Replace umask usage with files permission change when a non-root image used
Please merge first the dependent MR, then change the target branch here to master
and continue with review
What does this MR do?
Removes the usage of umask 0000
within docker
(and docker+machine
) executor. Change driven by a feature flag.
When a FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR
flag is set, then Runner will:
- Drop usage of
umask 0000
when starting the predefined image. - Inspect the image used for creating the job container and check if a custom user is defined.
- If custom user is defined - execute
id -u
andid -r
on the job container to gather theUID
andGID
of the container main process. - Run
chwon -RP UID:GID
on the project working directory, usingUID
andGID
gathered in previous step.
With this the job will get files without changed permissions (read: with the permissions set to 644
for files and 755
for directories, which is the default Git behavior) and with the ownership of the files changed to the user of the job container.
Why was this MR needed?
This is the next step of #1736 (closed). Please check the issue description for context.
What's the best way to test this MR?
See #1736 (closed)
Tested in a playground project with and without feature flag:
What are the relevant issue numbers?
Closes #1736 (closed)