feat: --container-options (#1462)

* feat: `--container-options` This deprecates the following options - `--privileged` - `--container-cap-add` - `--container-cap-drop` - `--container-architecture` - `--userns` * Merge binds/mounts, add desc * avoid linter error * fix: apply options to step env / deprecate warning Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-12-06 16:58:47 +01:00
parent d9fe63ec24
commit 4c2524ab4d
6 changed files with 28 additions and 1 deletions
--- a/pkg/container/docker_run.go
+++ b/pkg/container/docker_run.go
@@ -411,10 +411,16 @@ func (cr *containerReference) mergeContainerConfigs(ctx context.Context, config

 	logger.Debugf("Custom container.HostConfig from options ==> %+v", containerConfig.HostConfig)

+	hostConfig.Binds = append(hostConfig.Binds, containerConfig.HostConfig.Binds...)
+	hostConfig.Mounts = append(hostConfig.Mounts, containerConfig.HostConfig.Mounts...)
+	binds := hostConfig.Binds
+	mounts := hostConfig.Mounts
 	err = mergo.Merge(hostConfig, containerConfig.HostConfig, mergo.WithOverride)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Cannot merge container.HostConfig options: '%s': '%w'", input.Options, err)
 	}
+	hostConfig.Binds = binds
+	hostConfig.Mounts = mounts
 	logger.Debugf("Merged container.HostConfig ==> %+v", hostConfig)

 	return config, hostConfig, nil
--- a/pkg/runner/action.go
+++ b/pkg/runner/action.go
@@ -366,6 +366,7 @@ func newStepContainer(ctx context.Context, step step, image string, cmd []string
 		Privileged:  rc.Config.Privileged,
 		UsernsMode:  rc.Config.UsernsMode,
 		Platform:    rc.Config.ContainerArchitecture,
+		Options:     rc.Config.ContainerOptions,
 	})
 	return stepContainer
 }
--- a/pkg/runner/run_context.go
+++ b/pkg/runner/run_context.go
@@ -410,7 +410,7 @@ func (rc *RunContext) options(ctx context.Context) string {
 	job := rc.Run.Job()
 	c := job.Container()
 	if c == nil {
-		return ""
+		return rc.Config.ContainerOptions
 	}

 	return c.Options
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@@ -39,6 +39,7 @@ type Config struct {
 	UsernsMode                         string            // user namespace to use
 	ContainerArchitecture              string            // Desired OS/architecture platform for running containers
 	ContainerDaemonSocket              string            // Path to Docker daemon socket
+	ContainerOptions                   string            // Options for the job container
 	UseGitIgnore                       bool              // controls if paths in .gitignore should not be copied into container, default true
 	GitHubInstance                     string            // GitHub instance to use, default "github.com"
 	ContainerCapAdd                    []string          // list of kernel capabilities to add to the containers