmod g+w /projects
+
+USER ${UID}