diff --git a/.goreleaser.yml b/.goreleaser.yml index f8c066c7..3243a66a 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -63,6 +63,3 @@ dockers: - "--label=org.label-schema.name={{ .ProjectName }}" - "--label=org.label-schema.vcs-ref={{ .ShortCommit }}" - "--label=org.label-schema.vcs-url='{{ .GitURL }}'" - - extra_files: - - "build/bin" diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c18f5d0..82c4aa7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ CHANGELOG [#365](https://github.com/pulumi/pulumi-kubernetes-operator/pull/365) - Rewrite test case to confirm to Pulumi YAML 1.0 (breaking) changes [#369](https://github.com/pulumi/pulumi-kubernetes-operator/pull/369) +- Use an init process so processes spawned by `pulumi` are reaped + [#367](https://github.com/pulumi/pulumi-kubernetes-operator/pull/367) ## 1.10.1 (2022-10-25) diff --git a/Dockerfile b/Dockerfile index 65ec2e33..321b80a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,10 @@ FROM pulumi/pulumi:3.46.0 -ENV OPERATOR=/usr/local/bin/pulumi-kubernetes-operator +RUN apt-get install tini +ENTRYPOINT ["tini", "--", "/usr/local/bin/pulumi-kubernetes-operator"] # install operator binary -COPY pulumi-kubernetes-operator ${OPERATOR} - -COPY build/bin/* /usr/local/bin/ -RUN /usr/local/bin/user_setup +COPY pulumi-kubernetes-operator /usr/local/bin/pulumi-kubernetes-operator RUN useradd -m pulumi-kubernetes-operator RUN mkdir -p /home/pulumi-kubernetes-operator/.ssh \ @@ -22,4 +20,3 @@ ENV XDG_CONFIG_CACHE=/tmp/.cache ENV GOCACHE=/tmp/.cache/go-build ENV GOPATH=/tmp/.cache/go -ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/build/bin/entrypoint b/build/bin/entrypoint deleted file mode 100755 index 98f67cae..00000000 --- a/build/bin/entrypoint +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e - -eval "$(ssh-agent -s)" -exec env SSH_AUTH_SOCK="$SSH_AUTH_SOCK" SSH_AGENT_PID="$SSH_AGENT_PID" "${OPERATOR}" "$@" diff --git a/build/bin/user_setup b/build/bin/user_setup deleted file mode 100755 index 4b5b77d6..00000000 --- a/build/bin/user_setup +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -x - -# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be) -echo "${USER_NAME}:x:${USER_UID}:0:${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd -mkdir -p "${HOME}" -chown "${USER_UID}:0" "${HOME}" -chmod ug+rwx "${HOME}" - -# no need for this script to remain in the image after running -rm "$0" diff --git a/pkg/controller/stack/stack_controller.go b/pkg/controller/stack/stack_controller.go index 66118b92..907a1484 100644 --- a/pkg/controller/stack/stack_controller.go +++ b/pkg/controller/stack/stack_controller.go @@ -1433,6 +1433,12 @@ func (sess *reconcileStackSession) DestroyStack(ctx context.Context) error { func (sess *reconcileStackSession) SetupGitAuth(ctx context.Context) (*auto.GitAuth, error) { gitAuth := &auto.GitAuth{} + // check that the URL is valid (and we'll use it later to check we got appropriate auth) + u, err := giturls.Parse(sess.stack.ProjectRepo) + if err != nil { + return gitAuth, err + } + if sess.stack.GitAuth != nil { if sess.stack.GitAuth.SSHAuth != nil { privateKey, err := sess.resolveResourceRef(ctx, &sess.stack.GitAuth.SSHAuth.SSHPrivateKey) @@ -1516,6 +1522,10 @@ func (sess *reconcileStackSession) SetupGitAuth(ctx context.Context) (*auto.GitA } } + if u.Scheme == "ssh" && gitAuth.SSHPrivateKey == "" { + return gitAuth, fmt.Errorf("a private key must be provided for SSH") + } + return gitAuth, nil }