kfit-dev · NavindrenBaskaran · Nov 9, 2020 · Nov 9, 2020 · Nov 9, 2020 · Nov 11, 2020
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -4,14 +4,12 @@ on:
   push:
     # Publish `master` as Docker `latest` image.
     branches:
-      - master
-
-    # Publish `v1.2.3` tags as releases.
-    tags:
-      - v*
+      - "*"
 
   # Run tests for any PRs.
   pull_request:
+    branches:
+      - "*"
 
 env:
   # TODO: Change variable to your image's name.
@@ -42,7 +40,6 @@ jobs:
     needs: test
 
     runs-on: ubuntu-latest
-    if: github.event_name == 'push'
 
     steps:
       - uses: actions/checkout@v2

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Added
+- support for self-hosted tmate instances
+
+## 1.6.1
+### Changed
+- restrict temporary volumes used with docker plugins
+- restrict environment variables used with docker plugins
+
+## 1.6.0
+### Added
+- experimental support for remote debugging with tmate, disabled by default
+
 ### Fixed
 - exit code 78 not properly exiting early when pipeline has services (from runner-go)
 

diff --git a/command/command.go b/command/command.go
@@ -25,6 +25,7 @@ func Command() {
 	app := kingpin.New("drone", "drone docker runner")
 	registerCompile(app)
 	registerExec(app)
+	registerCopy(app)
 	daemon.Register(app)
 
 	kingpin.Version(version)

diff --git a/command/compile.go b/command/compile.go
@@ -37,6 +37,7 @@ type compileCommand struct {
 	Labels     map[string]string
 	Secrets    map[string]string
 	Resources  compiler.Resources
+	Tmate      compiler.Tmate
 	Clone      bool
 	Config     string
 }
@@ -101,6 +102,7 @@ func (c *compileCommand) run(*kingpin.ParseContext) error {
 		Environ:    provider.Static(c.Environ),
 		Labels:     c.Labels,
 		Resources:  c.Resources,
+		Tmate:      c.Tmate,
 		Privileged: append(c.Privileged, compiler.Privileged...),
 		Networks:   c.Networks,
 		Volumes:    c.Volumes,
@@ -125,6 +127,7 @@ func (c *compileCommand) run(*kingpin.ParseContext) error {
 		Repo:     c.Repo,
 		Stage:    c.Stage,
 		System:   c.System,
+		Secret:   secret.StaticVars(c.Secrets),
 	}
 	spec := comp.Compile(nocontext, args)
 
@@ -192,6 +195,25 @@ func registerCompile(app *kingpin.Application) {
 	cmd.Flag("docker-config", "path to the docker config file").
 		StringVar(&c.Config)
 
+	cmd.Flag("tmate-image", "tmate docker image").
+		Default("drone/drone-runner-docker:1").
+		StringVar(&c.Tmate.Image)
+
+	cmd.Flag("tmate-enabled", "tmate enabled").
+		BoolVar(&c.Tmate.Enabled)
+
+	cmd.Flag("tmate-server-host", "tmate server host").
+		StringVar(&c.Tmate.Server)
+
+	cmd.Flag("tmate-server-port", "tmate server port").
+		StringVar(&c.Tmate.Port)
+
+	cmd.Flag("tmate-server-rsa-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.RSA)
+
+	cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.ED25519)
+
 	// shared pipeline flags
 	c.Flags = internal.ParseFlags(cmd)
 }
diff --git a/command/copy.go b/command/copy.go
@@ -0,0 +1,74 @@
+// Copyright 2019 Drone.IO Inc. All rights reserved.
+// Use of this source code is governed by the Polyform License
+// that can be found in the LICENSE file.
+
+package command
+
+import (
+	"io"
+	"os"
+
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+type copyCommand struct {
+	source string
+	target string
+}
+
+func (c *copyCommand) run(*kingpin.ParseContext) error {
+	return Copy(c.source, c.target)
+}
+
+func Copy(src, dst string) error {
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+
+	out, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+
+	_, err = io.Copy(out, in)
+	if err != nil {
+		return err
+	}
+
+	err = out.Sync()
+	if err != nil {
+		return err
+	}
+
+	info, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+
+	err = os.Chmod(dst, info.Mode())
+	if err != nil {
+		return err
+	}
+
+	return out.Close()
+}
+
+// Register registers the copy command.
+func registerCopy(app *kingpin.Application) {
+	c := new(copyCommand)
+
+	cmd := app.Command("copy", "entrypoint copy").
+		Hidden().
+		Action(c.run)
+
+	cmd.Flag("source", "source binary path").
+		Default("/bin/tmate").
+		StringVar(&c.source)
+
+	cmd.Flag("target", "target binary path").
+		Default("/usr/drone/bin/tmate").
+		StringVar(&c.target)
+}
diff --git a/command/daemon/config.go b/command/daemon/config.go
@@ -106,6 +106,15 @@ type Config struct {
 		Config string `envconfig:"DRONE_DOCKER_CONFIG"`
 		Stream bool   `envconfig:"DRONE_DOCKER_STREAM_PULL" default:"true"`
 	}
+
+	Tmate struct {
+		Enabled bool   `envconfig:"DRONE_TMATE_ENABLED" default:"false"`
+		Image   string `envconfig:"DRONE_TMATE_IMAGE"   default:"drone/drone-runner-docker:1"`
+		Server  string `envconfig:"DRONE_TMATE_HOST"`
+		Port    string `envconfig:"DRONE_TMATE_PORT"`
+		RSA     string `envconfig:"DRONE_TMATE_FINGERPRINT_RSA"`
+		ED25519 string `envconfig:"DRONE_TMATE_FINGERPRINT_ED25519"`
+	}
 }
 
 // legacy environment variables. the key is the legacy

diff --git a/command/daemon/daemon.go b/command/daemon/daemon.go
@@ -141,6 +141,14 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
 				CPUSet:     config.Resources.CPUSet,
 				ShmSize:    config.Resources.ShmSize,
 			},
+			Tmate: compiler.Tmate{
+				Image:   config.Tmate.Image,
+				Enabled: config.Tmate.Enabled,
+				Server:  config.Tmate.Server,
+				Port:    config.Tmate.Port,
+				RSA:     config.Tmate.RSA,
+				ED25519: config.Tmate.ED25519,
+			},
 			Environ: provider.Combine(
 				provider.Static(config.Runner.Environ),
 				provider.External(

diff --git a/command/exec.go b/command/exec.go
@@ -49,6 +49,7 @@ type execCommand struct {
 	Labels     map[string]string
 	Secrets    map[string]string
 	Resources  compiler.Resources
+	Tmate      compiler.Tmate
 	Clone      bool
 	Config     string
 	Pretty     bool
@@ -120,6 +121,7 @@ func (c *execCommand) run(*kingpin.ParseContext) error {
 		Environ:    provider.Static(c.Environ),
 		Labels:     c.Labels,
 		Resources:  c.Resources,
+		Tmate:      c.Tmate,
 		Privileged: append(c.Privileged, compiler.Privileged...),
 		Networks:   c.Networks,
 		Volumes:    c.Volumes,
@@ -327,6 +329,25 @@ func registerExec(app *kingpin.Application) {
 	cmd.Flag("docker-config", "path to the docker config file").
 		StringVar(&c.Config)
 
+	cmd.Flag("tmate-image", "tmate docker image").
+		Default("drone/drone-runner-docker:1").
+		StringVar(&c.Tmate.Image)
+
+	cmd.Flag("tmate-enabled", "tmate enabled").
+		BoolVar(&c.Tmate.Enabled)
+
+	cmd.Flag("tmate-server-host", "tmate server host").
+		StringVar(&c.Tmate.Server)
+
+	cmd.Flag("tmate-server-port", "tmate server port").
+		StringVar(&c.Tmate.Port)
+
+	cmd.Flag("tmate-server-rsa-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.RSA)
+
+	cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.ED25519)
+
 	cmd.Flag("debug", "enable debug logging").
 		BoolVar(&c.Debug)
 

diff --git a/command/internal/flags.go b/command/internal/flags.go
@@ -59,6 +59,7 @@ func ParseFlags(cmd *kingpin.CmdClause) *Flags {
 	cmd.Flag("build-action", "build action").Default("").StringVar(&f.Build.Action)
 	cmd.Flag("build-cron", "build cron trigger").Default("").StringVar(&f.Build.Cron)
 	cmd.Flag("build-target", "build deploy target").Default("").StringVar(&f.Build.Deploy)
+	cmd.Flag("build-debug", "build debug").Default("false").BoolVar(&f.Build.Debug)
 	cmd.Flag("build-created", "build created").Default(now).Int64Var(&f.Build.Created)
 	cmd.Flag("build-updated", "build updated").Default(now).Int64Var(&f.Build.Updated)
 

diff --git a/docker/Dockerfile.linux.amd64 b/docker/Dockerfile.linux.amd64
@@ -1,14 +1,20 @@
-FROM alpine:3.6 as alpine
+FROM alpine:3 as alpine
 RUN apk add -U --no-cache ca-certificates
 
-FROM alpine:3.6
+RUN wget https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-amd64.tar.xz
+RUN tar -xf tmate-2.4.0-static-linux-amd64.tar.xz
+RUN mv tmate-2.4.0-static-linux-amd64/tmate /bin/
+RUN chmod +x /bin/tmate
+
+FROM alpine:3
 EXPOSE 3000
 
 ENV GODEBUG netdns=go
 ENV DRONE_PLATFORM_OS linux
 ENV DRONE_PLATFORM_ARCH amd64
 
 COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=alpine /bin/tmate /bin/
 
 LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT"
 

diff --git a/docker/Dockerfile.linux.arm b/docker/Dockerfile.linux.arm
@@ -1,14 +1,20 @@
-FROM alpine:3.6 as alpine
+FROM alpine:3 as alpine
 RUN apk add -U --no-cache ca-certificates
 
-FROM alpine:3.6
+RUN wget https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-arm32v7.tar.xz
+RUN tar -xf tmate-2.4.0-static-linux-arm32v7.tar.xz
+RUN mv tmate-2.4.0-static-linux-arm32v7/tmate /bin/
+RUN chmod +x /bin/tmate
+
+FROM scratch
 EXPOSE 3000
 
 ENV GODEBUG netdns=go
 ENV DRONE_PLATFORM_OS linux
 ENV DRONE_PLATFORM_ARCH arm
 
 COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=alpine /bin/tmate /bin/
 
 LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT"
 

diff --git a/docker/Dockerfile.linux.arm64 b/docker/Dockerfile.linux.arm64
@@ -1,14 +1,20 @@
-FROM alpine:3.6 as alpine
+FROM alpine:3 as alpine
 RUN apk add -U --no-cache ca-certificates
 
-FROM alpine:3.6
+RUN wget https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-arm64v8.tar.xz
+RUN tar -xf tmate-2.4.0-static-linux-arm64v8.tar.xz
+RUN mv tmate-2.4.0-static-linux-arm64v8/tmate /bin/
+RUN chmod +x /bin/tmate
+
+FROM scratch
 EXPOSE 3000
 
 ENV GODEBUG netdns=go
 ENV DRONE_PLATFORM_OS linux
 ENV DRONE_PLATFORM_ARCH arm64
 
 COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=alpine /bin/tmate /bin/
 
 LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT"