jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/396009 )
Change subject: Delete log/src as nobody via a docker container
......................................................................
Delete log/src as nobody via a docker container
log / src might have files not deletable by the Jenkins agent. For
examples:
* pip writing a pip/http which is only accessibly by nobody
* npm install node_modules with group 'nogroup', failling to honor the
parent directory setgid.
That least to the next build failling to delete some files. Instead of
deleting as jenkins-deploy, use a Docker container to delete log and src
as the nobody user.
That is done by mounting the whole workspace as a volume and then
deleting the directories individually.
Update:
*tox-docker
*node-6-docker
pywikibot-core-tox-doc-docker
pywikibot-core-tox-nose34-docker
pywikibot-core-tox-nose-docker
composer-package-php70-docker
composer-php70-docker
lintr-docker
lintr-docker-non-voting
mediawiki-core-php70-phan-docker
mediawiki-core-phpcs-docker
mwext-php70-phan-docker
operations-puppet-tests-docker
Change-Id: I7171db1454c4dd52322ac031ad5c7cc39977c39e
---
M jjb/macro-docker.yaml
1 file changed, 18 insertions(+), 5 deletions(-)
Approvals:
Hashar: Looks good to me, approved
Addshore: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/jjb/macro-docker.yaml b/jjb/macro-docker.yaml
index d9ea506..24582ee 100644
--- a/jjb/macro-docker.yaml
+++ b/jjb/macro-docker.yaml
@@ -3,18 +3,31 @@
- builder:
name: docker-log-dir
builders:
- - shell: |
- rm -rf log
- mkdir -m 2777 -p "log"
+ - docker-wipe-dir:
+ dir: log
# Create a src directory that will be
# mounted into a container with --volume
- builder:
name: docker-src-dir
builders:
+ - docker-wipe-dir:
+ dir: src
+
+# Delete content of a directory under $WORKSPACE as 'nobody'
+- builder:
+ name: docker-wipe-dir
+ builders:
- shell: |
- rm -rf src
- mkdir -m 2777 -p "src"
+ set -eux
+ mkdir -m 2777 -p "{dir}"
+ docker run \
+ --rm \
+ --user=nobody \
+ -v "$WORKSPACE":/workspace \
+ --entrypoint=/usr/bin/find \
+ docker-registry.wikimedia.org/wikimedia-stretch:latest \
+ "/workspace/{dir}" -mindepth 1 -delete
# Create a cache directory that will be
# mounted into a container with --volume
--
To view, visit https://gerrit.wikimedia.org/r/396009
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7171db1454c4dd52322ac031ad5c7cc39977c39e
Gerrit-PatchSet: 2
Gerrit-Project: integration/config
Gerrit-Branch: master
Gerrit-Owner: Hashar <[email protected]>
Gerrit-Reviewer: Addshore <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Paladox <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
