Allow changing shell executor with pwsh user
What does this MR do?
Allows changing the user for pwsh shells
Why was this MR needed?
We were missing the code that would switch the shell's user with su
for pwsh
.
Initially I tried going for simply adding the su
section, much like in bash
http://gitlab.com/gitlab-org/gitlab-runner/blob/364e6f3ab98d48ac406ff3857463da8f116521f7/shells/bash.go#L300-300. I then realized that this can't happen due to the permissions of the scripts we execute being 0700
, so other users didn't have permissions to access them.
I then switched to passing the scripts through stdin, which lead me to the reason why were passing them as files initially: !2874 (merged). At https://github.com/PowerShell/PowerShell/issues/15331#issuecomment-1016942586 it was suggested to wrap the scripts in a script block, which seems to work and the whole contents of the stdin are executed as a whole script, avoiding the previous issues we had of having each line being a separate block.
What's the best way to test this MR?
Note: Adding integration tests for this proved difficult due to various permissions reasons. I'll add incept test case for it.
- Use the following Dockerfile to build a Docker image
docker build -t ubuntu-pwsh -f pwsh-user.Dockerfile .
:
FROM ubuntu:22.04
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y wget apt-transport-https software-properties-common vim git binutils bison gcc make curl libssl1.1
RUN wget -q https://github.com/PowerShell/PowerShell/releases/download/v7.2.1/powershell-lts_7.2.1-1.deb_amd64.deb && \
dpkg -i powershell-lts_7.2.1-1.deb_amd64.deb && \
pwsh --version
RUN useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash && \
mkdir -p /home/gitlab-runner
- Start a container with the new image
docker run --rm -it --name ubuntu-pwsh ubuntu-pwsh
- Build the binary from this branch and transfer it into the container:
GOOS=linux go build . && chmod +x gitlab-runner && docker cp gitlab-runner ubuntu-pwsh:/home/gitlab-runner/
- Register a shell executor
- Change the shell in the
config.toml
topwsh
- Start the runner and set the
--user
parameter togitlab-runner
- In your project create the following job:
whoami shell:
script:
- whoami
tags:
- <your runner>
- The output should be
gitlab-runner
instead ofroot
What are the relevant issue numbers?
Closes #27751 (closed)