Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support running with custom non-root user #1193

Merged
merged 4 commits into from
Nov 15, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions examples/custom-user/nixpacks.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[phases.build]
cmds = ["echo building"]

[start]
cmd = "bash start.sh"
user = "myuser"
3 changes: 3 additions & 0 deletions examples/custom-user/start.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/bash

echo "Current user: $(whoami)"
16 changes: 14 additions & 2 deletions src/nixpacks/builder/docker/dockerfile_generation.rs
Original file line number Diff line number Diff line change
@@ -326,6 +326,14 @@ impl DockerfileGenerator for StartPhase {
None => String::new(),
};

let user_str = match &self.user {
Some(user) => formatdoc! {"
RUN useradd -m -s /bin/bash {user}
USER {user}
"},
None => String::new(),
};

let dockerfile: String = match &self.run_image {
Some(run_image) => {
let copy_cmds = utils::get_copy_from_commands(
@@ -343,20 +351,24 @@ impl DockerfileGenerator for StartPhase {
COPY --from=0 /etc/ssl/certs /etc/ssl/certs
RUN true
{copy_cmds}
{user_str}
{start_cmd}
",
run_image=run_image,
APP_DIR=APP_DIR,
copy_cmds=copy_cmds.join("\n"),
user_str=user_str,
start_cmd=start_cmd,}
}
None => {
formatdoc! {"
# start
COPY . /app
{}
{user_str}
{start_cmd}
",
start_cmd}
start_cmd=start_cmd,
user_str=user_str}
}
};

1 change: 1 addition & 0 deletions src/nixpacks/plan/merge.rs
Original file line number Diff line number Diff line change
@@ -101,6 +101,7 @@ impl Mergeable for StartPhase {
start_phase.only_include_files.clone(),
c2.only_include_files,
);
start_phase.user = c2.user.or_else(|| start_phase.user.clone());
start_phase
}
}
1 change: 1 addition & 0 deletions src/nixpacks/plan/phase.rs
Original file line number Diff line number Diff line change
@@ -54,6 +54,7 @@ pub struct StartPhase {
pub cmd: Option<String>,
pub run_image: Option<String>,
pub only_include_files: Option<Vec<String>>,
pub user: Option<String>,
}

impl Phase {
23 changes: 23 additions & 0 deletions tests/snapshots/generate_plan_tests__custom_user.snap
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
source: tests/generate_plan_tests.rs
expression: plan
---
{
"providers": [],
"buildImage": "[build_image]",
"phases": {
"build": {
"name": "build",
"dependsOn": [
"install"
],
"cmds": [
"echo building"
]
}
},
"start": {
"cmd": "bash start.sh",
"user": "myuser"
}
}

Unchanged files with check annotations Beta

}
#[cfg(target_os = "windows")]
pub fn is_file_executable(&self, name: &str) -> bool {

Check warning on line 149 in src/nixpacks/app.rs

GitHub Actions / Test Suite (windows-latest)

unused variable: `name`

Check warning on line 149 in src/nixpacks/app.rs

GitHub Actions / Test Suite (MSRV) (windows-latest)

unused variable: `name`
true
}