diff --git a/.ci/Dockerfile b/.ci/Dockerfile index 1f10aed8c..df5418450 100644 --- a/.ci/Dockerfile +++ b/.ci/Dockerfile @@ -12,15 +12,19 @@ RUN apt-get clean -y && \ apt-get install -y zip # Set user permissions and directory -RUN groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP} \ - && useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GROUP} -m elastic 1>/dev/null 2>/dev/null \ +RUN (id -g ${BUILDER_GID} || groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP}) \ + && (id -u ${BUILDER_UID} || useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GID} -m elastic) \ && mkdir -p /usr/src/elasticsearch-js \ - && chown -R ${BUILDER_USER}:${BUILDER_GROUP} /usr/src/ + && chown -R ${BUILDER_UID}:${BUILDER_GID} /usr/src/ + WORKDIR /usr/src/elasticsearch-js -USER ${BUILDER_USER}:${BUILDER_GROUP} -# Install app dependencies -COPY --chown=$BUILDER_USER:$BUILDER_GROUP package*.json ./ -RUN npm install +# run remainder of commands as non-root user +USER ${BUILDER_UID}:${BUILDER_GID} + +# install dependencies +COPY package.json . +RUN npm install --production=false -COPY --chown=$BUILDER_USER:$BUILDER_GROUP . . +# copy project files +COPY . . diff --git a/.ci/make.sh b/.ci/make.sh index 7f890cb2b..c3d9f5b4f 100755 --- a/.ci/make.sh +++ b/.ci/make.sh @@ -144,19 +144,35 @@ docker build \ echo -e "\033[34;1mINFO: running $product container\033[0m" -docker run \ - --volume "$repo:/usr/src/elasticsearch-js" \ - --volume /usr/src/elasticsearch-js/node_modules \ - -u "$(id -u):$(id -g)" \ - --env "WORKFLOW=$WORKFLOW" \ - --name make-elasticsearch-js \ - --rm \ - $product \ - /bin/bash -c "cd /usr/src && \ - git clone https://$CLIENTS_GITHUB_TOKEN@github.com/elastic/elastic-client-generator-js.git && \ - mkdir -p /usr/src/elastic-client-generator-js/output && \ - cd /usr/src/elasticsearch-js && \ - node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}" +if [[ -z "${BUILDKITE+x}" ]] && [[ -z "${CI+x}" ]] && [[ -z "${GITHUB_ACTIONS+x}" ]]; then + echo -e "\033[34;1mINFO: Running in local mode" + docker run \ + -u "$(id -u):$(id -g)" \ + --volume "$repo:/usr/src/elasticsearch-js" \ + --volume /usr/src/elasticsearch-js/node_modules \ + --volume "$(realpath $repo/../elastic-client-generator-js):/usr/src/elastic-client-generator-js" \ + --env "WORKFLOW=$WORKFLOW" \ + --name make-elasticsearch-js \ + --rm \ + $product \ + /bin/bash -c "mkdir -p /usr/src/elastic-client-generator-js/output && \ + node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}" +else + echo -e "\033[34;1mINFO: Running in CI mode" + docker run \ + --volume "$repo:/usr/src/elasticsearch-js" \ + --volume /usr/src/elasticsearch-js/node_modules \ + -u "$(id -u):$(id -g)" \ + --env "WORKFLOW=$WORKFLOW" \ + --name make-elasticsearch-js \ + --rm \ + $product \ + /bin/bash -c "cd /usr/src && \ + git clone https://$CLIENTS_GITHUB_TOKEN@github.com/elastic/elastic-client-generator-js.git && \ + mkdir -p /usr/src/elastic-client-generator-js/output && \ + cd /usr/src/elasticsearch-js && \ + node .ci/make.mjs --task $TASK ${TASK_ARGS[*]}" +fi # ------------------------------------------------------- # # Post Command tasks & checks