Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: git safe repo directory for docker image #16

Merged
merged 9 commits into from Jul 18, 2022
Merged

fix: git safe repo directory for docker image #16

Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e64394e
tooling: git safe repo directory for docker image
liketechnik Jul 5, 2022
8707671
tooling: point git to directory instead of disabling security features
liketechnik Jul 5, 2022
deb6e9e
style(Makefile): docker git env into separate variable
liketechnik Jul 6, 2022
9fe66b5
tooling: extract repo location inside container into variable
liketechnik Jul 16, 2022
8763939
tooling: replace missing hardcoded /data with variable
liketechnik Jul 18, 2022
af9aefb
tooling(delete-rem-tags): pass git commit info (#19)
liketechnik Jul 18, 2022
3248a85
tooling: makefile formatting
liketechnik Jul 18, 2022
d608c7a
tooling: makefile formatting
liketechnik Jul 18, 2022
fa49293
tooling: makefile formatting
liketechnik Jul 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
22 changes: 16 additions & 6 deletions Makefile
View file
Open in desktop
Expand Up @@ -35,12 +35,22 @@ DOCKER_COMMAND = docker run --rm -i
DOCKER_USER = -u "$(shell id -u):$(shell id -g)"
DOCKER_VOLUME = -v "$(shell pwd):/data" -w "/data"
DOCKER_TEX_VOLUME = -v "$(dir $(realpath $<)):/data" -w "/data"

PANDOC = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="pandoc" $(DOCKER_IMAGE)
HUGO = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="hugo" $(DOCKER_IMAGE)
DOT = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="dot" $(DOCKER_IMAGE)
LATEX = $(DOCKER_COMMAND) $(DOCKER_TEX_VOLUME) $(DOCKER_USER) --entrypoint="latex" $(DOCKER_IMAGE)
DELETE_SCRIPT = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="/opt/delete-script.rb" $(DOCKER_IMAGE)
# GIT_DIR ensures that git works with the repository
# no matter the owning user of the directory.
# see https://github.com/Compilerbau/CB-Lecture-Bachelor/pull/16 for the discussion
# around this specific workaround and
# https://github.blog/2022-04-12-git-security-vulnerability-announced/ &
# https://stackoverflow.com/questions/71901632/fatal-error-unsafe-repository-home-repon-is-owned-by-someone-else
# for a general overview of the issue.
#
# ***Important***: keep the location of GIT_DIR in sync with the mountpoint of the repository inside the container.
DOCKER_GIT_ENV = --env GIT_DIR=/data/.git
cagix marked this conversation as resolved.
Show resolved Hide resolved

PANDOC = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="pandoc" $(DOCKER_IMAGE)
HUGO = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="hugo" $(DOCKER_IMAGE)
DOT = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="dot" $(DOCKER_IMAGE)
LATEX = $(DOCKER_COMMAND) $(DOCKER_TEX_VOLUME) $(DOCKER_USER) --entrypoint="latex" $(DOCKER_IMAGE)
DELETE_SCRIPT = $(DOCKER_COMMAND) $(DOCKER_VOLUME) $(DOCKER_USER) --entrypoint="/opt/delete-script.rb" $(DOCKER_GIT_ENV) $(DOCKER_IMAGE)
else
PANDOC = pandoc
HUGO = hugo
Expand Down